UNPKG

@cto.af/ca

Version:

Testing-only Certificate Authority (CA) for your local development environment ONLY. This is in no way suitable for production of any kind.

github.com/cto-af/ca

cto-af/ca

92 lines (91 loc) 2.64 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
import { AsyncEntry, findCredentialsAsync } from '@napi-rs/keyring'; import { errCode } from '@cto.af/utils'; import fs from 'node:fs/promises'; /** * Retrieve secret information from the keychain. * * @param log Logging service. * @param service Keychain service name. * @param account Full path to a filename that *could* store the secret. * @returns Secret. */ export async function getSecret(log, service, account) { const e = new AsyncEntry(service, account); let secret = await e.getPassword(); if (secret) { return secret; } try { log.warn('Reading key from untrusted store: "%s"', account); secret = await fs.readFile(account, 'utf8'); log.info('Converting key to trusted store: "%s"', account); await e.setPassword(secret); log.info('Deleting old untrusted store: "%s"', account); await fs.rm(account); return secret; } catch (err) { if (errCode(err, 'ENOENT')) { return undefined; } throw err; } } /** * Store a secret in the keychain. * * @param log Logging service. * @param service Keychain service name. * @param account Full path to a filename that *could* store the secret. * @param secret Secret to store. */ export async function setSecret(log, service, account, secret) { const e = new AsyncEntry(service, account); await e.setPassword(secret); try { await fs.stat(account); log.warn('Removing old untrusted store: "%s"', account); await fs.rm(account); } catch (err) { if (!errCode(err, 'ENOENT')) { throw err; } } } /** * Delete a secret from the keychain. * * @param service Keychain service name. * @param account Full path to a filename that *could* store the secret. * @param log Logging service. */ export async function deleteSecret(service, account, log) { const e = new AsyncEntry(service, account); log?.debug?.('Deleting secret: "%s"', account); await e.deletePassword(); try { await fs.stat(account); log?.warn('Removing old untrusted store: "%s"', account); await fs.rm(account); } catch (err) { if (!errCode(err, 'ENOENT')) { throw err; } } } /** * List all of the keys in this service. * * @param service Keychain service name. * @yields An entry for each key found. */ export async function* listSecrets(service) { for (const { account } of await findCredentialsAsync(service)) { yield { entry: new AsyncEntry(service, account), account, }; } }