@orion-js/env
Advanced tools
Comparing version 3.7.4 to 3.8.0
@@ -12,2 +12,4 @@ "use strict"; | ||
const sortObjectByKeys = (object) => { | ||
if (!object) | ||
return {}; | ||
const sorted = {}; | ||
@@ -33,2 +35,3 @@ Object.keys(object) | ||
config.encryptedKeys = sortObjectByKeys(config.encryptedKeys); | ||
config.readFromSecret = sortObjectByKeys(config.readFromSecret); | ||
const text = yaml_1.default.stringify(config); | ||
@@ -35,0 +38,0 @@ (0, files_1.writeFile)(path, text); |
@@ -18,3 +18,4 @@ "use strict"; | ||
cleanKeys: {}, | ||
encryptedKeys: {} | ||
encryptedKeys: {}, | ||
readFromSecret: {} | ||
}; | ||
@@ -21,0 +22,0 @@ const text = yaml_1.default.stringify(envFile); |
@@ -7,3 +7,7 @@ "use strict"; | ||
function getDts(config) { | ||
const keys = [...Object.keys(config.cleanKeys), ...Object.keys(config.encryptedKeys)]; | ||
const keys = [ | ||
...Object.keys(config.cleanKeys), | ||
...Object.keys(config.encryptedKeys), | ||
...Object.values(config.readFromSecret).flat() | ||
]; | ||
return `declare module '@orion-js/env' { | ||
@@ -10,0 +14,0 @@ export const env: { |
@@ -10,2 +10,5 @@ export interface Config { | ||
}; | ||
readFromSecret?: { | ||
[key: string]: string[]; | ||
}; | ||
} | ||
@@ -15,2 +18,2 @@ export interface Variables { | ||
} | ||
export declare function getVariables(config: Config, secretKey: string): Variables; | ||
export declare function getVariables(config: Config, secretKey?: string): Variables; |
@@ -5,5 +5,40 @@ "use strict"; | ||
const crypto_1 = require("../crypto"); | ||
function readSecrets(readFromSecret) { | ||
const variables = {}; | ||
let secretKey = null; | ||
if (!readFromSecret) | ||
return { variables, secretKey }; | ||
for (const secretName in readFromSecret) { | ||
const keys = readFromSecret[secretName]; | ||
if (!process.env[secretName]) { | ||
console.warn(`@orion/env could not find the secret "${secretName}" in the environment. Related variables will be undefined.`); | ||
continue; | ||
} | ||
try { | ||
const values = JSON.parse(process.env[secretName]); | ||
if (values.ORION_ENV_SECRET_KEY) { | ||
secretKey = values.ORION_ENV_SECRET_KEY; | ||
} | ||
for (const key of keys) { | ||
if (values[key]) { | ||
variables[key] = values[key]; | ||
} | ||
else { | ||
console.warn(`@orion/env could not find the variable "${key}" in the secret "${secretName}". Related variables will be undefined.`); | ||
} | ||
} | ||
} | ||
catch (error) { | ||
console.warn(`'@orion/env found a the secret "${secretName}" variable in the environment but it is not a valid JSON. Related variables will be undefined.'`); | ||
} | ||
} | ||
return { variables, secretKey: secretKey }; | ||
} | ||
function getVariables(config, secretKey) { | ||
const { cleanKeys, encryptedKeys } = config; | ||
const variables = {}; | ||
const { cleanKeys, encryptedKeys, readFromSecret } = config; | ||
const { variables, secretKey: foundSecretKey } = readSecrets(readFromSecret); | ||
let decryptKey = foundSecretKey || secretKey; | ||
if (!decryptKey) { | ||
throw new Error('Orion encrypted env was passed but process.env.ORION_ENV_SECRET_KEY is not defined'); | ||
} | ||
for (const key in cleanKeys) { | ||
@@ -16,3 +51,3 @@ const value = cleanKeys[key]; | ||
try { | ||
variables[key] = (0, crypto_1.decrypt)(secretKey, encrypted); | ||
variables[key] = (0, crypto_1.decrypt)(decryptKey, encrypted); | ||
} | ||
@@ -19,0 +54,0 @@ catch (error) { |
@@ -31,5 +31,2 @@ "use strict"; | ||
else if (envFilePath) { | ||
if (!secretKey) { | ||
throw new Error('Orion encrypted env was passed but process.env.ORION_ENV_SECRET_KEY is not defined'); | ||
} | ||
variables = (0, exports.readEnv)(); | ||
@@ -36,0 +33,0 @@ } |
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
