@infisical/sdk
Version:
The Infisical SDK provides a convenient way to programmatically interact with the Infisical API.
1,170 lines (1,149 loc) • 41.3 kB
JavaScript
"use strict";
var __create = Object.create;
var __defProp = Object.defineProperty;
var __defProps = Object.defineProperties;
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
var __getOwnPropDescs = Object.getOwnPropertyDescriptors;
var __getOwnPropNames = Object.getOwnPropertyNames;
var __getOwnPropSymbols = Object.getOwnPropertySymbols;
var __getProtoOf = Object.getPrototypeOf;
var __hasOwnProp = Object.prototype.hasOwnProperty;
var __propIsEnum = Object.prototype.propertyIsEnumerable;
var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
var __spreadValues = (a, b) => {
for (var prop in b || (b = {}))
if (__hasOwnProp.call(b, prop))
__defNormalProp(a, prop, b[prop]);
if (__getOwnPropSymbols)
for (var prop of __getOwnPropSymbols(b)) {
if (__propIsEnum.call(b, prop))
__defNormalProp(a, prop, b[prop]);
}
return a;
};
var __spreadProps = (a, b) => __defProps(a, __getOwnPropDescs(b));
var __objRest = (source, exclude) => {
var target = {};
for (var prop in source)
if (__hasOwnProp.call(source, prop) && exclude.indexOf(prop) < 0)
target[prop] = source[prop];
if (source != null && __getOwnPropSymbols)
for (var prop of __getOwnPropSymbols(source)) {
if (exclude.indexOf(prop) < 0 && __propIsEnum.call(source, prop))
target[prop] = source[prop];
}
return target;
};
var __export = (target, all) => {
for (var name in all)
__defProp(target, name, { get: all[name], enumerable: true });
};
var __copyProps = (to, from, except, desc) => {
if (from && typeof from === "object" || typeof from === "function") {
for (let key of __getOwnPropNames(from))
if (!__hasOwnProp.call(to, key) && key !== except)
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
}
return to;
};
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
// If the importer is in node compatibility mode or this is not an ESM
// file that has been converted to a CommonJS file using a Babel-
// compatible transform (i.e. "__esModule" has not been set), then set
// "default" to the CommonJS "module.exports" for node compatibility.
isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
mod
));
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
var __async = (__this, __arguments, generator) => {
return new Promise((resolve, reject) => {
var fulfilled = (value) => {
try {
step(generator.next(value));
} catch (e) {
reject(e);
}
};
var rejected = (value) => {
try {
step(generator.throw(value));
} catch (e) {
reject(e);
}
};
var step = (x) => x.done ? resolve(x.value) : Promise.resolve(x.value).then(fulfilled, rejected);
step((generator = generator.apply(__this, __arguments)).next());
});
};
// src/index.ts
var index_exports = {};
__export(index_exports, {
DynamicSecretProviders: () => DynamicSecretProviders,
InfisicalSDK: () => InfisicalSDK,
SecretType: () => SecretType,
SqlProviders: () => SqlProviders
});
module.exports = __toCommonJS(index_exports);
// src/api/base.ts
var import_axios = __toESM(require("axios"));
var ApiClient = class {
constructor(config) {
this.client = import_axios.default.create({
baseURL: config.baseURL,
headers: config.headers || {},
timeout: config.timeout || 1e4
});
this.setupRetryInterceptor();
}
setupRetryInterceptor() {
const maxRetries = 4;
const initialRetryDelay = 1e3;
const backoffFactor = 2;
this.client.interceptors.response.use(null, (error) => {
var _a, _b;
const config = error == null ? void 0 : error.config;
if (!config) return Promise.reject(error);
if (!config._retryCount) config._retryCount = 0;
if ((((_a = error.response) == null ? void 0 : _a.status) === 429 || ((_b = error.response) == null ? void 0 : _b.status) === void 0) && config._retryCount < maxRetries) {
config._retryCount++;
const baseDelay = initialRetryDelay * Math.pow(backoffFactor, config._retryCount - 1);
const jitter = baseDelay * 0.2;
const exponentialDelay = baseDelay + (Math.random() * 2 - 1) * jitter;
return new Promise((resolve) => {
setTimeout(() => resolve(this.client(config)), exponentialDelay);
});
}
return Promise.reject(error);
});
}
setAccessToken(token) {
this.client.defaults.headers.common["Authorization"] = `Bearer ${token}`;
}
get(url, config) {
return __async(this, null, function* () {
const response = yield this.client.get(url, config);
return response.data;
});
}
post(url, data, config) {
return __async(this, null, function* () {
const response = yield this.client.post(
url,
data,
config
);
return response.data;
});
}
patch(url, data, config) {
return __async(this, null, function* () {
const response = yield this.client.patch(
url,
data,
