Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement →
@orion-js/env
Advanced tools
@orion-js/env - npm Package Compare versions
+113
-110
@@ -26,8 +26,26 @@ #!/usr/bin/env node | ||
| // src/cli/index.ts | ||
| var import_chalk = __toESM(require("chalk"), 1); | ||
| var import_commander = require("commander"); | ||
| var import_chalk = __toESM(require("chalk"), 1); | ||
| // src/cli/init/index.ts | ||
| var import_yaml = __toESM(require("yaml"), 1); | ||
| // src/cli/add/index.ts | ||
| var import_yaml2 = __toESM(require("yaml"), 1); | ||
| // src/files/index.ts | ||
| var import_node_fs = __toESM(require("fs"), 1); | ||
| var import_node_path = __toESM(require("path"), 1); | ||
| function readFile(filePath) { | ||
| if (!import_node_fs.default.existsSync(filePath)) return null; | ||
| return import_node_fs.default.readFileSync(filePath).toString(); | ||
| } | ||
| function writeFile(path2, content) { | ||
| ensureDirectory(path2); | ||
| import_node_fs.default.writeFileSync(path2, content); | ||
| } | ||
| function ensureDirectory(filePath) { | ||
| const dirname = import_node_path.default.dirname(filePath); | ||
| if (import_node_fs.default.existsSync(dirname)) return true; | ||
| ensureDirectory(dirname); | ||
| import_node_fs.default.mkdirSync(dirname); | ||
| } | ||
| // src/crypto/tweetnacl.ts | ||
@@ -111,44 +129,2 @@ var import_tweetnacl_es6 = __toESM(require("tweetnacl-es6"), 1); | ||
| // src/files/index.ts | ||
| var import_node_fs = __toESM(require("fs"), 1); | ||
| var import_node_path = __toESM(require("path"), 1); | ||
| function readFile(filePath) { | ||
| if (!import_node_fs.default.existsSync(filePath)) return null; | ||
| return import_node_fs.default.readFileSync(filePath).toString(); | ||
| } | ||
| function writeFile(path2, content) { | ||
| ensureDirectory(path2); | ||
| import_node_fs.default.writeFileSync(path2, content); | ||
| } | ||
| function ensureDirectory(filePath) { | ||
| const dirname = import_node_path.default.dirname(filePath); | ||
| if (import_node_fs.default.existsSync(dirname)) return true; | ||
| ensureDirectory(dirname); | ||
| import_node_fs.default.mkdirSync(dirname); | ||
| } | ||
| // src/cli/init/index.ts | ||
| async function envInit({ path: path2 }) { | ||
| if (!path2) { | ||
| path2 = ".env.local.yml"; | ||
| } | ||
| const keypair = generateKeys(); | ||
| const envFile = { | ||
| version: "1.0", | ||
| publicKey: keypair.encryptKey, | ||
| cleanKeys: {}, | ||
| encryptedKeys: {}, | ||
| readFromSecret: {} | ||
| }; | ||
| const text = import_yaml.default.stringify(envFile); | ||
| writeFile(path2, text); | ||
| console.log(""); | ||
| console.log( | ||
| `Environment file created. You need to use the following key to decrypt the environment variables:` | ||
| ); | ||
| console.log(""); | ||
| console.log(keypair.decryptKey); | ||
| console.log(""); | ||
| } | ||
| // src/cli/add/encryptValue.ts | ||
@@ -160,3 +136,3 @@ var encryptValue = (key, value, config) => { | ||
| // src/cli/add/getConfig.ts | ||
| var import_yaml2 = __toESM(require("yaml"), 1); | ||
| var import_yaml = __toESM(require("yaml"), 1); | ||
| var getConfig = (envPath) => { | ||
@@ -167,3 +143,3 @@ const configFile = readFile(envPath); | ||
| } | ||
| return import_yaml2.default.parse(configFile); | ||
| return import_yaml.default.parse(configFile); | ||
| }; | ||
@@ -173,3 +149,6 @@ | ||
| var import_prompts = __toESM(require("prompts"), 1); | ||
| var getParams = async (config) => { | ||
| var getParams = async (config, opts) => { | ||
| if ((opts == null ? void 0 : opts.key) && (opts == null ? void 0 : opts.value)) { | ||
| return { key: opts.key, value: opts.value }; | ||
| } | ||
| const response = await (0, import_prompts.default)([ | ||
@@ -194,3 +173,2 @@ { | ||
| // src/cli/add/index.ts | ||
| var import_yaml3 = __toESM(require("yaml"), 1); | ||
| var sortObjectByKeys = (object) => { | ||
@@ -204,3 +182,3 @@ if (!object) return {}; | ||
| }; | ||
| async function envAdd({ path: path2 }) { | ||
| async function envAdd({ path: path2, key: optKey, value: optValue }) { | ||
| if (!path2) { | ||
@@ -210,3 +188,3 @@ path2 = ".env.local.yml"; | ||
| const config = getConfig(path2); | ||
| const { key, value } = await getParams(config); | ||
| const { key, value } = await getParams(config, { key: optKey, value: optValue }); | ||
| if (!value) return; | ||
@@ -217,6 +195,88 @@ encryptValue(key, value, config); | ||
| config.readFromSecret = sortObjectByKeys(config.readFromSecret); | ||
| const text = import_yaml3.default.stringify(config); | ||
| const text = import_yaml2.default.stringify(config); | ||
| writeFile(path2, text); | ||
| } | ||
| // src/cli/init/index.ts | ||
| var import_yaml3 = __toESM(require("yaml"), 1); | ||
| async function envInit({ path: path2 }) { | ||
| if (!path2) { | ||
| path2 = ".env.local.yml"; | ||
| } | ||
| const keypair = generateKeys(); | ||
| const envFile = { | ||
| version: "1.0", | ||
| publicKey: keypair.encryptKey, | ||
| cleanKeys: {}, | ||
| encryptedKeys: {}, | ||
| readFromSecret: {} | ||
| }; | ||
| const text = import_yaml3.default.stringify(envFile); | ||
| writeFile(path2, text); | ||
| console.log(""); | ||
| console.log( | ||
| `Environment file created. You need to use the following key to decrypt the environment variables:` | ||
| ); | ||
| console.log(""); | ||
| console.log(keypair.decryptKey); | ||
| console.log(""); | ||
| } | ||
| // src/cli/migrate/index.ts | ||
| var import_yaml4 = __toESM(require("yaml"), 1); | ||
| var import_prompts2 = __toESM(require("prompts"), 1); | ||
| async function envMigrate({ path: path2, secret }) { | ||
| if (!path2) { | ||
| path2 = ".env.local.yml"; | ||
| } | ||
| const config = getConfig(path2); | ||
| const currentSecret = secret ?? await promptForSecret(); | ||
| const decryptedKeys = decryptAllKeys(config.encryptedKeys, currentSecret); | ||
| const newKeypair = generateKeys(); | ||
| const newEncryptedKeys = reEncryptAllKeys(decryptedKeys, newKeypair.encryptKey); | ||
| const updatedConfig = { | ||
| ...config, | ||
| publicKey: newKeypair.encryptKey, | ||
| encryptedKeys: newEncryptedKeys | ||
| }; | ||
| const text = import_yaml4.default.stringify(updatedConfig); | ||
| writeFile(path2, text); | ||
| console.log(""); | ||
| console.log("Config file migrated successfully."); | ||
| console.log(""); | ||
| console.log("New secret key (save this securely):"); | ||
| console.log(""); | ||
| console.log(newKeypair.decryptKey); | ||
| console.log(""); | ||
| } | ||
| async function promptForSecret() { | ||
| const response = await (0, import_prompts2.default)({ | ||
| type: "password", | ||
| name: "secret", | ||
| message: "Current secret key" | ||
| }); | ||
| if (!response.secret) { | ||
| throw new Error("Secret is required"); | ||
| } | ||
| return response.secret; | ||
| } | ||
| function decryptAllKeys(encryptedKeys, secretKey) { | ||
| const decrypted = {}; | ||
| for (const key in encryptedKeys) { | ||
| try { | ||
| decrypted[key] = decrypt2(secretKey, encryptedKeys[key]); | ||
| } catch (error) { | ||
| throw new Error(`Failed to decrypt key "${key}". Is the secret key correct?`); | ||
| } | ||
| } | ||
| return decrypted; | ||
| } | ||
| function reEncryptAllKeys(decryptedKeys, newPublicKey) { | ||
| const encrypted = {}; | ||
| for (const key in decryptedKeys) { | ||
| encrypted[key] = encrypt2(newPublicKey, decryptedKeys[key]); | ||
| } | ||
| return encrypted; | ||
| } | ||
| // src/environment/getVariables.ts | ||
@@ -300,59 +360,2 @@ function readSecrets(readFromSecret) { | ||
| // src/cli/migrate/index.ts | ||
| var import_yaml4 = __toESM(require("yaml"), 1); | ||
| var import_prompts2 = __toESM(require("prompts"), 1); | ||
| async function envMigrate({ path: path2, secret }) { | ||
| if (!path2) { | ||
| path2 = ".env.local.yml"; | ||
| } | ||
| const config = getConfig(path2); | ||
| const currentSecret = secret ?? await promptForSecret(); | ||
| const decryptedKeys = decryptAllKeys(config.encryptedKeys, currentSecret); | ||
| const newKeypair = generateKeys(); | ||
| const newEncryptedKeys = reEncryptAllKeys(decryptedKeys, newKeypair.encryptKey); | ||
| const updatedConfig = { | ||
| ...config, | ||
| publicKey: newKeypair.encryptKey, | ||
| encryptedKeys: newEncryptedKeys | ||
| }; | ||
| const text = import_yaml4.default.stringify(updatedConfig); | ||
| writeFile(path2, text); | ||
| console.log(""); | ||
| console.log("Config file migrated successfully."); | ||
| console.log(""); | ||
| console.log("New secret key (save this securely):"); | ||
| console.log(""); | ||
| console.log(newKeypair.decryptKey); | ||
| console.log(""); | ||
| } | ||
| async function promptForSecret() { | ||
| const response = await (0, import_prompts2.default)({ | ||
| type: "password", | ||
| name: "secret", | ||
| message: "Current secret key" | ||
| }); | ||
| if (!response.secret) { | ||
| throw new Error("Secret is required"); | ||
| } | ||
| return response.secret; | ||
| } | ||
| function decryptAllKeys(encryptedKeys, secretKey) { | ||
| const decrypted = {}; | ||
| for (const key in encryptedKeys) { | ||
| try { | ||
| decrypted[key] = decrypt2(secretKey, encryptedKeys[key]); | ||
| } catch (error) { | ||
| throw new Error(`Failed to decrypt key "${key}". Is the secret key correct?`); | ||
| } | ||
| } | ||
| return decrypted; | ||
| } | ||
| function reEncryptAllKeys(decryptedKeys, newPublicKey) { | ||
| const encrypted = {}; | ||
| for (const key in decryptedKeys) { | ||
| encrypted[key] = encrypt2(newPublicKey, decryptedKeys[key]); | ||
| } | ||
| return encrypted; | ||
| } | ||
| // src/cli/index.ts | ||
@@ -368,3 +371,3 @@ var program = new import_commander.Command(); | ||
| program.command("init").description("Creates a new encrypted env file").option("--path <path>", "Specify the env file name").action(run(envInit)); | ||
| program.command("add").description("Adds a new environment to the encrypted env file").option("--path <path>", "Specify the env file name").action(run(envAdd)); | ||
| program.command("add").description("Adds a new environment to the encrypted env file").option("--path <path>", "Specify the env file name").option("--key <key>", "The environment variable key").option("--value <value>", "The environment variable value").action(run(envAdd)); | ||
| program.command("read").description("Prints the value of the env file in JSON or a specific variable in plain text").option("--path <path>", "Specify the env file name").option("--key <key>", "Prints the value of a specific variable in plain text").option("--secret <secret>", "The password to decrypt the keys").action(run(envRead)); | ||
@@ -371,0 +374,0 @@ program.command("migrate").description("Migrates the config file to a new keypair, re-encrypting all keys").option("--path <path>", "Specify the env file name").option("--secret <secret>", "The current secret key to decrypt existing keys").action(run(envMigrate)); |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"sources":["../src/cli/index.ts","../src/cli/init/index.ts","../src/crypto/tweetnacl.ts","../src/crypto/util.ts","../src/crypto/index.ts","../src/files/index.ts","../src/cli/add/encryptValue.ts","../src/cli/add/getConfig.ts","../src/cli/add/getParams.ts","../src/cli/add/index.ts","../src/environment/getVariables.ts","../src/cli/read/index.ts","../src/cli/migrate/index.ts"],"sourcesContent":["#!/usr/bin/env node\nimport {Command} from 'commander'\nimport chalk from 'chalk'\nimport envInit from './init'\nimport envAdd from './add'\nimport envRead from './read'\nimport envMigrate from './migrate'\n\nconst program = new Command()\n\nconst run =\n action =>\n async (...args) => {\n try {\n await action(...args)\n } catch (e) {\n console.error(chalk.red(`Error: ${e.message}`))\n }\n }\n\nprogram\n .command('init')\n .description('Creates a new encrypted env file')\n .option('--path <path>', 'Specify the env file name')\n .action(run(envInit))\n\nprogram\n .command('add')\n .description('Adds a new environment to the encrypted env file')\n .option('--path <path>', 'Specify the env file name')\n .action(run(envAdd))\n\nprogram\n .command('read')\n .description('Prints the value of the env file in JSON or a specific variable in plain text')\n .option('--path <path>', 'Specify the env file name')\n .option('--key <key>', 'Prints the value of a specific variable in plain text')\n .option('--secret <secret>', 'The password to decrypt the keys')\n .action(run(envRead))\n\nprogram\n .command('migrate')\n .description('Migrates the config file to a new keypair, re-encrypting all keys')\n .option('--path <path>', 'Specify the env file name')\n .option('--secret <secret>', 'The current secret key to decrypt existing keys')\n .action(run(envMigrate))\n\nprogram.parse(process.argv)\n\nif (!process.argv.slice(2).length) {\n program.outputHelp()\n}\n","import YAML from 'yaml'\nimport {generateKeys} from '../../crypto'\nimport {Config} from '../../environment/getVariables'\nimport {writeFile} from '../../files'\n\nexport default async function envInit({path}) {\n if (!path) {\n path = '.env.local.yml'\n }\n\n const keypair = generateKeys()\n\n const envFile: Config = {\n version: '1.0',\n publicKey: keypair.encryptKey,\n cleanKeys: {},\n encryptedKeys: {},\n readFromSecret: {},\n }\n\n const text = YAML.stringify(envFile)\n\n writeFile(path, text)\n\n console.log('')\n\n console.log(\n `Environment file created. You need to use the following key to decrypt the environment variables:`,\n )\n\n console.log('')\n\n console.log(keypair.decryptKey)\n\n console.log('')\n}\n","import nacl from 'tweetnacl-es6'\nimport {decodeUTF8, encodeUTF8, encodeBase64, decodeBase64} from './util'\n\nconst newNonce = () => nacl.randomBytes(nacl.box.nonceLength)\nexport const generateKeyPair = () => nacl.box.keyPair()\n\nexport const encrypt = (bSecretKey: Uint8Array, aPublicKey: Uint8Array, message: string) => {\n const nonce = newNonce()\n const messageUint8 = decodeUTF8(message)\n const encrypted = nacl.box(messageUint8, nonce, aPublicKey, bSecretKey)\n\n const fullMessage = new Uint8Array(nonce.length + encrypted.length)\n fullMessage.set(nonce)\n fullMessage.set(encrypted, nonce.length)\n\n const base64FullMessage = encodeBase64(fullMessage)\n return base64FullMessage\n}\n\nexport const decrypt = (\n aSecretKey: Uint8Array,\n bPublicKey: Uint8Array,\n messageWithNonce: string,\n) => {\n const messageWithNonceAsUint8Array = decodeBase64(messageWithNonce)\n const nonce = messageWithNonceAsUint8Array.slice(0, nacl.box.nonceLength)\n const message = messageWithNonceAsUint8Array.slice(nacl.box.nonceLength, messageWithNonce.length)\n\n const decrypted = nacl.box.open(message, nonce, bPublicKey, aSecretKey)\n\n if (!decrypted) {\n throw new Error('Could not decrypt message')\n }\n\n const base64DecryptedMessage = encodeUTF8(decrypted)\n return base64DecryptedMessage\n}\n","// Written in 2014-2016 by Dmitry Chestnykh and Devi Mandiri.