@calvear/azure-key-vault
Version:
Wrapper for @azure/keyvault-secrets for ease secrets handler in JSON files.
181 lines • 7.34 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.AzureKeyVault = void 0;
const identity_1 = require("@azure/identity");
const flatten_util_1 = require("./flatten.util");
const keyvault_secrets_1 = require("@azure/keyvault-secrets");
class AzureKeyVault {
constructor(vaultUrl, config, credentials, client) {
if (credentials) {
const { clientId, clientSecret, tenantId } = credentials;
if (clientId)
process.env.AZURE_CLIENT_ID = clientId;
if (clientSecret)
process.env.AZURE_CLIENT_SECRET = clientSecret;
if (tenantId)
process.env.AZURE_TENANT_ID = tenantId;
}
const { project, group, env } = config;
this.project = project !== null && project !== void 0 ? project : '';
this.group = group !== null && group !== void 0 ? group : '';
this.env = env !== null && env !== void 0 ? env : '';
const nsEnv = env ? `-${env}` : '';
const nsGroup = group ? `-${group}` : '';
this.prefix = `${project}${nsGroup}${nsEnv}`;
this.prefixShared = `${project}${nsEnv}`;
this.client =
client !== null && client !== void 0 ? client : new keyvault_secrets_1.SecretClient(vaultUrl, new identity_1.DefaultAzureCredential());
}
secretName(key, isShared = false) {
const prefix = isShared ? this.prefixShared : this.prefix;
return `${prefix}-${key}`
.replace(/[ _]+/g, '-')
.replace(/:/g, '--')
.replace(/\$/g, '')
.toLowerCase();
}
async get(key) {
const isShared = key.includes('$');
try {
const { value, properties: { tags = {} } } = await this.client.getSecret(this.secretName(key, isShared));
const { serialized } = tags;
return serialized === '1' && value ? JSON.parse(value) : value;
}
catch (_a) {
return null;
}
}
getInfo(key) {
const isShared = key.includes('$');
return this.client.getSecret(this.secretName(key, isShared));
}
set(key, value) {
var _a, _b;
const sections = key.split(/:|--/);
const path = sections.slice(0, -1).join('--');
const name = (_a = sections.at(-1)) !== null && _a !== void 0 ? _a : '';
const isShared = name[0] === '$';
const shouldBeSerialized = typeof value !== 'string';
return this.client.setSecret(this.secretName(key, isShared), shouldBeSerialized ? JSON.stringify(value) : value, {
tags: {
name,
path,
env: (_b = this.env) !== null && _b !== void 0 ? _b : '',
project: this.project,
group: isShared || !this.group ? '' : this.group,
serialized: shouldBeSerialized ? '1' : '0'
}
});
}
async delete(key) {
const isShared = key.includes('$');
try {
const poller = await this.client.beginDeleteSecret(this.secretName(key, isShared));
return poller.pollUntilDone();
}
catch (_a) {
return null;
}
}
purge(key) {
const isShared = key.includes('$');
try {
return this.client.purgeDeletedSecret(this.secretName(key, isShared));
}
catch (_a) {
return null;
}
}
async restore(key) {
const isShared = key.includes('$');
try {
const recover = await this.client.beginRecoverDeletedSecret(this.secretName(key, isShared));
return recover.pollUntilDone();
}
catch (_a) {
return null;
}
}
async getAll() {
const secrets = {};
for await (const { tags } of this.client.listPropertiesOfSecrets()) {
const { project, env, group, name, path } = tags !== null && tags !== void 0 ? tags : {};
const key = (path ? `${path}--` : '') + name;
const isShared = (name === null || name === void 0 ? void 0 : name[0]) === '$';
if (project === this.project &&
env === this.env &&
(isShared || group === this.group))
secrets[key] = await this.get(key);
}
return (0, flatten_util_1.deflatten)(secrets);
}
async getFor(secrets, override = false) {
const promises = {};
secrets = (0, flatten_util_1.flatten)(secrets);
for (const key in secrets) {
const secret = secrets[key];
if (override || !secret)
promises[key] = this.get(key);
else
promises[key] = Promise.resolve(secret);
}
for (const key in secrets) {
try {
const value = await promises[key];
secrets[key] = value !== null && value !== void 0 ? value : secrets[key];
}
catch (_a) {
continue;
}
}
return (0, flatten_util_1.deflatten)(secrets);
}
async setAll(secrets) {
const results = [];
secrets = (0, flatten_util_1.flatten)(secrets);
for (const key in secrets)
results.push(await this.set(key, secrets[key]));
return results;
}
async deleteAll(skipShared = true) {
for await (const { tags } of this.client.listPropertiesOfSecrets()) {
const { project, env, group, name, path } = tags !== null && tags !== void 0 ? tags : {};
const key = (path ? `${path}:` : '') + name;
const isShared = (name === null || name === void 0 ? void 0 : name[0]) === '$';
if (skipShared && isShared)
continue;
if (project === this.project &&
env === this.env &&
(isShared || group === this.group))
await this.delete(key);
}
}
async purgeAll(skipShared = true) {
for await (const { properties: { tags } } of this.client.listDeletedSecrets()) {
const { project, env, group, name, path } = tags !== null && tags !== void 0 ? tags : {};
const key = (path ? `${path}:` : '') + name;
const isShared = (name === null || name === void 0 ? void 0 : name[0]) === '$';
if (skipShared && isShared)
continue;
if (project === this.project &&
env === this.env &&
(isShared || group === this.group))
await this.purge(key);
}
}
async restoreAll(skipShared = true) {
for await (const { properties: { tags } } of this.client.listDeletedSecrets()) {
const { project, env, group, name, path } = tags !== null && tags !== void 0 ? tags : {};
const key = (path ? `${path}:` : '') + name;
const isShared = (name === null || name === void 0 ? void 0 : name[0]) === '$';
if (skipShared && isShared)
continue;
if (project === this.project &&
env === this.env &&
(isShared || group === this.group))
await this.restore(key);
}
}
}
exports.AzureKeyVault = AzureKeyVault;
//# sourceMappingURL=azure-key-vault.service.js.map