config
);
return response.data;
});
}
delete(url, config) {
return __async(this, null, function* () {
const response = yield this.client.delete(url, config);
return response.data;
});
}
};
// src/api/endpoints/auth.ts
var AuthApi = class {
constructor(apiClient) {
this.apiClient = apiClient;
}
universalAuthLogin(data) {
return __async(this, null, function* () {
return this.apiClient.post(
"/api/v1/auth/universal-auth/login",
data
);
});
}
awsIamAuthLogin(data) {
return __async(this, null, function* () {
return this.apiClient.post(
"/api/v1/auth/aws-auth/login",
data
);
});
}
renewToken(data) {
return __async(this, null, function* () {
return this.apiClient.post(
"/api/v1/auth/token/renew",
data
);
});
}
};
// src/api/endpoints/secrets.ts
var SecretsApi = class {
constructor(apiClient) {
this.apiClient = apiClient;
}
listSecrets(params) {
return __async(this, null, function* () {
return this.apiClient.get("/api/v3/secrets/raw", {
params
});
});
}
getSecret(params) {
return __async(this, null, function* () {
const _a = params, { secretName } = _a, queryParams = __objRest(_a, ["secretName"]);
return this.apiClient.get(
`/api/v3/secrets/raw/${encodeURIComponent(secretName)}`,
{ params }
);
});
}
createSecret(secretName, data) {
return __async(this, null, function* () {
return this.apiClient.post(
`/api/v3/secrets/raw/${encodeURIComponent(secretName)}`,
data
);
});
}
updateSecret(secretName, data) {
return __async(this, null, function* () {
return this.apiClient.patch(
`/api/v3/secrets/raw/${encodeURIComponent(secretName)}`,
data
);
});
}
deleteSecret(secretName, data) {
return __async(this, null, function* () {
return this.apiClient.delete(
`/api/v3/secrets/raw/${encodeURIComponent(secretName)}`,
{ data }
);
});
}
};
// src/api/endpoints/dynamic-secrets.ts
var DynamicSecretsApi = class {
constructor(apiClient) {
this.apiClient = apiClient;
this.leases = {
create: (data) => __async(this, null, function* () {
return this.apiClient.post(
"/api/v1/dynamic-secrets/leases",
data
);
}),
delete: (leaseId, data) => __async(this, null, function* () {
return this.apiClient.delete(
`/api/v1/dynamic-secrets/leases/${leaseId}`,
{ data }
);
}),
renew: (leaseId, data) => __async(this, null, function* () {
return this.apiClient.post(
`/api/v1/dynamic-secrets/leases/${leaseId}/renew`,
data
);
})
};
}
create(data) {
return __async(this, null, function* () {
return this.apiClient.post(
"/api/v1/dynamic-secrets",
data
);
});
}
delete(secretName, data) {
return __async(this, null, function* () {
return this.apiClient.delete(
`/api/v1/dynamic-secrets/${encodeURIComponent(secretName)}`,
{ data }
);
});
}
};
// src/api/endpoints/environments.ts
var EnvironmentsApi = class {
constructor(apiClient) {
this.apiClient = apiClient;
}
create(data) {
return __async(this, null, function* () {
return this.apiClient.post(
`/api/v1/workspace/${data.projectId}/environments`,
data
);
});
}
};
// src/api/endpoints/projects.ts
var ProjectsApi = class {
constructor(apiClient) {
this.apiClient = apiClient;
}
create(data) {
return __async(this, null, function* () {
return this.apiClient.post(
"/api/v2/workspace",
data
);
});
}
inviteMembers(data) {
return __async(this, null, function* () {
return this.apiClient.post(
`/api/v2/workspace/${data.projectId}/memberships`,
data
);
});
}
};
// src/api/endpoints/folders.ts
var FoldersApi = class {
constructor(apiClient) {
this.apiClient = apiClient;
}
create(data) {
return __async(this, null, function* () {
return this.apiClient.post("/api/v1/folders", data);
});
}
listFolders(queryParams) {
return __async(this, null, function* () {
return this.apiClient.get("/api/v1/folders", {
params: queryParams
});
});
}
};
// src/custom/errors.ts
var import_axios2 = __toESM(require("axios"));
var InfisicalSDKError = class extends Error {
constructor(message) {
super(message);
this.message = message;
this.name = "InfisicalSDKError";
}
};
var InfisicalSDKRequestError = class extends Error {
constructor(message, requestData) {
super(message);
this.message = `[URL=${requestData.url}] [Method=${requestData.method}] [StatusCode=${requestData.statusCode}] ${message}`;
this.name = "InfisicalSDKRequestError";
}
};
var newInfisicalError = (error) => {
var _a, _b, _c, _d, _e;
if (import_axios2.default.isAxiosError(error)) {
const data = (_a = error == null ? void 0 : error.response) == null ? void 0 : _a.data;
if (data == null ? void 0 : data.message) {
let message = data.message;
if (((_b = error.response) == null ? void 0 : _b.status) === 422) {
message = JSON.stringify(data);
}
return new InfisicalSDKRequestError(message, {
url: ((_c = error.response) == null ? void 0 : _c.config.url) || "",
