@nbn23/secret-manager/lib/manager/index.js

Secret manager library

"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
    return new (P || (P = Promise))(function (resolve, reject) {
        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
        step((generator = generator.apply(thisArg, _arguments || [])).next());
    });
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.SecretManager = void 0;
const secret_manager_1 = require("@google-cloud/secret-manager");
const cache = {};
/**
 * SecretManager is responsible of obtain secret values related to a `projectId`
 * @class
 * @constructor
 * @public
 */
class SecretManager {
    constructor(options = {}) {
        this.getName = (key) => __awaiter(this, void 0, void 0, function* () {
            if (!this.options.projectId) {
                this.options.projectId = yield this.manager.getProjectId();
            }
            return `projects/${this.options.projectId}/secrets/${key}/versions/latest`;
        });
        this.getEnvVarSecrets = () => Object.keys(process.env).filter((key) => process.env[key] === "@secret");
        this._get = (key) => __awaiter(this, void 0, void 0, function* () {
            var _a, _b;
            const name = yield this.getName(key);
            const [secret] = yield this.manager.accessSecretVersion({ name });
            return (_b = (_a = secret.payload) === null || _a === void 0 ? void 0 : _a.data) === null || _b === void 0 ? void 0 : _b.toString();
        });
        this.options = options;
        this.manager = new secret_manager_1.SecretManagerServiceClient();
    }
    /**
     * Obtains the secret values associated to one or multiple `keys`.
     * If one or more secrets not exists returns undefined for each one.
     *
     * @param {string[]} keys The keys to identify the secrets.
     *
     * @returns {string[]} The values associated to the `keys` or if one or more secrets not exists undefined for each one.
     */
    get(...keys) {
        return __awaiter(this, void 0, void 0, function* () {
            return Promise.all(keys.map(this._get));
        });
    }
    /**
     * Manage the secrets from environment values. If one or more env vars has is value equal to `@secret`,
     *
     * @returns {boolean} Returns true if secrets are resolved from Google, false if secrets are returned from cache.
     */
    manageSecrets() {
        return __awaiter(this, void 0, void 0, function* () {
            const keys = this.getEnvVarSecrets();
            // Cached secrets
            if (Object.keys(cache).length) {
                for (const [key, secret] of Object.entries(cache)) {
                    process.env[key] = secret;
                }
                return false;
            }
            // Request secrets
            const secrets = yield this.get(...keys);
            for (const [i, secret] of secrets.entries()) {
                const key = keys[i];
                process.env[key] = secret;
                cache[key] = secret;
            }
            return true;
        });
    }
}
exports.SecretManager = SecretManager;