vaultkeeper 0.3.0 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +170 -1
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +183 -2
- package/dist/index.d.ts +183 -2
- package/dist/index.js +170 -2
- package/dist/index.js.map +1 -1
- package/dist/one-password-worker.js +80 -0
- package/dist/one-password-worker.js.map +1 -0
- package/package.json +2 -1
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
import { createClient, DesktopAuth, DesktopSessionExpiredError } from '@1password/sdk';
|
|
2
|
+
|
|
3
|
+
// src/backend/one-password-worker.ts
|
|
4
|
+
var TAG = "vaultkeeper";
|
|
5
|
+
var PASSWORD_FIELD_TITLE = "password";
|
|
6
|
+
var INTEGRATION_NAME = "vaultkeeper";
|
|
7
|
+
var INTEGRATION_VERSION = "0.4.0";
|
|
8
|
+
function writeSuccess(value) {
|
|
9
|
+
const response = { value };
|
|
10
|
+
process.stdout.write(JSON.stringify(response));
|
|
11
|
+
}
|
|
12
|
+
function writeFailure(error, code) {
|
|
13
|
+
const response = { error, code };
|
|
14
|
+
process.stdout.write(JSON.stringify(response));
|
|
15
|
+
}
|
|
16
|
+
async function main() {
|
|
17
|
+
const [, , accountName, vaultId, secretId] = process.argv;
|
|
18
|
+
if (accountName === void 0 || vaultId === void 0 || secretId === void 0) {
|
|
19
|
+
writeFailure("Worker invoked with missing arguments", "INTERNAL");
|
|
20
|
+
process.exit(1);
|
|
21
|
+
}
|
|
22
|
+
let client;
|
|
23
|
+
try {
|
|
24
|
+
client = await createClient({
|
|
25
|
+
auth: new DesktopAuth(accountName),
|
|
26
|
+
integrationName: INTEGRATION_NAME,
|
|
27
|
+
integrationVersion: INTEGRATION_VERSION
|
|
28
|
+
});
|
|
29
|
+
} catch (err) {
|
|
30
|
+
if (err instanceof DesktopSessionExpiredError) {
|
|
31
|
+
writeFailure("1Password session has expired", "LOCKED");
|
|
32
|
+
} else {
|
|
33
|
+
writeFailure(`Authentication failed: ${String(err)}`, "AUTH_DENIED");
|
|
34
|
+
}
|
|
35
|
+
process.exit(1);
|
|
36
|
+
}
|
|
37
|
+
let overviews;
|
|
38
|
+
try {
|
|
39
|
+
overviews = await client.items.list(vaultId);
|
|
40
|
+
} catch (err) {
|
|
41
|
+
writeFailure(`Failed to list items: ${String(err)}`, "INTERNAL");
|
|
42
|
+
process.exit(1);
|
|
43
|
+
}
|
|
44
|
+
let targetId;
|
|
45
|
+
for (const overview of overviews) {
|
|
46
|
+
if (overview.title === secretId && overview.tags.includes(TAG)) {
|
|
47
|
+
targetId = overview.id;
|
|
48
|
+
break;
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
if (targetId === void 0) {
|
|
52
|
+
writeFailure(`Secret not found: ${secretId}`, "NOT_FOUND");
|
|
53
|
+
process.exit(1);
|
|
54
|
+
}
|
|
55
|
+
let item;
|
|
56
|
+
try {
|
|
57
|
+
item = await client.items.get(vaultId, targetId);
|
|
58
|
+
} catch (err) {
|
|
59
|
+
writeFailure(`Failed to retrieve item: ${String(err)}`, "NOT_FOUND");
|
|
60
|
+
process.exit(1);
|
|
61
|
+
}
|
|
62
|
+
let secretValue;
|
|
63
|
+
for (const field of item.fields) {
|
|
64
|
+
if (field.title === PASSWORD_FIELD_TITLE) {
|
|
65
|
+
secretValue = field.value;
|
|
66
|
+
break;
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
if (secretValue === void 0) {
|
|
70
|
+
writeFailure(`Item found but missing password field: ${secretId}`, "NOT_FOUND");
|
|
71
|
+
process.exit(1);
|
|
72
|
+
}
|
|
73
|
+
writeSuccess(secretValue);
|
|
74