method: ((_d = error.response) == null ? void 0 : _d.config.method) || "",
statusCode: ((_e = error.response) == null ? void 0 : _e.status) || 0
});
} else if (error.message) {
return new InfisicalSDKError(error.message);
} else if (error.code) {
return new InfisicalSDKError(error.code);
} else {
return new InfisicalSDKError("Request failed with unknown error");
}
}
return new InfisicalSDKError((error == null ? void 0 : error.message) || "An error occurred");
};
// src/custom/secrets.ts
var convertBool = (value) => value ? "true" : "false";
var defaultBoolean = (value, defaultValue = false) => {
if (value === void 0) {
return defaultValue;
}
return value;
};
var SecretsClient = class {
constructor(apiClient) {
this.apiClient = apiClient;
this.listSecrets = (options) => __async(this, null, function* () {
var _a, _b;
try {
const res = yield this.apiClient.listSecrets({
workspaceId: options.projectId,
environment: options.environment,
expandSecretReferences: convertBool(defaultBoolean(options.expandSecretReferences, true)),
include_imports: convertBool(options.includeImports),
recursive: convertBool(options.recursive),
secretPath: options.secretPath,
tagSlugs: options.tagSlugs ? options.tagSlugs.join(",") : void 0,
viewSecretValue: convertBool((_a = options.viewSecretValue) != null ? _a : true)
});
if (options.attachToProcessEnv) {
let includedSecrets = res.secrets;
if ((_b = res.imports) == null ? void 0 : _b.length) {
for (const imp of res.imports) {
for (const importSecret of imp.secrets) {
if (!includedSecrets.find((includedSecret) => includedSecret.secretKey === importSecret.secretKey)) {
includedSecrets.push(importSecret);
}
}
}
}
for (const secret of includedSecrets) {
process.env[secret.secretKey] = secret.secretValue;
}
}
return res;
} catch (err) {
throw newInfisicalError(err);
}
});
this.listSecretsWithImports = (options) => __async(this, null, function* () {
const res = yield this.listSecrets(__spreadProps(__spreadValues({}, options), {
includeImports: true
}));
let { imports, secrets } = res;
if (imports) {
for (const imp of imports) {
for (const importedSecret of imp.secrets) {
if (!secrets.find((s) => s.secretKey === importedSecret.secretKey)) {
secrets.push(__spreadProps(__spreadValues({}, importedSecret), {
secretPath: imp.secretPath,
createdAt: (/* @__PURE__ */ new Date()).toISOString(),
updatedAt: (/* @__PURE__ */ new Date()).toISOString(),
tags: []
}));
}
}
}
}
return secrets;
});
this.getSecret = (options) => __async(this, null, function* () {
var _a;
try {
const res = yield this.apiClient.getSecret({
secretName: options.secretName,
workspaceId: options.projectId,
environment: options.environment,
expandSecretReferences: convertBool(
defaultBoolean(options.expandSecretReferences, true)
),
includeImports: convertBool(options.includeImports),
secretPath: options.secretPath,
type: options.type,
version: options.version,
viewSecretValue: convertBool((_a = options.viewSecretValue) != null ? _a : true)
});
return res.secret;
} catch (err) {
throw newInfisicalError(err);
}
});
this.updateSecret = (secretName, options) => __async(this, null, function* () {
try {
return yield this.apiClient.updateSecret(secretName, {
workspaceId: options.projectId,
environment: options.environment,
secretValue: options.secretValue,
newSecretName: options.newSecretName,
secretComment: options.secretComment,
secretPath: options.secretPath,
secretReminderNote: options.secretReminderNote,
secretReminderRepeatDays: options.secretReminderRepeatDays,
skipMultilineEncoding: options.skipMultilineEncoding,
tagIds: options.tagIds,
type: options.type,
metadata: options.metadata
});
} catch (err) {
throw newInfisicalError(err);
}
});
this.createSecret = (secretName, options) => __async(this, null, function* () {
try {
return yield this.apiClient.createSecret(secretName, {
workspaceId: options.projectId,
environment: options.environment,
secretValue: options.secretValue,
secretComment: options.secretComment,
secretPath: options.secretPath,
secretReminderNote: options.secretReminderNote,
secretReminderRepeatDays: options.secretReminderRepeatDays,
skipMultilineEncoding: options.skipMultilineEncoding,
tagIds: options.tagIds,
type: options.type
});
} catch (err) {
throw newInfisicalError(err);
}
});
this.deleteSecret = (secretName, options) => __async(this, null, function* () {
try {
return yield this.apiClient.deleteSecret(secretName, {
workspaceId: options.projectId,
environment: options.environment,
secretPath: options.secretPath,
type: options.type
});
} catch (err) {
throw newInfisicalError(err);
}
});
}
};
// src/custom/constants.ts
var MACHINE_IDENTITY_ID_ENV_NAME = "INFISICAL_MACHINE_IDENTITY_ID";
