Skip to content

Commit 3164aed

Browse files
joelgallantjoelgallant
committed
feat: adds support for reading from APP_CONFIG_SECRETS_KEY_FILE and APP_CONFIG_SECRETS_PUBLIC_KEY_FILE
1 parent 9ded2fd commit 3164aed

File tree

2 files changed

+27
-6
lines changed

2 files changed

+27
-6
lines changed

app-config-encryption/src/encryption.ts

Lines changed: 22 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -140,9 +140,17 @@ export async function loadKey(contents: string | Buffer): Promise<Key> {
140140
return keys[0];
141141
}
142142

143-
export async function loadPrivateKey(
144-
override: string | Buffer | undefined = process.env.APP_CONFIG_SECRETS_KEY,
145-
): Promise<Key> {
143+
export async function loadPrivateKey(override?: string | Buffer): Promise<Key> {
144+
if (override === undefined) {
145+
if (process.env.APP_CONFIG_SECRETS_KEY) {
146+
// eslint-disable-next-line no-param-reassign
147+
override = process.env.APP_CONFIG_SECRETS_KEY;
148+
} else if (process.env.APP_CONFIG_SECRETS_KEY_FILE) {
149+
// eslint-disable-next-line no-param-reassign
150+
override = (await fs.readFile(process.env.APP_CONFIG_SECRETS_KEY_FILE)).toString();
151+
}
152+
}
153+
146154
let key: Key;
147155

148156
if (override) {
@@ -176,9 +184,17 @@ export async function loadPrivateKey(
176184
return key;
177185
}
178186

179-
export async function loadPublicKey(
180-
override: string | Buffer | undefined = process.env.APP_CONFIG_SECRETS_PUBLIC_KEY,
181-
): Promise<Key> {
187+
export async function loadPublicKey(override?: string | Buffer): Promise<Key> {
188+
if (override === undefined) {
189+
if (process.env.APP_CONFIG_SECRETS_PUBLIC_KEY) {
190+
// eslint-disable-next-line no-param-reassign
191+
override = process.env.APP_CONFIG_SECRETS_PUBLIC_KEY;
192+
} else if (process.env.APP_CONFIG_SECRETS_PUBLIC_KEY_FILE) {
193+
// eslint-disable-next-line no-param-reassign
194+
override = (await fs.readFile(process.env.APP_CONFIG_SECRETS_PUBLIC_KEY_FILE)).toString();
195+
}
196+
}
197+
182198
let key: Key;
183199

184200
if (override) {

docs/guide/intro/encryption.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,11 @@ This key (public + private) can be added as protected environment variables in y
105105
- `APP_CONFIG_SECRETS_KEY`
106106
- `APP_CONFIG_SECRETS_PUBLIC_KEY`
107107

108+
Or, in files referenced by:
109+
110+
- `APP_CONFIG_SECRETS_KEY_FILE`
111+
- `APP_CONFIG_SECRETS_PUBLIC_KEY_FILE`
112+
108113
The CLI will output both of these with instructions.
109114

110115
## Implementation Details

0 commit comments

Comments
 (0)