|
+
}
|
|
75
|
+
main().catch((err) => {
|
|
76
|
+
writeFailure(`Unexpected worker error: ${String(err)}`, "INTERNAL");
|
|
77
|
+
process.exit(1);
|
|
78
|
+
});
|
|
79
|
+
//# sourceMappingURL=one-password-worker.js.map
|
|
80
|
+
//# sourceMappingURL=one-password-worker.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/backend/one-password-worker.ts"],"names":[],"mappings":";;;AAkBA,IAAM,GAAA,GAAM,aAAA;AACZ,IAAM,oBAAA,GAAuB,UAAA;AAC7B,IAAM,gBAAA,GAAmB,aAAA;AACzB,IAAM,mBAAA,GAAsB,OAAA;AAW5B,SAAS,aAAa,KAAA,EAAqB;AACzC,EAAA,MAAM,QAAA,GAA4B,EAAE,KAAA,EAAM;AAC1C,EAAA,OAAA,CAAQ,MAAA,CAAO,KAAA,CAAM,IAAA,CAAK,SAAA,CAAU,QAAQ,CAAC,CAAA;AAC/C;AAEA,SAAS,YAAA,CAAa,OAAe,IAAA,EAAoB;AACvD,EAAA,MAAM,QAAA,GAA4B,EAAE,KAAA,EAAO,IAAA,EAAK;AAChD,EAAA,OAAA,CAAQ,MAAA,CAAO,KAAA,CAAM,IAAA,CAAK,SAAA,CAAU,QAAQ,CAAC,CAAA;AAC/C;AAEA,eAAe,IAAA,GAAsB;AACnC,EAAA,MAAM,KAAK,aAAa,OAAA,EAAS,QAAQ,IAAI,OAAA,CAAQ,IAAA;AAErD,EAAA,IAAI,WAAA,KAAgB,MAAA,IAAa,OAAA,KAAY,MAAA,IAAa,aAAa,MAAA,EAAW;AAChF,IAAA,YAAA,CAAa,yCAAyC,UAAU,CAAA;AAChE,IAAA,OAAA,CAAQ,KAAK,CAAC,CAAA;AAAA,EAChB;AAEA,EAAA,IAAI,MAAA;AACJ,EAAA,IAAI;AACF,IAAA,MAAA,GAAS,MAAM,YAAA,CAAa;AAAA,MAC1B,IAAA,EAAM,IAAI,WAAA,CAAY,WAAW,CAAA;AAAA,MACjC,eAAA,EAAiB,gBAAA;AAAA,MACjB,kBAAA,EAAoB;AAAA,KACrB,CAAA;AAAA,EACH,SAAS,GAAA,EAAK;AACZ,IAAA,IAAI,eAAe,0BAAA,EAA4B;AAC7C,MAAA,YAAA,CAAa,iCAAiC,QAAQ,CAAA;AAAA,IACxD,CAAA,MAAO;AACL,MAAA,YAAA,CAAa,CAAA,uBAAA,EAA0B,MAAA,CAAO,GAAG,CAAC,IAAI,aAAa,CAAA;AAAA,IACrE;AACA,IAAA,OAAA,CAAQ,KAAK,CAAC,CAAA;AAAA,EAChB;AAEA,EAAA,IAAI,SAAA;AACJ,EAAA,IAAI;AACF,IAAA,SAAA,GAAY,MAAM,MAAA,CAAO,KAAA,CAAM,IAAA,CAAK,OAAO,CAAA;AAAA,EAC7C,SAAS,GAAA,EAAK;AACZ,IAAA,YAAA,CAAa,CAAA,sBAAA,EAAyB,MAAA,CAAO,GAAG,CAAC,IAAI,UAAU,CAAA;AAC/D,IAAA,OAAA,CAAQ,KAAK,CAAC,CAAA;AAAA,EAChB;AAEA,EAAA,IAAI,QAAA;AACJ,EAAA,KAAA,MAAW,YAAY,SAAA,EAAW;AAChC,IAAA,IAAI,SAAS,KAAA,KAAU,QAAA,IAAY,SAAS,IAAA,CAAK,QAAA,CAAS,GAAG,CAAA,EAAG;AAC9D,MAAA,QAAA,GAAW,QAAA,CAAS,EAAA;AACpB,MAAA;AAAA,IACF;AAAA,EACF;AAEA,EAAA,IAAI,aAAa,MAAA,EAAW;AAC1B,IAAA,YAAA,CAAa,CAAA,kBAAA,EAAqB,QAAQ,CAAA,CAAA,EAAI,WAAW,CAAA;AACzD,IAAA,OAAA,CAAQ,KAAK,CAAC,CAAA;AAAA,EAChB;AAEA,EAAA,IAAI,IAAA;AACJ,EAAA,IAAI;AACF,IAAA,IAAA,GAAO,MAAM,MAAA,CAAO,KAAA,CAAM,GAAA,CAAI,SAAS,QAAQ,CAAA;AAAA,EACjD,SAAS,GAAA,EAAK;AACZ,IAAA,YAAA,CAAa,CAAA,yBAAA,EAA4B,MAAA,CAAO,GAAG,CAAC,IAAI,WAAW,CAAA;AACnE,IAAA,OAAA,CAAQ,KAAK,CAAC,CAAA;AAAA,EAChB;AAEA,EAAA,IAAI,WAAA;AACJ,EAAA,KAAA,MAAW,KAAA,IAAS,KAAK,MAAA,EAAQ;AAC/B,IAAA,IAAI,KAAA,CAAM,UAAU,oBAAA,EAAsB;AACxC,MAAA,WAAA,GAAc,KAAA,CAAM,KAAA;AACpB,MAAA;AAAA,IACF;AAAA,EACF;AAEA,EAAA,IAAI,gBAAgB,MAAA,EAAW;AAC7B,IAAA,YAAA,CAAa,CAAA,uCAAA,EAA0C,QAAQ,CAAA,CAAA,EAAI,WAAW,CAAA;AAC9E,IAAA,OAAA,CAAQ,KAAK,CAAC,CAAA;AAAA,EAChB;AAEA,EAAA,YAAA,CAAa,WAAW,CAAA;AAC1B;AAEA,IAAA,EAAK,CAAE,KAAA,CAAM,CAAC,GAAA,KAAiB;AAC7B,EAAA,YAAA,CAAa,CAAA,yBAAA,EAA4B,MAAA,CAAO,GAAG,CAAC,IAAI,UAAU,CAAA;AAClE,EAAA,OAAA,CAAQ,KAAK,CAAC,CAAA;AAChB,CAAC,CAAA","file":"one-password-worker.js","sourcesContent":["/**\n * Per-access worker script for the 1Password SDK backend.\n *\n * @remarks\n * This script is spawned as a child process by `OnePasswordBackend` when\n * `accessMode` is set to `'per-access'`. It creates a fresh SDK client\n * (which triggers a biometric prompt via the desktop app), retrieves a single\n * secret, writes the result to stdout as JSON, then exits immediately.