Skip to content

Commit

Permalink
Initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
mrosalesdiaz committed Nov 12, 2023
1 parent 4217b4c commit a0236d8
Show file tree
Hide file tree
Showing 8 changed files with 189 additions and 2 deletions.
23 changes: 23 additions & 0 deletions .github/workflows/publish-package.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
name: Publish package to NPM Registry
on:
release:
types: [published]
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4

- uses: actions/setup-node@v3
with:
node-version: '20.x'
registry-url: 'https://registry.npmjs.org'

- run: npm ci

- run: npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
# env-sops
Library for encrypt/decrypt/load environment variables using SOPS+AGE
# sops-toolkit
Package to help encrypt/decrypt ENV files
30 changes: 30 additions & 0 deletions bin/decrypt.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
#!/usr/bin/env node
const SOPS_AGE_KEY_FILE = '~/.sops/baiken-age-key.txt'

const { execSync } = require("child_process")
const { existsSync, readFileSync } = require('fs')
const { resolve, join } = require('path')
const [, , inputFile, outputFolder] = process.argv

if (!inputFile) { throw new Error('Missing encrypted file.') }

const sourceFile = resolve(process.cwd(), inputFile)
if (!existsSync(sourceFile)) { throw new Error(`Encrypted file(${sourceFile}) not exists.`) }

if (!readFileSync(sourceFile, 'utf-8').toString().includes('sops_version')) { throw new Error(`File(${sourceFile}) is not encrypted.`) }

if (!existsSync(outputFolder)) { throw new Error(`Second parameter the output folder(${outputFolder}) was not provided`) }

const destinationFile = join(outputFolder, '.env')

console.log(`
SOPS: decrypt
=============
SOPS_AGE_KEY_FILE: ${SOPS_AGE_KEY_FILE}
sourceFile: ${sourceFile}
destinationFile: ${destinationFile}
`)

execSync(`sops --decrypt --age $(cat ${SOPS_AGE_KEY_FILE} | grep -oEi "public key: (.*)" | grep -oEi "\\b(\\w+)$") ${sourceFile} > ${destinationFile}`)

console.log('encrypt', process.argv, sourceFile)
25 changes: 25 additions & 0 deletions bin/encrypt.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
#!/usr/bin/env node
const SOPS_AGE_KEY_FILE = '~/.sops/baiken-age-key.txt'

const { execSync } = require("child_process")
const { existsSync, readFileSync } = require('fs')
const { resolve } = require('path')
const [, , inputFile] = process.argv

if (!inputFile) { throw new Error('Missing encrypted file.') }

const destinationPath = resolve(process.cwd(), inputFile)
if (!existsSync(destinationPath)) { throw new Error(`Encrypted file(${destinationPath}) not exists.`) }

if (readFileSync(destinationPath,'utf-8').toString().includes('sops_version')) { throw new Error(`Encrypted file(${destinationPath}) already encrypted.`) }

console.log(`
SOPS: encrypt
=============
SOPS_AGE_KEY_FILE: ${SOPS_AGE_KEY_FILE}
destinationPath: ${destinationPath}
`)

execSync(`sops --encrypt --age "age1f6u2zw6323cx3lwtqeeusessqra5wg0curq6lxtqcql9yh0s5sgq2k38m9" -i ${destinationPath}`)

console.log('encrypt', process.argv, destinationPath)
5 changes: 5 additions & 0 deletions index.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
const { loadEnvs } = require('./lib/load-envs')

module.exports = {
loadEnvs
}
39 changes: 39 additions & 0 deletions lib/load-envs.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
const SOPS_AGE_KEY_FILE = '~/.sops/baiken-age-key.txt'
const { config: dotEnv } = require('dotenv')
const { execSync } = require("child_process")
const { existsSync } = require('fs')
const { resolve, join } = require('path')

module.exports.loadEnvs = async function (inputFile, rootFolder = process.cwd()) {
const AGE_PRIVATE_KEY = process?.env?.AGE_PRIVATE_KEY
console.log(`
SOPS: app decrypt and loading envs
=============
AGE_PRIVATE_KEY: ${AGE_PRIVATE_KEY}
SOPS_AGE_KEY_FILE: ${SOPS_AGE_KEY_FILE}
inputFile: ${inputFile}
destinationFile: ${rootFolder}
`)
const sourceFile = resolve(rootFolder, inputFile)
if (!existsSync(sourceFile)) { throw new Error(`Encrypted file(${sourceFile}) not exists.`) }

const localEnvFile = join(rootFolder, 'local.env')
const destinationFile = join(rootFolder, '.env')

if (process?.env?.AGE_PRIVATE_KEY) {
console.log(`Decrypting ${sourceFile} to ${destinationFile} using AGE_PRIVATE_KEY`)
execSync(`sops --decrypt ${sourceFile} > ${destinationFile}`)
} else {
console.log(`Decrypting ${sourceFile} to ${destinationFile} using SOPS_AGE_KEY_FILE`)
execSync(`sops --decrypt --age $(cat ${SOPS_AGE_KEY_FILE} | grep -oEi "public key: (.*)" | grep -oEi "\\b(\\w+)$") ${sourceFile} > ${destinationFile}`)
}

if (existsSync(localEnvFile)) {
console.log(`Loading ${localEnvFile}`)
dotEnv({ path: localEnvFile })
}

dotEnv({ path: destinationFile })
}


38 changes: 38 additions & 0 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

27 changes: 27 additions & 0 deletions package.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
{
"name": "env-sops",
"version": "1.0.0",
"description": "Package to help encrypt/decrypt ENV files",
"main": "index.js",
"files": [
"index.js",
"lib/**/*"
],
"repository": {
"type": "git",
"url": "git+https://github.com/mrosalesdiaz/env-sops.git"
},
"author": "[email protected]",
"license": "Apache-2.0",
"bugs": {
"url": "https://github.com/mrosalesdiaz/env-sops/issues"
},
"homepage": "https://github.com/mrosalesdiaz/env-sops#readme",
"bin": {
"env-encrypt": "./bin/encrypt.js",
"env-decrypt": "./bin/decrypt.js"
},
"dependencies": {
"dotenv": "^16.3.1"
}
}

0 comments on commit a0236d8

Please sign in to comment.