UNPKG

vinz

Version:

Enables secure storage of credentials right in your repo using AWS KMS.

github.com/bjacobel/vinz

bjacobel/vinz

102 lines (80 loc) 3.4 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
'use strict'; Object.defineProperty(exports, "__esModule", { value: true }); var _awsSdk = require('aws-sdk'); var _awsSdk2 = _interopRequireDefault(_awsSdk); var _path = require('path'); var _path2 = _interopRequireDefault(_path); var _fs = require('fs'); var _fs2 = _interopRequireDefault(_fs); var _ini = require('ini'); var _ini2 = _interopRequireDefault(_ini); function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; } class AWSWithConfig { constructor(accessKeyId, secretAccessKey, region, profile) { /* Five different kinds of auth can be done, try them in this order: - Passed in explicitly (using commander.region, commander.accessKeyId and commander.secretAccessKey) - ~/.aws/credentials and ~/.aws/config (using commander.profile) - ~/.aws/credentials and ~/.aws/config (using the default profile) - env variables (AWS_DEFAULT_REGION, AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY) - On Lambda (EC2), auth should Just Work™ (due to preprovisioned IAM roles) */ const configExists = this.checkAWSConfigFilesExistence(); let authMethod; if (accessKeyId && secretAccessKey && region) { authMethod = 'Using AWS config and credentials explicitly passed'; _awsSdk2.default.config.update({ accessKeyId: accessKeyId, secretAccessKey: secretAccessKey, region: region }); } else if (configExists) { const customProf = profile === undefined ? 'default' : profile; authMethod = `Using ~/.aws/config and ~/.aws/credentials with the [${ customProf }] profile`; const credentials = new _awsSdk2.default.SharedIniFileCredentials({ profile: customProf }); _awsSdk2.default.config.credentials = credentials; _awsSdk2.default.config.update({ region: this.getRegion(customProf) }); } else if (this.checkProcessEnv()) { // in production environments we set credentials using env vars, but region is not set // so we must set the region if it's passed and we determine we're using env vars for auth method if (region) { _awsSdk2.default.config.update({ region: region }); } authMethod = 'Using AWS config and credentials preset in environment variables'; } if (authMethod) { console.log(authMethod); } else { throw new Error('Could not find AWS config and/or credentials. See `vinz --help` ' + 'for more info on your options for specifying credentials.'); } this.KMS = new _awsSdk2.default.KMS(); this.credentials = _awsSdk2.default.config.credentials; } checkAWSConfigFilesExistence() { try { _fs2.default.statSync(_path2.default.join(process.env.HOME, '.aws/config')); _fs2.default.statSync(_path2.default.join(process.env.HOME, '.aws/credentials')); return true; } catch (e) { return false; } } checkProcessEnv() { return process.env.AWS_ACCESS_KEY_ID && process.env.AWS_SECRET_ACCESS_KEY; } getRegion(profile) { const file = _fs2.default.readFileSync(_path2.default.join(process.env.HOME, '.aws/config'), 'utf-8'); const parsedIni = _ini2.default.parse(file); if (profile === 'default') { return parsedIni[profile].region; } else { return parsedIni[`profile ${ profile }`].region; } } } exports.default = AWSWithConfig;