var AWS_TOKEN_METADATA_URI = "http://169.254.169.254/latest/api/token";
var AWS_IDENTITY_DOCUMENT_URI = "http://169.254.169.254/latest/dynamic/instance-identity/document";
// src/custom/util.ts
var import_axios3 = __toESM(require("axios"));
var import_sha256_js = require("@aws-crypto/sha256-js");
var import_credential_providers = require("@aws-sdk/credential-providers");
var import_protocol_http = require("@aws-sdk/protocol-http");
var import_signature_v4 = require("@aws-sdk/signature-v4");
var getAwsRegion = () => __async(null, null, function* () {
const region = process.env.AWS_REGION;
if (region) {
return region;
}
try {
const tokenRes = yield import_axios3.default.put(AWS_TOKEN_METADATA_URI, void 0, {
headers: {
"X-aws-ec2-metadata-token-ttl-seconds": "21600"
},
timeout: 5e3
// 5 seconds
});
const identityResponse = yield import_axios3.default.get(AWS_IDENTITY_DOCUMENT_URI, {
headers: {
"X-aws-ec2-metadata-token": tokenRes.data,
Accept: "application/json"
},
timeout: 5e3
});
return identityResponse.data.region;
} catch (e) {
console.error("Failed to retrieve AWS region");
throw e;
}
});
var performAwsIamLogin = (region) => __async(null, null, function* () {
const credentials = yield (0, import_credential_providers.fromNodeProviderChain)()();
if (!credentials.accessKeyId || !credentials.secretAccessKey) {
throw new InfisicalSDKError("Credentials not found");
}
const iamRequestURL = `https://sts.${region}.amazonaws.com/`;
const iamRequestBody = "Action=GetCallerIdentity&Version=2011-06-15";
const iamRequestHeaders = {
"Content-Type": "application/x-www-form-urlencoded; charset=utf-8",
Host: `sts.${region}.amazonaws.com`
};
const request = new import_protocol_http.HttpRequest({
protocol: "https:",
hostname: `sts.${region}.amazonaws.com`,
path: "/",
method: "POST",
headers: __spreadProps(__spreadValues({}, iamRequestHeaders), {
"Content-Length": String(Buffer.byteLength(iamRequestBody))
}),
body: iamRequestBody
});
const signer = new import_signature_v4.SignatureV4({
credentials,
region,
service: "sts",
sha256: import_sha256_js.Sha256
});
const signedRequest = yield signer.sign(request);
const headers = {};
Object.entries(signedRequest.headers).forEach(([key, value]) => {
if (typeof value === "string") {
const normalizedKey = key.toLowerCase() === "authorization" ? "Authorization" : key;
headers[normalizedKey] = value;
}
});
return {
iamHttpRequestMethod: "POST",
iamRequestUrl: iamRequestURL,
iamRequestBody,
iamRequestHeaders: headers
};
});
// src/custom/auth.ts
var renewToken = (apiClient, token) => __async(null, null, function* () {
try {
if (!token) {
throw new InfisicalSDKError(
"Unable to renew access token, no access token set."
);
}
const res = yield apiClient.renewToken({ accessToken: token });
return res;
} catch (err) {
throw newInfisicalError(err);
}
});
var AuthClient = class {
constructor(sdkAuthenticator, apiClient, _accessToken) {
this.sdkAuthenticator = sdkAuthenticator;
this.apiClient = apiClient;
this._accessToken = _accessToken;
this.awsIamAuth = {
login: (options) => __async(this, null, function* () {
try {
const identityId = (options == null ? void 0 : options.identityId) || process.env[MACHINE_IDENTITY_ID_ENV_NAME];
if (!identityId) {
throw new InfisicalSDKError(
"Identity ID is required for AWS IAM authentication"
);
}
const iamRequest = yield performAwsIamLogin(yield getAwsRegion());
const res = yield this.apiClient.awsIamAuthLogin({
iamHttpRequestMethod: iamRequest.iamHttpRequestMethod,
iamRequestBody: Buffer.from(iamRequest.iamRequestBody).toString(
"base64"
),
iamRequestHeaders: Buffer.from(
JSON.stringify(iamRequest.iamRequestHeaders)
).toString("base64"),
identityId
});
return this.sdkAuthenticator(res.accessToken);
} catch (err) {
throw newInfisicalError(err);
}
}),
renew: () => __async(this, null, function* () {
try {
const refreshedToken = yield renewToken(
this.apiClient,
this._accessToken
);
return this.sdkAuthenticator(refreshedToken.accessToken);
} catch (err) {
throw newInfisicalError(err);
}
})
};
this.universalAuth = {
login: (options) => __async(this, null, function* () {
try {
const res = yield this.apiClient.universalAuthLogin(options);
return this.sdkAuthenticator(res.accessToken);
} catch (err) {
throw newInfisicalError(err);
}
}),
renew: () => __async(this, null, function* () {
try {
const refreshedToken = yield renewToken(
this.apiClient,
this._accessToken
);
return this.sdkAuthenticator(refreshedToken.accessToken);
} catch (err) {
throw newInfisicalError(err);
}
})
};
/**
* Gets the current access token that is set on the SDK instance
* @returns The current access token or null if no access token is set. `null` is returned if the SDK is not authenticated.
