UNPKG

envilder

Version:

A CLI and GitHub Action that securely centralizes your environment variables from AWS SSM or Azure Key Vault as a single source of truth

66 lines 3.31 kB
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; import { SSMClient } from '@aws-sdk/client-ssm'; import { DefaultAzureCredential } from '@azure/identity'; import { SecretClient } from '@azure/keyvault-secrets'; import { SecretProviderType } from '../domain/secret-provider-type.js'; import { AwsSsmSecretProvider } from './aws/aws-ssm-secret-provider.js'; import { AzureKeyVaultSecretProvider } from './azure/azure-key-vault-secret-provider.js'; export function createSecretProvider(config, options) { var _a, _b, _c; const provider = (_a = options === null || options === void 0 ? void 0 : options.provider) !== null && _a !== void 0 ? _a : config.provider; const profile = normalize((_b = options === null || options === void 0 ? void 0 : options.profile) !== null && _b !== void 0 ? _b : config.profile); const vaultUrl = normalize((_c = options === null || options === void 0 ? void 0 : options.vaultUrl) !== null && _c !== void 0 ? _c : config.vaultUrl); const isAzure = provider === SecretProviderType.Azure; if (isAzure && profile) { throw new Error('AWS profile cannot be used with Azure Key Vault provider'); } if (!isAzure && vaultUrl) { throw new Error('Vault URL cannot be used with AWS SSM provider'); } if (isAzure) { return createAzureProvider(vaultUrl); } return createAwsProvider(profile); } function createAzureProvider(vaultUrl) { if (!(vaultUrl === null || vaultUrl === void 0 ? void 0 : vaultUrl.trim())) { throw new Error('Vault URL must be provided for Azure Key Vault provider'); } const credential = new DefaultAzureCredential(); const client = new SecretClient(vaultUrl, credential); return new AzureKeyVaultSecretProvider(client); } export function resolveRegionWithFallback(profile) { return __awaiter(this, void 0, void 0, function* () { if (process.env.AWS_REGION) { return process.env.AWS_REGION; } if (process.env.AWS_DEFAULT_REGION) { return process.env.AWS_DEFAULT_REGION; } try { return yield new SSMClient(profile ? { profile } : {}).config.region(); } catch (_a) { return 'us-east-1'; } }); } function createAwsProvider(profile) { const region = () => resolveRegionWithFallback(profile); const client = new SSMClient(profile ? { profile, region } : { region }); return new AwsSsmSecretProvider(client, profile); } function normalize(value) { const trimmed = value === null || value === void 0 ? void 0 : value.trim(); return trimmed || undefined; } //# sourceMappingURL=secret-provider-factory.js.map