const crypto_1 = require("../crypto"); | ||
const getDts_1 = require("./getDts"); | ||
const getVariables_1 = require("./getVariables"); | ||
@@ -22,4 +23,10 @@ describe('Environment', () => { | ||
secret1: 'nQCxsZxjVkOABeQSdIhYK7jSMYKUggUm9IWUGLpY3i4=:9gvH5IOhV/q5R4ngUIk2onf5oEZM5dIU89PRZ5TGjnnfcnrwkssLqsACNDmr0m4jQZVo0nBL' | ||
}, | ||
readFromSecret: { | ||
SECRET_ENV: ['secret2'], | ||
SECRET2_ENV: ['secret3', 'secret4'] | ||
} | ||
}; | ||
process.env.SECRET_ENV = JSON.stringify({ secret2: 'this_is_secret' }); | ||
process.env.SECRET2_ENV = JSON.stringify({ secret3: '3', secret4: '4' }); | ||
process.env.ORION_ENV_SECRET_KEY = secretKey; | ||
@@ -29,3 +36,6 @@ const env = (0, getVariables_1.getVariables)(data, secretKey); | ||
a_key: 'a_value', | ||
secret1: secretValue | ||
secret1: secretValue, | ||
secret2: 'this_is_secret', | ||
secret3: '3', | ||
secret4: '4' | ||
}); | ||
@@ -51,2 +61,79 @@ }); | ||
}); | ||
it('should read the decyrpt key from the secret', () => { | ||
const secretKey = 'QShwQT1+d5wk/F6FVpT5VmZFXm50aFRt9/LaDbwSEGo='; | ||
const secretValue = 'this_is_secret'; | ||
const data = { | ||
version: '1.0', | ||
publicKey: 'quyw/56O1P/BmjlHGfguZD27zKbjOtxNBDOTz+FOYho=', | ||
cleanKeys: { | ||
a_key: 'a_value' | ||
}, | ||
encryptedKeys: { | ||
secret1: 'nQCxsZxjVkOABeQSdIhYK7jSMYKUggUm9IWUGLpY3i4=:9gvH5IOhV/q5R4ngUIk2onf5oEZM5dIU89PRZ5TGjnnfcnrwkssLqsACNDmr0m4jQZVo0nBL' | ||
}, | ||
readFromSecret: { | ||
SECRET_ENV: ['secret2'] | ||
} | ||
}; | ||
process.env.SECRET_ENV = JSON.stringify({ | ||
secret2: 'this_is_secret', | ||
ORION_ENV_SECRET_KEY: secretKey | ||
}); | ||
const env = (0, getVariables_1.getVariables)(data, secretKey); | ||
expect(env).toEqual({ | ||
a_key: 'a_value', | ||
secret1: secretValue, | ||
secret2: 'this_is_secret' | ||
}); | ||
}); | ||
it('should log an error when the secret is not a valid JSON, and related secrets undefined', () => { | ||
console.warn = jest.fn(); | ||
const secretKey = 'QShwQT1+d5wk/F6FVpT5VmZFXm50aFRt9/LaDbwSEGo='; | ||
const secretValue = 'this_is_secret'; | ||
const data = { | ||
version: '1.0', | ||
publicKey: 'quyw/56O1P/BmjlHGfguZD27zKbjOtxNBDOTz+FOYho=', | ||
cleanKeys: { | ||
a_key: 'a_value' | ||
}, | ||
encryptedKeys: { | ||
secret1: 'nQCxsZxjVkOABeQSdIhYK7jSMYKUggUm9IWUGLpY3i4=:9gvH5IOhV/q5R4ngUIk2onf5oEZM5dIU89PRZ5TGjnnfcnrwkssLqsACNDmr0m4jQZVo0nBL' | ||
}, | ||
readFromSecret: { | ||
SECRET_ENV: ['secret2'] | ||
} | ||
}; | ||
process.env.SECRET_ENV = 'not a json'; | ||
const env = (0, getVariables_1.getVariables)(data, secretKey); | ||
expect(env).toEqual({ | ||
a_key: 'a_value', | ||
secret1: secretValue, | ||
secret2: undefined | ||
}); | ||
expect(console.warn.mock.calls[0][0].includes('it is not a valid JSON')).toBe(true); | ||
}); | ||
it('Dts should return the right types', () => { | ||
const dts = (0, getDts_1.getDts)({ | ||
version: '1.0', | ||
publicKey: 'public', | ||
cleanKeys: { | ||
a_key: 'a_value' | ||
}, | ||
encryptedKeys: { | ||
secret: 'encrypted' | ||
}, | ||
readFromSecret: { | ||
SECRET_ENV: ['secret2', 'secret3'] | ||
} | ||
}); | ||
expect(dts).toEqual(`declare module '@orion-js/env' { | ||
export const env: { | ||
a_key: string | ||
secret: string | ||
secret2: string | ||
secret3: string | ||
} | ||
} | ||
`); | ||
}); | ||
}); |
{ | ||
"name": "@orion-js/env", | ||
"version": "3.7.4", | ||
"version": "3.8.0", | ||
"main": "lib/index.js", | ||
@@ -35,3 +35,3 @@ "author": "nicolaslopezj", | ||
}, | ||
"gitHead": "c77b95ffc592ddce0ba6b95ae5e34f3e273c4cd5" | ||
"gitHead": "05bb0f7c0679b17993a2375332804d745dd49ba2" | ||
} |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 3 instances in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
30008
701
19
1