envilder
Version:
A CLI and GitHub Action that securely centralizes your environment variables from AWS SSM or Azure Key Vault as a single source of truth
28 lines • 1.03 kB
JavaScript
import { InvalidArgumentError } from '../../domain/errors/DomainErrors.js';
export const DEFAULT_VAULT_HOSTS = [
'.vault.azure.net',
'.vault.azure.cn',
'.vault.usgovcloudapi.net',
'.vault.microsoftazure.de',
];
export function validateAzureVaultUrl(vaultUrl, allowedHosts) {
let url;
try {
url = new URL(vaultUrl);
}
catch (_a) {
throw new InvalidArgumentError('vaultUrl must be a valid URL');
}
if (url.protocol !== 'https:') {
throw new InvalidArgumentError('vaultUrl must use https:// protocol');
}
const isAllowedHost = allowedHosts.some((suffix) => {
const normalizedSuffix = suffix.startsWith('.') ? suffix.slice(1) : suffix;
return (url.hostname === normalizedSuffix ||
url.hostname.endsWith(`.${normalizedSuffix}`));
});
if (!isAllowedHost) {
throw new InvalidArgumentError(`vaultUrl hostname must end with one of: ${allowedHosts.join(', ')}`);
}
}
//# sourceMappingURL=AzureVaultUrlValidator.js.map