UNPKG

@naturalcycles/nodejs-lib/dist/security/secret.util.d.ts

Version:

1.49 kBTypeScriptView Raw

1import { StringMap } from '@naturalcycles/js-lib';
2/**
3 * Loads plaintext secrets from process.env, removes them, stores locally.
4 * Make sure to call this function early on server startup, so secrets are removed from process.env
5 *
6 * Does NOT delete previous secrets from secretMap.
7 */
8export declare function loadSecretsFromEnv(): void;
9/**
10 * Removes process.env.SECRET_*
11 */
12export declare function removeSecretsFromEnv(): void;
13/**
14 * Does NOT delete previous secrets from secretMap.
15 *
16 * If SECRET_ENCRYPTION_KEY argument is passed - will decrypt the contents of the file first, before parsing it as JSON.
17 *
18 * Whole file is encrypted.
19 * For "json-values encrypted" style - use `loadSecretsFromEncryptedJsonFileValues`
20 */
21export declare function loadSecretsFromEncryptedJsonFile(filePath: string, secretEncryptionKey?: string): void;
22/**
23 * Whole file is NOT encrypted, but instead individual json values ARE encrypted..
24 * For whole-file encryption - use `loadSecretsFromEncryptedJsonFile`
25 */
26export declare function loadSecretsFromEncryptedJsonFileValues(filePath: string, secretEncryptionKey?: string): void;
27/**
28 * json secrets are always base64'd
29 */
30export declare function secret<T = string>(k: string, json?: boolean): T;
31export declare function secretOptional<T = string>(k: string, json?: boolean): T | undefined;
32export declare function getSecretMap(): StringMap;
33/**
34 * REPLACES secretMap with new map.
35 */
36export declare function setSecretMap(map: StringMap): void;

1	`import { StringMap } from '@naturalcycles/js-lib';`
2	`/**`
3	`* Loads plaintext secrets from process.env, removes them, stores locally.`
4	`* Make sure to call this function early on server startup, so secrets are removed from process.env`
5	`*`
6	`* Does NOT delete previous secrets from secretMap.`
7	`*/`
8	`export declare function loadSecretsFromEnv(): void;`
9	`/**`
10	`* Removes process.env.SECRET_*`
11	`*/`
12	`export declare function removeSecretsFromEnv(): void;`
13	`/**`
14	`* Does NOT delete previous secrets from secretMap.`
15	`*`
16	`* If SECRET_ENCRYPTION_KEY argument is passed - will decrypt the contents of the file first, before parsing it as JSON.`
17	`*`
18	`* Whole file is encrypted.`
19	* For "json-values encrypted" style - use `loadSecretsFromEncryptedJsonFileValues`
20	`*/`
21	`export declare function loadSecretsFromEncryptedJsonFile(filePath: string, secretEncryptionKey?: string): void;`
22	`/**`
23	`* Whole file is NOT encrypted, but instead individual json values ARE encrypted..`
24	* For whole-file encryption - use `loadSecretsFromEncryptedJsonFile`
25	`*/`
26	`export declare function loadSecretsFromEncryptedJsonFileValues(filePath: string, secretEncryptionKey?: string): void;`
27	`/**`
28	`* json secrets are always base64'd`
29	`*/`
30	`export declare function secret<T = string>(k: string, json?: boolean): T;`
31	`export declare function secretOptional<T = string>(k: string, json?: boolean): T \| undefined;`
32	`export declare function getSecretMap(): StringMap;`
33	`/**`
34	`* REPLACES secretMap with new map.`
35	`*/`
36	`export declare function setSecretMap(map: StringMap): void;`