\n// Public domain.\n\nimport {WithImplicitCoercion} from 'node:buffer'\n\nfunction validateBase64(s: string) {\n if (!/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/.test(s)) {\n throw new TypeError('invalid encoding')\n }\n}\n\nexport const decodeUTF8 = (s: string | number | boolean) => {\n if (typeof s !== 'string') throw new TypeError('expected string')\n let i: number\n const d = unescape(encodeURIComponent(s))\n const b = new Uint8Array(d.length)\n for (i = 0; i < d.length; i++) b[i] = d.charCodeAt(i)\n return b\n}\n\nexport const encodeUTF8 = (arr: string | any[]) => {\n let i: number\n const s = []\n for (i = 0; i < arr.length; i++) s.push(String.fromCharCode(arr[i]))\n return decodeURIComponent(escape(s.join('')))\n}\n\nexport const encodeBase64 = (arr: Uint8Array<any>) => Buffer.from(arr).toString('base64')\n\nexport const decodeBase64 = (s: WithImplicitCoercion<string>) => {\n validateBase64(s as any)\n return new Uint8Array(Array.prototype.slice.call(Buffer.from(s, 'base64'), 0))\n}\n","import {generateKeyPair, encrypt as tweetEncrypt, decrypt as tweetDecrypt} from './tweetnacl'\nimport {encodeBase64, decodeBase64} from './util'\n\nexport function generateKeys() {\n const {publicKey, secretKey} = generateKeyPair()\n\n const encryptKeyHex = encodeBase64(publicKey)\n const decryptKeyHex = encodeBase64(secretKey)\n\n return {\n encryptKey: encryptKeyHex,\n decryptKey: decryptKeyHex,\n }\n}\n\n/**\n * Creates a temporal keypair just to encrypt one message.\n * Saves the public key in the result so that the message can be decrypted.\n */\nexport function encrypt(encryptKey: string, message: string) {\n const encryptPublicKey = decodeBase64(encryptKey)\n const tempPair = generateKeyPair()\n const encrypted = tweetEncrypt(tempPair.secretKey, encryptPublicKey, message)\n const hexTempPublic = encodeBase64(tempPair.publicKey)\n return `${hexTempPublic}:${encrypted}`\n}\n\n/**\n * Ecrypts a message using the decrypt key\n */\nexport function decrypt(decryptKey: string, encrypted: string) {\n const decryptSecretKey = decodeBase64(decryptKey)\n const [messagePubKeyHex, encryptedMessage] = encrypted.split(':')\n const messagePubKey = decodeBase64(messagePubKeyHex)\n\n return tweetDecrypt(decryptSecretKey, messagePubKey, encryptedMessage)\n}\n","import fs from 'node:fs'\nimport path from 'node:path'\n\nexport function readFile(filePath: string) {\n if (!fs.existsSync(filePath)) return null\n\n return fs.readFileSync(filePath).toString()\n}\n\nexport function writeFile(path: string, content: string) {\n ensureDirectory(path)\n fs.writeFileSync(path, content)\n}\n\nexport function ensureDirectory(filePath) {\n const dirname = path.dirname(filePath)\n if (fs.existsSync(dirname)) return true\n ensureDirectory(dirname)\n fs.mkdirSync(dirname)\n}\n","import {encrypt} from '../../crypto'\nimport {Config} from '../../environment/getVariables'\n\nexport const encryptValue = (key: string, value: string, config: Config) => {\n config.encryptedKeys[key] = encrypt(config.publicKey, value)\n}\n","import YAML from 'yaml'\nimport {Config} from '../../environment/getVariables'\nimport {readFile} from '../../files'\n\nexport const getConfig = (envPath: string): Config => {\n const configFile = readFile(envPath)\n\n if (!configFile) {\n throw new Error('No config file found at path ' + envPath)\n }\n\n return YAML.parse(configFile)\n}\n","import prompts from 'prompts'\nimport {Config} from '../../environment/getVariables'\n\nexport const getParams = async (config: Config) => {\n const response = await prompts([\n {\n type: 'text',\n name: 'key',\n message: 'Key',\n },\n {\n type: 'text',\n name: 'value',\n message: 'Value',\n },\n ])\n\n return {\n key: response.key as string,\n value: response.value as string,\n }\n}\n","import {encryptValue} from './encryptValue'\nimport {getConfig} from './getConfig'\nimport {getParams} from './getParams'\nimport YAML from 'yaml'\nimport {writeFile} from '../../files'\n\nconst sortObjectByKeys = (object: any) => {\n if (!object) return {}\n const sorted = {}\n Object.keys(object)\n .sort()\n .forEach(key => {\n sorted[key] = object[key]\n })\n return sorted\n}\n\nexport default async function envAdd({path}) {\n if (!path) {\n path = '.env.local.yml'\n }\n\n const config = getConfig(path)\n const {key, value} = await getParams(config)\n if (!value) return\n\n encryptValue(key, value, config)\n\n // sort keys alphabetically\n config.cleanKeys = sortObjectByKeys(config.cleanKeys)\n config.encryptedKeys = sortObjectByKeys(config.encryptedKeys)\n config.readFromSecret = sortObjectByKeys(config.readFromSecret)\n\n const text = YAML.stringify(config)\n writeFile(path, text)\n}\n","import {decrypt} from '../crypto'\n\nexport interface Config {\n version: string\n publicKey: string\n cleanKeys: {\n [key: string]: string\n }\n encryptedKeys: {\n [key: string]: string\n }\n readFromSecret?: {\n [key: string]: string[]\n }\n}\n\nexport interface Variables {\n [key: string]: string\n}\n\nfunction readSecrets(readFromSecret): {variables: Variables; secretKey: string} {\n const variables: Variables = {}\n let secretKey = null\n if (!readFromSecret) return {variables, secretKey}\n for (const secretName in readFromSecret) {\n const keys = readFromSecret[secretName]\n if (!process.env[secretName]) {\n console.warn(\n `@orion/env could not find the secret \"${secretName}\" in the environment. Related variables will be undefined.`,\n )\n continue\n }\n\n try {\n const values = JSON.parse(process.env[secretName])\n if (values.ORION_ENV_SECRET_KEY) {\n secretKey = values.ORION_ENV_SECRET_KEY\n }\n for (const key of keys) {\n if (values[key]) {\n variables[key] = values[key]\n } else {\n console.warn(\n `@orion/env could not find the variable \"${key}\" in the secret \"${secretName}\". Related variables will be undefined.`,\n )\n }\n }\n } catch (error) {\n console.warn(\n `'@orion/env found a the secret \"${secretName}\" variable in the environment but it is not a valid JSON. Related variables will be undefined.'`,\n )\n }\n }\n return {variables, secretKey: secretKey}\n}\n\nexport function getVariables(config: Config, secretKey?: string): Variables {\n const {cleanKeys, encryptedKeys, readFromSecret} = config\n const {variables, secretKey: foundSecretKey} = readSecrets(readFromSecret)\n let decryptKey = foundSecretKey || secretKey\n if (!decryptKey) {\n throw new Error(\n 'Orion encrypted env was passed but process.env.ORION_ENV_SECRET_KEY is not defined',\n )\n }\n\n for (const key in cleanKeys) {\n const value = cleanKeys[key]\n variables[key] = value\n }\n\n for (const key in encryptedKeys) {\n const encrypted = encryptedKeys[key]\n try {\n variables[key] = decrypt(decryptKey, encrypted)\n } catch (error) {\n throw new Error(\n `Orion encrypted env was passed but process.env.ORION_ENV_SECRET_KEY is not the right key for \"${key}\"`,\n )\n }\n }\n return variables\n}\n","import {getVariables} from '../../environment/getVariables'\nimport {getConfig} from '../add/getConfig'\n\nexport default async function envRead({path, key, secret}) {\n if (!path) {\n path = '.env.local.yml'\n }\n if (!secret) {\n throw new Error('Secret is required')\n }\n\n const config = getConfig(path)\n const variables = getVariables(config, secret)\n\n if (key) {\n console.log(variables[key])\n } else {\n console.log(JSON.stringify(variables, null, 2))\n }\n}\n","import YAML from 'yaml'\nimport {decrypt, encrypt, generateKeys} from '../../crypto'\nimport {Config} from '../../environment/getVariables'\nimport {writeFile} from '../../files'\nimport {getConfig} from '../add/getConfig'\nimport prompts from 'prompts'\n\ninterface MigrateOptions {\n path?: string\n secret?: string\n}\n\n/**\n * Migrates an env config file to a new keypair.\n * Re-encrypts all encrypted keys with the new public key.\n */\nexport default async function envMigrate({path, secret}: MigrateOptions) {\n if (!path) {\n path = '.env.local.yml'\n }\n\n const config = getConfig(path)\n\n // Get the current secret key if not provided\n const currentSecret = secret ?? (await promptForSecret())\n\n // Decrypt all encrypted keys using the old secret\n const decryptedKeys = decryptAllKeys(config.encryptedKeys, currentSecret)\n\n // Generate a new keypair\n const newKeypair = generateKeys()\n\n // Re-encrypt all keys with the new public key\n const newEncryptedKeys = reEncryptAllKeys(decryptedKeys, newKeypair.encryptKey)\n\n // Create the updated config\n const updatedConfig: Config = {\n ...config,\n publicKey: newKeypair.encryptKey,\n encryptedKeys: newEncryptedKeys,\n }\n\n // Write the updated config file\n const text = YAML.stringify(updatedConfig)\n writeFile(path, text)\n\n console.log('')\n console.log('Config file migrated successfully.')\n console.log('')\n console.log('New secret key (save this securely):')\n console.log('')\n console.log(newKeypair.decryptKey)\n console.log('')\n}\n\nasync function promptForSecret(): Promise<string> {\n const response = await prompts({\n type: 'password',\n name: 'secret',\n message: 'Current secret key',\n })\n\n if (!response.secret) {\n throw new Error('Secret is required')\n }\n\n return response.secret as string\n}\n\nfunction decryptAllKeys(\n encryptedKeys: Record<string, string>,\n secretKey: string,\n): Record<string, string> {\n const decrypted: Record<string, string> = {}\n\n for (const key in encryptedKeys) {\n try {\n decrypted[key] = decrypt(secretKey, encryptedKeys[key])\n } catch (error) {\n throw new Error(`Failed to decrypt key \"${key}\". Is the secret key correct?`)\n }\n }\n\n return decrypted\n}\n\nfunction reEncryptAllKeys(\n decryptedKeys: Record<string, string>,\n newPublicKey: string,\n): Record<string, string> {\n const encrypted: Record<string, string> = {}\n\n for (const key in decryptedKeys) {\n encrypted[key] = encrypt(newPublicKey, decryptedKeys[key])\n }\n\n return encrypted\n}\n\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AACA,uBAAsB;AACtB,mBAAkB;;;ACFlB,kBAAiB;;;ACAjB,2BAAiB;;;ACKjB,SAAS,eAAe,GAAW;AACjC,MAAI,CAAC,mEAAmE,KAAK,CAAC,GAAG;AAC/E,UAAM,IAAI,UAAU,kBAAkB;AAAA,EACxC;AACF;AAEO,IAAM,aAAa,CAAC,MAAiC;AAC1D,MAAI,OAAO,MAAM,SAAU,OAAM,IAAI,UAAU,iBAAiB;AAChE,MAAI;AACJ,QAAM,IAAI,SAAS,mBAAmB,CAAC,CAAC;AACxC,QAAM,IAAI,IAAI,WAAW,EAAE,MAAM;AACjC,OAAK,IAAI,GAAG,IAAI,EAAE,QAAQ,IAAK,GAAE,CAAC,IAAI,EAAE,WAAW,CAAC;AACpD,SAAO;AACT;AAEO,IAAM,aAAa,CAAC,QAAwB;AACjD,MAAI;AACJ,QAAM,IAAI,CAAC;AACX,OAAK,IAAI,GAAG,IAAI,IAAI,QAAQ,IAAK,GAAE,KAAK,OAAO,aAAa,IAAI,CAAC,CAAC,CAAC;AACnE,SAAO,mBAAmB,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;AAC9C;AAEO,IAAM,eAAe,CAAC,QAAyB,OAAO,KAAK,GAAG,EAAE,SAAS,QAAQ;AAEjF,IAAM,eAAe,CAAC,MAAoC;AAC/D,iBAAe,CAAQ;AACvB,SAAO,IAAI,WAAW,MAAM,UAAU,MAAM,KAAK,OAAO,KAAK,GAAG,QAAQ,GAAG,CAAC,CAAC;AAC/E;;;AD7BA,IAAM,WAAW,MAAM,qBAAAA,QAAK,YAAY,qBAAAA,QAAK,IAAI,WAAW;AACrD,IAAM,kBAAkB,MAAM,qBAAAA,QAAK,IAAI,QAAQ;AAE/C,IAAM,UAAU,CAAC,YAAwB,YAAwB,YAAoB;AAC1F,QAAM,QAAQ,SAAS;AACvB,QAAM,eAAe,WAAW,OAAO;AACvC,QAAM,YAAY,qBAAAA,QAAK,IAAI,cAAc,OAAO,YAAY,UAAU;AAEtE,QAAM,cAAc,IAAI,WAAW,MAAM,SAAS,UAAU,MAAM;AAClE,cAAY,IAAI,KAAK;AACrB,cAAY,IAAI,WAAW,MAAM,MAAM;AAEvC,QAAM,oBAAoB,aAAa,WAAW;AAClD,SAAO;AACT;AAEO,IAAM,UAAU,CACrB,YACA,YACA,qBACG;AACH,QAAM,+BAA+B,aAAa,gBAAgB;AAClE,QAAM,QAAQ,6BAA6B,MAAM,GAAG,qBAAAA,QAAK,IAAI,WAAW;AACxE,QAAM,UAAU,6BAA6B,MAAM,qBAAAA,QAAK,IAAI,aAAa,iBAAiB,MAAM;AAEhG,QAAM,YAAY,qBAAAA,QAAK,IAAI,KAAK,SAAS,OAAO,YAAY,UAAU;AAEtE,MAAI,CAAC,WAAW;AACd,UAAM,IAAI,MAAM,2BAA2B;AAAA,EAC7C;AAEA,QAAM,yBAAyB,WAAW,SAAS;AACnD,SAAO;AACT;;;AEjCO,SAAS,eAAe;AAC7B,QAAM,EAAC,WAAW,UAAS,IAAI,gBAAgB;AAE/C,QAAM,gBAAgB,aAAa,SAAS;AAC5C,QAAM,gBAAgB,aAAa,SAAS;AAE5C,SAAO;AAAA,IACL,YAAY;AAAA,IACZ,YAAY;AAAA,EACd;AACF;AAMO,SAASC,SAAQ,YAAoB,SAAiB;AAC3D,QAAM,mBAAmB,aAAa,UAAU;AAChD,QAAM,WAAW,gBAAgB;AACjC,QAAM,YAAY,QAAa,SAAS,WAAW,kBAAkB,OAAO;AAC5E,QAAM,gBAAgB,aAAa,SAAS,SAAS;AACrD,SAAO,GAAG,aAAa,IAAI,SAAS;AACtC;AAKO,SAASC,SAAQ,YAAoB,WAAmB;AAC7D,QAAM,mBAAmB,aAAa,UAAU;AAChD,QAAM,CAAC,kBAAkB,gBAAgB,IAAI,UAAU,MAAM,GAAG;AAChE,QAAM,gBAAgB,aAAa,gBAAgB;AAEnD,SAAO,QAAa,kBAAkB,eAAe,gBAAgB;AACvE;;;ACpCA,qBAAe;AACf,uBAAiB;AAEV,SAAS,SAAS,UAAkB;AACzC,MAAI,CAAC,eAAAC,QAAG,WAAW,QAAQ,EAAG,QAAO;AAErC,SAAO,eAAAA,QAAG,aAAa,QAAQ,EAAE,SAAS;AAC5C;AAEO,SAAS,UAAUC,OAAc,SAAiB;AACvD,kBAAgBA,KAAI;AACpB,iBAAAD,QAAG,cAAcC,OAAM,OAAO;AAChC;AAEO,SAAS,gBAAgB,UAAU;AACxC,QAAM,UAAU,iBAAAA,QAAK,QAAQ,QAAQ;AACrC,MAAI,eAAAD,QAAG,WAAW,OAAO,EAAG,QAAO;AACnC,kBAAgB,OAAO;AACvB,iBAAAA,QAAG,UAAU,OAAO;AACtB;;;AJdA,eAAO,QAA+B,EAAC,MAAAE,MAAI,GAAG;AAC5C,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AAEA,QAAM,UAAU,aAAa;AAE7B,QAAM,UAAkB;AAAA,IACtB,SAAS;AAAA,IACT,WAAW,QAAQ;AAAA,IACnB,WAAW,CAAC;AAAA,IACZ,eAAe,CAAC;AAAA,IAChB,gBAAgB,CAAC;AAAA,EACnB;AAEA,QAAM,OAAO,YAAAC,QAAK,UAAU,OAAO;AAEnC,YAAUD,OAAM,IAAI;AAEpB,UAAQ,IAAI,EAAE;AAEd,UAAQ;AAAA,IACN;AAAA,EACF;AAEA,UAAQ,IAAI,EAAE;AAEd,UAAQ,IAAI,QAAQ,UAAU;AAE9B,UAAQ,IAAI,EAAE;AAChB;;;AKhCO,IAAM,eAAe,CAAC,KAAa,OAAe,WAAmB;AAC1E,SAAO,cAAc,GAAG,IAAIE,SAAQ,OAAO,WAAW,KAAK;AAC7D;;;ACLA,IAAAC,eAAiB;AAIV,IAAM,YAAY,CAAC,YAA4B;AACpD,QAAM,aAAa,SAAS,OAAO;AAEnC,MAAI,CAAC,YAAY;AACf,UAAM,IAAI,MAAM,kCAAkC,OAAO;AAAA,EAC3D;AAEA,SAAO,aAAAC,QAAK,MAAM,UAAU;AAC9B;;;ACZA,qBAAoB;AAGb,IAAM,YAAY,OAAO,WAAmB;AACjD,QAAM,WAAW,UAAM,eAAAC,SAAQ;AAAA,IAC7B;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,IACX;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,IACX;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL,KAAK,SAAS;AAAA,IACd,OAAO,SAAS;AAAA,EAClB;AACF;;;AClBA,IAAAC,eAAiB;AAGjB,IAAM,mBAAmB,CAAC,WAAgB;AACxC,MAAI,CAAC,OAAQ,QAAO,CAAC;AACrB,QAAM,SAAS,CAAC;AAChB,SAAO,KAAK,MAAM,EACf,KAAK,EACL,QAAQ,SAAO;AACd,WAAO,GAAG,IAAI,OAAO,GAAG;AAAA,EAC1B,CAAC;AACH,SAAO;AACT;AAEA,eAAO,OAA8B,EAAC,MAAAC,MAAI,GAAG;AAC3C,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AAEA,QAAM,SAAS,UAAUA,KAAI;AAC7B,QAAM,EAAC,KAAK,MAAK,IAAI,MAAM,UAAU,MAAM;AAC3C,MAAI,CAAC,MAAO;AAEZ,eAAa,KAAK,OAAO,MAAM;AAG/B,SAAO,YAAY,iBAAiB,OAAO,SAAS;AACpD,SAAO,gBAAgB,iBAAiB,OAAO,aAAa;AAC5D,SAAO,iBAAiB,iBAAiB,OAAO,cAAc;AAE9D,QAAM,OAAO,aAAAC,QAAK,UAAU,MAAM;AAClC,YAAUD,OAAM,IAAI;AACtB;;;ACfA,SAAS,YAAY,gBAA2D;AAC9E,QAAM,YAAuB,CAAC;AAC9B,MAAI,YAAY;AAChB,MAAI,CAAC,eAAgB,QAAO,EAAC,WAAW,UAAS;AACjD,aAAW,cAAc,gBAAgB;AACvC,UAAM,OAAO,eAAe,UAAU;AACtC,QAAI,CAAC,QAAQ,IAAI,UAAU,GAAG;AAC5B,cAAQ;AAAA,QACN,yCAAyC,UAAU;AAAA,MACrD;AACA;AAAA,IACF;AAEA,QAAI;AACF,YAAM,SAAS,KAAK,MAAM,QAAQ,IAAI,UAAU,CAAC;AACjD,UAAI,OAAO,sBAAsB;AAC/B,oBAAY,OAAO;AAAA,MACrB;AACA,iBAAW,OAAO,MAAM;AACtB,YAAI,OAAO,GAAG,GAAG;AACf,oBAAU,GAAG,IAAI,OAAO,GAAG;AAAA,QAC7B,OAAO;AACL,kBAAQ;AAAA,YACN,2CAA2C,GAAG,oBAAoB,UAAU;AAAA,UAC9E;AAAA,QACF;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,cAAQ;AAAA,QACN,mCAAmC,UAAU;AAAA,MAC/C;AAAA,IACF;AAAA,EACF;AACA,SAAO,EAAC,WAAW,UAAoB;AACzC;AAEO,SAAS,aAAa,QAAgB,WAA+B;AAC1E,QAAM,EAAC,WAAW,eAAe,eAAc,IAAI;AACnD,QAAM,EAAC,WAAW,WAAW,eAAc,IAAI,YAAY,cAAc;AACzE,MAAI,aAAa,kBAAkB;AACnC,MAAI,CAAC,YAAY;AACf,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,aAAW,OAAO,WAAW;AAC3B,UAAM,QAAQ,UAAU,GAAG;AAC3B,cAAU,GAAG,IAAI;AAAA,EACnB;AAEA,aAAW,OAAO,eAAe;AAC/B,UAAM,YAAY,cAAc,GAAG;AACnC,QAAI;AACF,gBAAU,GAAG,IAAIE,SAAQ,YAAY,SAAS;AAAA,IAChD,SAAS,OAAO;AACd,YAAM,IAAI;AAAA,QACR,iGAAiG,GAAG;AAAA,MACtG;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;;;AC/EA,eAAO,QAA+B,EAAC,MAAAC,OAAM,KAAK,OAAM,GAAG;AACzD,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AACA,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI,MAAM,oBAAoB;AAAA,EACtC;AAEA,QAAM,SAAS,UAAUA,KAAI;AAC7B,QAAM,YAAY,aAAa,QAAQ,MAAM;AAE7C,MAAI,KAAK;AACP,YAAQ,IAAI,UAAU,GAAG,CAAC;AAAA,EAC5B,OAAO;AACL,YAAQ,IAAI,KAAK,UAAU,WAAW,MAAM,CAAC,CAAC;AAAA,EAChD;AACF;;;ACnBA,IAAAC,eAAiB;AAKjB,IAAAC,kBAAoB;AAWpB,eAAO,WAAkC,EAAC,MAAAC,OAAM,OAAM,GAAmB;AACvE,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AAEA,QAAM,SAAS,UAAUA,KAAI;AAG7B,QAAM,gBAAgB,UAAW,MAAM,gBAAgB;AAGvD,QAAM,gBAAgB,eAAe,OAAO,eAAe,aAAa;AAGxE,QAAM,aAAa,aAAa;AAGhC,QAAM,mBAAmB,iBAAiB,eAAe,WAAW,UAAU;AAG9E,QAAM,gBAAwB;AAAA,IAC5B,GAAG;AAAA,IACH,WAAW,WAAW;AAAA,IACtB,eAAe;AAAA,EACjB;AAGA,QAAM,OAAO,aAAAC,QAAK,UAAU,aAAa;AACzC,YAAUD,OAAM,IAAI;AAEpB,UAAQ,IAAI,EAAE;AACd,UAAQ,IAAI,oCAAoC;AAChD,UAAQ,IAAI,EAAE;AACd,UAAQ,IAAI,sCAAsC;AAClD,UAAQ,IAAI,EAAE;AACd,UAAQ,IAAI,WAAW,UAAU;AACjC,UAAQ,IAAI,EAAE;AAChB;AAEA,eAAe,kBAAmC;AAChD,QAAM,WAAW,UAAM,gBAAAE,SAAQ;AAAA,IAC7B,MAAM;AAAA,IACN,MAAM;AAAA,IACN,SAAS;AAAA,EACX,CAAC;AAED,MAAI,CAAC,SAAS,QAAQ;AACpB,UAAM,IAAI,MAAM,oBAAoB;AAAA,EACtC;AAEA,SAAO,SAAS;AAClB;AAEA,SAAS,eACP,eACA,WACwB;AACxB,QAAM,YAAoC,CAAC;AAE3C,aAAW,OAAO,eAAe;AAC/B,QAAI;AACF,gBAAU,GAAG,IAAIC,SAAQ,WAAW,cAAc,GAAG,CAAC;AAAA,IACxD,SAAS,OAAO;AACd,YAAM,IAAI,MAAM,0BAA0B,GAAG,+BAA+B;AAAA,IAC9E;AAAA,EACF;AAEA,SAAO;AACT;AAEA,SAAS,iBACP,eACA,cACwB;AACxB,QAAM,YAAoC,CAAC;AAE3C,aAAW,OAAO,eAAe;AAC/B,cAAU,GAAG,IAAIC,SAAQ,cAAc,cAAc,GAAG,CAAC;AAAA,EAC3D;AAEA,SAAO;AACT;;;AZzFA,IAAM,UAAU,IAAI,yBAAQ;AAE5B,IAAM,MACJ,YACA,UAAU,SAAS;AACjB,MAAI;AACF,UAAM,OAAO,GAAG,IAAI;AAAA,EACtB,SAAS,GAAG;AACV,YAAQ,MAAM,aAAAC,QAAM,IAAI,UAAU,EAAE,OAAO,EAAE,CAAC;AAAA,EAChD;AACF;AAEF,QACG,QAAQ,MAAM,EACd,YAAY,kCAAkC,EAC9C,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,IAAI,OAAO,CAAC;AAEtB,QACG,QAAQ,KAAK,EACb,YAAY,kDAAkD,EAC9D,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,IAAI,MAAM,CAAC;AAErB,QACG,QAAQ,MAAM,EACd,YAAY,+EAA+E,EAC3F,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,eAAe,uDAAuD,EAC7E,OAAO,qBAAqB,kCAAkC,EAC9D,OAAO,IAAI,OAAO,CAAC;AAEtB,QACG,QAAQ,SAAS,EACjB,YAAY,mEAAmE,EAC/E,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,qBAAqB,iDAAiD,EAC7E,OAAO,IAAI,UAAU,CAAC;AAEzB,QAAQ,MAAM,QAAQ,IAAI;AAE1B,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,EAAE,QAAQ;AACjC,UAAQ,WAAW;AACrB;","names":["nacl","encrypt","decrypt","fs","path","path","YAML","encrypt","import_yaml","YAML","prompts","import_yaml","path","YAML","decrypt","path","import_yaml","import_prompts","path","YAML","prompts","decrypt","encrypt","chalk"]} | ||
| {"version":3,"sources":["../src/cli/index.ts","../src/cli/add/index.ts","../src/files/index.ts","../src/crypto/tweetnacl.ts","../src/crypto/util.ts","../src/crypto/index.ts","../src/cli/add/encryptValue.ts","../src/cli/add/getConfig.ts","../src/cli/add/getParams.ts","../src/cli/init/index.ts","../src/cli/migrate/index.ts","../src/environment/getVariables.ts","../src/cli/read/index.ts"],"sourcesContent":["#!/usr/bin/env node\nimport chalk from 'chalk'\nimport {Command} from 'commander'\nimport envAdd from './add'\nimport envInit from './init'\nimport envMigrate from './migrate'\nimport envRead from './read'\n\nconst program = new Command()\n\nconst run =\n action =>\n async (...args) => {\n try {\n await action(...args)\n } catch (e) {\n console.error(chalk.red(`Error: ${e.message}`))\n }\n }\n\nprogram\n .command('init')\n .description('Creates a new encrypted env file')\n .option('--path <path>', 'Specify the env file name')\n .action(run(envInit))\n\nprogram\n .command('add')\n .description('Adds a new environment to the encrypted env file')\n .option('--path <path>', 'Specify the env file name')\n .option('--key <key>', 'The environment variable key')\n .option('--value <value>', 'The environment variable value')\n .action(run(envAdd))\n\nprogram\n .command('read')\n .description('Prints the value of the env file in JSON or a specific variable in plain text')\n .option('--path <path>', 'Specify the env file name')\n .option('--key <key>', 'Prints the value of a specific variable in plain text')\n .option('--secret <secret>', 'The password to decrypt the keys')\n .action(run(envRead))\n\nprogram\n .command('migrate')\n .description('Migrates the config file to a new keypair, re-encrypting all keys')\n .option('--path <path>', 'Specify the env file name')\n .option('--secret <secret>', 'The current secret key to decrypt existing keys')\n .action(run(envMigrate))\n\nprogram.parse(process.argv)\n\nif (!process.argv.slice(2).length) {\n program.outputHelp()\n}\n","import YAML from 'yaml'\nimport {writeFile} from '../../files'\nimport {encryptValue} from './encryptValue'\nimport {getConfig} from './getConfig'\nimport {getParams} from './getParams'\n\nconst sortObjectByKeys = (object: any) => {\n if (!object) return {}\n const sorted = {}\n Object.keys(object)\n .sort()\n .forEach(key => {\n sorted[key] = object[key]\n })\n return sorted\n}\n\nexport default async function envAdd({path, key: optKey, value: optValue}) {\n if (!path) {\n path = '.env.local.yml'\n }\n\n const config = getConfig(path)\n const {key, value} = await getParams(config, {key: optKey, value: optValue})\n if (!value) return\n\n encryptValue(key, value, config)\n\n // sort keys alphabetically\n config.cleanKeys = sortObjectByKeys(config.cleanKeys)\n config.encryptedKeys = sortObjectByKeys(config.encryptedKeys)\n config.readFromSecret = sortObjectByKeys(config.readFromSecret)\n\n const text = YAML.stringify(config)\n writeFile(path, text)\n}\n","import fs from 'node:fs'\nimport path from 'node:path'\n\nexport function readFile(filePath: string) {\n if (!fs.existsSync(filePath)) return null\n\n return fs.readFileSync(filePath).toString()\n}\n\nexport function writeFile(path: string, content: string) {\n ensureDirectory(path)\n fs.writeFileSync(path, content)\n}\n\nexport function ensureDirectory(filePath) {\n const dirname = path.dirname(filePath)\n if (fs.existsSync(dirname)) return true\n ensureDirectory(dirname)\n fs.mkdirSync(dirname)\n}\n","import nacl from 'tweetnacl-es6'\nimport {decodeUTF8, encodeUTF8, encodeBase64, decodeBase64} from './util'\n\nconst newNonce = () => nacl.randomBytes(nacl.box.nonceLength)\nexport const generateKeyPair = () => nacl.box.keyPair()\n\nexport const encrypt = (bSecretKey: Uint8Array, aPublicKey: Uint8Array, message: string) => {\n const nonce = newNonce()\n const messageUint8 = decodeUTF8(message)\n const encrypted = nacl.box(messageUint8, nonce, aPublicKey, bSecretKey)\n\n const fullMessage = new Uint8Array(nonce.length + encrypted.length)\n fullMessage.set(nonce)\n fullMessage.set(encrypted, nonce.length)\n\n const base64FullMessage = encodeBase64(fullMessage)\n return base64FullMessage\n}\n\nexport const decrypt = (\n aSecretKey: Uint8Array,\n bPublicKey: Uint8Array,\n messageWithNonce: string,\n) => {\n const messageWithNonceAsUint8Array = decodeBase64(messageWithNonce)\n const nonce = messageWithNonceAsUint8Array.slice(0, nacl.box.nonceLength)\n const message = messageWithNonceAsUint8Array.slice(nacl.box.nonceLength, messageWithNonce.length)\n\n const decrypted = nacl.box.open(message, nonce, bPublicKey, aSecretKey)\n\n if (!decrypted) {\n throw new Error('Could not decrypt message')\n }\n\n const base64DecryptedMessage = encodeUTF8(decrypted)\n return base64DecryptedMessage\n}\n","// Written in 2014-2016 by Dmitry Chestnykh and Devi Mandiri.\n// Public domain.\n\nimport {WithImplicitCoercion} from 'node:buffer'\n\nfunction validateBase64(s: string) {\n if (!/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/.test(s)) {\n throw new TypeError('invalid encoding')\n }\n}\n\nexport const decodeUTF8 = (s: string | number | boolean) => {\n if (typeof s !== 'string') throw new TypeError('expected string')\n let i: number\n const d = unescape(encodeURIComponent(s))\n const b = new Uint8Array(d.length)\n for (i = 0; i < d.length; i++) b[i] = d.charCodeAt(i)\n return b\n}\n\nexport const encodeUTF8 = (arr: string | any[]) => {\n let i: number\n const s = []\n for (i = 0; i < arr.length; i++) s.push(String.fromCharCode(arr[i]))\n return decodeURIComponent(escape(s.join('')))\n}\n\nexport const encodeBase64 = (arr: Uint8Array<any>) => Buffer.from(arr).toString('base64')\n\nexport const decodeBase64 = (s: WithImplicitCoercion<string>) => {\n validateBase64(s as any)\n return new Uint8Array(Array.prototype.slice.call(Buffer.from(s, 'base64'), 0))\n}\n","import {generateKeyPair, encrypt as tweetEncrypt, decrypt as tweetDecrypt} from './tweetnacl'\nimport {encodeBase64, decodeBase64} from './util'\n\nexport function generateKeys() {\n const {publicKey, secretKey} = generateKeyPair()\n\n const encryptKeyHex = encodeBase64(publicKey)\n const decryptKeyHex = encodeBase64(secretKey)\n\n return {\n encryptKey: encryptKeyHex,\n decryptKey: decryptKeyHex,\n }\n}\n\n/**\n * Creates a temporal keypair just to encrypt one message.\n * Saves the public key in the result so that the message can be decrypted.\n */\nexport function encrypt(encryptKey: string, message: string) {\n const encryptPublicKey = decodeBase64(encryptKey)\n const tempPair = generateKeyPair()\n const encrypted = tweetEncrypt(tempPair.secretKey, encryptPublicKey, message)\n const hexTempPublic = encodeBase64(tempPair.publicKey)\n return `${hexTempPublic}:${encrypted}`\n}\n\n/**\n * Ecrypts a message using the decrypt key\n */\nexport function decrypt(decryptKey: string, encrypted: string) {\n const decryptSecretKey = decodeBase64(decryptKey)\n const [messagePubKeyHex, encryptedMessage] = encrypted.split(':')\n const messagePubKey = decodeBase64(messagePubKeyHex)\n\n return tweetDecrypt(decryptSecretKey, messagePubKey, encryptedMessage)\n}\n","import {encrypt} from '../../crypto'\nimport {Config} from '../../environment/getVariables'\n\nexport const encryptValue = (key: string, value: string, config: Config) => {\n config.encryptedKeys[key] = encrypt(config.publicKey, value)\n}\n","import YAML from 'yaml'\nimport {Config} from '../../environment/getVariables'\nimport {readFile} from '../../files'\n\nexport const getConfig = (envPath: string): Config => {\n const configFile = readFile(envPath)\n\n if (!configFile) {\n throw new Error('No config file found at path ' + envPath)\n }\n\n return YAML.parse(configFile)\n}\n","import prompts from 'prompts'\nimport {Config} from '../../environment/getVariables'\n\nexport const getParams = async (config: Config, opts?: {key?: string; value?: string}) => {\n if (opts?.key && opts?.value) {\n return {key: opts.key, value: opts.value}\n }\n\n const response = await prompts([\n {\n type: 'text',\n name: 'key',\n message: 'Key',\n },\n {\n type: 'text',\n name: 'value',\n message: 'Value',\n },\n ])\n\n return {\n key: response.key as string,\n value: response.value as string,\n }\n}\n","import YAML from 'yaml'\nimport {generateKeys} from '../../crypto'\nimport {Config} from '../../environment/getVariables'\nimport {writeFile} from '../../files'\n\nexport default async function envInit({path}) {\n if (!path) {\n path = '.env.local.yml'\n }\n\n const keypair = generateKeys()\n\n const envFile: Config = {\n version: '1.0',\n publicKey: keypair.encryptKey,\n cleanKeys: {},\n encryptedKeys: {},\n readFromSecret: {},\n }\n\n const text = YAML.stringify(envFile)\n\n writeFile(path, text)\n\n console.log('')\n\n console.log(\n `Environment file created. You need to use the following key to decrypt the environment variables:`,\n )\n\n console.log('')\n\n console.log(keypair.decryptKey)\n\n console.log('')\n}\n","import YAML from 'yaml'\nimport {decrypt, encrypt, generateKeys} from '../../crypto'\nimport {Config} from '../../environment/getVariables'\nimport {writeFile} from '../../files'\nimport {getConfig} from '../add/getConfig'\nimport prompts from 'prompts'\n\ninterface MigrateOptions {\n path?: string\n secret?: string\n}\n\n/**\n * Migrates an env config file to a new keypair.