*/
this.getAccessToken = () => this._accessToken || null;
this.accessToken = (token) => {
return this.sdkAuthenticator(token);
};
}
};
// src/custom/dynamic-secrets.ts
var DynamicSecretsClient = class {
constructor(apiClient) {
this.apiClient = apiClient;
this.leases = {
create: (options) => __async(this, null, function* () {
try {
const res = yield this.apiClient.leases.create(options);
return res;
} catch (err) {
throw newInfisicalError(err);
}
}),
delete: (leaseId, options) => __async(this, null, function* () {
try {
const res = yield this.apiClient.leases.delete(leaseId, options);
return res;
} catch (err) {
throw newInfisicalError(err);
}
}),
renew: (leaseId, options) => __async(this, null, function* () {
try {
const res = yield this.apiClient.leases.renew(leaseId, options);
return res;
} catch (err) {
throw newInfisicalError(err);
}
})
};
}
create(options) {
return __async(this, null, function* () {
try {
const res = yield this.apiClient.create(options);
return res.dynamicSecret;
} catch (err) {
throw newInfisicalError(err);
}
});
}
delete(dynamicSecretName, options) {
return __async(this, null, function* () {
try {
const res = yield this.apiClient.delete(dynamicSecretName, options);
return res.dynamicSecret;
} catch (err) {
throw newInfisicalError(err);
}
});
}
};
// src/custom/environments.ts
var EnvironmentsClient = class {
constructor(apiClient) {
this.apiClient = apiClient;
this.create = (options) => __async(this, null, function* () {
try {
const res = yield this.apiClient.create(options);
return res.environment;
} catch (err) {
throw newInfisicalError(err);
}
});
}
};
// src/custom/projects.ts
var ProjectsClient = class {
constructor(apiClient) {
this.apiClient = apiClient;
this.create = (options) => __async(this, null, function* () {
try {
const res = yield this.apiClient.create(options);
return res.project;
} catch (err) {
throw newInfisicalError(err);
}
});
this.inviteMembers = (options) => __async(this, null, function* () {
var _a, _b;
try {
if (!((_a = options.usernames) == null ? void 0 : _a.length) && !((_b = options.emails) == null ? void 0 : _b.length)) {
throw new Error("Either usernames or emails must be provided");
}
const res = yield this.apiClient.inviteMembers(options);
return res.memberships;
} catch (err) {
throw newInfisicalError(err);
}
});
}
};
// src/custom/folders.ts
var FoldersClient = class {
constructor(apiClient) {
this.apiClient = apiClient;
this.create = (options) => __async(this, null, function* () {
try {
const res = yield this.apiClient.create({
name: options.name,
path: options.path,
workspaceId: options.projectId,
environment: options.environment,
description: options.description
});
return res.folder;
} catch (err) {
throw newInfisicalError(err);
}
});
this.listFolders = (options) => __async(this, null, function* () {
try {
const res = yield this.apiClient.listFolders({
environment: options.environment,
workspaceId: options.projectId,
path: options.path,
recursive: options.recursive,
lastSecretModified: options.lastSecretModified
});
return res.folders;
} catch (err) {
throw newInfisicalError(err);
}
});
}
};
// src/api/types/secrets.ts
var SecretType = /* @__PURE__ */ ((SecretType2) => {
SecretType2["Shared"] = "shared";
SecretType2["Personal"] = "personal";
return SecretType2;
})(SecretType || {});
// src/custom/schemas/dynamic-secrets.ts
var import_zod = require("zod");
var SqlProviders = /* @__PURE__ */ ((SqlProviders2) => {
SqlProviders2["Postgres"] = "postgres";
SqlProviders2["MySQL"] = "mysql2";
SqlProviders2["Oracle"] = "oracledb";
SqlProviders2["MsSQL"] = "mssql";
SqlProviders2["SapAse"] = "sap-ase";
return SqlProviders2;
})(SqlProviders || {});
var TotpAlgorithm = /* @__PURE__ */ ((TotpAlgorithm2) => {
TotpAlgorithm2["SHA1"] = "sha1";
TotpAlgorithm2["SHA256"] = "sha256";
TotpAlgorithm2["SHA512"] = "sha512";
return TotpAlgorithm2;
})(TotpAlgorithm || {});
var passwordRequirementsSchema = import_zod.z.object({
length: import_zod.z.number().min(1, { message: "Password length must be at least 1" }).max(250, { message: "Password length must be at most 250" }),
required: import_zod.z.object({
minUppercase: import_zod.z.number().min(0).optional(),
minLowercase: import_zod.z.number().min(0).optional(),
minDigits: import_zod.z.number().min(0).optional(),
minSymbols: import_zod.z.number().min(0).optional()
}),
allowedSymbols: import_zod.z.string().optional()
});
var DynamicSecretRedisDBSchema = import_zod.z.object({
host: import_zod.z.string().trim().toLowerCase(),
port: import_zod.z.number(),
username: import_zod.z.string().trim(),
// this is often "default".
