envilder
Version:
A CLI and GitHub Action that securely centralizes your environment variables from AWS SSM or Azure Key Vault as a single source of truth
66 lines • 3.31 kB
JavaScript
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
import { SSMClient } from '@aws-sdk/client-ssm';
import { DefaultAzureCredential } from '@azure/identity';
import { SecretClient } from '@azure/keyvault-secrets';
import { SecretProviderType } from '../domain/secret-provider-type.js';
import { AwsSsmSecretProvider } from './aws/aws-ssm-secret-provider.js';
import { AzureKeyVaultSecretProvider } from './azure/azure-key-vault-secret-provider.js';
export function createSecretProvider(config, options) {
var _a, _b, _c;
const provider = (_a = options === null || options === void 0 ? void 0 : options.provider) !== null && _a !== void 0 ? _a : config.provider;
const profile = normalize((_b = options === null || options === void 0 ? void 0 : options.profile) !== null && _b !== void 0 ? _b : config.profile);
const vaultUrl = normalize((_c = options === null || options === void 0 ? void 0 : options.vaultUrl) !== null && _c !== void 0 ? _c : config.vaultUrl);
const isAzure = provider === SecretProviderType.Azure;
if (isAzure && profile) {
throw new Error('AWS profile cannot be used with Azure Key Vault provider');
}
if (!isAzure && vaultUrl) {
throw new Error('Vault URL cannot be used with AWS SSM provider');
}
if (isAzure) {
return createAzureProvider(vaultUrl);
}
return createAwsProvider(profile);
}
function createAzureProvider(vaultUrl) {
if (!(vaultUrl === null || vaultUrl === void 0 ? void 0 : vaultUrl.trim())) {
throw new Error('Vault URL must be provided for Azure Key Vault provider');
}
const credential = new DefaultAzureCredential();
const client = new SecretClient(vaultUrl, credential);
return new AzureKeyVaultSecretProvider(client);
}
export function resolveRegionWithFallback(profile) {
return __awaiter(this, void 0, void 0, function* () {
if (process.env.AWS_REGION) {
return process.env.AWS_REGION;
}
if (process.env.AWS_DEFAULT_REGION) {
return process.env.AWS_DEFAULT_REGION;
}
try {
return yield new SSMClient(profile ? { profile } : {}).config.region();
}
catch (_a) {
return 'us-east-1';
}
});
}
function createAwsProvider(profile) {
const region = () => resolveRegionWithFallback(profile);
const client = new SSMClient(profile ? { profile, region } : { region });
return new AwsSsmSecretProvider(client, profile);
}
function normalize(value) {
const trimmed = value === null || value === void 0 ? void 0 : value.trim();
return trimmed || undefined;
}
//# sourceMappingURL=secret-provider-factory.js.map