UNPKG

@j2blasco/ts-env

Version:

A TypeScript utility for securely managing environment variables through file encryption and runtime loading

github.com/j2blasco/ts-env

j2blasco/ts-env

124 lines (119 loc) 4.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
"use strict"; var __create = Object.create; var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; var __getProtoOf = Object.getPrototypeOf; var __hasOwnProp = Object.prototype.hasOwnProperty; var __export = (target, all) => { for (var name in all) __defProp(target, name, { get: all[name], enumerable: true }); }; var __copyProps = (to, from, except, desc) => { if (from && typeof from === "object" || typeof from === "function") { for (let key of __getOwnPropNames(from)) if (!__hasOwnProp.call(to, key) && key !== except) __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } return to; }; var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( // If the importer is in node compatibility mode or this is not an ESM // file that has been converted to a CommonJS file using a Babel- // compatible transform (i.e. "__esModule" has not been set), then set // "default" to the CommonJS "module.exports" for node compatibility. isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, mod )); var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); // src/index.ts var index_exports = {}; __export(index_exports, { setEnvironment: () => setEnvironment }); module.exports = __toCommonJS(index_exports); // src/env/set-env-vars.ts var fs2 = __toESM(require("fs"), 1); var os = __toESM(require("os"), 1); var path = __toESM(require("path"), 1); // src/env/encrypt-file.ts var fs = __toESM(require("fs"), 1); var crypto = __toESM(require("crypto"), 1); var ALGORITHM = "aes-128-cbc"; var KEY_LENGTH = 16; var IV_LENGTH = 16; var MARKER = Buffer.from("ENCRYPTED"); function decryptFile(inputPath, outputPath, key) { try { const keyBuffer = Buffer.from(key, "utf-8").subarray(0, KEY_LENGTH); const input = fs.readFileSync(inputPath); const marker = input.subarray(0, MARKER.length); if (!marker.equals(MARKER)) { fs.writeFileSync(outputPath, input); return; } const iv = input.subarray(MARKER.length, MARKER.length + IV_LENGTH); const encryptedText = input.subarray(MARKER.length + IV_LENGTH); const decipher = crypto.createDecipheriv(ALGORITHM, keyBuffer, iv); const decrypted = Buffer.concat([ decipher.update(encryptedText), decipher.final() ]); fs.writeFileSync(outputPath, decrypted); } catch (error) { console.error("Decryption failed:", error); } } // src/env/set-env-vars.ts function getEnvKeyEnvironmentVariable(envType) { return `ENV_${envType.toUpperCase().replace(/-/g, "_")}_KEY`; } async function setEnvironment(args) { return new Promise(async (resolve, reject) => { const envTypeInput = args?.envType ?? process.env.ENV_TYPE ?? ""; const envType = envTypeInput; const envFileName = `env.${envType}.json`; const envFilePath = `${args.envPath}/${envFileName}`; const tempDir = fs2.mkdtempSync(path.join(os.tmpdir(), "system-env-")); const decryptedEnvPath = path.join(tempDir, envFileName); try { const key = process.env[getEnvKeyEnvironmentVariable(envType)]; if (!key) { throw new Error(`${getEnvKeyEnvironmentVariable(envType)} is not set`); } decryptFile(envFilePath, decryptedEnvPath, key); fs2.readFile(decryptedEnvPath, "utf8", (err, data) => { if (err) { console.error( `[Environment-Variables] Error reading file from disk - ${envType}: ${err}` ); reject(err); } else { try { const envConfig = JSON.parse(data); for (const key2 in envConfig) { if (envConfig.hasOwnProperty(key2)) { process.env[key2] = envConfig[key2]; } } resolve(); } catch (err2) { console.error( `[Environment-Variables] Error parsing JSON string - ${envType}: ${err2}` ); reject(err2); } } }); } catch (err) { console.error( `[Environment-Variables] Error decrypting file - ${envType}: ${err}` ); reject(err); } }); } // Annotate the CommonJS export names for ESM import in node: 0 && (module.exports = { setEnvironment });