import * as tls from 'node:tls';
import { CredentialsProvider } from './index.js';
/**
 * Reads TLS/SSL configuration from environment variables.
 *
 * Supported variables:
 * - CA: `YDB_SSL_ROOT_CERTIFICATES_FILE` (file path) or `NODE_EXTRA_CA_CERTS` (file path)
 *       or `YDB_SSL_ROOT_CERTIFICATES` (PEM string)
 * - Client cert: `YDB_SSL_CERTIFICATE_FILE` (file path) or `YDB_SSL_CERTIFICATE` (PEM string)
 * - Client key: `YDB_SSL_PRIVATE_KEY_FILE` (file path) or `YDB_SSL_PRIVATE_KEY` (PEM string)
 *
 * File variants take priority over string variants.
 *
 * @returns `tls.SecureContextOptions` if any TLS env vars are set, `undefined` otherwise.
 */
export declare function getSecureOptionsFromEnviron(): tls.SecureContextOptions | undefined;
/**
 * A credentials provider that auto-detects the authentication method
 * from environment variables, following the official YDB SDK conventions.
 *
 * Detection priority (first match wins):
 * 1. `YDB_ANONYMOUS_CREDENTIALS=1` → Anonymous
 * 2. `YDB_METADATA_CREDENTIALS=1` → Metadata
 *    - `YDB_METADATA_CREDENTIALS_ENDPOINT` — custom metadata endpoint
 *    - `YDB_METADATA_CREDENTIALS_FLAVOR` — custom metadata flavor (e.g. `Google`)
 * 3. `YDB_ACCESS_TOKEN_CREDENTIALS` → Access Token
 * 4. `YDB_STATIC_CREDENTIALS_USER` → Static (username/password)
 * 5. None → Anonymous
 *
 * TLS/SSL is auto-detected from environment variables and exposed via `secureOptions`:
 * - `YDB_SSL_ROOT_CERTIFICATES_FILE` / `NODE_EXTRA_CA_CERTS` (file) or `YDB_SSL_ROOT_CERTIFICATES` (PEM string)
 * - `YDB_SSL_CERTIFICATE_FILE` (file) or `YDB_SSL_CERTIFICATE` (PEM string)
 * - `YDB_SSL_PRIVATE_KEY_FILE` (file) or `YDB_SSL_PRIVATE_KEY` (PEM string)
 *
 * @example
 * ```ts
 * import { EnvironCredentialsProvider } from '@ydbjs/auth/environ'
 *
 * let creds = new EnvironCredentialsProvider(connectionString)
 * let driver = new Driver(connectionString, {
 *   credentialsProvider: creds,
 *   secureOptions: creds.secureOptions,
 * })
 * ```
 */
export declare class EnvironCredentialsProvider extends CredentialsProvider {
    #private;
    /**
     * TLS/SSL options detected from environment variables.
     * Pass this to `Driver` as `secureOptions`.
     */
    readonly secureOptions: tls.SecureContextOptions | undefined;
    constructor(connectionString?: string);
    getToken(force?: boolean, signal?: AbortSignal): Promise<string>;
}
//# sourceMappingURL=environ.d.ts.map