forked from kuzzleio/kourou
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathadd.ts
69 lines (51 loc) · 2.07 KB
/
add.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
import fs from 'fs'
import { flags } from '@oclif/command'
import _ from 'lodash'
import { Cryptonomicon, Vault } from 'kuzzle-vault'
import { Kommand } from '../../common'
export class VaultAdd extends Kommand {
static initSdk = false
static description = `
Adds an encrypted key to an encrypted secrets file.
A new secrets file is created if it does not yet exist.
Encrypted secrets are meant to be loaded inside an application with Kuzzle Vault.
See https://github.com/kuzzleio/kuzzle-vault/ for more information.
`
static examples = [
'kourou vault:add config/secrets.enc.json aws.s3.keyId b61e267676660c314b006b06 --vault-key <vault-key>'
]
static flags = {
'vault-key': flags.string({
description: 'Kuzzle Vault Key (or KUZZLE_VAULT_KEY)',
default: process.env.KUZZLE_VAULT_KEY,
}),
}
static args = [
{ name: 'secrets-file', description: 'Encrypted secrets file', required: true },
{ name: 'key', description: 'Path to the key (lodash style)', required: true },
{ name: 'value', description: 'Value to encrypt', required: true }
]
async runSafe() {
if (_.isEmpty(this.flags['vault-key'])) {
throw new Error('A vault key must be provided')
}
if (_.isEmpty(this.args['secrets-file'])) {
throw new Error('A secrets file must be provided')
}
const cryptonomicon = new Cryptonomicon(this.flags['vault-key'])
const PARSER = Vault.getParser(this.args['secrets-file']);
let encryptedSecrets = {}
if (fs.existsSync(this.args['secrets-file'])) {
encryptedSecrets = PARSER.parse(fs.readFileSync(this.args['secrets-file'], 'utf8'))
try {
cryptonomicon.decryptObject(encryptedSecrets)
}
catch (error) {
throw new Error('Trying to add a secret encrypted with a different key')
}
}
_.set(encryptedSecrets, this.args.key, cryptonomicon.encryptString(this.args.value))
fs.writeFileSync(this.args['secrets-file'], PARSER.stringify(encryptedSecrets, null, 2))
this.logOk(`Key "${this.args.key}" has been securely added "${this.args['secrets-file']}"`)
}
}