UNPKG

@softovault/client

Version:

Official JavaScript SDK for SoftoVault - Secure secrets management

softovault.com

wassi-real/softovault

298 lines (257 loc) 8.58 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
/** * SoftoVault SDK - A robust client for managing secrets in SoftoVault * @class Vault */ export class Vault { /** * Create a new Vault instance * @param {string} apiKey - Vault access key (can also be set via SOFTOVAULT_API_KEY env var) * @param {Object} config - Configuration options * @param {string} config.apiUrl - Base API URL (default: production URL) * @param {number} config.timeout - Request timeout in ms (default: 10000) * @param {number} config.retries - Number of retry attempts (default: 3) * @param {boolean} config.cache - Enable in-memory caching (default: true) * @param {number} config.cacheTTL - Cache TTL in ms (default: 300000 - 5 minutes) */ constructor(apiKey, config = {}) { // Allow API key from environment variable this.apiKey = apiKey || process.env.SOFTOVAULT_API_KEY || process.env.VAULT_ACCESS_KEY if (!this.apiKey) { throw new Error("Vault Access key is required. Provide it as parameter or set SOFTOVAULT_API_KEY environment variable") } // Configuration with defaults this.config = { apiUrl: config.apiUrl || process.env.SOFTOVAULT_API_URL || "https://softovault.com/api/vault", timeout: config.timeout || 10000, retries: config.retries || 3, cache: config.cache !== false, cacheTTL: config.cacheTTL || 300000, // 5 minutes ...config } // Initialize cache if enabled if (this.config.cache) { this.cache = new Map() this.cacheTimestamps = new Map() } } /** * Make HTTP request with retry logic and timeout * @private */ async _makeRequest(endpoint, options = {}) { const url = `${this.config.apiUrl}${endpoint}` const requestOptions = { headers: { 'Authorization': `Bearer ${this.apiKey}`, 'Content-Type': 'application/json', 'User-Agent': 'SoftoVault-SDK/0.1.0', ...options.headers }, timeout: this.config.timeout, ...options } let lastError for (let attempt = 0; attempt <= this.config.retries; attempt++) { try { const controller = new AbortController() const timeoutId = setTimeout(() => controller.abort(), this.config.timeout) const response = await fetch(url, { ...requestOptions, signal: controller.signal }) clearTimeout(timeoutId) if (!response.ok) { const errorData = await response.json().catch(() => ({})) const error = new Error(errorData.message || `HTTP ${response.status}: ${response.statusText}`) error.status = response.status error.statusText = response.statusText error.data = errorData throw error } return await response.json() } catch (error) { lastError = error // Don't retry on client errors (4xx) except 429 (rate limit) if (error.status >= 400 && error.status < 500 && error.status !== 429) { throw error } // Don't retry on the last attempt if (attempt === this.config.retries) { throw error } // Exponential backoff: 1s, 2s, 4s const delay = Math.pow(2, attempt) * 1000 await new Promise(resolve => setTimeout(resolve, delay)) } } throw lastError } /** * Check if cached value is still valid * @private */ _isCacheValid(key) { if (!this.config.cache || !this.cache.has(key)) return false const timestamp = this.cacheTimestamps.get(key) return timestamp && (Date.now() - timestamp) < this.config.cacheTTL } /** * Set value in cache * @private */ _setCache(key, value) { if (!this.config.cache) return this.cache.set(key, value) this.cacheTimestamps.set(key, Date.now()) } /** * Get a specific secret by key * @param {string} key - The secret key to retrieve * @param {Object} options - Options * @param {boolean} options.useCache - Whether to use cache (default: true) * @returns {Promise<string>} The secret value */ async get(key, options = {}) { if (!key || typeof key !== 'string') { throw new Error('Secret key must be a non-empty string') } const useCache = options.useCache !== false const cacheKey = `secret:${key}` // Check cache first if (useCache && this._isCacheValid(cacheKey)) { return this.cache.get(cacheKey) } try { const data = await this._makeRequest(`/key/${encodeURIComponent(key)}`) const value = data.value // Cache the result if (useCache) { this._setCache(cacheKey, value) } return value } catch (error) { if (error.status === 404) { throw new Error(`Secret with key '${key}' not found`) } throw error } } /** * Get all secrets from the vault * @param {Object} options - Options * @param {boolean} options.useCache - Whether to use cache (default: true) * @returns {Promise<Object>} Object containing all secrets as key-value pairs */ async getAll(options = {}) { const useCache = options.useCache !== false const cacheKey = 'secrets:all' // Check cache first if (useCache && this._isCacheValid(cacheKey)) { return this.cache.get(cacheKey) } const data = await this._makeRequest('/all') const secrets = data.secrets || {} // Cache the result if (useCache) { this._setCache(cacheKey, secrets) } return secrets } /** * Get multiple secrets by keys * @param {string[]} keys - Array of secret keys to retrieve * @param {Object} options - Options * @param {boolean} options.useCache - Whether to use cache (default: true) * @param {boolean} options.failOnMissing - Throw error if any key is missing (default: false) * @returns {Promise<Object>} Object containing requested secrets */ async getMany(keys, options = {}) { if (!Array.isArray(keys)) { throw new Error('Keys must be an array') } const results = {} const errors = [] await Promise.allSettled( keys.map(async (key) => { try { results[key] = await this.get(key, options) } catch (error) { if (options.failOnMissing) { errors.push({ key, error: error.message }) } else { results[key] = null } } }) ) if (errors.length > 0 && options.failOnMissing) { throw new Error(`Failed to retrieve secrets: ${errors.map(e => `${e.key}: ${e.error}`).join(', ')}`) } return results } /** * Check if a secret exists * @param {string} key - The secret key to check * @returns {Promise<boolean>} True if secret exists, false otherwise */ async exists(key) { try { await this.get(key) return true } catch (error) { if (error.status === 404 || error.message.includes('not found')) { return false } throw error } } /** * Get vault information/metadata * @returns {Promise<Object>} Vault metadata */ async getVaultInfo() { return await this._makeRequest('/info') } /** * Clear the cache */ clearCache() { if (this.config.cache) { this.cache.clear() this.cacheTimestamps.clear() } } /** * Get cache statistics * @returns {Object} Cache statistics */ getCacheStats() { if (!this.config.cache) { return { enabled: false } } return { enabled: true, size: this.cache.size, ttl: this.config.cacheTTL, keys: Array.from(this.cache.keys()) } } /** * Create a new Vault instance with environment-based configuration * @static * @param {Object} config - Additional configuration options * @returns {Vault} New Vault instance */ static fromEnv(config = {}) { return new Vault(null, config) } /** * Validate API key format * @static * @param {string} apiKey - API key to validate * @returns {boolean} True if valid format */ static isValidApiKey(apiKey) { return typeof apiKey === 'string' && apiKey.length > 0 } }