\n *\n * argv layout:\n * node one-password-worker.js <accountName> <vaultId> <secretId>\n *\n * stdout on success: `{ \"value\": \"<secret>\" }`\n * stdout on failure: `{ \"error\": \"<message>\", \"code\": \"<code>\" }`\n */\n\nimport { createClient, DesktopAuth, DesktopSessionExpiredError } from '@1password/sdk'\n\nconst TAG = 'vaultkeeper'\nconst PASSWORD_FIELD_TITLE = 'password'\nconst INTEGRATION_NAME = 'vaultkeeper'\nconst INTEGRATION_VERSION = '0.4.0'\n\ninterface SuccessResponse {\n value: string\n}\n\ninterface FailureResponse {\n error: string\n code: string\n}\n\nfunction writeSuccess(value: string): void {\n const response: SuccessResponse = { value }\n process.stdout.write(JSON.stringify(response))\n}\n\nfunction writeFailure(error: string, code: string): void {\n const response: FailureResponse = { error, code }\n process.stdout.write(JSON.stringify(response))\n}\n\nasync function main(): Promise<void> {\n const [, , accountName, vaultId, secretId] = process.argv\n\n if (accountName === undefined || vaultId === undefined || secretId === undefined) {\n writeFailure('Worker invoked with missing arguments', 'INTERNAL')\n process.exit(1)\n }\n\n let client\n try {\n client = await createClient({\n auth: new DesktopAuth(accountName),\n integrationName: INTEGRATION_NAME,\n integrationVersion: INTEGRATION_VERSION,\n })\n } catch (err) {\n if (err instanceof DesktopSessionExpiredError) {\n writeFailure('1Password session has expired', 'LOCKED')\n } else {\n writeFailure(`Authentication failed: ${String(err)}`, 'AUTH_DENIED')\n }\n process.exit(1)\n }\n\n let overviews\n try {\n overviews = await client.items.list(vaultId)\n } catch (err) {\n writeFailure(`Failed to list items: ${String(err)}`, 'INTERNAL')\n process.exit(1)\n }\n\n let targetId: string | undefined\n for (const overview of overviews) {\n if (overview.title === secretId && overview.tags.includes(TAG)) {\n targetId = overview.id\n break\n }\n }\n\n if (targetId === undefined) {\n writeFailure(`Secret not found: ${secretId}`, 'NOT_FOUND')\n process.exit(1)\n }\n\n let item\n try {\n item = await client.items.get(vaultId, targetId)\n } catch (err) {\n writeFailure(`Failed to retrieve item: ${String(err)}`, 'NOT_FOUND')\n process.exit(1)\n }\n\n let secretValue: string | undefined\n for (const field of item.fields) {\n if (field.title === PASSWORD_FIELD_TITLE) {\n secretValue = field.value\n break\n }\n }\n\n if (secretValue === undefined) {\n writeFailure(`Item found but missing password field: ${secretId}`, 'NOT_FOUND')\n process.exit(1)\n }\n\n writeSuccess(secretValue)\n}\n\nmain().catch((err: unknown) => {\n writeFailure(`Unexpected worker error: ${String(err)}`, 'INTERNAL')\n process.exit(1)\n})\n"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "vaultkeeper",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "1.0.0",
|
|
4
4
|
"description": "Unified, policy-enforced secret storage across OS backends",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.cjs",
|
|
@@ -31,6 +31,7 @@
|
|
|
31
31
|
"access": "public"
|
|
32
32
|
},
|
|
33
33
|
"dependencies": {
|
|
34
|
+
"@1password/sdk": "^0.4.0",
|
|
34
35
|
"jose": "^6.0.0"
|
|
35
36
|
},
|
|
36
37
|
"devDependencies": {
|