50 lines
1.3 KiB
TypeScript
50 lines
1.3 KiB
TypeScript
import fs from "fs";
|
|
import path from "path";
|
|
import { execFileSync } from "child_process";
|
|
|
|
function parseDotenv(contents: string) {
|
|
contents
|
|
.split("\n")
|
|
.map((line) => line.trim())
|
|
.filter((line) => line && !line.startsWith("#"))
|
|
.forEach((line) => {
|
|
const idx = line.indexOf("=");
|
|
if (idx === -1) return;
|
|
const key = line.slice(0, idx).trim();
|
|
let value = line.slice(idx + 1).trim();
|
|
if (!key || key in process.env) return;
|
|
if (
|
|
(value.startsWith('"') && value.endsWith('"')) ||
|
|
(value.startsWith("'") && value.endsWith("'"))
|
|
) {
|
|
value = value.slice(1, -1);
|
|
}
|
|
process.env[key] = value;
|
|
});
|
|
}
|
|
|
|
export function loadLocalSecrets() {
|
|
const root = process.cwd();
|
|
const plainPath = path.join(root, "creds", "secrets.env");
|
|
const encPath = path.join(root, "creds", "secrets.enc.env");
|
|
|
|
if (fs.existsSync(plainPath)) {
|
|
try {
|
|
parseDotenv(fs.readFileSync(plainPath, "utf8"));
|
|
return;
|
|
} catch {
|
|
// ignore and try encrypted
|
|
}
|
|
}
|
|
|
|
if (fs.existsSync(encPath) && !process.env.SKIP_SOPS_AUTOLOAD) {
|
|
try {
|
|
const output = execFileSync("sops", ["-d", encPath], {
|
|
encoding: "utf8",
|
|
});
|
|
parseDotenv(output);
|
|
} catch {
|
|
// silent fail if sops/key not available
|
|
}
|
|
}
|
|
}
|