password: import_zod.z.string().trim().optional(),
creationStatement: import_zod.z.string().trim(),
revocationStatement: import_zod.z.string().trim(),
renewStatement: import_zod.z.string().trim().optional(),
ca: import_zod.z.string().optional()
});
var DynamicSecretAwsElastiCacheSchema = import_zod.z.object({
clusterName: import_zod.z.string().trim().min(1),
accessKeyId: import_zod.z.string().trim().min(1),
secretAccessKey: import_zod.z.string().trim().min(1),
region: import_zod.z.string().trim(),
creationStatement: import_zod.z.string().trim(),
revocationStatement: import_zod.z.string().trim(),
ca: import_zod.z.string().optional()
});
var DynamicSecretElasticSearchSchema = import_zod.z.object({
host: import_zod.z.string().trim().min(1),
port: import_zod.z.number(),
roles: import_zod.z.array(import_zod.z.string().trim().min(1)).min(1),
// two auth types "user, apikey"
auth: import_zod.z.discriminatedUnion("type", [
import_zod.z.object({
type: import_zod.z.literal("user" /* User */),
username: import_zod.z.string().trim(),
password: import_zod.z.string().trim()
}),
import_zod.z.object({
type: import_zod.z.literal("api-key" /* ApiKey */),
apiKey: import_zod.z.string().trim(),
apiKeyId: import_zod.z.string().trim()
})
]),
ca: import_zod.z.string().optional()
});
var DynamicSecretRabbitMqSchema = import_zod.z.object({
host: import_zod.z.string().trim().min(1),
port: import_zod.z.number(),
tags: import_zod.z.array(import_zod.z.string().trim()).default([]),
username: import_zod.z.string().trim().min(1),
password: import_zod.z.string().trim().min(1),
ca: import_zod.z.string().optional(),
virtualHost: import_zod.z.object({
name: import_zod.z.string().trim().min(1),
permissions: import_zod.z.object({
read: import_zod.z.string().trim().min(1),
write: import_zod.z.string().trim().min(1),
configure: import_zod.z.string().trim().min(1)
})
})
});
var DynamicSecretSqlDBSchema = import_zod.z.object({
client: import_zod.z.nativeEnum(SqlProviders),
host: import_zod.z.string().trim().toLowerCase(),
port: import_zod.z.number(),
database: import_zod.z.string().trim(),
username: import_zod.z.string().trim(),
password: import_zod.z.string().trim(),
creationStatement: import_zod.z.string().trim(),
revocationStatement: import_zod.z.string().trim(),
renewStatement: import_zod.z.string().trim().optional(),
ca: import_zod.z.string().optional(),
passwordRequirements: passwordRequirementsSchema.optional()
});
var DynamicSecretCassandraSchema = import_zod.z.object({
host: import_zod.z.string().trim().toLowerCase(),
port: import_zod.z.number(),
localDataCenter: import_zod.z.string().trim().min(1),
keyspace: import_zod.z.string().trim().optional(),
username: import_zod.z.string().trim(),
password: import_zod.z.string().trim(),
creationStatement: import_zod.z.string().trim(),
revocationStatement: import_zod.z.string().trim(),
renewStatement: import_zod.z.string().trim().optional(),
ca: import_zod.z.string().optional()
});
var DynamicSecretSapAseSchema = import_zod.z.object({
host: import_zod.z.string().trim().toLowerCase(),
port: import_zod.z.number(),
database: import_zod.z.string().trim(),
username: import_zod.z.string().trim(),
password: import_zod.z.string().trim(),
creationStatement: import_zod.z.string().trim(),
revocationStatement: import_zod.z.string().trim()
});
var DynamicSecretAwsIamSchema = import_zod.z.object({
accessKey: import_zod.z.string().trim().min(1),
secretAccessKey: import_zod.z.string().trim().min(1),
region: import_zod.z.string().trim().min(1),
awsPath: import_zod.z.string().trim().optional(),
permissionBoundaryPolicyArn: import_zod.z.string().trim().optional(),
policyDocument: import_zod.z.string().trim().optional(),
userGroups: import_zod.z.string().trim().optional(),
policyArns: import_zod.z.string().trim().optional()
});
var DynamicSecretMongoAtlasSchema = import_zod.z.object({
adminPublicKey: import_zod.z.string().trim().min(1).describe("Admin user public api key"),
adminPrivateKey: import_zod.z.string().trim().min(1).describe("Admin user private api key"),
groupId: import_zod.z.string().trim().min(1).describe(
"Unique 24-hexadecimal digit string that identifies your project. This is same as project id"
),
roles: import_zod.z.object({
collectionName: import_zod.z.string().optional().describe("Collection on which this role applies."),
databaseName: import_zod.z.string().min(1).describe("Database to which the user is granted access privileges."),
roleName: import_zod.z.string().min(1).describe(
' Enum: "atlasAdmin" "backup" "clusterMonitor" "dbAdmin" "dbAdminAnyDatabase" "enableSharding" "read" "readAnyDatabase" "readWrite" "readWriteAnyDatabase" "<a custom role name>".Human-readable label that identifies a group of privileges assigned to a database user. This value can either be a built-in role or a custom role.'