\n * Re-encrypts all encrypted keys with the new public key.\n */\nexport default async function envMigrate({path, secret}: MigrateOptions) {\n if (!path) {\n path = '.env.local.yml'\n }\n\n const config = getConfig(path)\n\n // Get the current secret key if not provided\n const currentSecret = secret ?? (await promptForSecret())\n\n // Decrypt all encrypted keys using the old secret\n const decryptedKeys = decryptAllKeys(config.encryptedKeys, currentSecret)\n\n // Generate a new keypair\n const newKeypair = generateKeys()\n\n // Re-encrypt all keys with the new public key\n const newEncryptedKeys = reEncryptAllKeys(decryptedKeys, newKeypair.encryptKey)\n\n // Create the updated config\n const updatedConfig: Config = {\n ...config,\n publicKey: newKeypair.encryptKey,\n encryptedKeys: newEncryptedKeys,\n }\n\n // Write the updated config file\n const text = YAML.stringify(updatedConfig)\n writeFile(path, text)\n\n console.log('')\n console.log('Config file migrated successfully.')\n console.log('')\n console.log('New secret key (save this securely):')\n console.log('')\n console.log(newKeypair.decryptKey)\n console.log('')\n}\n\nasync function promptForSecret(): Promise<string> {\n const response = await prompts({\n type: 'password',\n name: 'secret',\n message: 'Current secret key',\n })\n\n if (!response.secret) {\n throw new Error('Secret is required')\n }\n\n return response.secret as string\n}\n\nfunction decryptAllKeys(\n encryptedKeys: Record<string, string>,\n secretKey: string,\n): Record<string, string> {\n const decrypted: Record<string, string> = {}\n\n for (const key in encryptedKeys) {\n try {\n decrypted[key] = decrypt(secretKey, encryptedKeys[key])\n } catch (error) {\n throw new Error(`Failed to decrypt key \"${key}\". Is the secret key correct?`)\n }\n }\n\n return decrypted\n}\n\nfunction reEncryptAllKeys(\n decryptedKeys: Record<string, string>,\n newPublicKey: string,\n): Record<string, string> {\n const encrypted: Record<string, string> = {}\n\n for (const key in decryptedKeys) {\n encrypted[key] = encrypt(newPublicKey, decryptedKeys[key])\n }\n\n return encrypted\n}\n\n","import {decrypt} from '../crypto'\n\nexport interface Config {\n version: string\n publicKey: string\n cleanKeys: {\n [key: string]: string\n }\n encryptedKeys: {\n [key: string]: string\n }\n readFromSecret?: {\n [key: string]: string[]\n }\n}\n\nexport interface Variables {\n [key: string]: string\n}\n\nfunction readSecrets(readFromSecret): {variables: Variables; secretKey: string} {\n const variables: Variables = {}\n let secretKey = null\n if (!readFromSecret) return {variables, secretKey}\n for (const secretName in readFromSecret) {\n const keys = readFromSecret[secretName]\n if (!process.env[secretName]) {\n console.warn(\n `@orion/env could not find the secret \"${secretName}\" in the environment. Related variables will be undefined.`,\n )\n continue\n }\n\n try {\n const values = JSON.parse(process.env[secretName])\n if (values.ORION_ENV_SECRET_KEY) {\n secretKey = values.ORION_ENV_SECRET_KEY\n }\n for (const key of keys) {\n if (values[key]) {\n variables[key] = values[key]\n } else {\n console.warn(\n `@orion/env could not find the variable \"${key}\" in the secret \"${secretName}\". Related variables will be undefined.`,\n )\n }\n }\n } catch (error) {\n console.warn(\n `'@orion/env found a the secret \"${secretName}\" variable in the environment but it is not a valid JSON. Related variables will be undefined.'`,\n )\n }\n }\n return {variables, secretKey: secretKey}\n}\n\nexport function getVariables(config: Config, secretKey?: string): Variables {\n const {cleanKeys, encryptedKeys, readFromSecret} = config\n const {variables, secretKey: foundSecretKey} = readSecrets(readFromSecret)\n let decryptKey = foundSecretKey || secretKey\n if (!decryptKey) {\n throw new Error(\n 'Orion encrypted env was passed but process.env.ORION_ENV_SECRET_KEY is not defined',\n )\n }\n\n for (const key in cleanKeys) {\n const value = cleanKeys[key]\n variables[key] = value\n }\n\n for (const key in encryptedKeys) {\n const encrypted = encryptedKeys[key]\n try {\n variables[key] = decrypt(decryptKey, encrypted)\n } catch (error) {\n throw new Error(\n `Orion encrypted env was passed but process.env.ORION_ENV_SECRET_KEY is not the right key for \"${key}\"`,\n )\n }\n }\n return variables\n}\n","import {getVariables} from '../../environment/getVariables'\nimport {getConfig} from '../add/getConfig'\n\nexport default async function envRead({path, key, secret}) {\n if (!path) {\n path = '.env.local.yml'\n }\n if (!secret) {\n throw new Error('Secret is required')\n }\n\n const config = getConfig(path)\n const variables = getVariables(config, secret)\n\n if (key) {\n console.log(variables[key])\n } else {\n console.log(JSON.stringify(variables, null, 2))\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AACA,mBAAkB;AAClB,uBAAsB;;;ACFtB,IAAAA,eAAiB;;;ACAjB,qBAAe;AACf,uBAAiB;AAEV,SAAS,SAAS,UAAkB;AACzC,MAAI,CAAC,eAAAC,QAAG,WAAW,QAAQ,EAAG,QAAO;AAErC,SAAO,eAAAA,QAAG,aAAa,QAAQ,EAAE,SAAS;AAC5C;AAEO,SAAS,UAAUC,OAAc,SAAiB;AACvD,kBAAgBA,KAAI;AACpB,iBAAAD,QAAG,cAAcC,OAAM,OAAO;AAChC;AAEO,SAAS,gBAAgB,UAAU;AACxC,QAAM,UAAU,iBAAAA,QAAK,QAAQ,QAAQ;AACrC,MAAI,eAAAD,QAAG,WAAW,OAAO,EAAG,QAAO;AACnC,kBAAgB,OAAO;AACvB,iBAAAA,QAAG,UAAU,OAAO;AACtB;;;ACnBA,2BAAiB;;;ACKjB,SAAS,eAAe,GAAW;AACjC,MAAI,CAAC,mEAAmE,KAAK,CAAC,GAAG;AAC/E,UAAM,IAAI,UAAU,kBAAkB;AAAA,EACxC;AACF;AAEO,IAAM,aAAa,CAAC,MAAiC;AAC1D,MAAI,OAAO,MAAM,SAAU,OAAM,IAAI,UAAU,iBAAiB;AAChE,MAAI;AACJ,QAAM,IAAI,SAAS,mBAAmB,CAAC,CAAC;AACxC,QAAM,IAAI,IAAI,WAAW,EAAE,MAAM;AACjC,OAAK,IAAI,GAAG,IAAI,EAAE,QAAQ,IAAK,GAAE,CAAC,IAAI,EAAE,WAAW,CAAC;AACpD,SAAO;AACT;AAEO,IAAM,aAAa,CAAC,QAAwB;AACjD,MAAI;AACJ,QAAM,IAAI,CAAC;AACX,OAAK,IAAI,GAAG,IAAI,IAAI,QAAQ,IAAK,GAAE,KAAK,OAAO,aAAa,IAAI,CAAC,CAAC,CAAC;AACnE,SAAO,mBAAmB,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;AAC9C;AAEO,IAAM,eAAe,CAAC,QAAyB,OAAO,KAAK,GAAG,EAAE,SAAS,QAAQ;AAEjF,IAAM,eAAe,CAAC,MAAoC;AAC/D,iBAAe,CAAQ;AACvB,SAAO,IAAI,WAAW,MAAM,UAAU,MAAM,KAAK,OAAO,KAAK,GAAG,QAAQ,GAAG,CAAC,CAAC;AAC/E;;;AD7BA,IAAM,WAAW,MAAM,qBAAAE,QAAK,YAAY,qBAAAA,QAAK,IAAI,WAAW;AACrD,IAAM,kBAAkB,MAAM,qBAAAA,QAAK,IAAI,QAAQ;AAE/C,IAAM,UAAU,CAAC,YAAwB,YAAwB,YAAoB;AAC1F,QAAM,QAAQ,SAAS;AACvB,QAAM,eAAe,WAAW,OAAO;AACvC,QAAM,YAAY,qBAAAA,QAAK,IAAI,cAAc,OAAO,YAAY,UAAU;AAEtE,QAAM,cAAc,IAAI,WAAW,MAAM,SAAS,UAAU,MAAM;AAClE,cAAY,IAAI,KAAK;AACrB,cAAY,IAAI,WAAW,MAAM,MAAM;AAEvC,QAAM,oBAAoB,aAAa,WAAW;AAClD,SAAO;AACT;AAEO,IAAM,UAAU,CACrB,YACA,YACA,qBACG;AACH,QAAM,+BAA+B,aAAa,gBAAgB;AAClE,QAAM,QAAQ,6BAA6B,MAAM,GAAG,qBAAAA,QAAK,IAAI,WAAW;AACxE,QAAM,UAAU,6BAA6B,MAAM,qBAAAA,QAAK,IAAI,aAAa,iBAAiB,MAAM;AAEhG,QAAM,YAAY,qBAAAA,QAAK,IAAI,KAAK,SAAS,OAAO,YAAY,UAAU;AAEtE,MAAI,CAAC,WAAW;AACd,UAAM,IAAI,MAAM,2BAA2B;AAAA,EAC7C;AAEA,QAAM,yBAAyB,WAAW,SAAS;AACnD,SAAO;AACT;;;AEjCO,SAAS,eAAe;AAC7B,QAAM,EAAC,WAAW,UAAS,IAAI,gBAAgB;AAE/C,QAAM,gBAAgB,aAAa,SAAS;AAC5C,QAAM,gBAAgB,aAAa,SAAS;AAE5C,SAAO;AAAA,IACL,YAAY;AAAA,IACZ,YAAY;AAAA,EACd;AACF;AAMO,SAASC,SAAQ,YAAoB,SAAiB;AAC3D,QAAM,mBAAmB,aAAa,UAAU;AAChD,QAAM,WAAW,gBAAgB;AACjC,QAAM,YAAY,QAAa,SAAS,WAAW,kBAAkB,OAAO;AAC5E,QAAM,gBAAgB,aAAa,SAAS,SAAS;AACrD,SAAO,GAAG,aAAa,IAAI,SAAS;AACtC;AAKO,SAASC,SAAQ,YAAoB,WAAmB;AAC7D,QAAM,mBAAmB,aAAa,UAAU;AAChD,QAAM,CAAC,kBAAkB,gBAAgB,IAAI,UAAU,MAAM,GAAG;AAChE,QAAM,gBAAgB,aAAa,gBAAgB;AAEnD,SAAO,QAAa,kBAAkB,eAAe,gBAAgB;AACvE;;;ACjCO,IAAM,eAAe,CAAC,KAAa,OAAe,WAAmB;AAC1E,SAAO,cAAc,GAAG,IAAIC,SAAQ,OAAO,WAAW,KAAK;AAC7D;;;ACLA,kBAAiB;AAIV,IAAM,YAAY,CAAC,YAA4B;AACpD,QAAM,aAAa,SAAS,OAAO;AAEnC,MAAI,CAAC,YAAY;AACf,UAAM,IAAI,MAAM,kCAAkC,OAAO;AAAA,EAC3D;AAEA,SAAO,YAAAC,QAAK,MAAM,UAAU;AAC9B;;;ACZA,qBAAoB;AAGb,IAAM,YAAY,OAAO,QAAgB,SAA0C;AACxF,OAAI,6BAAM,SAAO,6BAAM,QAAO;AAC5B,WAAO,EAAC,KAAK,KAAK,KAAK,OAAO,KAAK,MAAK;AAAA,EAC1C;AAEA,QAAM,WAAW,UAAM,eAAAC,SAAQ;AAAA,IAC7B;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,IACX;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,IACX;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL,KAAK,SAAS;AAAA,IACd,OAAO,SAAS;AAAA,EAClB;AACF;;;APnBA,IAAM,mBAAmB,CAAC,WAAgB;AACxC,MAAI,CAAC,OAAQ,QAAO,CAAC;AACrB,QAAM,SAAS,CAAC;AAChB,SAAO,KAAK,MAAM,EACf,KAAK,EACL,QAAQ,SAAO;AACd,WAAO,GAAG,IAAI,OAAO,GAAG;AAAA,EAC1B,CAAC;AACH,SAAO;AACT;AAEA,eAAO,OAA8B,EAAC,MAAAC,OAAM,KAAK,QAAQ,OAAO,SAAQ,GAAG;AACzE,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AAEA,QAAM,SAAS,UAAUA,KAAI;AAC7B,QAAM,EAAC,KAAK,MAAK,IAAI,MAAM,UAAU,QAAQ,EAAC,KAAK,QAAQ,OAAO,SAAQ,CAAC;AAC3E,MAAI,CAAC,MAAO;AAEZ,eAAa,KAAK,OAAO,MAAM;AAG/B,SAAO,YAAY,iBAAiB,OAAO,SAAS;AACpD,SAAO,gBAAgB,iBAAiB,OAAO,aAAa;AAC5D,SAAO,iBAAiB,iBAAiB,OAAO,cAAc;AAE9D,QAAM,OAAO,aAAAC,QAAK,UAAU,MAAM;AAClC,YAAUD,OAAM,IAAI;AACtB;;;AQnCA,IAAAE,eAAiB;AAKjB,eAAO,QAA+B,EAAC,MAAAC,MAAI,GAAG;AAC5C,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AAEA,QAAM,UAAU,aAAa;AAE7B,QAAM,UAAkB;AAAA,IACtB,SAAS;AAAA,IACT,WAAW,QAAQ;AAAA,IACnB,WAAW,CAAC;AAAA,IACZ,eAAe,CAAC;AAAA,IAChB,gBAAgB,CAAC;AAAA,EACnB;AAEA,QAAM,OAAO,aAAAC,QAAK,UAAU,OAAO;AAEnC,YAAUD,OAAM,IAAI;AAEpB,UAAQ,IAAI,EAAE;AAEd,UAAQ;AAAA,IACN;AAAA,EACF;AAEA,UAAQ,IAAI,EAAE;AAEd,UAAQ,IAAI,QAAQ,UAAU;AAE9B,UAAQ,IAAI,EAAE;AAChB;;;ACnCA,IAAAE,eAAiB;AAKjB,IAAAC,kBAAoB;AAWpB,eAAO,WAAkC,EAAC,MAAAC,OAAM,OAAM,GAAmB;AACvE,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AAEA,QAAM,SAAS,UAAUA,KAAI;AAG7B,QAAM,gBAAgB,UAAW,MAAM,gBAAgB;AAGvD,QAAM,gBAAgB,eAAe,OAAO,eAAe,aAAa;AAGxE,QAAM,aAAa,aAAa;AAGhC,QAAM,mBAAmB,iBAAiB,eAAe,WAAW,UAAU;AAG9E,QAAM,gBAAwB;AAAA,IAC5B,GAAG;AAAA,IACH,WAAW,WAAW;AAAA,IACtB,eAAe;AAAA,EACjB;AAGA,QAAM,OAAO,aAAAC,QAAK,UAAU,aAAa;AACzC,YAAUD,OAAM,IAAI;AAEpB,UAAQ,IAAI,EAAE;AACd,UAAQ,IAAI,oCAAoC;AAChD,UAAQ,IAAI,EAAE;AACd,UAAQ,IAAI,sCAAsC;AAClD,UAAQ,IAAI,EAAE;AACd,UAAQ,IAAI,WAAW,UAAU;AACjC,UAAQ,IAAI,EAAE;AAChB;AAEA,eAAe,kBAAmC;AAChD,QAAM,WAAW,UAAM,gBAAAE,SAAQ;AAAA,IAC7B,MAAM;AAAA,IACN,MAAM;AAAA,IACN,SAAS;AAAA,EACX,CAAC;AAED,MAAI,CAAC,SAAS,QAAQ;AACpB,UAAM,IAAI,MAAM,oBAAoB;AAAA,EACtC;AAEA,SAAO,SAAS;AAClB;AAEA,SAAS,eACP,eACA,WACwB;AACxB,QAAM,YAAoC,CAAC;AAE3C,aAAW,OAAO,eAAe;AAC/B,QAAI;AACF,gBAAU,GAAG,IAAIC,SAAQ,WAAW,cAAc,GAAG,CAAC;AAAA,IACxD,SAAS,OAAO;AACd,YAAM,IAAI,MAAM,0BAA0B,GAAG,+BAA+B;AAAA,IAC9E;AAAA,EACF;AAEA,SAAO;AACT;AAEA,SAAS,iBACP,eACA,cACwB;AACxB,QAAM,YAAoC,CAAC;AAE3C,aAAW,OAAO,eAAe;AAC/B,cAAU,GAAG,IAAIC,SAAQ,cAAc,cAAc,GAAG,CAAC;AAAA,EAC3D;AAEA,SAAO;AACT;;;AC7EA,SAAS,YAAY,gBAA2D;AAC9E,QAAM,YAAuB,CAAC;AAC9B,MAAI,YAAY;AAChB,MAAI,CAAC,eAAgB,QAAO,EAAC,WAAW,UAAS;AACjD,aAAW,cAAc,gBAAgB;AACvC,UAAM,OAAO,eAAe,UAAU;AACtC,QAAI,CAAC,QAAQ,IAAI,UAAU,GAAG;AAC5B,cAAQ;AAAA,QACN,yCAAyC,UAAU;AAAA,MACrD;AACA;AAAA,IACF;AAEA,QAAI;AACF,YAAM,SAAS,KAAK,MAAM,QAAQ,IAAI,UAAU,CAAC;AACjD,UAAI,OAAO,sBAAsB;AAC/B,oBAAY,OAAO;AAAA,MACrB;AACA,iBAAW,OAAO,MAAM;AACtB,YAAI,OAAO,GAAG,GAAG;AACf,oBAAU,GAAG,IAAI,OAAO,GAAG;AAAA,QAC7B,OAAO;AACL,kBAAQ;AAAA,YACN,2CAA2C,GAAG,oBAAoB,UAAU;AAAA,UAC9E;AAAA,QACF;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,cAAQ;AAAA,QACN,mCAAmC,UAAU;AAAA,MAC/C;AAAA,IACF;AAAA,EACF;AACA,SAAO,EAAC,WAAW,UAAoB;AACzC;AAEO,SAAS,aAAa,QAAgB,WAA+B;AAC1E,QAAM,EAAC,WAAW,eAAe,eAAc,IAAI;AACnD,QAAM,EAAC,WAAW,WAAW,eAAc,IAAI,YAAY,cAAc;AACzE,MAAI,aAAa,kBAAkB;AACnC,MAAI,CAAC,YAAY;AACf,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,aAAW,OAAO,WAAW;AAC3B,UAAM,QAAQ,UAAU,GAAG;AAC3B,cAAU,GAAG,IAAI;AAAA,EACnB;AAEA,aAAW,OAAO,eAAe;AAC/B,UAAM,YAAY,cAAc,GAAG;AACnC,QAAI;AACF,gBAAU,GAAG,IAAIC,SAAQ,YAAY,SAAS;AAAA,IAChD,SAAS,OAAO;AACd,YAAM,IAAI;AAAA,QACR,iGAAiG,GAAG;AAAA,MACtG;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;;;AC/EA,eAAO,QAA+B,EAAC,MAAAC,OAAM,KAAK,OAAM,GAAG;AACzD,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AACA,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI,MAAM,oBAAoB;AAAA,EACtC;AAEA,QAAM,SAAS,UAAUA,KAAI;AAC7B,QAAM,YAAY,aAAa,QAAQ,MAAM;AAE7C,MAAI,KAAK;AACP,YAAQ,IAAI,UAAU,GAAG,CAAC;AAAA,EAC5B,OAAO;AACL,YAAQ,IAAI,KAAK,UAAU,WAAW,MAAM,CAAC,CAAC;AAAA,EAChD;AACF;;;AZXA,IAAM,UAAU,IAAI,yBAAQ;AAE5B,IAAM,MACJ,YACA,UAAU,SAAS;AACjB,MAAI;AACF,UAAM,OAAO,GAAG,IAAI;AAAA,EACtB,SAAS,GAAG;AACV,YAAQ,MAAM,aAAAC,QAAM,IAAI,UAAU,EAAE,OAAO,EAAE,CAAC;AAAA,EAChD;AACF;AAEF,QACG,QAAQ,MAAM,EACd,YAAY,kCAAkC,EAC9C,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,IAAI,OAAO,CAAC;AAEtB,QACG,QAAQ,KAAK,EACb,YAAY,kDAAkD,EAC9D,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,eAAe,8BAA8B,EACpD,OAAO,mBAAmB,gCAAgC,EAC1D,OAAO,IAAI,MAAM,CAAC;AAErB,QACG,QAAQ,MAAM,EACd,YAAY,+EAA+E,EAC3F,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,eAAe,uDAAuD,EAC7E,OAAO,qBAAqB,kCAAkC,EAC9D,OAAO,IAAI,OAAO,CAAC;AAEtB,QACG,QAAQ,SAAS,EACjB,YAAY,mEAAmE,EAC/E,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,qBAAqB,iDAAiD,EAC7E,OAAO,IAAI,UAAU,CAAC;AAEzB,QAAQ,MAAM,QAAQ,IAAI;AAE1B,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,EAAE,QAAQ;AACjC,UAAQ,WAAW;AACrB;","names":["import_yaml","fs","path","nacl","encrypt","decrypt","encrypt","YAML","prompts","path","YAML","import_yaml","path","YAML","import_yaml","import_prompts","path","YAML","prompts","decrypt","encrypt","decrypt","path","chalk"]} |
