-
Notifications
You must be signed in to change notification settings - Fork 33
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #236 from dotenv-org/decrypt
Decrypt command
- Loading branch information
Showing
5 changed files
with
148 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -413,6 +413,7 @@ Below are a list of dotenv-vault cli commands. You can also learn more on the [d | |
* [build](#build) | ||
* [keys](#keys) | ||
* [rotatekey](#rotatekey) | ||
* [decrypt](#decrypt) | ||
* [versions](#versions) | ||
|
||
### `new` | ||
|
@@ -739,6 +740,28 @@ $ npx dotenv-vault rotatekey -y | |
|
||
--- | ||
|
||
### `decrypt` | ||
|
||
Decrypt .env.vault locally. | ||
|
||
Example: | ||
|
||
```bash | ||
$ npx dotenv-vault decrypt dotenv://:[email protected]/vault/.env.vault?environment=development | ||
``` | ||
|
||
##### ARGUMENTS | ||
|
||
*[DOTENV_KEY]* | ||
|
||
Set `DOTENV_KEY` to decrypt .env.vault. Development key will decrypt development, production will decrypt production, and so on. | ||
|
||
``` | ||
$ npx dotenv-vault decrypt dotenv://:[email protected]/vault/.env.vault?environment=development | ||
``` | ||
|
||
--- | ||
|
||
### `versions` | ||
|
||
List version history. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
import {Command} from '@oclif/core' | ||
|
||
import {DecryptService} from '../services/decrypt-service' | ||
|
||
export default class Decrypt extends Command { | ||
static description = 'Decrypt .env.vault locally' | ||
|
||
static examples = [ | ||
'<%= config.bin %> <%= command.id %>', | ||
] | ||
|
||
static args = [ | ||
{ | ||
name: 'DOTENV_KEY', | ||
required: true, | ||
description: 'Set decryption key', | ||
hidden: false, | ||
}, | ||
] | ||
|
||
public async run(): Promise<void> { | ||
const {args} = await this.parse(Decrypt) | ||
const dotenvKey = args.DOTENV_KEY | ||
|
||
await new DecryptService({cmd: this, dotenvKey: dotenvKey}).run() | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
import {LogService} from '../services/log-service' | ||
|
||
import {config} from 'dotenv' | ||
import {decrypt} from 'dotenv-vault-core' | ||
|
||
interface DecryptServiceAttrs { | ||
cmd; | ||
dotenvKey; | ||
} | ||
|
||
type InstructionsType = { | ||
ciphertext: string; | ||
key: string; | ||
} | ||
|
||
class DecryptService { | ||
public cmd; | ||
public dotenvKey; | ||
public log; | ||
|
||
constructor(attrs: DecryptServiceAttrs = {} as DecryptServiceAttrs) { | ||
this.cmd = attrs.cmd | ||
this.dotenvKey = attrs.dotenvKey | ||
|
||
this.log = new LogService({cmd: attrs.cmd}) | ||
} | ||
|
||
async run(): Promise<void> { | ||
const result = config({path: this.vaultPath}) | ||
const keys = this.dotenvKey.split(',') | ||
const length = keys.length | ||
|
||
let decrypted | ||
for (let i = 0; i < length; i++) { | ||
try { | ||
// Get full key | ||
const key = keys[i].trim() | ||
|
||
// Get instructions for decrypt | ||
const attrs = this._instructions(result, key) | ||
|
||
// Decrypt | ||
decrypted = decrypt(attrs.ciphertext, attrs.key) | ||
|
||
break | ||
} catch (error) { | ||
// last key | ||
if (i + 1 >= length) { | ||
throw error | ||
} | ||
// try next key | ||
} | ||
} | ||
|
||
this.log.plain(decrypted) | ||
} | ||
|
||
_instructions(result: string, dotenvKey: string): InstructionsType { | ||
// Parse DOTENV_KEY. Format is a URI | ||
const uri = new URL(dotenvKey) | ||
|
||
// Get decrypt key | ||
const key = uri.password | ||
if (!key) { | ||
throw new Error('INVALID_DOTENV_KEY: Missing key part') | ||
} | ||
|
||
// Get environment | ||
const environment = uri.searchParams.get('environment') | ||
if (!environment) { | ||
throw new Error('INVALID_DOTENV_KEY: Missing environment part') | ||
} | ||
|
||
// Get ciphertext payload | ||
const environmentKey = `DOTENV_VAULT_${environment.toUpperCase()}` | ||
const ciphertext = result.parsed[environmentKey] // DOTENV_VAULT_PRODUCTION | ||
if (!ciphertext) { | ||
throw new Error(`NOT_FOUND_DOTENV_ENVIRONMENT: Cannot locate environment ${environmentKey} in your .env.vault file. Run 'npx dotenv-vault build' to include it.`) | ||
} | ||
|
||
return {ciphertext, key} | ||
} | ||
|
||
get vaultPath(): string { | ||
return '.env.vault' | ||
} | ||
} | ||
|
||
export {DecryptService} | ||
|