1 | #!/usr/bin/env node
|
2 |
|
3 | import * as yargs from 'yargs'
|
4 | import { dimGrey } from '../colors'
|
5 | import { runScript } from '../script'
|
6 | import { DecryptCLIOptions, secretsDecrypt } from '../secret/secrets-decrypt.util'
|
7 |
|
8 | runScript(() => {
|
9 | const { dir, file, encKey, del, jsonMode } = getDecryptCLIOptions()
|
10 |
|
11 | secretsDecrypt(dir, file, encKey, del, jsonMode)
|
12 | })
|
13 |
|
14 | function getDecryptCLIOptions(): DecryptCLIOptions {
|
15 | require('dotenv').config()
|
16 |
|
17 | let { dir, file, encKey, encKeyVar, del, jsonMode } = yargs.options({
|
18 | dir: {
|
19 | type: 'array',
|
20 | desc: 'Directory with secrets. Can be many',
|
21 |
|
22 | default: './secret',
|
23 | },
|
24 | file: {
|
25 | type: 'string',
|
26 | desc: 'Single file to decrypt. Useful in jsonMode',
|
27 | },
|
28 | encKey: {
|
29 | type: 'string',
|
30 | desc: 'Encryption key',
|
31 |
|
32 |
|
33 | },
|
34 | encKeyVar: {
|
35 | type: 'string',
|
36 | desc: 'Env variable name to get `encKey` from.',
|
37 | default: 'SECRET_ENCRYPTION_KEY',
|
38 | },
|
39 |
|
40 |
|
41 |
|
42 |
|
43 | del: {
|
44 | type: 'boolean',
|
45 | desc: 'Delete source files after encryption/decryption. Be careful!',
|
46 | },
|
47 | jsonMode: {
|
48 | type: 'boolean',
|
49 | desc: 'JSON mode. Encrypts only json values, not the whole file',
|
50 | default: false,
|
51 | },
|
52 | }).argv
|
53 |
|
54 | if (!encKey) {
|
55 | encKey = process.env[encKeyVar]
|
56 |
|
57 | if (encKey) {
|
58 | console.log(`using encKey from env.${dimGrey(encKeyVar)}`)
|
59 | } else {
|
60 | throw new Error(
|
61 | `encKey is required. Can be provided as --encKey or env.SECRET_ENCRYPTION_KEY (see readme.md)`,
|
62 | )
|
63 | }
|
64 | }
|
65 |
|
66 |
|
67 | return { dir: dir as any, file, encKey, del, jsonMode }
|
68 | }
|