+113
-110
| #!/usr/bin/env node | ||
| // src/cli/index.ts | ||
| import chalk from "chalk"; | ||
| import { Command } from "commander"; | ||
| import chalk from "chalk"; | ||
| // src/cli/init/index.ts | ||
| import YAML from "yaml"; | ||
| // src/cli/add/index.ts | ||
| import YAML2 from "yaml"; | ||
| // src/files/index.ts | ||
| import fs from "node:fs"; | ||
| import path from "node:path"; | ||
| function readFile(filePath) { | ||
| if (!fs.existsSync(filePath)) return null; | ||
| return fs.readFileSync(filePath).toString(); | ||
| } | ||
| function writeFile(path2, content) { | ||
| ensureDirectory(path2); | ||
| fs.writeFileSync(path2, content); | ||
| } | ||
| function ensureDirectory(filePath) { | ||
| const dirname = path.dirname(filePath); | ||
| if (fs.existsSync(dirname)) return true; | ||
| ensureDirectory(dirname); | ||
| fs.mkdirSync(dirname); | ||
| } | ||
| // src/crypto/tweetnacl.ts | ||
@@ -88,44 +106,2 @@ import nacl from "tweetnacl-es6"; | ||
| // src/files/index.ts | ||
| import fs from "node:fs"; | ||
| import path from "node:path"; | ||
| function readFile(filePath) { | ||
| if (!fs.existsSync(filePath)) return null; | ||
| return fs.readFileSync(filePath).toString(); | ||
| } | ||
| function writeFile(path2, content) { | ||
| ensureDirectory(path2); | ||
| fs.writeFileSync(path2, content); | ||
| } | ||
| function ensureDirectory(filePath) { | ||
| const dirname = path.dirname(filePath); | ||
| if (fs.existsSync(dirname)) return true; | ||
| ensureDirectory(dirname); | ||
| fs.mkdirSync(dirname); | ||
| } | ||
| // src/cli/init/index.ts | ||
| async function envInit({ path: path2 }) { | ||
| if (!path2) { | ||
| path2 = ".env.local.yml"; | ||
| } | ||
| const keypair = generateKeys(); | ||
| const envFile = { | ||
| version: "1.0", | ||
| publicKey: keypair.encryptKey, | ||
| cleanKeys: {}, | ||
| encryptedKeys: {}, | ||
| readFromSecret: {} | ||
| }; | ||
| const text = YAML.stringify(envFile); | ||
| writeFile(path2, text); | ||
| console.log(""); | ||
| console.log( | ||
| `Environment file created. You need to use the following key to decrypt the environment variables:` | ||
| ); | ||
| console.log(""); | ||
| console.log(keypair.decryptKey); | ||
| console.log(""); | ||
| } | ||
| // src/cli/add/encryptValue.ts | ||
@@ -137,3 +113,3 @@ var encryptValue = (key, value, config) => { | ||
| // src/cli/add/getConfig.ts | ||
| import YAML2 from "yaml"; | ||
| import YAML from "yaml"; | ||
| var getConfig = (envPath) => { | ||
@@ -144,3 +120,3 @@ const configFile = readFile(envPath); | ||
| } | ||
| return YAML2.parse(configFile); | ||
| return YAML.parse(configFile); | ||
| }; | ||
@@ -150,3 +126,6 @@ | ||
| import prompts from "prompts"; | ||
| var getParams = async (config) => { | ||
| var getParams = async (config, opts) => { | ||
| if ((opts == null ? void 0 : opts.key) && (opts == null ? void 0 : opts.value)) { | ||
| return { key: opts.key, value: opts.value }; | ||
| } | ||
| const response = await prompts([ | ||
@@ -171,3 +150,2 @@ { | ||
| // src/cli/add/index.ts | ||
| import YAML3 from "yaml"; | ||
| var sortObjectByKeys = (object) => { | ||
@@ -181,3 +159,3 @@ if (!object) return {}; | ||
| }; | ||
| async function envAdd({ path: path2 }) { | ||
| async function envAdd({ path: path2, key: optKey, value: optValue }) { | ||
| if (!path2) { | ||
@@ -187,3 +165,3 @@ path2 = ".env.local.yml"; | ||
| const config = getConfig(path2); | ||
| const { key, value } = await getParams(config); | ||
| const { key, value } = await getParams(config, { key: optKey, value: optValue }); | ||
| if (!value) return; | ||
@@ -194,6 +172,88 @@ encryptValue(key, value, config); | ||
| config.readFromSecret = sortObjectByKeys(config.readFromSecret); | ||
| const text = YAML3.stringify(config); | ||
| const text = YAML2.stringify(config); | ||
| writeFile(path2, text); | ||
| } | ||
| // src/cli/init/index.ts | ||
| import YAML3 from "yaml"; | ||
| async function envInit({ path: path2 }) { | ||
| if (!path2) { | ||
| path2 = ".env.local.yml"; | ||
| } | ||
| const keypair = generateKeys(); | ||
| const envFile = { | ||
| version: "1.0", | ||
| publicKey: keypair.encryptKey, | ||
| cleanKeys: {}, | ||
| encryptedKeys: {}, | ||
| readFromSecret: {} | ||
| }; | ||
| const text = YAML3.stringify(envFile); | ||
| writeFile(path2, text); | ||
| console.log(""); | ||
| console.log( | ||
| `Environment file created. You need to use the following key to decrypt the environment variables:` | ||
| ); | ||
| console.log(""); | ||
| console.log(keypair.decryptKey); | ||
| console.log(""); | ||
| } | ||
| // src/cli/migrate/index.ts | ||
| import YAML4 from "yaml"; | ||
| import prompts2 from "prompts"; | ||
| async function envMigrate({ path: path2, secret }) { | ||
| if (!path2) { | ||
| path2 = ".env.local.yml"; | ||
| } | ||
| const config = getConfig(path2); | ||
| const currentSecret = secret ?? await promptForSecret(); | ||
| const decryptedKeys = decryptAllKeys(config.encryptedKeys, currentSecret); | ||
| const newKeypair = generateKeys(); | ||
| const newEncryptedKeys = reEncryptAllKeys(decryptedKeys, newKeypair.encryptKey); | ||
| const updatedConfig = { | ||
| ...config, | ||
| publicKey: newKeypair.encryptKey, | ||
| encryptedKeys: newEncryptedKeys | ||
| }; | ||
| const text = YAML4.stringify(updatedConfig); | ||
| writeFile(path2, text); | ||
| console.log(""); | ||
| console.log("Config file migrated successfully."); | ||
| console.log(""); | ||
| console.log("New secret key (save this securely):"); | ||
| console.log(""); | ||
| console.log(newKeypair.decryptKey); | ||
| console.log(""); | ||
| } | ||
| async function promptForSecret() { | ||
| const response = await prompts2({ | ||
| type: "password", | ||
| name: "secret", | ||
| message: "Current secret key" | ||
| }); | ||
| if (!response.secret) { | ||
| throw new Error("Secret is required"); | ||
| } | ||
| return response.secret; | ||
| } | ||
| function decryptAllKeys(encryptedKeys, secretKey) { | ||
| const decrypted = {}; | ||
| for (const key in encryptedKeys) { | ||
| try { | ||
| decrypted[key] = decrypt2(secretKey, encryptedKeys[key]); | ||
| } catch (error) { | ||
| throw new Error(`Failed to decrypt key "${key}". Is the secret key correct?`); | ||
| } | ||
| } | ||
| return decrypted; | ||
| } | ||
| function reEncryptAllKeys(decryptedKeys, newPublicKey) { | ||
| const encrypted = {}; | ||
| for (const key in decryptedKeys) { | ||
| encrypted[key] = encrypt2(newPublicKey, decryptedKeys[key]); | ||
| } | ||
| return encrypted; | ||
| } | ||
| // src/environment/getVariables.ts | ||
@@ -277,59 +337,2 @@ function readSecrets(readFromSecret) { | ||
| // src/cli/migrate/index.ts | ||
| import YAML4 from "yaml"; | ||
| import prompts2 from "prompts"; | ||
| async function envMigrate({ path: path2, secret }) { | ||
| if (!path2) { | ||
| path2 = ".env.local.yml"; | ||
| } | ||
| const config = getConfig(path2); | ||
| const currentSecret = secret ?? await promptForSecret(); | ||
| const decryptedKeys = decryptAllKeys(config.encryptedKeys, currentSecret); | ||
| const newKeypair = generateKeys(); | ||
| const newEncryptedKeys = reEncryptAllKeys(decryptedKeys, newKeypair.encryptKey); | ||
| const updatedConfig = { | ||
| ...config, | ||
| publicKey: newKeypair.encryptKey, | ||
| encryptedKeys: newEncryptedKeys | ||
| }; | ||
| const text = YAML4.stringify(updatedConfig); | ||
| writeFile(path2, text); | ||
| console.log(""); | ||
| console.log("Config file migrated successfully."); | ||
| console.log(""); | ||
| console.log("New secret key (save this securely):"); | ||
| console.log(""); | ||
| console.log(newKeypair.decryptKey); | ||
| console.log(""); | ||
| } | ||
| async function promptForSecret() { | ||
| const response = await prompts2({ | ||
| type: "password", | ||
| name: "secret", | ||
| message: "Current secret key" | ||
| }); | ||
| if (!response.secret) { | ||
| throw new Error("Secret is required"); | ||
| } | ||
| return response.secret; | ||
| } | ||
| function decryptAllKeys(encryptedKeys, secretKey) { | ||
| const decrypted = {}; | ||
| for (const key in encryptedKeys) { | ||
| try { | ||
| decrypted[key] = decrypt2(secretKey, encryptedKeys[key]); | ||
| } catch (error) { | ||
| throw new Error(`Failed to decrypt key "${key}". Is the secret key correct?`); | ||
| } | ||
| } | ||
| return decrypted; | ||
| } | ||
| function reEncryptAllKeys(decryptedKeys, newPublicKey) { | ||
| const encrypted = {}; | ||
| for (const key in decryptedKeys) { | ||
| encrypted[key] = encrypt2(newPublicKey, decryptedKeys[key]); | ||
| } | ||
| return encrypted; | ||
| } | ||
| // src/cli/index.ts | ||
@@ -345,3 +348,3 @@ var program = new Command(); | ||
| program.command("init").description("Creates a new encrypted env file").option("--path <path>", "Specify the env file name").action(run(envInit)); | ||
| program.command("add").description("Adds a new environment to the encrypted env file").option("--path <path>", "Specify the env file name").action(run(envAdd)); | ||
| program.command("add").description("Adds a new environment to the encrypted env file").option("--path <path>", "Specify the env file name").option("--key <key>", "The environment variable key").option("--value <value>", "The environment variable value").action(run(envAdd)); | ||
| program.command("read").description("Prints the value of the env file in JSON or a specific variable in plain text").option("--path <path>", "Specify the env file name").option("--key <key>", "Prints the value of a specific variable in plain text").option("--secret <secret>", "The password to decrypt the keys").action(run(envRead)); | ||
@@ -348,0 +351,0 @@ program.command("migrate").description("Migrates the config file to a new keypair, re-encrypting all keys").option("--path <path>", "Specify the env file name").option("--secret <secret>", "The current secret key to decrypt existing keys").action(run(envMigrate)); |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"sources":["../src/cli/index.ts","../src/cli/init/index.ts","../src/crypto/tweetnacl.ts","../src/crypto/util.ts","../src/crypto/index.ts","../src/files/index.ts","../src/cli/add/encryptValue.ts","../src/cli/add/getConfig.ts","../src/cli/add/getParams.ts","../src/cli/add/index.ts","../src/environment/getVariables.ts","../src/cli/read/index.ts","../src/cli/migrate/index.ts"],"sourcesContent":["#!/usr/bin/env node\nimport {Command} from 'commander'\nimport chalk from 'chalk'\nimport envInit from './init'\nimport envAdd from './add'\nimport envRead from './read'\nimport envMigrate from './migrate'\n\nconst program = new Command()\n\nconst run =\n action =>\n async (...args) => {\n try {\n await action(...args)\n } catch (e) {\n console.error(chalk.red(`Error: ${e.message}`))\n }\n }\n\nprogram\n .command('init')\n .description('Creates a new encrypted env file')\n .option('--path <path>', 'Specify the env file name')\n .action(run(envInit))\n\nprogram\n .command('add')\n .description('Adds a new environment to the encrypted env file')\n .option('--path <path>', 'Specify the env file name')\n .action(run(envAdd))\n\nprogram\n .command('read')\n .description('Prints the value of the env file in JSON or a specific variable in plain text')\n .option('--path <path>', 'Specify the env file name')\n .option('--key <key>', 'Prints the value of a specific variable in plain text')\n .option('--secret <secret>', 'The password to decrypt the keys')\n .action(run(envRead))\n\nprogram\n .command('migrate')\n .description('Migrates the config file to a new keypair, re-encrypting all keys')\n .option('--path <path>', 'Specify the env file name')\n .option('--secret <secret>', 'The current secret key to decrypt existing keys')\n .action(run(envMigrate))\n\nprogram.parse(process.argv)\n\nif (!process.argv.slice(2).length) {\n program.outputHelp()\n}\n","import YAML from 'yaml'\nimport {generateKeys} from '../../crypto'\nimport {Config} from '../../environment/getVariables'\nimport {writeFile} from '../../files'\n\nexport default async function envInit({path}) {\n if (!path) {\n path = '.env.local.yml'\n }\n\n const keypair = generateKeys()\n\n const envFile: Config = {\n version: '1.0',\n publicKey: keypair.encryptKey,\n cleanKeys: {},\n encryptedKeys: {},\n readFromSecret: {},\n }\n\n const text = YAML.stringify(envFile)\n\n writeFile(path, text)\n\n console.log('')\n\n console.log(\n `Environment file created. You need to use the following key to decrypt the environment variables:`,\n )\n\n console.log('')\n\n console.log(keypair.decryptKey)\n\n console.log('')\n}\n","import nacl from 'tweetnacl-es6'\nimport {decodeUTF8, encodeUTF8, encodeBase64, decodeBase64} from './util'\n\nconst newNonce = () => nacl.randomBytes(nacl.box.nonceLength)\nexport const generateKeyPair = () => nacl.box.keyPair()\n\nexport const encrypt = (bSecretKey: Uint8Array, aPublicKey: Uint8Array, message: string) => {\n const nonce = newNonce()\n const messageUint8 = decodeUTF8(message)\n const encrypted = nacl.box(messageUint8, nonce, aPublicKey, bSecretKey)\n\n const fullMessage = new Uint8Array(nonce.length + encrypted.length)\n fullMessage.set(nonce)\n fullMessage.set(encrypted, nonce.length)\n\n const base64FullMessage = encodeBase64(fullMessage)\n return base64FullMessage\n}\n\nexport const decrypt = (\n aSecretKey: Uint8Array,\n bPublicKey: Uint8Array,\n messageWithNonce: string,\n) => {\n const messageWithNonceAsUint8Array = decodeBase64(messageWithNonce)\n const nonce = messageWithNonceAsUint8Array.slice(0, nacl.box.nonceLength)\n const message = messageWithNonceAsUint8Array.slice(nacl.box.nonceLength, messageWithNonce.length)\n\n const decrypted = nacl.box.open(message, nonce, bPublicKey, aSecretKey)\n\n if (!decrypted) {\n throw new Error('Could not decrypt message')\n }\n\n const base64DecryptedMessage = encodeUTF8(decrypted)\n return base64DecryptedMessage\n}\n","// Written in 2014-2016 by Dmitry Chestnykh and Devi Mandiri.