yaml-crypt
Advanced tools
Comparing version 0.7.1 to 0.7.2
@@ -357,3 +357,5 @@ #!/usr/bin/env node | ||
} else { | ||
configKeys.forEach(k => keys.push(k.key)); | ||
configKeys.forEach(k => | ||
keys.push({ source: `config:${k.name}`, key: k.key }) | ||
); | ||
} | ||
@@ -408,3 +410,2 @@ const encryptionKey = args.K | ||
} | ||
const opts = { algorithm, base64: args.base64, path: args.path }; | ||
readInput(input, buf => { | ||
@@ -416,3 +417,3 @@ if (args.raw) { | ||
: buf.toString("utf8"); | ||
const result = encrypt(algorithm, encryptionKey, str); | ||
const result = encrypt(algorithm, encryptionKey.key, str); | ||
output.write(result); | ||
@@ -422,5 +423,8 @@ output.write("\n"); | ||
const str = buf.toString("utf8"); | ||
const decrypted = tryDecrypt(algorithms, keys, (algorithm, key) => | ||
decrypt(algorithm, key, str) | ||
const { key, decrypted } = tryDecrypt( | ||
algorithms, | ||
keys, | ||
(algorithm, key) => decrypt(algorithm, key.key, str) | ||
); | ||
logDecryptionKey(args, key); | ||
const result = args.base64 | ||
@@ -432,2 +436,8 @@ ? Buffer.from(decrypted, "base64").toString("utf8") | ||
} else { | ||
const opts = { | ||
algorithm, | ||
base64: args.base64, | ||
path: args.path, | ||
callback: key => logDecryptionKey(args, key) | ||
}; | ||
const str = buf.toString("utf8"); | ||
@@ -555,3 +565,3 @@ const crypt = yamlcrypt({ keys, encryptionKey }); | ||
if (k.name === arg) { | ||
return k.key; | ||
return { source: `config:${k.name}`, key: k.key }; | ||
} | ||
@@ -565,7 +575,7 @@ } | ||
} | ||
return str.trim(); | ||
return { source: `env:${arg}`, key: str.trim() }; | ||
} else if (prefix === "fd") { | ||
const fd = parseInt(arg); | ||
if (fd || fd === 0) { | ||
return readFd(fd).trim(); | ||
return { source: `fd:${arg}`, key: readFd(fd).trim() }; | ||
} else { | ||
@@ -585,3 +595,3 @@ throw new UsageError(`not a file descriptor: ${arg}`); | ||
} | ||
return raw.toString("utf8").trim(); | ||
return { source: `file:${arg}`, key: raw.toString("utf8").trim() }; | ||
} else { | ||
@@ -731,3 +741,4 @@ throw new UsageError(`unknown key argument: ${key}`); | ||
path: args.path, | ||
raw: args.raw | ||
raw: args.raw, | ||
callback: key => logDecryptionKey(args, key) | ||
}; | ||
@@ -777,3 +788,5 @@ const crypt = yamlcrypt({ keys, encryptionKey }); | ||
content, | ||
str => { | ||
(str, key) => { | ||
logDecryptionKey(args, key); | ||
fs.writeSync(tmpFile.fd, str); | ||
@@ -797,2 +810,8 @@ fs.closeSync(tmpFile.fd); | ||
function logDecryptionKey(args, key) { | ||
if (args.debug) { | ||
console.error("successfully decrypted using key:", key.source); | ||
} | ||
} | ||
class UnknownError extends Error {} | ||
@@ -799,0 +818,0 @@ |
@@ -58,8 +58,7 @@ const yaml = require("js-yaml"); | ||
let result = null; | ||
let success = false; | ||
for (const algorithm of algorithms) { | ||
for (const key of keys) { | ||
try { | ||
result = decrypt(algorithm, key); | ||
success = true; | ||
const decrypted = decrypt(algorithm, key); | ||
result = { key, algorithm, decrypted }; | ||
break; | ||
@@ -71,3 +70,3 @@ } catch (e) { | ||
} | ||
if (success) { | ||
if (result != null) { | ||
return result; | ||
@@ -74,0 +73,0 @@ } else { |
@@ -75,9 +75,15 @@ const { homedir } = require("os"); | ||
function normalizeKey(key) { | ||
const k = key && key.key ? key.key : key; | ||
