vaultkeeper 0.5.0 → 0.5.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +31 -13
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +29 -2
- package/dist/index.d.ts +29 -2
- package/dist/index.js +31 -14
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.cjs
CHANGED
|
@@ -1617,7 +1617,13 @@ function validateConfig(config) {
|
|
|
1617
1617
|
if (typeof config.defaults.ttlMinutes !== "number" || config.defaults.ttlMinutes <= 0) {
|
|
1618
1618
|
throw new Error("Config defaults.ttlMinutes must be a positive number");
|
|
1619
1619
|
}
|
|
1620
|
-
|
|
1620
|
+
let tier = config.defaults.trustTier;
|
|
1621
|
+
if (typeof tier === "string") {
|
|
1622
|
+
const parsed = Number(tier);
|
|
1623
|
+
if (!Number.isNaN(parsed)) {
|
|
1624
|
+
tier = parsed;
|
|
1625
|
+
}
|
|
1626
|
+
}
|
|
1621
1627
|
if (tier !== 1 && tier !== 2 && tier !== 3) {
|
|
1622
1628
|
throw new Error("Config defaults.trustTier must be 1, 2, or 3");
|
|
1623
1629
|
}
|
|
@@ -2019,7 +2025,6 @@ var SecretAccessorTarget = class {
|
|
|
2019
2025
|
};
|
|
2020
2026
|
function createSecretAccessor(secretValue) {
|
|
2021
2027
|
let consumed = false;
|
|
2022
|
-
const revokeHolder = { fn: void 0 };
|
|
2023
2028
|
function readImpl(callback) {
|
|
2024
2029
|
if (consumed) {
|
|
2025
2030
|
throw new Error("SecretAccessor has already been consumed \u2014 call getSecret() again to obtain a new accessor");
|
|
@@ -2030,7 +2035,6 @@ function createSecretAccessor(secretValue) {
|
|
|
2030
2035
|
callback(buf);
|
|
2031
2036
|
} finally {
|
|
2032
2037
|
buf.fill(0);
|
|
2033
|
-
revokeHolder.fn?.();
|
|
2034
2038
|
}
|
|
2035
2039
|
}
|
|
2036
2040
|
function inspectImpl() {
|
|
@@ -2088,9 +2092,7 @@ function createSecretAccessor(secretValue) {
|
|
|
2088
2092
|
return ["read", INSPECT_CUSTOM];
|
|
2089
2093
|
}
|
|
2090
2094
|
};
|
|
2091
|
-
|
|
2092
|
-
revokeHolder.fn = revoke;
|
|
2093
|
-
return proxy;
|
|
2095
|
+
return new Proxy(target, handler);
|
|
2094
2096
|
}
|
|
2095
2097
|
|
|
2096
2098
|
// src/access/sign-util.ts
|
|
@@ -2273,7 +2275,17 @@ function currentPlatform() {
|
|
|
2273
2275
|
|
|
2274
2276
|
// src/doctor/runner.ts
|
|
2275
2277
|
async function runDoctor(options) {
|
|
2276
|
-
|
|
2278
|
+
let platform;
|
|
2279
|
+
try {
|
|
2280
|
+
platform = options?.platform ?? currentPlatform();
|
|
2281
|
+
} catch {
|
|
2282
|
+
return {
|
|
2283
|
+
checks: [],
|
|
2284
|
+
ready: false,
|
|
2285
|
+
warnings: [],
|
|
2286
|
+
nextSteps: ["Unsupported platform. vaultkeeper supports macOS, Linux, and Windows."]
|
|
2287
|
+
};
|
|
2288
|
+
}
|
|
2277
2289
|
const entries = buildCheckList(platform);
|
|
2278
2290
|
const resolved = await Promise.all(
|
|
2279
2291
|
entries.map(async ({ check, required }) => {
|
|
@@ -2326,6 +2338,7 @@ function buildCheckList(platform) {
|
|
|
2326
2338
|
|
|
2327
2339
|
// src/vault.ts
|
|
2328
2340
|
var usageCounts = /* @__PURE__ */ new Map();
|
|
2341
|
+
var USAGE_MAP_MAX_SIZE = 1e4;
|
|
2329
2342
|
var VaultKeeper = class _VaultKeeper {
|
|
2330
2343
|
#config;
|
|
2331
2344
|
#keyManager;
|
|
@@ -2362,7 +2375,7 @@ var VaultKeeper = class _VaultKeeper {
|
|
|
2362
2375
|
return runDoctor();
|
|
2363
2376
|
}
|
|
2364
2377
|
/**
|
|
2365
|
-
*
|
|
2378
|
+
* Retrieve a secret from the backend and return a JWE token that encapsulates it.
|
|
2366
2379
|
*
|
|
2367
2380
|
* @param secretName - Identifier for the secret
|
|
2368
2381
|
* @param options - Setup options
|
|
@@ -2421,12 +2434,16 @@ var VaultKeeper = class _VaultKeeper {
|
|
|
2421
2434
|
const jti = claims.jti;
|
|
2422
2435
|
const currentCount = usageCounts.get(jti) ?? 0;
|
|
2423
2436
|
validateClaims(claims, currentCount);
|
|
2424
|
-
|
|
2425
|
-
|
|
2426
|
-
usageCounts.delete(jti);
|
|
2427
|
-
blockToken(jti);
|
|
2428
|
-
} else {
|
|
2437
|
+
if (claims.use !== null) {
|
|
2438
|
+
const newCount = currentCount + 1;
|
|
2429
2439
|
usageCounts.set(jti, newCount);
|
|
2440
|
+
if (usageCounts.size > USAGE_MAP_MAX_SIZE) {
|
|
2441
|
+
const oldest = usageCounts.keys().next().value;
|
|
2442
|
+
if (oldest !== void 0) {
|
|
2443
|
+
usageCounts.delete(oldest);
|
|
2444
|
+
blockToken(oldest);
|
|
2445
|
+
}
|
|
2446
|
+
}
|
|
2430
2447
|
}
|
|
2431
2448
|
const token = createCapabilityToken(claims);
|
|
2432
2449
|
const response = { keyStatus };
|
|
@@ -2682,5 +2699,6 @@ exports.UsageLimitExceededError = UsageLimitExceededError;
|
|
|
2682
2699
|
exports.VaultError = VaultError;
|
|
2683
2700
|
exports.VaultKeeper = VaultKeeper;
|
|
2684
2701
|
exports.isListableBackend = isListableBackend;
|
|
2702
|
+
exports.runDoctor = runDoctor;
|
|
2685
2703
|
//# sourceMappingURL=index.cjs.map
|
|
2686
2704
|
//# sourceMappingURL=index.cjs.map
|