token-guardian

import { GuardianConfig } from './interfaces/GuardianConfig'; import { TokenConfig } from './interfaces/TokenConfig'; import { ScanResult } from './interfaces/ScanResult'; import { RotationResult } from './interfaces/RotationResult'; import { AuditLogEntry } from './storage/TokenStore'; /** * TokenGuardian - Main class that provides token protection functionality */ export declare class TokenGuardian { private readonly defaultRotationInterval; private config; private scanner; private rotator; private canaryService; private tokenStore; private logger; private patterns; private rotationSchedules; /** * Creates a new TokenGuardian instance * @param config Configuration options for TokenGuardian */ constructor(config?: Partial<GuardianConfig>); /** * Generates a secure encryption key * @returns A secure encryption key */ private generateEncryptionKey; /** * Parses an interval string to milliseconds * @param interval Interval string (e.g. '30d', '6h') * @returns Milliseconds */ private parseIntervalToMs; /** * Normalizes interval strings to a validated format, falling back when invalid * @param interval Interval string to normalize * @param fallback Fallback interval if the provided one is invalid * @returns Normalized interval string */ private normalizeInterval; /** * Schedules automatic rotation for a token * @param tokenName The name/identifier of the token * @param serviceType The type of service the token is for * @param interval Rotation interval (e.g. '30d', '6h') */ private scheduleRotation; /** * Cancels a scheduled rotation * @param tokenName The name/identifier of the token */ private cancelRotation; /** * Scans a string for potential tokens or secrets * @param input The string to scan * @returns Results of the scan */ scanString(input: string): ScanResult[]; /** * Protects a token by storing it securely and optionally enabling rotation and canary features * @param tokenName A name/identifier for the token * @param tokenValue The actual token value to protect * @param tokenConfig Configuration options for this specific token * @returns True if the token was successfully protected */ protect(tokenName: string, tokenValue: string, tokenConfig?: Partial<TokenConfig>): boolean; /** * Retrieves a protected token * @param tokenName The name/identifier of the token to retrieve * @returns The token value, or null if not found */ getToken(tokenName: string): string | null; /** * Forcibly rotates a token immediately * @param tokenName The name/identifier of the token to rotate * @returns Result of the rotation attempt */ rotateToken(tokenName: string): Promise<RotationResult>; /** * Gets a list of all protected token names * @returns Array of token names */ listTokens(): string[]; /** * Removes a protected token * @param tokenName The name/identifier of the token to remove * @returns True if the token was successfully removed */ removeToken(tokenName: string): boolean; /** * Stops scheduled rotation for a specific token * @param tokenName The name/identifier of the token * @returns True if a rotation schedule was cancelled */ stopRotation(tokenName: string): boolean; /** * Stops all scheduled rotations */ stopAllRotations(): void; /** * Gets the audit log for a specific token or all tokens * @param tokenName Optional token name to filter the log * @returns Array of audit log entries */ getAuditLog(tokenName?: string): AuditLogEntry[]; /** * Scans a file for potential tokens or secrets * @param filepath Path to the file to scan * @returns Results of the scan */ scanFile(filepath: string): Promise<ScanResult[]>; /** * Scans content from a file for potential tokens or secrets * @param content Content to scan * @param filepath Original file path (for reporting) * @returns Results of the scan */ scanContent(content: string, filepath: string): Promise<ScanResult[]>; }