UNPKG

@commercetools-frontend/kms-cli

Version:

Internal CLI to encrypt/decrypt secret files.

49 lines (36 loc) 1.58 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# @commercetools-frontend/kms-cli > This is a CLI used internally for Merchant Center applications. We do not provide any guarantees or support for the functionality. This CLI provides useful commands to work with secrets for Custom Applications that need to be deployed in a multi cloud environment. ## Installation ```bash $ npm install --save @commercetools-frontend/kms-cli ``` ## Usage > Please make sure you have Node.js v14 or higher installed as this package uses native ES modules. ### Command: `decrypt` and `encrypt` This command decrypts the secrets for each of the given cloud environments. ```bash pnpm kms-cli decrypt ``` The environments to decrypt secrets for for must be specified in a `google-key-management-system` [cosmiconfig](https://github.com/davidtheclark/cosmiconfig) file for example `google-key-management-system.config.cjs` with the bucket region mapping to multiple environments. For example: ```js module.exports = { kms: { projectKey: 'my-project-key', keyRing: 'my-keyring', }, environments: [ { name: 'gcp-production-us', kms: { key: 'my-environment-key', }, secrets: [{ name: 'My secrets', glob: 'glob/**/*.secret.enc' }] }, } }; ``` The above example defines one environment called `gcp-production-us` with a KMS key of `my-environment-key`. The default KMS `projectKey` and `keyRing` is set to `my-project-key` and `my-keyring`. Note, that the `kms` property of each environment can overwrite the default values of the `kms` properties when needed.