@relaycorp/webcrypto-kms/build/module/lib/init.js

WebCrypto-compatible client for Key Management Services like GCP KMS

import { get as getEnvVar } from 'env-var';
import { KmsError } from './KmsError';
import { GcpKmsRsaPssProvider } from './gcp/GcpKmsRsaPssProvider';
const INITIALISERS = {
    AWS: initAwsProvider,
    GCP: initGcpProvider,
};
export async function initKmsProviderFromEnv(adapter) {
    const init = INITIALISERS[adapter];
    if (!init) {
        throw new KmsError(`Invalid adapter (${adapter})`);
    }
    return init();
}
export async function initAwsProvider() {
    // Avoid import-time side effects (e.g., expensive API calls)
    const { AwsKmsRsaPssProvider } = await import('./aws/AwsKmsRsaPssProvider');
    const { KMSClient } = await import('@aws-sdk/client-kms');
    return new AwsKmsRsaPssProvider(new KMSClient({
        endpoint: getEnvVar('AWS_KMS_ENDPOINT').asString(),
        region: getEnvVar('AWS_KMS_REGION').asString(),
    }));
}
export async function initGcpProvider() {
    const kmsConfig = {
        location: getEnvVar('GCP_KMS_LOCATION').required().asString(),
        keyRing: getEnvVar('GCP_KMS_KEYRING').required().asString(),
        protectionLevel: getEnvVar('GCP_KMS_PROTECTION_LEVEL').required().asEnum(['SOFTWARE', 'HSM']),
        destroyScheduledDurationSeconds: getEnvVar('GCP_KMS_DESTROY_SCHEDULED_DURATION_SECONDS').asIntPositive(),
    };
    // Avoid import-time side effects (e.g., expensive API calls)
    const { KeyManagementServiceClient } = await import('@google-cloud/kms');
    return new GcpKmsRsaPssProvider(new KeyManagementServiceClient(), kmsConfig);
}
//# sourceMappingURL=init.js.map