if (k == null) { | ||
const k = key && key.key !== undefined ? key : { key }; | ||
if (k == null || k.key == null) { | ||
return null; | ||
} else if (typeof k !== "string") { | ||
throw new Error(`invalid key: ${typeof k}`); | ||
} else if (k.length === 0) { | ||
throw new Error("empty key!"); | ||
} | ||
if (!k.source) { | ||
k.source = "unknown source"; | ||
} | ||
if (typeof k.key !== "string") { | ||
throw new Error(`invalid key ${k.source}: ${typeof k.key}`); | ||
} else if (k.key.length === 0) { | ||
throw new Error(`empty key: ${k.source}`); | ||
} else { | ||
@@ -120,3 +126,3 @@ return k; | ||
opts.algorithm, | ||
opts.encryptionKey || encryptionKey, | ||
(opts.encryptionKey || encryptionKey).key, | ||
str | ||
@@ -135,3 +141,3 @@ ); | ||
opts.algorithm, | ||
opts.encryptionKey || encryptionKey, | ||
(opts.encryptionKey || encryptionKey).key, | ||
str | ||
@@ -151,6 +157,6 @@ ); | ||
const s = trimStr(str); | ||
const decrypted = tryDecrypt( | ||
const { decrypted } = tryDecrypt( | ||
algorithms, | ||
opts.keys || keys, | ||
(algorithm, key) => decrypt(algorithm, key, s) | ||
(algorithm, key) => decrypt(algorithm, key.key, s) | ||
); | ||
@@ -166,7 +172,10 @@ return yaml.safeLoad(decrypted); | ||
const s = trimStr(str); | ||
const decrypted = tryDecrypt( | ||
const { decrypted, key } = tryDecrypt( | ||
algorithms, | ||
opts.keys || keys, | ||
(algorithm, key) => decrypt(algorithm, key, s) | ||
(algorithm, key) => decrypt(algorithm, key.key, s) | ||
); | ||
if (opts.callback) { | ||
opts.callback(key); | ||
} | ||
return safeLoadAll(decrypted); | ||
@@ -181,9 +190,9 @@ } else { | ||
const s = trimStr(str); | ||
const [key, algorithm, decrypted] = tryDecrypt( | ||
const { key, algorithm, decrypted } = tryDecrypt( | ||
algorithms, | ||
opts.keys || keys, | ||
(algorithm, key) => [key, algorithm, decrypt(algorithm, key, s)] | ||
(algorithm, key) => decrypt(algorithm, key.key, s) | ||
); | ||
const transformed = callback(decrypted); | ||
const transformed = callback(decrypted, key); | ||
@@ -193,3 +202,3 @@ if (transformed.toString() === decrypted) { | ||
} else { | ||
return encrypt(algorithm, key, transformed); | ||
return encrypt(algorithm, key.key, transformed); | ||
} | ||
@@ -209,3 +218,4 @@ } else { | ||
objects: !!opts.objects, | ||
base64: !!opts.base64 | ||
base64: !!opts.base64, | ||
callback: opts.callback | ||
}); | ||
@@ -215,4 +225,11 @@ return { schema }; | ||
function createYamlSchema({ algorithm, keys, encryptionKey, objects, base64 }) { | ||
const opts = { keys, encryptionKey, objects, base64 }; | ||
function createYamlSchema({ | ||
algorithm, | ||
keys, | ||
encryptionKey, | ||
objects, | ||
base64, | ||
callback | ||
}) { | ||
const opts = { keys, encryptionKey, objects, base64, callback }; | ||
const types = []; | ||
@@ -240,3 +257,4 @@ for (let i = 0; i < algorithms.length; i++) { | ||
objects, | ||
base64 | ||
base64, | ||
callback | ||
}) { | ||
@@ -249,5 +267,10 @@ const name = "!yaml-crypt" + (algorithm == null ? "" : `/${algorithm}`); | ||
construct: data => { | ||
const decrypted = tryDecrypt([algorithm], keys, (algorithm, key) => | ||
decrypt(algorithm, key, data) | ||
const { decrypted, key } = tryDecrypt( | ||
[algorithm], | ||
keys, | ||
(algorithm, key) => decrypt(algorithm, key.key, data) | ||
); | ||
if (callback) { | ||
