supamend/dist/core/secrets-manager.js

Pluggable DevSecOps Security Scanner with 10+ scanners and multiple reporting channels

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.SecretsManager = void 0;
class SecretsManager {
    static sanitizeConfig(config) {
        const sanitized = { ...config };
        for (const [key, value] of Object.entries(sanitized)) {
            if (this.isSensitiveKey(key) && typeof value === 'string') {
                sanitized[key] = this.maskValue(value);
            }
            else if (typeof value === 'object' && value !== null) {
                sanitized[key] = this.sanitizeConfig(value);
            }
        }
        return sanitized;
    }
    static isSensitiveKey(key) {
        return this.SENSITIVE_KEYS.some(sensitive => key.toLowerCase().includes(sensitive));
    }
    static maskValue(value) {
        if (value.length <= 4)
            return '***';
        return value.substring(0, 2) + '*'.repeat(value.length - 4) + value.substring(value.length - 2);
    }
    static resolveEnvVars(config) {
        const resolved = { ...config };
        for (const [key, value] of Object.entries(resolved)) {
            if (typeof value === 'string' && value.startsWith('${') && value.endsWith('}')) {
                const envVar = value.slice(2, -1);
                resolved[key] = process.env[envVar] || value;
            }
            else if (typeof value === 'object' && value !== null) {
                resolved[key] = this.resolveEnvVars(value);
            }
        }
        return resolved;
    }
}
exports.SecretsManager = SecretsManager;
SecretsManager.SENSITIVE_KEYS = [
    'token', 'password', 'secret', 'key', 'auth', 'credential'
];
//# sourceMappingURL=secrets-manager.js.map