UNPKG

cdk-sops-secrets

Version:

CDK Constructs that syncs your sops secrets into AWS SecretsManager secrets.

constructs.dev/packages/cdk-sops-secrets

dbsystel/cdk-sops-secrets

61 lines • 9.33 kB

JavaScript

"use strict"; var _a; Object.defineProperty(exports, "__esModule", { value: true }); exports.SopsStringParameter = void 0; const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti"); const aws_ssm_1 = require("aws-cdk-lib/aws-ssm"); const core_1 = require("aws-cdk-lib/core"); const constructs_1 = require("constructs"); const SopsSync_1 = require("./SopsSync"); /** * A drop in replacement for the normal String Parameter, that is populated with the encrypted * content of the given sops file. */ class SopsStringParameter extends constructs_1.Construct { constructor(scope, id, props) { super(scope, id); this.encryptionKey = props.encryptionKey; this.stack = core_1.Stack.of(scope); this.env = { account: this.stack.account, region: this.stack.region, }; this.parameter = new aws_ssm_1.StringParameter(this, 'Resource', { parameterName: props.parameterName, description: props.description, tier: props.tier, stringValue: ' ', }); this.parameterArn = this.parameter.parameterArn; this.parameterName = this.parameter.parameterName; this.parameterType = this.parameter.parameterType; this.stringValue = this.parameter.stringValue; this.parameterRef = this.parameter.parameterRef; this.sync = new SopsSync_1.SopsSync(this, 'SopsSync', { encryptionKey: this.parameter.encryptionKey, target: this.parameter.parameterName, resourceType: SopsSync_1.ResourceType.PARAMETER, parameterNames: [props.parameterName ?? this.parameter.parameterName], ...props, }); } grantRead(grantee) { if (this.encryptionKey) { this.encryptionKey.grantDecrypt(grantee); } return this.parameter.grantRead(grantee); } grantWrite(grantee) { if (this.encryptionKey) { this.encryptionKey.grantEncrypt(grantee); } return this.parameter.grantWrite(grantee); } applyRemovalPolicy(policy) { this.parameter.applyRemovalPolicy(policy); } } exports.SopsStringParameter = SopsStringParameter; _a = JSII_RTTI_SYMBOL_1; SopsStringParameter[_a] = { fqn: "cdk-sops-secrets.SopsStringParameter", version: "2.8.1" }; //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiU29wc1N0cmluZ1BhcmFtZXRlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9Tb3BzU3RyaW5nUGFyYW1ldGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBRUEsaURBSzZCO0FBQzdCLDJDQUE2RTtBQUM3RSwyQ0FBdUM7QUFDdkMseUNBQXFFO0FBbUNyRTs7O0dBR0c7QUFDSCxNQUFhLG1CQUFvQixTQUFRLHNCQUFTO0lBWWhELFlBQ0UsS0FBZ0IsRUFDaEIsRUFBVSxFQUNWLEtBQStCO1FBRS9CLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFakIsSUFBSSxDQUFDLGFBQWEsR0FBRyxLQUFLLENBQUMsYUFBYSxDQUFDO1FBQ3pDLElBQUksQ0FBQyxLQUFLLEdBQUcsWUFBSyxDQUFDLEVBQUUsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUM3QixJQUFJLENBQUMsR0FBRyxHQUFHO1lBQ1QsT0FBTyxFQUFFLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTztZQUMzQixNQUFNLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNO1NBQzFCLENBQUM7UUFFRixJQUFJLENBQUMsU0FBUyxHQUFHLElBQUkseUJBQWUsQ0FBQyxJQUFJLEVBQUUsVUFBVSxFQUFFO1lBQ3JELGFBQWEsRUFBRSxLQUFLLENBQUMsYUFBYTtZQUNsQyxXQUFXLEVBQUUsS0FBSyxDQUFDLFdBQVc7WUFDOUIsSUFBSSxFQUFFLEtBQUssQ0FBQyxJQUFJO1lBQ2hCLFdBQVcsRUFBRSxHQUFHO1NBQ2pCLENBQUMsQ0FBQztRQUVILElBQUksQ0FBQyxZQUFZLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxZQUFZLENBQUM7UUFDaEQsSUFBSSxDQUFDLGFBQWEsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLGFBQWEsQ0FBQztRQUNsRCxJQUFJLENBQUMsYUFBYSxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsYUFBYSxDQUFDO1FBQ2xELElBQUksQ0FBQyxXQUFXLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxXQUFXLENBQUM7UUFDOUMsSUFBSSxDQUFDLFlBQVksR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLFlBQVksQ0FBQztRQUVoRCxJQUFJLENBQUMsSUFBSSxHQUFHLElBQUksbUJBQVEsQ0FBQyxJQUFJLEVBQUUsVUFBVSxFQUFFO1lBQ3pDLGFBQWEsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLGFBQWE7WUFDM0MsTUFBTSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsYUFBYTtZQUNwQyxZQUFZLEVBQUUsdUJBQVksQ0FBQyxTQUFTO1lBQ3BDLGNBQWMsRUFBRSxDQUFDLEtBQUssQ0FBQyxhQUFhLElBQUksSUFBSSxDQUFDLFNBQVMsQ0FBQyxhQUFhLENBQUM7WUFDckUsR0FBSSxLQUF5QjtTQUM5QixDQUFDLENBQUM7SUFDTCxDQUFDO0lBQ0QsU0FBUyxDQUFDLE9BQW1CO1FBQzNCLElBQUksSUFBSSxDQUFDLGFBQWEsRUFBRSxDQUFDO1lBQ3ZCLElBQUksQ0FBQyxhQUFhLENBQUMsWUFBWSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQzNDLENBQUM7UUFDRCxPQUFPLElBQUksQ0FBQyxTQUFTLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxDQUFDO0lBQzNDLENBQUM7SUFDRCxVQUFVLENBQUMsT0FBbUI7UUFDNUIsSUFBSSxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7WUFDdkIsSUFBSSxDQUFDLGFBQWEsQ0FBQyxZQUFZLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDM0MsQ0FBQztRQUNELE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDNUMsQ0FBQztJQUNELGtCQUFrQixDQUFDLE1BQXFCO1FBQ3RDLElBQUksQ0FBQyxTQUFTLENBQUMsa0JBQWtCLENBQUMsTUFBTSxDQUFDLENBQUM7SUFDNUMsQ0FBQzs7QUE3REgsa0RBOERDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgR3JhbnQsIElHcmFudGFibGUgfSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtaWFtJztcbmltcG9ydCB7IElLZXkgfSBmcm9tICdhd3MtY2RrLWxpYi9hd3Mta21zJztcbmltcG9ydCB7XG4gIElTdHJpbmdQYXJhbWV0ZXIsXG4gIFBhcmFtZXRlclJlZmVyZW5jZSxcbiAgUGFyYW1ldGVyVGllcixcbiAgU3RyaW5nUGFyYW1ldGVyLFxufSBmcm9tICdhd3MtY2RrLWxpYi9hd3Mtc3NtJztcbmltcG9ydCB7IFJlbW92YWxQb2xpY3ksIFJlc291cmNlRW52aXJvbm1lbnQsIFN0YWNrIH0gZnJvbSAnYXdzLWNkay1saWIvY29yZSc7XG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tICdjb25zdHJ1Y3RzJztcbmltcG9ydCB7IFJlc291cmNlVHlwZSwgU29wc1N5bmMsIFNvcHNTeW5jT3B0aW9ucyB9IGZyb20gJy4vU29wc1N5bmMnO1xuXG4vKipcbiAqIFRoZSBjb25maWd1cmF0aW9uIG9wdGlvbnMgb2YgdGhlIFN0cmluZ1BhcmFtZXRlclxuICovXG5leHBvcnQgaW50ZXJmYWNlIFNvcHNDb21tb25QYXJhbWV0ZXJQcm9wcyBleHRlbmRzIFNvcHNTeW5jT3B0aW9ucyB7XG4gIC8qKlxuICAgKiBUaGUgdGllciBvZiB0aGUgc3RyaW5nIHBhcmFtZXRlclxuICAgKlxuICAgKiBAZGVmYXVsdCAtIHVuZGVmaW5lZFxuICAgKi9cbiAgcmVhZG9ubHkgdGllcj86IFBhcmFtZXRlclRpZXI7XG4gIC8qKlxuICAgKiBJbmZvcm1hdGlvbiBhYm91dCB0aGUgcGFyYW1ldGVyIHRoYXQgeW91IHdhbnQgdG8gYWRkIHRvIHRoZSBzeXN0ZW0uXG4gICAqXG4gICAqIEBkZWZhdWx0IG5vbmVcbiAgICovXG4gIHJlYWRvbmx5IGRlc2NyaXB0aW9uPzogc3RyaW5nO1xuICAvKipcbiAgICogVGhlIGN1c3RvbWVyLW1hbmFnZWQgZW5jcnlwdGlvbiBrZXkgdG8gdXNlIGZvciBlbmNyeXB0aW5nIHRoZSBzZWNyZXQgdmFsdWUuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gQSBkZWZhdWx0IEtNUyBrZXkgZm9yIHRoZSBhY2NvdW50IGFuZCByZWdpb24gaXMgdXNlZC5cbiAgICovXG4gIHJlYWRvbmx5IGVuY3J5cHRpb25LZXk6IElLZXk7XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgU29wc1N0cmluZ1BhcmFtZXRlclByb3BzIGV4dGVuZHMgU29wc0NvbW1vblBhcmFtZXRlclByb3BzIHtcbiAgLyoqXG4gICAqIFRoZSBuYW1lIG9mIHRoZSBwYXJhbWV0ZXIuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gYSBuYW1lIHdpbGwgYmUgZ2VuZXJhdGVkIGJ5IENsb3VkRm9ybWF0aW9uXG4gICAqL1xuICByZWFkb25seSBwYXJhbWV0ZXJOYW1lPzogc3RyaW5nO1xufVxuXG4vKipcbiAqIEEgZHJvcCBpbiByZXBsYWNlbWVudCBmb3IgdGhlIG5vcm1hbCBTdHJpbmcgUGFyYW1ldGVyLCB0aGF0IGlzIHBvcHVsYXRlZCB3aXRoIHRoZSBlbmNyeXB0ZWRcbiAqIGNvbnRlbnQgb2YgdGhlIGdpdmVuIHNvcHMgZmlsZS5cbiAqL1xuZXhwb3J0IGNsYXNzIFNvcHNTdHJpbmdQYXJhbWV0ZXIgZXh0ZW5kcyBDb25zdHJ1Y3QgaW1wbGVtZW50cyBJU3RyaW5nUGFyYW1ldGVyIHtcbiAgcHJpdmF0ZSByZWFkb25seSBwYXJhbWV0ZXI6IFN0cmluZ1BhcmFtZXRlcjtcbiAgcmVhZG9ubHkgc3luYzogU29wc1N5bmM7XG4gIHJlYWRvbmx5IGVuY3J5cHRpb25LZXk6IElLZXk7XG4gIHJlYWRvbmx5IHN0YWNrOiBTdGFjaztcbiAgcmVhZG9ubHkgZW52OiBSZXNvdXJjZUVudmlyb25tZW50O1xuICByZWFkb25seSBwYXJhbWV0ZXJBcm46IHN0cmluZztcbiAgcmVhZG9ubHkgcGFyYW1ldGVyTmFtZTogc3RyaW5nO1xuICByZWFkb25seSBwYXJhbWV0ZXJUeXBlOiBzdHJpbmc7XG4gIHJlYWRvbmx5IHN0cmluZ1ZhbHVlOiBzdHJpbmc7XG4gIHJlYWRvbmx5IHBhcmFtZXRlclJlZjogUGFyYW1ldGVyUmVmZXJlbmNlO1xuXG4gIHB1YmxpYyBjb25zdHJ1Y3RvcihcbiAgICBzY29wZTogQ29uc3RydWN0LFxuICAgIGlkOiBzdHJpbmcsXG4gICAgcHJvcHM6IFNvcHNTdHJpbmdQYXJhbWV0ZXJQcm9wcyxcbiAgKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgIHRoaXMuZW5jcnlwdGlvbktleSA9IHByb3BzLmVuY3J5cHRpb25LZXk7XG4gICAgdGhpcy5zdGFjayA9IFN0YWNrLm9mKHNjb3BlKTtcbiAgICB0aGlzLmVudiA9IHtcbiAgICAgIGFjY291bnQ6IHRoaXMuc3RhY2suYWNjb3VudCxcbiAgICAgIHJlZ2lvbjogdGhpcy5zdGFjay5yZWdpb24sXG4gICAgfTtcblxuICAgIHRoaXMucGFyYW1ldGVyID0gbmV3IFN0cmluZ1BhcmFtZXRlcih0aGlzLCAnUmVzb3VyY2UnLCB7XG4gICAgICBwYXJhbWV0ZXJOYW1lOiBwcm9wcy5wYXJhbWV0ZXJOYW1lLFxuICAgICAgZGVzY3JpcHRpb246IHByb3BzLmRlc2NyaXB0aW9uLFxuICAgICAgdGllcjogcHJvcHMudGllcixcbiAgICAgIHN0cmluZ1ZhbHVlOiAnICcsXG4gICAgfSk7XG5cbiAgICB0aGlzLnBhcmFtZXRlckFybiA9IHRoaXMucGFyYW1ldGVyLnBhcmFtZXRlckFybjtcbiAgICB0aGlzLnBhcmFtZXRlck5hbWUgPSB0aGlzLnBhcmFtZXRlci5wYXJhbWV0ZXJOYW1lO1xuICAgIHRoaXMucGFyYW1ldGVyVHlwZSA9IHRoaXMucGFyYW1ldGVyLnBhcmFtZXRlclR5cGU7XG4gICAgdGhpcy5zdHJpbmdWYWx1ZSA9IHRoaXMucGFyYW1ldGVyLnN0cmluZ1ZhbHVlO1xuICAgIHRoaXMucGFyYW1ldGVyUmVmID0gdGhpcy5wYXJhbWV0ZXIucGFyYW1ldGVyUmVmO1xuXG4gICAgdGhpcy5zeW5jID0gbmV3IFNvcHNTeW5jKHRoaXMsICdTb3BzU3luYycsIHtcbiAgICAgIGVuY3J5cHRpb25LZXk6IHRoaXMucGFyYW1ldGVyLmVuY3J5cHRpb25LZXksXG4gICAgICB0YXJnZXQ6IHRoaXMucGFyYW1ldGVyLnBhcmFtZXRlck5hbWUsXG4gICAgICByZXNvdXJjZVR5cGU6IFJlc291cmNlVHlwZS5QQVJBTUVURVIsXG4gICAgICBwYXJhbWV0ZXJOYW1lczogW3Byb3BzLnBhcmFtZXRlck5hbWUgPz8gdGhpcy5wYXJhbWV0ZXIucGFyYW1ldGVyTmFtZV0sXG4gICAgICAuLi4ocHJvcHMgYXMgU29wc1N5bmNPcHRpb25zKSxcbiAgICB9KTtcbiAgfVxuICBncmFudFJlYWQoZ3JhbnRlZTogSUdyYW50YWJsZSk6IEdyYW50IHtcbiAgICBpZiAodGhpcy5lbmNyeXB0aW9uS2V5KSB7XG4gICAgICB0aGlzLmVuY3J5cHRpb25LZXkuZ3JhbnREZWNyeXB0KGdyYW50ZWUpO1xuICAgIH1cbiAgICByZXR1cm4gdGhpcy5wYXJhbWV0ZXIuZ3JhbnRSZWFkKGdyYW50ZWUpO1xuICB9XG4gIGdyYW50V3JpdGUoZ3JhbnRlZTogSUdyYW50YWJsZSk6IEdyYW50IHtcbiAgICBpZiAodGhpcy5lbmNyeXB0aW9uS2V5KSB7XG4gICAgICB0aGlzLmVuY3J5cHRpb25LZXkuZ3JhbnRFbmNyeXB0KGdyYW50ZWUpO1xuICAgIH1cbiAgICByZXR1cm4gdGhpcy5wYXJhbWV0ZXIuZ3JhbnRXcml0ZShncmFudGVlKTtcbiAgfVxuICBhcHBseVJlbW92YWxQb2xpY3kocG9saWN5OiBSZW1vdmFsUG9saWN5KTogdm9pZCB7XG4gICAgdGhpcy5wYXJhbWV0ZXIuYXBwbHlSZW1vdmFsUG9saWN5KHBvbGljeSk7XG4gIH1cbn1cbiJdfQ==