@phala/dstack-sdk
Version:
dstack SDK
45 lines • 2.19 kB
JavaScript
;
// SPDX-FileCopyrightText: © 2025 Phala Network <dstack@phala.network>
//
// SPDX-License-Identifier: Apache-2.0
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.encryptEnvVars = encryptEnvVars;
const ed25519_1 = require("@noble/curves/ed25519");
const crypto_1 = __importDefault(require("crypto"));
// Convert hex string to Uint8Array
function hexToUint8Array(hex) {
var _a, _b;
hex = hex.startsWith("0x") ? hex.slice(2) : hex;
return new Uint8Array((_b = (_a = hex.match(/.{1,2}/g)) === null || _a === void 0 ? void 0 : _a.map((byte) => parseInt(byte, 16))) !== null && _b !== void 0 ? _b : []);
}
function uint8ArrayToHex(buffer) {
return Array.from(buffer)
.map((byte) => byte.toString(16).padStart(2, "0"))
.join("");
}
// Encrypt environment variables
async function encryptEnvVars(envs, publicKeyHex) {
// Prepare environment data
const envsJson = JSON.stringify({ env: envs });
// Generate private key and derive public key
const privateKey = ed25519_1.x25519.utils.randomPrivateKey();
const publicKey = ed25519_1.x25519.getPublicKey(privateKey);
// Generate shared key
const remotePubkey = hexToUint8Array(publicKeyHex);
const shared = ed25519_1.x25519.getSharedSecret(privateKey, remotePubkey);
// Import shared key for AES-GCM
const importedShared = await crypto_1.default.subtle.importKey("raw", shared, { name: "AES-GCM", length: 256 }, true, ["encrypt"]);
// Encrypt the data
const iv = crypto_1.default.getRandomValues(new Uint8Array(12));
const encrypted = await crypto_1.default.subtle.encrypt({ name: "AES-GCM", iv }, importedShared, new TextEncoder().encode(envsJson));
// Combine all components
const result = new Uint8Array(publicKey.length + iv.length + encrypted.byteLength);
result.set(publicKey);
result.set(iv, publicKey.length);
result.set(new Uint8Array(encrypted), publicKey.length + iv.length);
return uint8ArrayToHex(result);
}
//# sourceMappingURL=encrypt-env-vars.js.map