\n// Public domain.\n\nimport {WithImplicitCoercion} from 'node:buffer'\n\nfunction validateBase64(s: string) {\n if (!/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/.test(s)) {\n throw new TypeError('invalid encoding')\n }\n}\n\nexport const decodeUTF8 = (s: string | number | boolean) => {\n if (typeof s !== 'string') throw new TypeError('expected string')\n let i: number\n const d = unescape(encodeURIComponent(s))\n const b = new Uint8Array(d.length)\n for (i = 0; i < d.length; i++) b[i] = d.charCodeAt(i)\n return b\n}\n\nexport const encodeUTF8 = (arr: string | any[]) => {\n let i: number\n const s = []\n for (i = 0; i < arr.length; i++) s.push(String.fromCharCode(arr[i]))\n return decodeURIComponent(escape(s.join('')))\n}\n\nexport const encodeBase64 = (arr: Uint8Array<any>) => Buffer.from(arr).toString('base64')\n\nexport const decodeBase64 = (s: WithImplicitCoercion<string>) => {\n validateBase64(s as any)\n return new Uint8Array(Array.prototype.slice.call(Buffer.from(s, 'base64'), 0))\n}\n","import {generateKeyPair, encrypt as tweetEncrypt, decrypt as tweetDecrypt} from './tweetnacl'\nimport {encodeBase64, decodeBase64} from './util'\n\nexport function generateKeys() {\n const {publicKey, secretKey} = generateKeyPair()\n\n const encryptKeyHex = encodeBase64(publicKey)\n const decryptKeyHex = encodeBase64(secretKey)\n\n return {\n encryptKey: encryptKeyHex,\n decryptKey: decryptKeyHex,\n }\n}\n\n/**\n * Creates a temporal keypair just to encrypt one message.\n * Saves the public key in the result so that the message can be decrypted.\n */\nexport function encrypt(encryptKey: string, message: string) {\n const encryptPublicKey = decodeBase64(encryptKey)\n const tempPair = generateKeyPair()\n const encrypted = tweetEncrypt(tempPair.secretKey, encryptPublicKey, message)\n const hexTempPublic = encodeBase64(tempPair.publicKey)\n return `${hexTempPublic}:${encrypted}`\n}\n\n/**\n * Ecrypts a message using the decrypt key\n */\nexport function decrypt(decryptKey: string, encrypted: string) {\n const decryptSecretKey = decodeBase64(decryptKey)\n const [messagePubKeyHex, encryptedMessage] = encrypted.split(':')\n const messagePubKey = decodeBase64(messagePubKeyHex)\n\n return tweetDecrypt(decryptSecretKey, messagePubKey, encryptedMessage)\n}\n","import fs from 'node:fs'\nimport path from 'node:path'\n\nexport function readFile(filePath: string) {\n if (!fs.existsSync(filePath)) return null\n\n return fs.readFileSync(filePath).toString()\n}\n\nexport function writeFile(path: string, content: string) {\n ensureDirectory(path)\n fs.writeFileSync(path, content)\n}\n\nexport function ensureDirectory(filePath) {\n const dirname = path.dirname(filePath)\n if (fs.existsSync(dirname)) return true\n ensureDirectory(dirname)\n fs.mkdirSync(dirname)\n}\n","import {encrypt} from '../../crypto'\nimport {Config} from '../../environment/getVariables'\n\nexport const encryptValue = (key: string, value: string, config: Config) => {\n config.encryptedKeys[key] = encrypt(config.publicKey, value)\n}\n","import YAML from 'yaml'\nimport {Config} from '../../environment/getVariables'\nimport {readFile} from '../../files'\n\nexport const getConfig = (envPath: string): Config => {\n const configFile = readFile(envPath)\n\n if (!configFile) {\n throw new Error('No config file found at path ' + envPath)\n }\n\n return YAML.parse(configFile)\n}\n","import prompts from 'prompts'\nimport {Config} from '../../environment/getVariables'\n\nexport const getParams = async (config: Config) => {\n const response = await prompts([\n {\n type: 'text',\n name: 'key',\n message: 'Key',\n },\n {\n type: 'text',\n name: 'value',\n message: 'Value',\n },\n ])\n\n return {\n key: response.key as string,\n value: response.value as string,\n }\n}\n","import {encryptValue} from './encryptValue'\nimport {getConfig} from './getConfig'\nimport {getParams} from './getParams'\nimport YAML from 'yaml'\nimport {writeFile} from '../../files'\n\nconst sortObjectByKeys = (object: any) => {\n if (!object) return {}\n const sorted = {}\n Object.keys(object)\n .sort()\n .forEach(key => {\n sorted[key] = object[key]\n })\n return sorted\n}\n\nexport default async function envAdd({path}) {\n if (!path) {\n path = '.env.local.yml'\n }\n\n const config = getConfig(path)\n const {key, value} = await getParams(config)\n if (!value) return\n\n encryptValue(key, value, config)\n\n // sort keys alphabetically\n config.cleanKeys = sortObjectByKeys(config.cleanKeys)\n config.encryptedKeys = sortObjectByKeys(config.encryptedKeys)\n config.readFromSecret = sortObjectByKeys(config.readFromSecret)\n\n const text = YAML.stringify(config)\n writeFile(path, text)\n}\n","import {decrypt} from '../crypto'\n\nexport interface Config {\n version: string\n publicKey: string\n cleanKeys: {\n [key: string]: string\n }\n encryptedKeys: {\n [key: string]: string\n }\n readFromSecret?: {\n [key: string]: string[]\n }\n}\n\nexport interface Variables {\n [key: string]: string\n}\n\nfunction readSecrets(readFromSecret): {variables: Variables; secretKey: string} {\n const variables: Variables = {}\n let secretKey = null\n if (!readFromSecret) return {variables, secretKey}\n for (const secretName in readFromSecret) {\n const keys = readFromSecret[secretName]\n if (!process.env[secretName]) {\n console.warn(\n `@orion/env could not find the secret \"${secretName}\" in the environment. Related variables will be undefined.`,\n )\n continue\n }\n\n try {\n const values = JSON.parse(process.env[secretName])\n if (values.ORION_ENV_SECRET_KEY) {\n secretKey = values.ORION_ENV_SECRET_KEY\n }\n for (const key of keys) {\n if (values[key]) {\n variables[key] = values[key]\n } else {\n console.warn(\n `@orion/env could not find the variable \"${key}\" in the secret \"${secretName}\". Related variables will be undefined.`,\n )\n }\n }\n } catch (error) {\n console.warn(\n `'@orion/env found a the secret \"${secretName}\" variable in the environment but it is not a valid JSON. Related variables will be undefined.'`,\n )\n }\n }\n return {variables, secretKey: secretKey}\n}\n\nexport function getVariables(config: Config, secretKey?: string): Variables {\n const {cleanKeys, encryptedKeys, readFromSecret} = config\n const {variables, secretKey: foundSecretKey} = readSecrets(readFromSecret)\n let decryptKey = foundSecretKey || secretKey\n if (!decryptKey) {\n throw new Error(\n 'Orion encrypted env was passed but process.env.ORION_ENV_SECRET_KEY is not defined',\n )\n }\n\n for (const key in cleanKeys) {\n const value = cleanKeys[key]\n variables[key] = value\n }\n\n for (const key in encryptedKeys) {\n const encrypted = encryptedKeys[key]\n try {\n variables[key] = decrypt(decryptKey, encrypted)\n } catch (error) {\n throw new Error(\n `Orion encrypted env was passed but process.env.ORION_ENV_SECRET_KEY is not the right key for \"${key}\"`,\n )\n }\n }\n return variables\n}\n","import {getVariables} from '../../environment/getVariables'\nimport {getConfig} from '../add/getConfig'\n\nexport default async function envRead({path, key, secret}) {\n if (!path) {\n path = '.env.local.yml'\n }\n if (!secret) {\n throw new Error('Secret is required')\n }\n\n const config = getConfig(path)\n const variables = getVariables(config, secret)\n\n if (key) {\n console.log(variables[key])\n } else {\n console.log(JSON.stringify(variables, null, 2))\n }\n}\n","import YAML from 'yaml'\nimport {decrypt, encrypt, generateKeys} from '../../crypto'\nimport {Config} from '../../environment/getVariables'\nimport {writeFile} from '../../files'\nimport {getConfig} from '../add/getConfig'\nimport prompts from 'prompts'\n\ninterface MigrateOptions {\n path?: string\n secret?: string\n}\n\n/**\n * Migrates an env config file to a new keypair.\n * Re-encrypts all encrypted keys with the new public key.\n */\nexport default async function envMigrate({path, secret}: MigrateOptions) {\n if (!path) {\n path = '.env.local.yml'\n }\n\n const config = getConfig(path)\n\n // Get the current secret key if not provided\n const currentSecret = secret ?? (await promptForSecret())\n\n // Decrypt all encrypted keys using the old secret\n const decryptedKeys = decryptAllKeys(config.encryptedKeys, currentSecret)\n\n // Generate a new keypair\n const newKeypair = generateKeys()\n\n // Re-encrypt all keys with the new public key\n const newEncryptedKeys = reEncryptAllKeys(decryptedKeys, newKeypair.encryptKey)\n\n // Create the updated config\n const updatedConfig: Config = {\n ...config,\n publicKey: newKeypair.encryptKey,\n encryptedKeys: newEncryptedKeys,\n }\n\n // Write the updated config file\n const text = YAML.stringify(updatedConfig)\n writeFile(path, text)\n\n console.log('')\n console.log('Config file migrated successfully.')\n console.log('')\n console.log('New secret key (save this securely):')\n console.log('')\n console.log(newKeypair.decryptKey)\n console.log('')\n}\n\nasync function promptForSecret(): Promise<string> {\n const response = await prompts({\n type: 'password',\n name: 'secret',\n message: 'Current secret key',\n })\n\n if (!response.secret) {\n throw new Error('Secret is required')\n }\n\n return response.secret as string\n}\n\nfunction decryptAllKeys(\n encryptedKeys: Record<string, string>,\n secretKey: string,\n): Record<string, string> {\n const decrypted: Record<string, string> = {}\n\n for (const key in encryptedKeys) {\n try {\n decrypted[key] = decrypt(secretKey, encryptedKeys[key])\n } catch (error) {\n throw new Error(`Failed to decrypt key \"${key}\". Is the secret key correct?`)\n }\n }\n\n return decrypted\n}\n\nfunction reEncryptAllKeys(\n decryptedKeys: Record<string, string>,\n newPublicKey: string,\n): Record<string, string> {\n const encrypted: Record<string, string> = {}\n\n for (const key in decryptedKeys) {\n encrypted[key] = encrypt(newPublicKey, decryptedKeys[key])\n }\n\n return encrypted\n}\n\n"],"mappings":";;;AACA,SAAQ,eAAc;AACtB,OAAO,WAAW;;;ACFlB,OAAO,UAAU;;;ACAjB,OAAO,UAAU;;;ACKjB,SAAS,eAAe,GAAW;AACjC,MAAI,CAAC,mEAAmE,KAAK,CAAC,GAAG;AAC/E,UAAM,IAAI,UAAU,kBAAkB;AAAA,EACxC;AACF;AAEO,IAAM,aAAa,CAAC,MAAiC;AAC1D,MAAI,OAAO,MAAM,SAAU,OAAM,IAAI,UAAU,iBAAiB;AAChE,MAAI;AACJ,QAAM,IAAI,SAAS,mBAAmB,CAAC,CAAC;AACxC,QAAM,IAAI,IAAI,WAAW,EAAE,MAAM;AACjC,OAAK,IAAI,GAAG,IAAI,EAAE,QAAQ,IAAK,GAAE,CAAC,IAAI,EAAE,WAAW,CAAC;AACpD,SAAO;AACT;AAEO,IAAM,aAAa,CAAC,QAAwB;AACjD,MAAI;AACJ,QAAM,IAAI,CAAC;AACX,OAAK,IAAI,GAAG,IAAI,IAAI,QAAQ,IAAK,GAAE,KAAK,OAAO,aAAa,IAAI,CAAC,CAAC,CAAC;AACnE,SAAO,mBAAmB,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;AAC9C;AAEO,IAAM,eAAe,CAAC,QAAyB,OAAO,KAAK,GAAG,EAAE,SAAS,QAAQ;AAEjF,IAAM,eAAe,CAAC,MAAoC;AAC/D,iBAAe,CAAQ;AACvB,SAAO,IAAI,WAAW,MAAM,UAAU,MAAM,KAAK,OAAO,KAAK,GAAG,QAAQ,GAAG,CAAC,CAAC;AAC/E;;;AD7BA,IAAM,WAAW,MAAM,KAAK,YAAY,KAAK,IAAI,WAAW;AACrD,IAAM,kBAAkB,MAAM,KAAK,IAAI,QAAQ;AAE/C,IAAM,UAAU,CAAC,YAAwB,YAAwB,YAAoB;AAC1F,QAAM,QAAQ,SAAS;AACvB,QAAM,eAAe,WAAW,OAAO;AACvC,QAAM,YAAY,KAAK,IAAI,cAAc,OAAO,YAAY,UAAU;AAEtE,QAAM,cAAc,IAAI,WAAW,MAAM,SAAS,UAAU,MAAM;AAClE,cAAY,IAAI,KAAK;AACrB,cAAY,IAAI,WAAW,MAAM,MAAM;AAEvC,QAAM,oBAAoB,aAAa,WAAW;AAClD,SAAO;AACT;AAEO,IAAM,UAAU,CACrB,YACA,YACA,qBACG;AACH,QAAM,+BAA+B,aAAa,gBAAgB;AAClE,QAAM,QAAQ,6BAA6B,MAAM,GAAG,KAAK,IAAI,WAAW;AACxE,QAAM,UAAU,6BAA6B,MAAM,KAAK,IAAI,aAAa,iBAAiB,MAAM;AAEhG,QAAM,YAAY,KAAK,IAAI,KAAK,SAAS,OAAO,YAAY,UAAU;AAEtE,MAAI,CAAC,WAAW;AACd,UAAM,IAAI,MAAM,2BAA2B;AAAA,EAC7C;AAEA,QAAM,yBAAyB,WAAW,SAAS;AACnD,SAAO;AACT;;;AEjCO,SAAS,eAAe;AAC7B,QAAM,EAAC,WAAW,UAAS,IAAI,gBAAgB;AAE/C,QAAM,gBAAgB,aAAa,SAAS;AAC5C,QAAM,gBAAgB,aAAa,SAAS;AAE5C,SAAO;AAAA,IACL,YAAY;AAAA,IACZ,YAAY;AAAA,EACd;AACF;AAMO,SAASA,SAAQ,YAAoB,SAAiB;AAC3D,QAAM,mBAAmB,aAAa,UAAU;AAChD,QAAM,WAAW,gBAAgB;AACjC,QAAM,YAAY,QAAa,SAAS,WAAW,kBAAkB,OAAO;AAC5E,QAAM,gBAAgB,aAAa,SAAS,SAAS;AACrD,SAAO,GAAG,aAAa,IAAI,SAAS;AACtC;AAKO,SAASC,SAAQ,YAAoB,WAAmB;AAC7D,QAAM,mBAAmB,aAAa,UAAU;AAChD,QAAM,CAAC,kBAAkB,gBAAgB,IAAI,UAAU,MAAM,GAAG;AAChE,QAAM,gBAAgB,aAAa,gBAAgB;AAEnD,SAAO,QAAa,kBAAkB,eAAe,gBAAgB;AACvE;;;ACpCA,OAAO,QAAQ;AACf,OAAO,UAAU;AAEV,SAAS,SAAS,UAAkB;AACzC,MAAI,CAAC,GAAG,WAAW,QAAQ,EAAG,QAAO;AAErC,SAAO,GAAG,aAAa,QAAQ,EAAE,SAAS;AAC5C;AAEO,SAAS,UAAUC,OAAc,SAAiB;AACvD,kBAAgBA,KAAI;AACpB,KAAG,cAAcA,OAAM,OAAO;AAChC;AAEO,SAAS,gBAAgB,UAAU;AACxC,QAAM,UAAU,KAAK,QAAQ,QAAQ;AACrC,MAAI,GAAG,WAAW,OAAO,EAAG,QAAO;AACnC,kBAAgB,OAAO;AACvB,KAAG,UAAU,OAAO;AACtB;;;AJdA,eAAO,QAA+B,EAAC,MAAAC,MAAI,GAAG;AAC5C,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AAEA,QAAM,UAAU,aAAa;AAE7B,QAAM,UAAkB;AAAA,IACtB,SAAS;AAAA,IACT,WAAW,QAAQ;AAAA,IACnB,WAAW,CAAC;AAAA,IACZ,eAAe,CAAC;AAAA,IAChB,gBAAgB,CAAC;AAAA,EACnB;AAEA,QAAM,OAAO,KAAK,UAAU,OAAO;AAEnC,YAAUA,OAAM,IAAI;AAEpB,UAAQ,IAAI,EAAE;AAEd,UAAQ;AAAA,IACN;AAAA,EACF;AAEA,UAAQ,IAAI,EAAE;AAEd,UAAQ,IAAI,QAAQ,UAAU;AAE9B,UAAQ,IAAI,EAAE;AAChB;;;AKhCO,IAAM,eAAe,CAAC,KAAa,OAAe,WAAmB;AAC1E,SAAO,cAAc,GAAG,IAAIC,SAAQ,OAAO,WAAW,KAAK;AAC7D;;;ACLA,OAAOC,WAAU;AAIV,IAAM,YAAY,CAAC,YAA4B;AACpD,QAAM,aAAa,SAAS,OAAO;AAEnC,MAAI,CAAC,YAAY;AACf,UAAM,IAAI,MAAM,kCAAkC,OAAO;AAAA,EAC3D;AAEA,SAAOC,MAAK,MAAM,UAAU;AAC9B;;;ACZA,OAAO,aAAa;AAGb,IAAM,YAAY,OAAO,WAAmB;AACjD,QAAM,WAAW,MAAM,QAAQ;AAAA,IAC7B;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,IACX;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,IACX;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL,KAAK,SAAS;AAAA,IACd,OAAO,SAAS;AAAA,EAClB;AACF;;;AClBA,OAAOC,WAAU;AAGjB,IAAM,mBAAmB,CAAC,WAAgB;AACxC,MAAI,CAAC,OAAQ,QAAO,CAAC;AACrB,QAAM,SAAS,CAAC;AAChB,SAAO,KAAK,MAAM,EACf,KAAK,EACL,QAAQ,SAAO;AACd,WAAO,GAAG,IAAI,OAAO,GAAG;AAAA,EAC1B,CAAC;AACH,SAAO;AACT;AAEA,eAAO,OAA8B,EAAC,MAAAC,MAAI,GAAG;AAC3C,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AAEA,QAAM,SAAS,UAAUA,KAAI;AAC7B,QAAM,EAAC,KAAK,MAAK,IAAI,MAAM,UAAU,MAAM;AAC3C,MAAI,CAAC,MAAO;AAEZ,eAAa,KAAK,OAAO,MAAM;AAG/B,SAAO,YAAY,iBAAiB,OAAO,SAAS;AACpD,SAAO,gBAAgB,iBAAiB,OAAO,aAAa;AAC5D,SAAO,iBAAiB,iBAAiB,OAAO,cAAc;AAE9D,QAAM,OAAOC,MAAK,UAAU,MAAM;AAClC,YAAUD,OAAM,IAAI;AACtB;;;ACfA,SAAS,YAAY,gBAA2D;AAC9E,QAAM,YAAuB,CAAC;AAC9B,MAAI,YAAY;AAChB,MAAI,CAAC,eAAgB,QAAO,EAAC,WAAW,UAAS;AACjD,aAAW,cAAc,gBAAgB;AACvC,UAAM,OAAO,eAAe,UAAU;AACtC,QAAI,CAAC,QAAQ,IAAI,UAAU,GAAG;AAC5B,cAAQ;AAAA,QACN,yCAAyC,UAAU;AAAA,MACrD;AACA;AAAA,IACF;AAEA,QAAI;AACF,YAAM,SAAS,KAAK,MAAM,QAAQ,IAAI,UAAU,CAAC;AACjD,UAAI,OAAO,sBAAsB;AAC/B,oBAAY,OAAO;AAAA,MACrB;AACA,iBAAW,OAAO,MAAM;AACtB,YAAI,OAAO,GAAG,GAAG;AACf,oBAAU,GAAG,IAAI,OAAO,GAAG;AAAA,QAC7B,OAAO;AACL,kBAAQ;AAAA,YACN,2CAA2C,GAAG,oBAAoB,UAAU;AAAA,UAC9E;AAAA,QACF;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,cAAQ;AAAA,QACN,mCAAmC,UAAU;AAAA,MAC/C;AAAA,IACF;AAAA,EACF;AACA,SAAO,EAAC,WAAW,UAAoB;AACzC;AAEO,SAAS,aAAa,QAAgB,WAA+B;AAC1E,QAAM,EAAC,WAAW,eAAe,eAAc,IAAI;AACnD,QAAM,EAAC,WAAW,WAAW,eAAc,IAAI,YAAY,cAAc;AACzE,MAAI,aAAa,kBAAkB;AACnC,MAAI,CAAC,YAAY;AACf,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,aAAW,OAAO,WAAW;AAC3B,UAAM,QAAQ,UAAU,GAAG;AAC3B,cAAU,GAAG,IAAI;AAAA,EACnB;AAEA,aAAW,OAAO,eAAe;AAC/B,UAAM,YAAY,cAAc,GAAG;AACnC,QAAI;AACF,gBAAU,GAAG,IAAIE,SAAQ,YAAY,SAAS;AAAA,IAChD,SAAS,OAAO;AACd,YAAM,IAAI;AAAA,QACR,iGAAiG,GAAG;AAAA,MACtG;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;;;AC/EA,eAAO,QAA+B,EAAC,MAAAC,OAAM,KAAK,OAAM,GAAG;AACzD,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AACA,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI,MAAM,oBAAoB;AAAA,EACtC;AAEA,QAAM,SAAS,UAAUA,KAAI;AAC7B,QAAM,YAAY,aAAa,QAAQ,MAAM;AAE7C,MAAI,KAAK;AACP,YAAQ,IAAI,UAAU,GAAG,CAAC;AAAA,EAC5B,OAAO;AACL,YAAQ,IAAI,KAAK,UAAU,WAAW,MAAM,CAAC,CAAC;AAAA,EAChD;AACF;;;ACnBA,OAAOC,WAAU;AAKjB,OAAOC,cAAa;AAWpB,eAAO,WAAkC,EAAC,MAAAC,OAAM,OAAM,GAAmB;AACvE,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AAEA,QAAM,SAAS,UAAUA,KAAI;AAG7B,QAAM,gBAAgB,UAAW,MAAM,gBAAgB;AAGvD,QAAM,gBAAgB,eAAe,OAAO,eAAe,aAAa;AAGxE,QAAM,aAAa,aAAa;AAGhC,QAAM,mBAAmB,iBAAiB,eAAe,WAAW,UAAU;AAG9E,QAAM,gBAAwB;AAAA,IAC5B,GAAG;AAAA,IACH,WAAW,WAAW;AAAA,IACtB,eAAe;AAAA,EACjB;AAGA,QAAM,OAAOC,MAAK,UAAU,aAAa;AACzC,YAAUD,OAAM,IAAI;AAEpB,UAAQ,IAAI,EAAE;AACd,UAAQ,IAAI,oCAAoC;AAChD,UAAQ,IAAI,EAAE;AACd,UAAQ,IAAI,sCAAsC;AAClD,UAAQ,IAAI,EAAE;AACd,UAAQ,IAAI,WAAW,UAAU;AACjC,UAAQ,IAAI,EAAE;AAChB;AAEA,eAAe,kBAAmC;AAChD,QAAM,WAAW,MAAMD,SAAQ;AAAA,IAC7B,MAAM;AAAA,IACN,MAAM;AAAA,IACN,SAAS;AAAA,EACX,CAAC;AAED,MAAI,CAAC,SAAS,QAAQ;AACpB,UAAM,IAAI,MAAM,oBAAoB;AAAA,EACtC;AAEA,SAAO,SAAS;AAClB;AAEA,SAAS,eACP,eACA,WACwB;AACxB,QAAM,YAAoC,CAAC;AAE3C,aAAW,OAAO,eAAe;AAC/B,QAAI;AACF,gBAAU,GAAG,IAAIG,SAAQ,WAAW,cAAc,GAAG,CAAC;AAAA,IACxD,SAAS,OAAO;AACd,YAAM,IAAI,MAAM,0BAA0B,GAAG,+BAA+B;AAAA,IAC9E;AAAA,EACF;AAEA,SAAO;AACT;AAEA,SAAS,iBACP,eACA,cACwB;AACxB,QAAM,YAAoC,CAAC;AAE3C,aAAW,OAAO,eAAe;AAC/B,cAAU,GAAG,IAAIC,SAAQ,cAAc,cAAc,GAAG,CAAC;AAAA,EAC3D;AAEA,SAAO;AACT;;;AZzFA,IAAM,UAAU,IAAI,QAAQ;AAE5B,IAAM,MACJ,YACA,UAAU,SAAS;AACjB,MAAI;AACF,UAAM,OAAO,GAAG,IAAI;AAAA,EACtB,SAAS,GAAG;AACV,YAAQ,MAAM,MAAM,IAAI,UAAU,EAAE,OAAO,EAAE,CAAC;AAAA,EAChD;AACF;AAEF,QACG,QAAQ,MAAM,EACd,YAAY,kCAAkC,EAC9C,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,IAAI,OAAO,CAAC;AAEtB,QACG,QAAQ,KAAK,EACb,YAAY,kDAAkD,EAC9D,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,IAAI,MAAM,CAAC;AAErB,QACG,QAAQ,MAAM,EACd,YAAY,+EAA+E,EAC3F,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,eAAe,uDAAuD,EAC7E,OAAO,qBAAqB,kCAAkC,EAC9D,OAAO,IAAI,OAAO,CAAC;AAEtB,QACG,QAAQ,SAAS,EACjB,YAAY,mEAAmE,EAC/E,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,qBAAqB,iDAAiD,EAC7E,OAAO,IAAI,UAAU,CAAC;AAEzB,QAAQ,MAAM,QAAQ,IAAI;AAE1B,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,EAAE,QAAQ;AACjC,UAAQ,WAAW;AACrB;","names":["encrypt","decrypt","path","path","encrypt","YAML","YAML","YAML","path","YAML","decrypt","path","YAML","prompts","path","YAML","decrypt","encrypt"]} | ||
| {"version":3,"sources":["../src/cli/index.ts","../src/cli/add/index.ts","../src/files/index.ts","../src/crypto/tweetnacl.ts","../src/crypto/util.ts","../src/crypto/index.ts","../src/cli/add/encryptValue.ts","../src/cli/add/getConfig.ts","../src/cli/add/getParams.ts","../src/cli/init/index.ts","../src/cli/migrate/index.ts","../src/environment/getVariables.ts","../src/cli/read/index.ts"],"sourcesContent":["#!/usr/bin/env node\nimport chalk from 'chalk'\nimport {Command} from 'commander'\nimport envAdd from './add'\nimport envInit from './init'\nimport envMigrate from './migrate'\nimport envRead from './read'\n\nconst program = new Command()\n\nconst run =\n action =>\n async (...args) => {\n try {\n await action(...args)\n } catch (e) {\n console.error(chalk.red(`Error: ${e.message}`))\n }\n }\n\nprogram\n .command('init')\n .description('Creates a new encrypted env file')\n .option('--path <path>', 'Specify the env file name')\n .action(run(envInit))\n\nprogram\n .command('add')\n .description('Adds a new environment to the encrypted env file')\n .option('--path <path>', 'Specify the env file name')\n .option('--key <key>', 'The environment variable key')\n .option('--value <value>', 'The environment variable value')\n .action(run(envAdd))\n\nprogram\n .command('read')\n .description('Prints the value of the env file in JSON or a specific variable in plain text')\n .option('--path <path>', 'Specify the env file name')\n .option('--key <key>', 'Prints the value of a specific variable in plain text')\n .option('--secret <secret>', 'The password to decrypt the keys')\n .action(run(envRead))\n\nprogram\n .command('migrate')\n .description('Migrates the config file to a new keypair, re-encrypting all keys')\n .option('--path <path>', 'Specify the env file name')\n .option('--secret <secret>', 'The current secret key to decrypt existing keys')\n .action(run(envMigrate))\n\nprogram.parse(process.argv)\n\nif (!process.argv.slice(2).length) {\n program.outputHelp()\n}\n","import YAML from 'yaml'\nimport {writeFile} from '../../files'\nimport {encryptValue} from './encryptValue'\nimport {getConfig} from './getConfig'\nimport {getParams} from './getParams'\n\nconst sortObjectByKeys = (object: any) => {\n if (!object) return {}\n const sorted = {}\n Object.keys(object)\n .sort()\n .forEach(key => {\n sorted[key] = object[key]\n })\n return sorted\n}\n\nexport default async function envAdd({path, key: optKey, value: optValue}) {\n if (!path) {\n path = '.env.local.yml'\n }\n\n const config = getConfig(path)\n const {key, value} = await getParams(config, {key: optKey, value: optValue})\n if (!value) return\n\n encryptValue(key, value, config)\n\n // sort keys alphabetically\n config.cleanKeys = sortObjectByKeys(config.cleanKeys)\n config.encryptedKeys = sortObjectByKeys(config.encryptedKeys)\n config.readFromSecret = sortObjectByKeys(config.readFromSecret)\n\n const text = YAML.stringify(config)\n writeFile(path, text)\n}\n","import fs from 'node:fs'\nimport path from 'node:path'\n\nexport function readFile(filePath: string) {\n if (!fs.existsSync(filePath)) return null\n\n return fs.readFileSync(filePath).toString()\n}\n\nexport function writeFile(path: string, content: string) {\n ensureDirectory(path)\n fs.writeFileSync(path, content)\n}\n\nexport function ensureDirectory(filePath) {\n const dirname = path.dirname(filePath)\n if (fs.existsSync(dirname)) return true\n ensureDirectory(dirname)\n fs.mkdirSync(dirname)\n}\n","import nacl from 'tweetnacl-es6'\nimport {decodeUTF8, encodeUTF8, encodeBase64, decodeBase64} from './util'\n\nconst newNonce = () => nacl.randomBytes(nacl.box.nonceLength)\nexport const generateKeyPair = () => nacl.box.keyPair()\n\nexport const encrypt = (bSecretKey: Uint8Array, aPublicKey: Uint8Array, message: string) => {\n const nonce = newNonce()\n const messageUint8 = decodeUTF8(message)\n const encrypted = nacl.box(messageUint8, nonce, aPublicKey, bSecretKey)\n\n const fullMessage = new Uint8Array(nonce.length + encrypted.length)\n fullMessage.set(nonce)\n fullMessage.set(encrypted, nonce.length)\n\n const base64FullMessage = encodeBase64(fullMessage)\n return base64FullMessage\n}\n\nexport const decrypt = (\n aSecretKey: Uint8Array,\n bPublicKey: Uint8Array,\n messageWithNonce: string,\n) => {\n const messageWithNonceAsUint8Array = decodeBase64(messageWithNonce)\n const nonce = messageWithNonceAsUint8Array.slice(0, nacl.box.nonceLength)\n const message = messageWithNonceAsUint8Array.slice(nacl.box.nonceLength, messageWithNonce.length)\n\n const decrypted = nacl.box.open(message, nonce, bPublicKey, aSecretKey)\n\n if (!decrypted) {\n throw new Error('Could not decrypt message')\n }\n\n const base64DecryptedMessage = encodeUTF8(decrypted)\n return base64DecryptedMessage\n}\n","// Written in 2014-2016 by Dmitry Chestnykh and Devi Mandiri.\n// Public domain.\n\nimport {WithImplicitCoercion} from 'node:buffer'\n\nfunction validateBase64(s: string) {\n if (!/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/.test(s)) {\n throw new TypeError('invalid encoding')\n }\n}\n\nexport const decodeUTF8 = (s: string | number | boolean) => {\n if (typeof s !== 'string') throw new TypeError('expected string')\n let i: number\n const d = unescape(encodeURIComponent(s))\n const b = new Uint8Array(d.length)\n for (i = 0; i < d.length; i++) b[i] = d.charCodeAt(i)\n return b\n}\n\nexport const encodeUTF8 = (arr: string | any[]) => {\n let i: number\n const s = []\n for (i = 0; i < arr.length; i++) s.push(String.fromCharCode(arr[i]))\n return decodeURIComponent(escape(s.join('')))\n}\n\nexport const encodeBase64 = (arr: Uint8Array<any>) => Buffer.from(arr).toString('base64')\n\nexport const decodeBase64 = (s: WithImplicitCoercion<string>) => {\n validateBase64(s as any)\n return new Uint8Array(Array.prototype.slice.call(Buffer.from(s, 'base64'), 0))\n}\n","import {generateKeyPair, encrypt as tweetEncrypt, decrypt as tweetDecrypt} from './tweetnacl'\nimport {encodeBase64, decodeBase64} from './util'\n\nexport function generateKeys() {\n const {publicKey, secretKey} = generateKeyPair()\n\n const encryptKeyHex = encodeBase64(publicKey)\n const decryptKeyHex = encodeBase64(secretKey)\n\n return {\n encryptKey: encryptKeyHex,\n decryptKey: decryptKeyHex,\n }\n}\n\n/**\n * Creates a temporal keypair just to encrypt one message.\n * Saves the public key in the result so that the message can be decrypted.\n */\nexport function encrypt(encryptKey: string, message: string) {\n const encryptPublicKey = decodeBase64(encryptKey)\n const tempPair = generateKeyPair()\n const encrypted = tweetEncrypt(tempPair.secretKey, encryptPublicKey, message)\n const hexTempPublic = encodeBase64(tempPair.publicKey)\n return `${hexTempPublic}:${encrypted}`\n}\n\n/**\n * Ecrypts a message using the decrypt key\n */\nexport function decrypt(decryptKey: string, encrypted: string) {\n const decryptSecretKey = decodeBase64(decryptKey)\n const [messagePubKeyHex, encryptedMessage] = encrypted.split(':')\n const messagePubKey = decodeBase64(messagePubKeyHex)\n\n return tweetDecrypt(decryptSecretKey, messagePubKey, encryptedMessage)\n}\n","import {encrypt} from '../../crypto'\nimport {Config} from '../../environment/getVariables'\n\nexport const encryptValue = (key: string, value: string, config: Config) => {\n config.encryptedKeys[key] = encrypt(config.publicKey, value)\n}\n","import YAML from 'yaml'\nimport {Config} from '../../environment/getVariables'\nimport {readFile} from '../../files'\n\nexport const getConfig = (envPath: string): Config => {\n const configFile = readFile(envPath)\n\n if (!configFile) {\n throw new Error('No config file found at path ' + envPath)\n }\n\n return YAML.parse(configFile)\n}\n","import prompts from 'prompts'\nimport {Config} from '../../environment/getVariables'\n\nexport const getParams = async (config: Config, opts?: {key?: string; value?: string}) => {\n if (opts?.key && opts?.value) {\n return {key: opts.key, value: opts.value}\n }\n\n const response = await prompts([\n {\n type: 'text',\n name: 'key',\n message: 'Key',\n },\n {\n type: 'text',\n name: 'value',\n message: 'Value',\n },\n ])\n\n return {\n key: response.key as string,\n value: response.value as string,\n }\n}\n","import YAML from 'yaml'\nimport {generateKeys} from '../../crypto'\nimport {Config} from '../../environment/getVariables'\nimport {writeFile} from '../../files'\n\nexport default async function envInit({path}) {\n if (!path) {\n path = '.env.local.yml'\n }\n\n const keypair = generateKeys()\n\n const envFile: Config = {\n version: '1.0',\n publicKey: keypair.encryptKey,\n cleanKeys: {},\n encryptedKeys: {},\n readFromSecret: {},\n }\n\n const text = YAML.stringify(envFile)\n\n writeFile(path, text)\n\n console.log('')\n\n console.log(\n `Environment file created. You need to use the following key to decrypt the environment variables:`,\n )\n\n console.log('')\n\n console.log(keypair.decryptKey)\n\n console.log('')\n}\n","import YAML from 'yaml'\nimport {decrypt, encrypt, generateKeys} from '../../crypto'\nimport {Config} from '../../environment/getVariables'\nimport {writeFile} from '../../files'\nimport {getConfig} from '../add/getConfig'\nimport prompts from 'prompts'\n\ninterface MigrateOptions {\n path?: string\n secret?: string\n}\n\n/**\n * Migrates an env config file to a new keypair.