UNPKG

@j2blasco/ts-env

Version:

A TypeScript utility for securely managing environment variables through file encryption and runtime loading

github.com/j2blasco/ts-env

j2blasco/ts-env

87 lines (84 loc) 2.81 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
// src/env/set-env-vars.ts import * as fs2 from "fs"; import * as os from "os"; import * as path from "path"; // src/env/encrypt-file.ts import * as fs from "fs"; import * as crypto from "crypto"; var ALGORITHM = "aes-128-cbc"; var KEY_LENGTH = 16; var IV_LENGTH = 16; var MARKER = Buffer.from("ENCRYPTED"); function decryptFile(inputPath, outputPath, key) { try { const keyBuffer = Buffer.from(key, "utf-8").subarray(0, KEY_LENGTH); const input = fs.readFileSync(inputPath); const marker = input.subarray(0, MARKER.length); if (!marker.equals(MARKER)) { fs.writeFileSync(outputPath, input); return; } const iv = input.subarray(MARKER.length, MARKER.length + IV_LENGTH); const encryptedText = input.subarray(MARKER.length + IV_LENGTH); const decipher = crypto.createDecipheriv(ALGORITHM, keyBuffer, iv); const decrypted = Buffer.concat([ decipher.update(encryptedText), decipher.final() ]); fs.writeFileSync(outputPath, decrypted); } catch (error) { console.error("Decryption failed:", error); } } // src/env/set-env-vars.ts function getEnvKeyEnvironmentVariable(envType) { return `ENV_${envType.toUpperCase().replace(/-/g, "_")}_KEY`; } async function setEnvironment(args) { return new Promise(async (resolve, reject) => { const envTypeInput = args?.envType ?? process.env.ENV_TYPE ?? ""; const envType = envTypeInput; const envFileName = `env.${envType}.json`; const envFilePath = `${args.envPath}/${envFileName}`; const tempDir = fs2.mkdtempSync(path.join(os.tmpdir(), "system-env-")); const decryptedEnvPath = path.join(tempDir, envFileName); try { const key = process.env[getEnvKeyEnvironmentVariable(envType)]; if (!key) { throw new Error(`${getEnvKeyEnvironmentVariable(envType)} is not set`); } decryptFile(envFilePath, decryptedEnvPath, key); fs2.readFile(decryptedEnvPath, "utf8", (err, data) => { if (err) { console.error( `[Environment-Variables] Error reading file from disk - ${envType}: ${err}` ); reject(err); } else { try { const envConfig = JSON.parse(data); for (const key2 in envConfig) { if (envConfig.hasOwnProperty(key2)) { process.env[key2] = envConfig[key2]; } } resolve(); } catch (err2) { console.error( `[Environment-Variables] Error parsing JSON string - ${envType}: ${err2}` ); reject(err2); } } }); } catch (err) { console.error( `[Environment-Variables] Error decrypting file - ${envType}: ${err}` ); reject(err); } }); } export { setEnvironment };