-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
4217b4c
commit a0236d8
Showing
8 changed files
with
189 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
name: Publish package to NPM Registry | ||
on: | ||
release: | ||
types: [published] | ||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: read | ||
packages: write | ||
steps: | ||
- uses: actions/checkout@v4 | ||
|
||
- uses: actions/setup-node@v3 | ||
with: | ||
node-version: '20.x' | ||
registry-url: 'https://registry.npmjs.org' | ||
|
||
- run: npm ci | ||
|
||
- run: npm publish | ||
env: | ||
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,2 @@ | ||
# env-sops | ||
Library for encrypt/decrypt/load environment variables using SOPS+AGE | ||
# sops-toolkit | ||
Package to help encrypt/decrypt ENV files |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
#!/usr/bin/env node | ||
const SOPS_AGE_KEY_FILE = '~/.sops/baiken-age-key.txt' | ||
|
||
const { execSync } = require("child_process") | ||
const { existsSync, readFileSync } = require('fs') | ||
const { resolve, join } = require('path') | ||
const [, , inputFile, outputFolder] = process.argv | ||
|
||
if (!inputFile) { throw new Error('Missing encrypted file.') } | ||
|
||
const sourceFile = resolve(process.cwd(), inputFile) | ||
if (!existsSync(sourceFile)) { throw new Error(`Encrypted file(${sourceFile}) not exists.`) } | ||
|
||
if (!readFileSync(sourceFile, 'utf-8').toString().includes('sops_version')) { throw new Error(`File(${sourceFile}) is not encrypted.`) } | ||
|
||
if (!existsSync(outputFolder)) { throw new Error(`Second parameter the output folder(${outputFolder}) was not provided`) } | ||
|
||
const destinationFile = join(outputFolder, '.env') | ||
|
||
console.log(` | ||
SOPS: decrypt | ||
============= | ||
SOPS_AGE_KEY_FILE: ${SOPS_AGE_KEY_FILE} | ||
sourceFile: ${sourceFile} | ||
destinationFile: ${destinationFile} | ||
`) | ||
|
||
execSync(`sops --decrypt --age $(cat ${SOPS_AGE_KEY_FILE} | grep -oEi "public key: (.*)" | grep -oEi "\\b(\\w+)$") ${sourceFile} > ${destinationFile}`) | ||
|
||
console.log('encrypt', process.argv, sourceFile) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
#!/usr/bin/env node | ||
const SOPS_AGE_KEY_FILE = '~/.sops/baiken-age-key.txt' | ||
|
||
const { execSync } = require("child_process") | ||
const { existsSync, readFileSync } = require('fs') | ||
const { resolve } = require('path') | ||
const [, , inputFile] = process.argv | ||
|
||
if (!inputFile) { throw new Error('Missing encrypted file.') } | ||
|
||
const destinationPath = resolve(process.cwd(), inputFile) | ||
if (!existsSync(destinationPath)) { throw new Error(`Encrypted file(${destinationPath}) not exists.`) } | ||
|
||
if (readFileSync(destinationPath,'utf-8').toString().includes('sops_version')) { throw new Error(`Encrypted file(${destinationPath}) already encrypted.`) } | ||
|
||
console.log(` | ||
SOPS: encrypt | ||
============= | ||
SOPS_AGE_KEY_FILE: ${SOPS_AGE_KEY_FILE} | ||
destinationPath: ${destinationPath} | ||
`) | ||
|
||
execSync(`sops --encrypt --age "age1f6u2zw6323cx3lwtqeeusessqra5wg0curq6lxtqcql9yh0s5sgq2k38m9" -i ${destinationPath}`) | ||
|
||
console.log('encrypt', process.argv, destinationPath) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
const { loadEnvs } = require('./lib/load-envs') | ||
|
||
module.exports = { | ||
loadEnvs | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
const SOPS_AGE_KEY_FILE = '~/.sops/baiken-age-key.txt' | ||
const { config: dotEnv } = require('dotenv') | ||
const { execSync } = require("child_process") | ||
const { existsSync } = require('fs') | ||
const { resolve, join } = require('path') | ||
|
||
module.exports.loadEnvs = async function (inputFile, rootFolder = process.cwd()) { | ||
const AGE_PRIVATE_KEY = process?.env?.AGE_PRIVATE_KEY | ||
console.log(` | ||
SOPS: app decrypt and loading envs | ||
============= | ||
AGE_PRIVATE_KEY: ${AGE_PRIVATE_KEY} | ||
SOPS_AGE_KEY_FILE: ${SOPS_AGE_KEY_FILE} | ||
inputFile: ${inputFile} | ||
destinationFile: ${rootFolder} | ||
`) | ||
const sourceFile = resolve(rootFolder, inputFile) | ||
if (!existsSync(sourceFile)) { throw new Error(`Encrypted file(${sourceFile}) not exists.`) } | ||
|
||
const localEnvFile = join(rootFolder, 'local.env') | ||
const destinationFile = join(rootFolder, '.env') | ||
|
||
if (process?.env?.AGE_PRIVATE_KEY) { | ||
console.log(`Decrypting ${sourceFile} to ${destinationFile} using AGE_PRIVATE_KEY`) | ||
execSync(`sops --decrypt ${sourceFile} > ${destinationFile}`) | ||
} else { | ||
console.log(`Decrypting ${sourceFile} to ${destinationFile} using SOPS_AGE_KEY_FILE`) | ||
execSync(`sops --decrypt --age $(cat ${SOPS_AGE_KEY_FILE} | grep -oEi "public key: (.*)" | grep -oEi "\\b(\\w+)$") ${sourceFile} > ${destinationFile}`) | ||
} | ||
|
||
if (existsSync(localEnvFile)) { | ||
console.log(`Loading ${localEnvFile}`) | ||
dotEnv({ path: localEnvFile }) | ||
} | ||
|
||
dotEnv({ path: destinationFile }) | ||
} | ||
|
||
|
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
{ | ||
"name": "env-sops", | ||
"version": "1.0.0", | ||
"description": "Package to help encrypt/decrypt ENV files", | ||
"main": "index.js", | ||
"files": [ | ||
"index.js", | ||
"lib/**/*" | ||
], | ||
"repository": { | ||
"type": "git", | ||
"url": "git+https://github.com/mrosalesdiaz/env-sops.git" | ||
}, | ||
"author": "[email protected]", | ||
"license": "Apache-2.0", | ||
"bugs": { | ||
"url": "https://github.com/mrosalesdiaz/env-sops/issues" | ||
}, | ||
"homepage": "https://github.com/mrosalesdiaz/env-sops#readme", | ||
"bin": { | ||
"env-encrypt": "./bin/encrypt.js", | ||
"env-decrypt": "./bin/decrypt.js" | ||
}, | ||
"dependencies": { | ||
"dotenv": "^16.3.1" | ||
} | ||
} |