\n * Re-encrypts all encrypted keys with the new public key.\n */\nexport default async function envMigrate({path, secret}: MigrateOptions) {\n if (!path) {\n path = '.env.local.yml'\n }\n\n const config = getConfig(path)\n\n // Get the current secret key if not provided\n const currentSecret = secret ?? (await promptForSecret())\n\n // Decrypt all encrypted keys using the old secret\n const decryptedKeys = decryptAllKeys(config.encryptedKeys, currentSecret)\n\n // Generate a new keypair\n const newKeypair = generateKeys()\n\n // Re-encrypt all keys with the new public key\n const newEncryptedKeys = reEncryptAllKeys(decryptedKeys, newKeypair.encryptKey)\n\n // Create the updated config\n const updatedConfig: Config = {\n ...config,\n publicKey: newKeypair.encryptKey,\n encryptedKeys: newEncryptedKeys,\n }\n\n // Write the updated config file\n const text = YAML.stringify(updatedConfig)\n writeFile(path, text)\n\n console.log('')\n console.log('Config file migrated successfully.')\n console.log('')\n console.log('New secret key (save this securely):')\n console.log('')\n console.log(newKeypair.decryptKey)\n console.log('')\n}\n\nasync function promptForSecret(): Promise<string> {\n const response = await prompts({\n type: 'password',\n name: 'secret',\n message: 'Current secret key',\n })\n\n if (!response.secret) {\n throw new Error('Secret is required')\n }\n\n return response.secret as string\n}\n\nfunction decryptAllKeys(\n encryptedKeys: Record<string, string>,\n secretKey: string,\n): Record<string, string> {\n const decrypted: Record<string, string> = {}\n\n for (const key in encryptedKeys) {\n try {\n decrypted[key] = decrypt(secretKey, encryptedKeys[key])\n } catch (error) {\n throw new Error(`Failed to decrypt key \"${key}\". Is the secret key correct?`)\n }\n }\n\n return decrypted\n}\n\nfunction reEncryptAllKeys(\n decryptedKeys: Record<string, string>,\n newPublicKey: string,\n): Record<string, string> {\n const encrypted: Record<string, string> = {}\n\n for (const key in decryptedKeys) {\n encrypted[key] = encrypt(newPublicKey, decryptedKeys[key])\n }\n\n return encrypted\n}\n\n","import {decrypt} from '../crypto'\n\nexport interface Config {\n version: string\n publicKey: string\n cleanKeys: {\n [key: string]: string\n }\n encryptedKeys: {\n [key: string]: string\n }\n readFromSecret?: {\n [key: string]: string[]\n }\n}\n\nexport interface Variables {\n [key: string]: string\n}\n\nfunction readSecrets(readFromSecret): {variables: Variables; secretKey: string} {\n const variables: Variables = {}\n let secretKey = null\n if (!readFromSecret) return {variables, secretKey}\n for (const secretName in readFromSecret) {\n const keys = readFromSecret[secretName]\n if (!process.env[secretName]) {\n console.warn(\n `@orion/env could not find the secret \"${secretName}\" in the environment. Related variables will be undefined.`,\n )\n continue\n }\n\n try {\n const values = JSON.parse(process.env[secretName])\n if (values.ORION_ENV_SECRET_KEY) {\n secretKey = values.ORION_ENV_SECRET_KEY\n }\n for (const key of keys) {\n if (values[key]) {\n variables[key] = values[key]\n } else {\n console.warn(\n `@orion/env could not find the variable \"${key}\" in the secret \"${secretName}\". Related variables will be undefined.`,\n )\n }\n }\n } catch (error) {\n console.warn(\n `'@orion/env found a the secret \"${secretName}\" variable in the environment but it is not a valid JSON. Related variables will be undefined.'`,\n )\n }\n }\n return {variables, secretKey: secretKey}\n}\n\nexport function getVariables(config: Config, secretKey?: string): Variables {\n const {cleanKeys, encryptedKeys, readFromSecret} = config\n const {variables, secretKey: foundSecretKey} = readSecrets(readFromSecret)\n let decryptKey = foundSecretKey || secretKey\n if (!decryptKey) {\n throw new Error(\n 'Orion encrypted env was passed but process.env.ORION_ENV_SECRET_KEY is not defined',\n )\n }\n\n for (const key in cleanKeys) {\n const value = cleanKeys[key]\n variables[key] = value\n }\n\n for (const key in encryptedKeys) {\n const encrypted = encryptedKeys[key]\n try {\n variables[key] = decrypt(decryptKey, encrypted)\n } catch (error) {\n throw new Error(\n `Orion encrypted env was passed but process.env.ORION_ENV_SECRET_KEY is not the right key for \"${key}\"`,\n )\n }\n }\n return variables\n}\n","import {getVariables} from '../../environment/getVariables'\nimport {getConfig} from '../add/getConfig'\n\nexport default async function envRead({path, key, secret}) {\n if (!path) {\n path = '.env.local.yml'\n }\n if (!secret) {\n throw new Error('Secret is required')\n }\n\n const config = getConfig(path)\n const variables = getVariables(config, secret)\n\n if (key) {\n console.log(variables[key])\n } else {\n console.log(JSON.stringify(variables, null, 2))\n }\n}\n"],"mappings":";;;AACA,OAAO,WAAW;AAClB,SAAQ,eAAc;;;ACFtB,OAAOA,WAAU;;;ACAjB,OAAO,QAAQ;AACf,OAAO,UAAU;AAEV,SAAS,SAAS,UAAkB;AACzC,MAAI,CAAC,GAAG,WAAW,QAAQ,EAAG,QAAO;AAErC,SAAO,GAAG,aAAa,QAAQ,EAAE,SAAS;AAC5C;AAEO,SAAS,UAAUC,OAAc,SAAiB;AACvD,kBAAgBA,KAAI;AACpB,KAAG,cAAcA,OAAM,OAAO;AAChC;AAEO,SAAS,gBAAgB,UAAU;AACxC,QAAM,UAAU,KAAK,QAAQ,QAAQ;AACrC,MAAI,GAAG,WAAW,OAAO,EAAG,QAAO;AACnC,kBAAgB,OAAO;AACvB,KAAG,UAAU,OAAO;AACtB;;;ACnBA,OAAO,UAAU;;;ACKjB,SAAS,eAAe,GAAW;AACjC,MAAI,CAAC,mEAAmE,KAAK,CAAC,GAAG;AAC/E,UAAM,IAAI,UAAU,kBAAkB;AAAA,EACxC;AACF;AAEO,IAAM,aAAa,CAAC,MAAiC;AAC1D,MAAI,OAAO,MAAM,SAAU,OAAM,IAAI,UAAU,iBAAiB;AAChE,MAAI;AACJ,QAAM,IAAI,SAAS,mBAAmB,CAAC,CAAC;AACxC,QAAM,IAAI,IAAI,WAAW,EAAE,MAAM;AACjC,OAAK,IAAI,GAAG,IAAI,EAAE,QAAQ,IAAK,GAAE,CAAC,IAAI,EAAE,WAAW,CAAC;AACpD,SAAO;AACT;AAEO,IAAM,aAAa,CAAC,QAAwB;AACjD,MAAI;AACJ,QAAM,IAAI,CAAC;AACX,OAAK,IAAI,GAAG,IAAI,IAAI,QAAQ,IAAK,GAAE,KAAK,OAAO,aAAa,IAAI,CAAC,CAAC,CAAC;AACnE,SAAO,mBAAmB,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;AAC9C;AAEO,IAAM,eAAe,CAAC,QAAyB,OAAO,KAAK,GAAG,EAAE,SAAS,QAAQ;AAEjF,IAAM,eAAe,CAAC,MAAoC;AAC/D,iBAAe,CAAQ;AACvB,SAAO,IAAI,WAAW,MAAM,UAAU,MAAM,KAAK,OAAO,KAAK,GAAG,QAAQ,GAAG,CAAC,CAAC;AAC/E;;;AD7BA,IAAM,WAAW,MAAM,KAAK,YAAY,KAAK,IAAI,WAAW;AACrD,IAAM,kBAAkB,MAAM,KAAK,IAAI,QAAQ;AAE/C,IAAM,UAAU,CAAC,YAAwB,YAAwB,YAAoB;AAC1F,QAAM,QAAQ,SAAS;AACvB,QAAM,eAAe,WAAW,OAAO;AACvC,QAAM,YAAY,KAAK,IAAI,cAAc,OAAO,YAAY,UAAU;AAEtE,QAAM,cAAc,IAAI,WAAW,MAAM,SAAS,UAAU,MAAM;AAClE,cAAY,IAAI,KAAK;AACrB,cAAY,IAAI,WAAW,MAAM,MAAM;AAEvC,QAAM,oBAAoB,aAAa,WAAW;AAClD,SAAO;AACT;AAEO,IAAM,UAAU,CACrB,YACA,YACA,qBACG;AACH,QAAM,+BAA+B,aAAa,gBAAgB;AAClE,QAAM,QAAQ,6BAA6B,MAAM,GAAG,KAAK,IAAI,WAAW;AACxE,QAAM,UAAU,6BAA6B,MAAM,KAAK,IAAI,aAAa,iBAAiB,MAAM;AAEhG,QAAM,YAAY,KAAK,IAAI,KAAK,SAAS,OAAO,YAAY,UAAU;AAEtE,MAAI,CAAC,WAAW;AACd,UAAM,IAAI,MAAM,2BAA2B;AAAA,EAC7C;AAEA,QAAM,yBAAyB,WAAW,SAAS;AACnD,SAAO;AACT;;;AEjCO,SAAS,eAAe;AAC7B,QAAM,EAAC,WAAW,UAAS,IAAI,gBAAgB;AAE/C,QAAM,gBAAgB,aAAa,SAAS;AAC5C,QAAM,gBAAgB,aAAa,SAAS;AAE5C,SAAO;AAAA,IACL,YAAY;AAAA,IACZ,YAAY;AAAA,EACd;AACF;AAMO,SAASC,SAAQ,YAAoB,SAAiB;AAC3D,QAAM,mBAAmB,aAAa,UAAU;AAChD,QAAM,WAAW,gBAAgB;AACjC,QAAM,YAAY,QAAa,SAAS,WAAW,kBAAkB,OAAO;AAC5E,QAAM,gBAAgB,aAAa,SAAS,SAAS;AACrD,SAAO,GAAG,aAAa,IAAI,SAAS;AACtC;AAKO,SAASC,SAAQ,YAAoB,WAAmB;AAC7D,QAAM,mBAAmB,aAAa,UAAU;AAChD,QAAM,CAAC,kBAAkB,gBAAgB,IAAI,UAAU,MAAM,GAAG;AAChE,QAAM,gBAAgB,aAAa,gBAAgB;AAEnD,SAAO,QAAa,kBAAkB,eAAe,gBAAgB;AACvE;;;ACjCO,IAAM,eAAe,CAAC,KAAa,OAAe,WAAmB;AAC1E,SAAO,cAAc,GAAG,IAAIC,SAAQ,OAAO,WAAW,KAAK;AAC7D;;;ACLA,OAAO,UAAU;AAIV,IAAM,YAAY,CAAC,YAA4B;AACpD,QAAM,aAAa,SAAS,OAAO;AAEnC,MAAI,CAAC,YAAY;AACf,UAAM,IAAI,MAAM,kCAAkC,OAAO;AAAA,EAC3D;AAEA,SAAO,KAAK,MAAM,UAAU;AAC9B;;;ACZA,OAAO,aAAa;AAGb,IAAM,YAAY,OAAO,QAAgB,SAA0C;AACxF,OAAI,6BAAM,SAAO,6BAAM,QAAO;AAC5B,WAAO,EAAC,KAAK,KAAK,KAAK,OAAO,KAAK,MAAK;AAAA,EAC1C;AAEA,QAAM,WAAW,MAAM,QAAQ;AAAA,IAC7B;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,IACX;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,IACX;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL,KAAK,SAAS;AAAA,IACd,OAAO,SAAS;AAAA,EAClB;AACF;;;APnBA,IAAM,mBAAmB,CAAC,WAAgB;AACxC,MAAI,CAAC,OAAQ,QAAO,CAAC;AACrB,QAAM,SAAS,CAAC;AAChB,SAAO,KAAK,MAAM,EACf,KAAK,EACL,QAAQ,SAAO;AACd,WAAO,GAAG,IAAI,OAAO,GAAG;AAAA,EAC1B,CAAC;AACH,SAAO;AACT;AAEA,eAAO,OAA8B,EAAC,MAAAC,OAAM,KAAK,QAAQ,OAAO,SAAQ,GAAG;AACzE,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AAEA,QAAM,SAAS,UAAUA,KAAI;AAC7B,QAAM,EAAC,KAAK,MAAK,IAAI,MAAM,UAAU,QAAQ,EAAC,KAAK,QAAQ,OAAO,SAAQ,CAAC;AAC3E,MAAI,CAAC,MAAO;AAEZ,eAAa,KAAK,OAAO,MAAM;AAG/B,SAAO,YAAY,iBAAiB,OAAO,SAAS;AACpD,SAAO,gBAAgB,iBAAiB,OAAO,aAAa;AAC5D,SAAO,iBAAiB,iBAAiB,OAAO,cAAc;AAE9D,QAAM,OAAOC,MAAK,UAAU,MAAM;AAClC,YAAUD,OAAM,IAAI;AACtB;;;AQnCA,OAAOE,WAAU;AAKjB,eAAO,QAA+B,EAAC,MAAAC,MAAI,GAAG;AAC5C,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AAEA,QAAM,UAAU,aAAa;AAE7B,QAAM,UAAkB;AAAA,IACtB,SAAS;AAAA,IACT,WAAW,QAAQ;AAAA,IACnB,WAAW,CAAC;AAAA,IACZ,eAAe,CAAC;AAAA,IAChB,gBAAgB,CAAC;AAAA,EACnB;AAEA,QAAM,OAAOC,MAAK,UAAU,OAAO;AAEnC,YAAUD,OAAM,IAAI;AAEpB,UAAQ,IAAI,EAAE;AAEd,UAAQ;AAAA,IACN;AAAA,EACF;AAEA,UAAQ,IAAI,EAAE;AAEd,UAAQ,IAAI,QAAQ,UAAU;AAE9B,UAAQ,IAAI,EAAE;AAChB;;;ACnCA,OAAOE,WAAU;AAKjB,OAAOC,cAAa;AAWpB,eAAO,WAAkC,EAAC,MAAAC,OAAM,OAAM,GAAmB;AACvE,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AAEA,QAAM,SAAS,UAAUA,KAAI;AAG7B,QAAM,gBAAgB,UAAW,MAAM,gBAAgB;AAGvD,QAAM,gBAAgB,eAAe,OAAO,eAAe,aAAa;AAGxE,QAAM,aAAa,aAAa;AAGhC,QAAM,mBAAmB,iBAAiB,eAAe,WAAW,UAAU;AAG9E,QAAM,gBAAwB;AAAA,IAC5B,GAAG;AAAA,IACH,WAAW,WAAW;AAAA,IACtB,eAAe;AAAA,EACjB;AAGA,QAAM,OAAOC,MAAK,UAAU,aAAa;AACzC,YAAUD,OAAM,IAAI;AAEpB,UAAQ,IAAI,EAAE;AACd,UAAQ,IAAI,oCAAoC;AAChD,UAAQ,IAAI,EAAE;AACd,UAAQ,IAAI,sCAAsC;AAClD,UAAQ,IAAI,EAAE;AACd,UAAQ,IAAI,WAAW,UAAU;AACjC,UAAQ,IAAI,EAAE;AAChB;AAEA,eAAe,kBAAmC;AAChD,QAAM,WAAW,MAAMD,SAAQ;AAAA,IAC7B,MAAM;AAAA,IACN,MAAM;AAAA,IACN,SAAS;AAAA,EACX,CAAC;AAED,MAAI,CAAC,SAAS,QAAQ;AACpB,UAAM,IAAI,MAAM,oBAAoB;AAAA,EACtC;AAEA,SAAO,SAAS;AAClB;AAEA,SAAS,eACP,eACA,WACwB;AACxB,QAAM,YAAoC,CAAC;AAE3C,aAAW,OAAO,eAAe;AAC/B,QAAI;AACF,gBAAU,GAAG,IAAIG,SAAQ,WAAW,cAAc,GAAG,CAAC;AAAA,IACxD,SAAS,OAAO;AACd,YAAM,IAAI,MAAM,0BAA0B,GAAG,+BAA+B;AAAA,IAC9E;AAAA,EACF;AAEA,SAAO;AACT;AAEA,SAAS,iBACP,eACA,cACwB;AACxB,QAAM,YAAoC,CAAC;AAE3C,aAAW,OAAO,eAAe;AAC/B,cAAU,GAAG,IAAIC,SAAQ,cAAc,cAAc,GAAG,CAAC;AAAA,EAC3D;AAEA,SAAO;AACT;;;AC7EA,SAAS,YAAY,gBAA2D;AAC9E,QAAM,YAAuB,CAAC;AAC9B,MAAI,YAAY;AAChB,MAAI,CAAC,eAAgB,QAAO,EAAC,WAAW,UAAS;AACjD,aAAW,cAAc,gBAAgB;AACvC,UAAM,OAAO,eAAe,UAAU;AACtC,QAAI,CAAC,QAAQ,IAAI,UAAU,GAAG;AAC5B,cAAQ;AAAA,QACN,yCAAyC,UAAU;AAAA,MACrD;AACA;AAAA,IACF;AAEA,QAAI;AACF,YAAM,SAAS,KAAK,MAAM,QAAQ,IAAI,UAAU,CAAC;AACjD,UAAI,OAAO,sBAAsB;AAC/B,oBAAY,OAAO;AAAA,MACrB;AACA,iBAAW,OAAO,MAAM;AACtB,YAAI,OAAO,GAAG,GAAG;AACf,oBAAU,GAAG,IAAI,OAAO,GAAG;AAAA,QAC7B,OAAO;AACL,kBAAQ;AAAA,YACN,2CAA2C,GAAG,oBAAoB,UAAU;AAAA,UAC9E;AAAA,QACF;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,cAAQ;AAAA,QACN,mCAAmC,UAAU;AAAA,MAC/C;AAAA,IACF;AAAA,EACF;AACA,SAAO,EAAC,WAAW,UAAoB;AACzC;AAEO,SAAS,aAAa,QAAgB,WAA+B;AAC1E,QAAM,EAAC,WAAW,eAAe,eAAc,IAAI;AACnD,QAAM,EAAC,WAAW,WAAW,eAAc,IAAI,YAAY,cAAc;AACzE,MAAI,aAAa,kBAAkB;AACnC,MAAI,CAAC,YAAY;AACf,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,aAAW,OAAO,WAAW;AAC3B,UAAM,QAAQ,UAAU,GAAG;AAC3B,cAAU,GAAG,IAAI;AAAA,EACnB;AAEA,aAAW,OAAO,eAAe;AAC/B,UAAM,YAAY,cAAc,GAAG;AACnC,QAAI;AACF,gBAAU,GAAG,IAAIC,SAAQ,YAAY,SAAS;AAAA,IAChD,SAAS,OAAO;AACd,YAAM,IAAI;AAAA,QACR,iGAAiG,GAAG;AAAA,MACtG;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;;;AC/EA,eAAO,QAA+B,EAAC,MAAAC,OAAM,KAAK,OAAM,GAAG;AACzD,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AACA,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI,MAAM,oBAAoB;AAAA,EACtC;AAEA,QAAM,SAAS,UAAUA,KAAI;AAC7B,QAAM,YAAY,aAAa,QAAQ,MAAM;AAE7C,MAAI,KAAK;AACP,YAAQ,IAAI,UAAU,GAAG,CAAC;AAAA,EAC5B,OAAO;AACL,YAAQ,IAAI,KAAK,UAAU,WAAW,MAAM,CAAC,CAAC;AAAA,EAChD;AACF;;;AZXA,IAAM,UAAU,IAAI,QAAQ;AAE5B,IAAM,MACJ,YACA,UAAU,SAAS;AACjB,MAAI;AACF,UAAM,OAAO,GAAG,IAAI;AAAA,EACtB,SAAS,GAAG;AACV,YAAQ,MAAM,MAAM,IAAI,UAAU,EAAE,OAAO,EAAE,CAAC;AAAA,EAChD;AACF;AAEF,QACG,QAAQ,MAAM,EACd,YAAY,kCAAkC,EAC9C,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,IAAI,OAAO,CAAC;AAEtB,QACG,QAAQ,KAAK,EACb,YAAY,kDAAkD,EAC9D,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,eAAe,8BAA8B,EACpD,OAAO,mBAAmB,gCAAgC,EAC1D,OAAO,IAAI,MAAM,CAAC;AAErB,QACG,QAAQ,MAAM,EACd,YAAY,+EAA+E,EAC3F,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,eAAe,uDAAuD,EAC7E,OAAO,qBAAqB,kCAAkC,EAC9D,OAAO,IAAI,OAAO,CAAC;AAEtB,QACG,QAAQ,SAAS,EACjB,YAAY,mEAAmE,EAC/E,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,qBAAqB,iDAAiD,EAC7E,OAAO,IAAI,UAAU,CAAC;AAEzB,QAAQ,MAAM,QAAQ,IAAI;AAE1B,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,EAAE,QAAQ;AACjC,UAAQ,WAAW;AACrB;","names":["YAML","path","encrypt","decrypt","encrypt","path","YAML","YAML","path","YAML","YAML","prompts","path","YAML","decrypt","encrypt","decrypt","path"]} |
+1
-1
| { | ||
| "name": "@orion-js/env", | ||
| "version": "4.2.1", | ||
| "version": "4.2.2", | ||
| "main": "./dist/index.cjs", | ||
@@ -5,0 +5,0 @@ "author": "nicolaslopezj", |
No alert changes
Improved metrics
- Total package byte prevSize
120696
1.39%- Lines of code
1175
0.51%No dependency changes