)
}).array().min(1),
scopes: import_zod.z.object({
name: import_zod.z.string().min(1).describe(
"Human-readable label that identifies the cluster or MongoDB Atlas Data Lake that this database user can access."
),
type: import_zod.z.string().min(1).describe(
"Category of resource that this database user can access. Enum: CLUSTER, DATA_LAKE, STREAM"
)
}).array()
});
var DynamicSecretMongoDBSchema = import_zod.z.object({
host: import_zod.z.string().min(1).trim().toLowerCase(),
port: import_zod.z.number().optional(),
username: import_zod.z.string().min(1).trim(),
password: import_zod.z.string().min(1).trim(),
database: import_zod.z.string().min(1).trim(),
ca: import_zod.z.string().min(1).optional(),
roles: import_zod.z.string().array().min(1).describe(
'Enum: "atlasAdmin" "backup" "clusterMonitor" "dbAdmin" "dbAdminAnyDatabase" "enableSharding" "read" "readAnyDatabase" "readWrite" "readWriteAnyDatabase" "<a custom role name>".Human-readable label that identifies a group of privileges assigned to a database user. This value can either be a built-in role or a custom role.'
)
});
var DynamicSecretSapHanaSchema = import_zod.z.object({
host: import_zod.z.string().trim().toLowerCase(),
port: import_zod.z.number(),
username: import_zod.z.string().trim(),
password: import_zod.z.string().trim(),
creationStatement: import_zod.z.string().trim(),
revocationStatement: import_zod.z.string().trim(),
renewStatement: import_zod.z.string().trim().optional(),
ca: import_zod.z.string().optional()
});
var DynamicSecretSnowflakeSchema = import_zod.z.object({
accountId: import_zod.z.string().trim().min(1),
orgId: import_zod.z.string().trim().min(1),
username: import_zod.z.string().trim().min(1),
password: import_zod.z.string().trim().min(1),
creationStatement: import_zod.z.string().trim().min(1),
revocationStatement: import_zod.z.string().trim().min(1),
renewStatement: import_zod.z.string().trim().optional()
});
var AzureEntraIDSchema = import_zod.z.object({
tenantId: import_zod.z.string().trim().min(1),
userId: import_zod.z.string().trim().min(1),
email: import_zod.z.string().trim().min(1),
applicationId: import_zod.z.string().trim().min(1),
clientSecret: import_zod.z.string().trim().min(1)
});
var LdapSchema = import_zod.z.union([
import_zod.z.object({
url: import_zod.z.string().trim().min(1),
binddn: import_zod.z.string().trim().min(1),
bindpass: import_zod.z.string().trim().min(1),
ca: import_zod.z.string().optional(),
credentialType: import_zod.z.literal("dynamic" /* Dynamic */).optional().default("dynamic" /* Dynamic */),
creationLdif: import_zod.z.string().min(1),
revocationLdif: import_zod.z.string().min(1),
rollbackLdif: import_zod.z.string().optional()
}),
import_zod.z.object({
url: import_zod.z.string().trim().min(1),
binddn: import_zod.z.string().trim().min(1),
bindpass: import_zod.z.string().trim().min(1),
ca: import_zod.z.string().optional(),
credentialType: import_zod.z.literal("static" /* Static */),
rotationLdif: import_zod.z.string().min(1)
})
]);
var DynamicSecretTotpSchema = import_zod.z.discriminatedUnion("configType", [
import_zod.z.object({
configType: import_zod.z.literal("url" /* URL */),
url: import_zod.z.string().url().trim().min(1).refine((val) => {
const urlObj = new URL(val);
const secret = urlObj.searchParams.get("secret");
return Boolean(secret);
}, "OTP URL must contain secret field")
}),
import_zod.z.object({
configType: import_zod.z.literal("manual" /* MANUAL */),
secret: import_zod.z.string().trim().min(1).transform((val) => val.replace(/\s+/g, "")),
period: import_zod.z.number().optional(),
algorithm: import_zod.z.nativeEnum(TotpAlgorithm).optional(),
digits: import_zod.z.number().optional()
})
]);
var DynamicSecretProviders = /* @__PURE__ */ ((DynamicSecretProviders2) => {
DynamicSecretProviders2["SqlDatabase"] = "sql-database";
DynamicSecretProviders2["Cassandra"] = "cassandra";
DynamicSecretProviders2["AwsIam"] = "aws-iam";
DynamicSecretProviders2["Redis"] = "redis";
DynamicSecretProviders2["AwsElastiCache"] = "aws-elasticache";
