UNPKG

cdk-sops-secrets

Version:

CDK Constructs that syncs your sops secrets into AWS SecretsManager secrets.

constructs.dev/packages/cdk-sops-secrets

dbsystel/cdk-sops-secrets

60 lines 9.04 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
"use strict"; var _a; Object.defineProperty(exports, "__esModule", { value: true }); exports.SopsStringParameter = void 0; const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti"); const aws_ssm_1 = require("aws-cdk-lib/aws-ssm"); const core_1 = require("aws-cdk-lib/core"); const constructs_1 = require("constructs"); const SopsSync_1 = require("./SopsSync"); /** * A drop in replacement for the normal String Parameter, that is populated with the encrypted * content of the given sops file. */ class SopsStringParameter extends constructs_1.Construct { constructor(scope, id, props) { super(scope, id); this.encryptionKey = props.encryptionKey; this.stack = core_1.Stack.of(scope); this.env = { account: this.stack.account, region: this.stack.region, }; this.parameter = new aws_ssm_1.StringParameter(this, 'Resource', { parameterName: props.parameterName, description: props.description, tier: props.tier, stringValue: ' ', }); this.parameterArn = this.parameter.parameterArn; this.parameterName = this.parameter.parameterName; this.parameterType = this.parameter.parameterType; this.stringValue = this.parameter.stringValue; this.sync = new SopsSync_1.SopsSync(this, 'SopsSync', { encryptionKey: this.parameter.encryptionKey, target: this.parameter.parameterName, resourceType: SopsSync_1.ResourceType.PARAMETER, parameterNames: [props.parameterName ?? this.parameter.parameterName], ...props, }); } grantRead(grantee) { if (this.encryptionKey) { this.encryptionKey.grantDecrypt(grantee); } return this.parameter.grantRead(grantee); } grantWrite(grantee) { if (this.encryptionKey) { this.encryptionKey.grantEncrypt(grantee); } return this.parameter.grantWrite(grantee); } applyRemovalPolicy(policy) { this.parameter.applyRemovalPolicy(policy); } } exports.SopsStringParameter = SopsStringParameter; _a = JSII_RTTI_SYMBOL_1; SopsStringParameter[_a] = { fqn: "cdk-sops-secrets.SopsStringParameter", version: "2.2.4" }; //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiU29wc1N0cmluZ1BhcmFtZXRlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9Tb3BzU3RyaW5nUGFyYW1ldGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBRUEsaURBSTZCO0FBQzdCLDJDQUE2RTtBQUM3RSwyQ0FBdUM7QUFDdkMseUNBQXFFO0FBbUNyRTs7O0dBR0c7QUFDSCxNQUFhLG1CQUFvQixTQUFRLHNCQUFTO0lBV2hELFlBQ0UsS0FBZ0IsRUFDaEIsRUFBVSxFQUNWLEtBQStCO1FBRS9CLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFakIsSUFBSSxDQUFDLGFBQWEsR0FBRyxLQUFLLENBQUMsYUFBYSxDQUFDO1FBQ3pDLElBQUksQ0FBQyxLQUFLLEdBQUcsWUFBSyxDQUFDLEVBQUUsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUM3QixJQUFJLENBQUMsR0FBRyxHQUFHO1lBQ1QsT0FBTyxFQUFFLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTztZQUMzQixNQUFNLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNO1NBQzFCLENBQUM7UUFFRixJQUFJLENBQUMsU0FBUyxHQUFHLElBQUkseUJBQWUsQ0FBQyxJQUFJLEVBQUUsVUFBVSxFQUFFO1lBQ3JELGFBQWEsRUFBRSxLQUFLLENBQUMsYUFBYTtZQUNsQyxXQUFXLEVBQUUsS0FBSyxDQUFDLFdBQVc7WUFDOUIsSUFBSSxFQUFFLEtBQUssQ0FBQyxJQUFJO1lBQ2hCLFdBQVcsRUFBRSxHQUFHO1NBQ2pCLENBQUMsQ0FBQztRQUVILElBQUksQ0FBQyxZQUFZLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxZQUFZLENBQUM7UUFDaEQsSUFBSSxDQUFDLGFBQWEsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLGFBQWEsQ0FBQztRQUNsRCxJQUFJLENBQUMsYUFBYSxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsYUFBYSxDQUFDO1FBQ2xELElBQUksQ0FBQyxXQUFXLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxXQUFXLENBQUM7UUFFOUMsSUFBSSxDQUFDLElBQUksR0FBRyxJQUFJLG1CQUFRLENBQUMsSUFBSSxFQUFFLFVBQVUsRUFBRTtZQUN6QyxhQUFhLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxhQUFhO1lBQzNDLE1BQU0sRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLGFBQWE7WUFDcEMsWUFBWSxFQUFFLHVCQUFZLENBQUMsU0FBUztZQUNwQyxjQUFjLEVBQUUsQ0FBQyxLQUFLLENBQUMsYUFBYSxJQUFJLElBQUksQ0FBQyxTQUFTLENBQUMsYUFBYSxDQUFDO1lBQ3JFLEdBQUksS0FBeUI7U0FDOUIsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUNELFNBQVMsQ0FBQyxPQUFtQjtRQUMzQixJQUFJLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUN2QixJQUFJLENBQUMsYUFBYSxDQUFDLFlBQVksQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUMzQyxDQUFDO1FBQ0QsT0FBTyxJQUFJLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUMzQyxDQUFDO0lBQ0QsVUFBVSxDQUFDLE9BQW1CO1FBQzVCLElBQUksSUFBSSxDQUFDLGFBQWEsRUFBRSxDQUFDO1lBQ3ZCLElBQUksQ0FBQyxhQUFhLENBQUMsWUFBWSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQzNDLENBQUM7UUFDRCxPQUFPLElBQUksQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQyxDQUFDO0lBQzVDLENBQUM7SUFDRCxrQkFBa0IsQ0FBQyxNQUFxQjtRQUN0QyxJQUFJLENBQUMsU0FBUyxDQUFDLGtCQUFrQixDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQzVDLENBQUM7O0FBM0RILGtEQTREQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IEdyYW50LCBJR3JhbnRhYmxlIH0gZnJvbSAnYXdzLWNkay1saWIvYXdzLWlhbSc7XG5pbXBvcnQgeyBJS2V5IH0gZnJvbSAnYXdzLWNkay1saWIvYXdzLWttcyc7XG5pbXBvcnQge1xuICBJU3RyaW5nUGFyYW1ldGVyLFxuICBQYXJhbWV0ZXJUaWVyLFxuICBTdHJpbmdQYXJhbWV0ZXIsXG59IGZyb20gJ2F3cy1jZGstbGliL2F3cy1zc20nO1xuaW1wb3J0IHsgUmVtb3ZhbFBvbGljeSwgUmVzb3VyY2VFbnZpcm9ubWVudCwgU3RhY2sgfSBmcm9tICdhd3MtY2RrLWxpYi9jb3JlJztcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gJ2NvbnN0cnVjdHMnO1xuaW1wb3J0IHsgUmVzb3VyY2VUeXBlLCBTb3BzU3luYywgU29wc1N5bmNPcHRpb25zIH0gZnJvbSAnLi9Tb3BzU3luYyc7XG5cbi8qKlxuICogVGhlIGNvbmZpZ3VyYXRpb24gb3B0aW9ucyBvZiB0aGUgU3RyaW5nUGFyYW1ldGVyXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgU29wc0NvbW1vblBhcmFtZXRlclByb3BzIGV4dGVuZHMgU29wc1N5bmNPcHRpb25zIHtcbiAgLyoqXG4gICAqIFRoZSB0aWVyIG9mIHRoZSBzdHJpbmcgcGFyYW1ldGVyXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gdW5kZWZpbmVkXG4gICAqL1xuICByZWFkb25seSB0aWVyPzogUGFyYW1ldGVyVGllcjtcbiAgLyoqXG4gICAqIEluZm9ybWF0aW9uIGFib3V0IHRoZSBwYXJhbWV0ZXIgdGhhdCB5b3Ugd2FudCB0byBhZGQgdG8gdGhlIHN5c3RlbS5cbiAgICpcbiAgICogQGRlZmF1bHQgbm9uZVxuICAgKi9cbiAgcmVhZG9ubHkgZGVzY3JpcHRpb24/OiBzdHJpbmc7XG4gIC8qKlxuICAgKiBUaGUgY3VzdG9tZXItbWFuYWdlZCBlbmNyeXB0aW9uIGtleSB0byB1c2UgZm9yIGVuY3J5cHRpbmcgdGhlIHNlY3JldCB2YWx1ZS5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBBIGRlZmF1bHQgS01TIGtleSBmb3IgdGhlIGFjY291bnQgYW5kIHJlZ2lvbiBpcyB1c2VkLlxuICAgKi9cbiAgcmVhZG9ubHkgZW5jcnlwdGlvbktleTogSUtleTtcbn1cblxuZXhwb3J0IGludGVyZmFjZSBTb3BzU3RyaW5nUGFyYW1ldGVyUHJvcHMgZXh0ZW5kcyBTb3BzQ29tbW9uUGFyYW1ldGVyUHJvcHMge1xuICAvKipcbiAgICogVGhlIG5hbWUgb2YgdGhlIHBhcmFtZXRlci5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBhIG5hbWUgd2lsbCBiZSBnZW5lcmF0ZWQgYnkgQ2xvdWRGb3JtYXRpb25cbiAgICovXG4gIHJlYWRvbmx5IHBhcmFtZXRlck5hbWU/OiBzdHJpbmc7XG59XG5cbi8qKlxuICogQSBkcm9wIGluIHJlcGxhY2VtZW50IGZvciB0aGUgbm9ybWFsIFN0cmluZyBQYXJhbWV0ZXIsIHRoYXQgaXMgcG9wdWxhdGVkIHdpdGggdGhlIGVuY3J5cHRlZFxuICogY29udGVudCBvZiB0aGUgZ2l2ZW4gc29wcyBmaWxlLlxuICovXG5leHBvcnQgY2xhc3MgU29wc1N0cmluZ1BhcmFtZXRlciBleHRlbmRzIENvbnN0cnVjdCBpbXBsZW1lbnRzIElTdHJpbmdQYXJhbWV0ZXIge1xuICBwcml2YXRlIHJlYWRvbmx5IHBhcmFtZXRlcjogU3RyaW5nUGFyYW1ldGVyO1xuICByZWFkb25seSBzeW5jOiBTb3BzU3luYztcbiAgcmVhZG9ubHkgZW5jcnlwdGlvbktleTogSUtleTtcbiAgcmVhZG9ubHkgc3RhY2s6IFN0YWNrO1xuICByZWFkb25seSBlbnY6IFJlc291cmNlRW52aXJvbm1lbnQ7XG4gIHJlYWRvbmx5IHBhcmFtZXRlckFybjogc3RyaW5nO1xuICByZWFkb25seSBwYXJhbWV0ZXJOYW1lOiBzdHJpbmc7XG4gIHJlYWRvbmx5IHBhcmFtZXRlclR5cGU6IHN0cmluZztcbiAgcmVhZG9ubHkgc3RyaW5nVmFsdWU6IHN0cmluZztcblxuICBwdWJsaWMgY29uc3RydWN0b3IoXG4gICAgc2NvcGU6IENvbnN0cnVjdCxcbiAgICBpZDogc3RyaW5nLFxuICAgIHByb3BzOiBTb3BzU3RyaW5nUGFyYW1ldGVyUHJvcHMsXG4gICkge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICB0aGlzLmVuY3J5cHRpb25LZXkgPSBwcm9wcy5lbmNyeXB0aW9uS2V5O1xuICAgIHRoaXMuc3RhY2sgPSBTdGFjay5vZihzY29wZSk7XG4gICAgdGhpcy5lbnYgPSB7XG4gICAgICBhY2NvdW50OiB0aGlzLnN0YWNrLmFjY291bnQsXG4gICAgICByZWdpb246IHRoaXMuc3RhY2sucmVnaW9uLFxuICAgIH07XG5cbiAgICB0aGlzLnBhcmFtZXRlciA9IG5ldyBTdHJpbmdQYXJhbWV0ZXIodGhpcywgJ1Jlc291cmNlJywge1xuICAgICAgcGFyYW1ldGVyTmFtZTogcHJvcHMucGFyYW1ldGVyTmFtZSxcbiAgICAgIGRlc2NyaXB0aW9uOiBwcm9wcy5kZXNjcmlwdGlvbixcbiAgICAgIHRpZXI6IHByb3BzLnRpZXIsXG4gICAgICBzdHJpbmdWYWx1ZTogJyAnLFxuICAgIH0pO1xuXG4gICAgdGhpcy5wYXJhbWV0ZXJBcm4gPSB0aGlzLnBhcmFtZXRlci5wYXJhbWV0ZXJBcm47XG4gICAgdGhpcy5wYXJhbWV0ZXJOYW1lID0gdGhpcy5wYXJhbWV0ZXIucGFyYW1ldGVyTmFtZTtcbiAgICB0aGlzLnBhcmFtZXRlclR5cGUgPSB0aGlzLnBhcmFtZXRlci5wYXJhbWV0ZXJUeXBlO1xuICAgIHRoaXMuc3RyaW5nVmFsdWUgPSB0aGlzLnBhcmFtZXRlci5zdHJpbmdWYWx1ZTtcblxuICAgIHRoaXMuc3luYyA9IG5ldyBTb3BzU3luYyh0aGlzLCAnU29wc1N5bmMnLCB7XG4gICAgICBlbmNyeXB0aW9uS2V5OiB0aGlzLnBhcmFtZXRlci5lbmNyeXB0aW9uS2V5LFxuICAgICAgdGFyZ2V0OiB0aGlzLnBhcmFtZXRlci5wYXJhbWV0ZXJOYW1lLFxuICAgICAgcmVzb3VyY2VUeXBlOiBSZXNvdXJjZVR5cGUuUEFSQU1FVEVSLFxuICAgICAgcGFyYW1ldGVyTmFtZXM6IFtwcm9wcy5wYXJhbWV0ZXJOYW1lID8/IHRoaXMucGFyYW1ldGVyLnBhcmFtZXRlck5hbWVdLFxuICAgICAgLi4uKHByb3BzIGFzIFNvcHNTeW5jT3B0aW9ucyksXG4gICAgfSk7XG4gIH1cbiAgZ3JhbnRSZWFkKGdyYW50ZWU6IElHcmFudGFibGUpOiBHcmFudCB7XG4gICAgaWYgKHRoaXMuZW5jcnlwdGlvbktleSkge1xuICAgICAgdGhpcy5lbmNyeXB0aW9uS2V5LmdyYW50RGVjcnlwdChncmFudGVlKTtcbiAgICB9XG4gICAgcmV0dXJuIHRoaXMucGFyYW1ldGVyLmdyYW50UmVhZChncmFudGVlKTtcbiAgfVxuICBncmFudFdyaXRlKGdyYW50ZWU6IElHcmFudGFibGUpOiBHcmFudCB7XG4gICAgaWYgKHRoaXMuZW5jcnlwdGlvbktleSkge1xuICAgICAgdGhpcy5lbmNyeXB0aW9uS2V5LmdyYW50RW5jcnlwdChncmFudGVlKTtcbiAgICB9XG4gICAgcmV0dXJuIHRoaXMucGFyYW1ldGVyLmdyYW50V3JpdGUoZ3JhbnRlZSk7XG4gIH1cbiAgYXBwbHlSZW1vdmFsUG9saWN5KHBvbGljeTogUmVtb3ZhbFBvbGljeSk6IHZvaWQge1xuICAgIHRoaXMucGFyYW1ldGVyLmFwcGx5UmVtb3ZhbFBvbGljeShwb2xpY3kpO1xuICB9XG59XG4iXX0=