callback(key); | ||
} | ||
const decoded = base64 | ||
@@ -270,3 +293,3 @@ ? Buffer.from(decrypted, "base64").toString("utf8") | ||
const encoded = base64 ? Buffer.from(str).toString("base64") : str; | ||
encrypted = encrypt(algorithm, encryptionKey, encoded); | ||
encrypted = encrypt(algorithm, encryptionKey.key, encoded); | ||
} | ||
@@ -280,10 +303,13 @@ return encrypted; | ||
function doTransform(str, callback, opts) { | ||
const [key, docs] = tryDecrypt(algorithms, opts.keys, (algorithm, key) => { | ||
const o = Object.assign({}, opts); | ||
o.objects = true; | ||
o.algorithm = algorithm; | ||
o.keys = [key]; | ||
const docs = safeLoadAll(str, yamlOpts(o)); | ||
return [key, docs]; | ||
}); | ||
const { key, decrypted: docs } = tryDecrypt( | ||
algorithms, | ||
opts.keys, | ||
(algorithm, key) => { | ||
const o = Object.assign({}, opts); | ||
o.objects = true; | ||
o.algorithm = algorithm; | ||
o.keys = [key]; | ||
return safeLoadAll(str, yamlOpts(o)); | ||
} | ||
); | ||
@@ -316,3 +342,3 @@ if (!opts.encryptionKey) { | ||
const transformed = callback(decrypted); | ||
const transformed = callback(decrypted, key); | ||
@@ -319,0 +345,0 @@ const result = safeLoadAll(transformed, { schema: schema }); |
{ | ||
"name": "yaml-crypt", | ||
"version": "0.7.1", | ||
"version": "0.7.2", | ||
"description": "Encrypt and decrypt YAML documents", | ||
@@ -37,3 +37,3 @@ "license": "MIT", | ||
"coveralls": "^3.1.0", | ||
"eslint": "^7.9.0", | ||
"eslint": "^7.11.0", | ||
"mocha": "^8.1.3", | ||
@@ -40,0 +40,0 @@ "nyc": "^15.1.0", |
@@ -130,3 +130,3 @@ const fs = require("fs"); | ||
}; | ||
yamlcryptcli.run(["--debug", "--generate-key"], {}, options); | ||
yamlcryptcli.run(["--generate-key"], {}, options); | ||
expect(options.stdout.str.trimRight()).to.have.lengthOf(32); | ||
@@ -240,7 +240,3 @@ }); | ||
fs.writeSync(keyFile.fd, "aehae5Ui0Eechaeghau9Yoh9jufiep7H"); | ||
return yamlcryptcli.run( | ||
["--debug", "-k", keyFile.name].concat(argv), | ||
config, | ||
options | ||
); | ||
return yamlcryptcli.run(["-k", keyFile.name].concat(argv), config, options); | ||
} | ||
@@ -254,7 +250,3 @@ | ||
const fd = fs.openSync(keyFile.name, "r"); | ||
yamlcryptcli.run( | ||
["--debug", "-k", `fd:${fd}`, input.name], | ||
{}, | ||
{ stdout: new Out() } | ||
); | ||
yamlcryptcli.run(["-k", `fd:${fd}`, input.name], {}, { stdout: new Out() }); | ||
const output = fs.readFileSync( | ||
@@ -401,3 +393,3 @@ input.name.substring(0, input.name.length - "-crypt".length) | ||
yamlcryptcli.run( | ||
["--debug", "-k", keyFile.name, "--edit", input.name], | ||
["-k", keyFile.name, "--edit", input.name], | ||
{ editor: "touch" }, | ||
@@ -404,0 +396,0 @@ {} |
@@ -184,8 +184,12 @@ const fs = require("fs"); | ||
it("should throw an error when an invalid key is given", () => { | ||
expect(() => yamlcrypt({ keys: 0 })).to.throw("invalid key: number"); | ||
expect(() => yamlcrypt({ keys: 0 })).to.throw( | ||
"invalid key unknown source: number" | ||
); | ||
}); | ||
it("should throw an error when an empty key is given", () => { | ||
expect(() => yamlcrypt({ keys: "" })).to.throw("empty key!"); | ||
expect(() => | ||
yamlcrypt({ keys: { source: "config:test", key: "" } }) | ||
).to.throw("empty key: config:test"); | ||
}); | ||
}); |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
78466
2195