DynamicSecretProviders2["MongoAtlas"] = "mongo-db-atlas";
DynamicSecretProviders2["ElasticSearch"] = "elastic-search";
DynamicSecretProviders2["MongoDB"] = "mongo-db";
DynamicSecretProviders2["RabbitMq"] = "rabbit-mq";
DynamicSecretProviders2["AzureEntraID"] = "azure-entra-id";
DynamicSecretProviders2["Ldap"] = "ldap";
DynamicSecretProviders2["SapHana"] = "sap-hana";
DynamicSecretProviders2["Snowflake"] = "snowflake";
DynamicSecretProviders2["Totp"] = "totp";
DynamicSecretProviders2["SapAse"] = "sap-ase";
return DynamicSecretProviders2;
})(DynamicSecretProviders || {});
var DynamicSecretProviderSchema = import_zod.z.discriminatedUnion("type", [
import_zod.z.object({
type: import_zod.z.literal("sql-database" /* SqlDatabase */),
inputs: DynamicSecretSqlDBSchema
}),
import_zod.z.object({
type: import_zod.z.literal("cassandra" /* Cassandra */),
inputs: DynamicSecretCassandraSchema
}),
import_zod.z.object({
type: import_zod.z.literal("sap-ase" /* SapAse */),
inputs: DynamicSecretSapAseSchema
}),
import_zod.z.object({
type: import_zod.z.literal("aws-iam" /* AwsIam */),
inputs: DynamicSecretAwsIamSchema
}),
import_zod.z.object({
type: import_zod.z.literal("redis" /* Redis */),
inputs: DynamicSecretRedisDBSchema
}),
import_zod.z.object({
type: import_zod.z.literal("sap-hana" /* SapHana */),
inputs: DynamicSecretSapHanaSchema
}),
import_zod.z.object({
type: import_zod.z.literal("aws-elasticache" /* AwsElastiCache */),
inputs: DynamicSecretAwsElastiCacheSchema
}),
import_zod.z.object({
type: import_zod.z.literal("mongo-db-atlas" /* MongoAtlas */),
inputs: DynamicSecretMongoAtlasSchema
}),
import_zod.z.object({
type: import_zod.z.literal("elastic-search" /* ElasticSearch */),
inputs: DynamicSecretElasticSearchSchema
}),
import_zod.z.object({
type: import_zod.z.literal("mongo-db" /* MongoDB */),
inputs: DynamicSecretMongoDBSchema
}),
import_zod.z.object({
type: import_zod.z.literal("rabbit-mq" /* RabbitMq */),
inputs: DynamicSecretRabbitMqSchema
}),
import_zod.z.object({
type: import_zod.z.literal("azure-entra-id" /* AzureEntraID */),
inputs: AzureEntraIDSchema
}),
import_zod.z.object({
type: import_zod.z.literal("ldap" /* Ldap */),
inputs: LdapSchema
}),
import_zod.z.object({
type: import_zod.z.literal("snowflake" /* Snowflake */),
inputs: DynamicSecretSnowflakeSchema
}),
import_zod.z.object({
type: import_zod.z.literal("totp" /* Totp */),
inputs: DynamicSecretTotpSchema
})
]);
// src/index.ts
var InfisicalSDK = class {
constructor(options) {
// Public methods to access domain clients
this.secrets = () => this.secretsClient;
this.environments = () => this.environmentsClient;
this.projects = () => this.projectsClient;
this.folders = () => this.foldersClient;
this.dynamicSecrets = () => this.dynamicSecretsClient;
this.auth = () => this.authClient;
const baseURL = (options == null ? void 0 : options.siteUrl) || "https://app.infisical.com";
this.apiClient = new ApiClient({ baseURL });
this.authApi = new AuthApi(this.apiClient);
this.secretsApi = new SecretsApi(this.apiClient);
this.dynamicSecretsApi = new DynamicSecretsApi(this.apiClient);
this.environmentsApi = new EnvironmentsApi(this.apiClient);
this.projectsApi = new ProjectsApi(this.apiClient);
this.foldersApi = new FoldersApi(this.apiClient);
this.authClient = new AuthClient(
this.authenticate.bind(this),
this.authApi
);
this.secretsClient = new SecretsClient(this.secretsApi);
this.dynamicSecretsClient = new DynamicSecretsClient(
this.dynamicSecretsApi
);
this.environmentsClient = new EnvironmentsClient(this.environmentsApi);
this.projectsClient = new ProjectsClient(this.projectsApi);
this.foldersClient = new FoldersClient(this.foldersApi);
}
authenticate(accessToken) {
this.apiClient.setAccessToken(accessToken);
this.authClient = new AuthClient(
this.authenticate.bind(this),
this.authApi,
accessToken
);
return this;
}
};
// Annotate the CommonJS export names for ESM import in node:
0 && (module.exports = {
DynamicSecretProviders,
InfisicalSDK,
SecretType,
SqlProviders
});