1 | #!/usr/bin/env node
|
2 |
|
3 | import * as yargs from 'yargs'
|
4 | import { dimGrey } from '../colors'
|
5 | import { runScript } from '../script'
|
6 | import { EncryptCLIOptions, secretsEncrypt } from '../secret/secrets-encrypt.util'
|
7 |
|
8 | runScript(() => {
|
9 | const { pattern, file, encKey, del, jsonMode } = getEncryptCLIOptions()
|
10 |
|
11 | secretsEncrypt(pattern, file, encKey, del, jsonMode)
|
12 | })
|
13 |
|
14 | function getEncryptCLIOptions(): EncryptCLIOptions {
|
15 | require('dotenv').config()
|
16 |
|
17 | let { pattern, file, encKey, encKeyVar, del, jsonMode } = yargs.options({
|
18 | pattern: {
|
19 | type: 'string',
|
20 | array: true,
|
21 | desc: 'Globby pattern for secrets. Can be many.',
|
22 |
|
23 | default: './secret/**',
|
24 | },
|
25 | file: {
|
26 | type: 'string',
|
27 | desc: 'Single file to decrypt. Useful in jsonMode',
|
28 | },
|
29 | encKey: {
|
30 | type: 'string',
|
31 | desc: 'Encryption key',
|
32 |
|
33 |
|
34 | },
|
35 | encKeyVar: {
|
36 | type: 'string',
|
37 | desc: 'Env variable name to get `encKey` from.',
|
38 | default: 'SECRET_ENCRYPTION_KEY',
|
39 | },
|
40 |
|
41 |
|
42 |
|
43 |
|
44 | del: {
|
45 | type: 'boolean',
|
46 | desc: 'Delete source files after encryption/decryption. Be careful!',
|
47 | default: false,
|
48 | },
|
49 | jsonMode: {
|
50 | type: 'boolean',
|
51 | desc: 'JSON mode. Encrypts only json values, not the whole file',
|
52 | default: false,
|
53 | },
|
54 | }).argv
|
55 |
|
56 | if (!encKey) {
|
57 | encKey = process.env[encKeyVar]
|
58 |
|
59 | if (encKey) {
|
60 | console.log(`using encKey from process.env.${dimGrey(encKeyVar)}`)
|
61 | } else {
|
62 | throw new Error(
|
63 | `encKey is required. Can be provided as --encKey or env.SECRET_ENCRYPTION_KEY (see readme.md)`,
|
64 | )
|
65 | }
|
66 | }
|
67 |
|
68 |
|
69 | return { pattern: pattern as any, file, encKey, del, jsonMode }
|
70 | }
|