chore: tests for env secret key

johnb8 · johnb8 · commit a8ea8c672fad · 2023-05-21T16:29:02.000-06:00
diff --git a/app-config-encryption/src/encryption.test.ts b/app-config-encryption/src/encryption.test.ts
@@ -4,6 +4,7 @@ import { SecretsRequireTTYError } from '@app-config/core';
 import { loadMetaConfig } from '@app-config/meta';
 import { withTempFiles, mockedStdin } from '@app-config/test-utils';
 
+import { defaultEnvOptions } from '@app-config/node';
 import {
   initializeKeys,
   initializeKeysManually,
@@ -102,6 +103,77 @@ describe('User Keys', () => {
   });
 });
 
+const createKeys = async () => {
+  const { privateKeyArmored, publicKeyArmored } = await initializeKeysManually({
+    name: 'Tester',
+    email: 'test@example.com',
+  });
+
+  return {
+    privateKey: await loadPrivateKey(privateKeyArmored),
+    publicKey: await loadPublicKey(publicKeyArmored),
+    privateKeyArmored,
+    publicKeyArmored,
+  };
+};
+
+describe('User keys from environment', () => {
+  it('loads user keys from environment', async () => {
+    const keys = await createKeys();
+
+    process.env.APP_CONFIG_SECRETS_PUBLIC_KEY = keys.publicKeyArmored;
+    process.env.APP_CONFIG_SECRETS_KEY = keys.privateKeyArmored;
+
+    const privateKey = await loadPrivateKey();
+    const publicKey = await loadPublicKey();
+
+    expect(privateKey.getFingerprint()).toEqual(keys.privateKey.getFingerprint());
+    expect(publicKey.getFingerprint()).toEqual(keys.publicKey.getFingerprint());
+  });
+
+  it('loads environment user keys from environment', async () => {
+    const keys = await createKeys();
+
+    process.env.APP_CONFIG_SECRETS_PUBLIC_KEY_PRODUCTION = keys.publicKeyArmored;
+    process.env.APP_CONFIG_SECRETS_KEY_PRODUCTION = keys.privateKeyArmored;
+    process.env.APP_CONFIG_ENV = 'prod';
+
+    const privateKey = await loadPrivateKey(undefined, defaultEnvOptions);
+    const publicKey = await loadPublicKey(undefined, defaultEnvOptions);
+
+    expect(privateKey.getFingerprint()).toEqual(keys.privateKey.getFingerprint());
+    expect(publicKey.getFingerprint()).toEqual(keys.publicKey.getFingerprint());
+  });
+
+  it('loads aliased environment user keys from environment', async () => {
+    const keys = await createKeys();
+
+    process.env.APP_CONFIG_SECRETS_PUBLIC_KEY_PROD = keys.publicKeyArmored;
+    process.env.APP_CONFIG_SECRETS_KEY_PROD = keys.privateKeyArmored;
+    process.env.APP_CONFIG_ENV = 'prod';
+
+    const privateKey = await loadPrivateKey(undefined, defaultEnvOptions);
+    const publicKey = await loadPublicKey(undefined, defaultEnvOptions);
+
+    expect(privateKey.getFingerprint()).toEqual(keys.privateKey.getFingerprint());
+    expect(publicKey.getFingerprint()).toEqual(keys.publicKey.getFingerprint());
+  });
+
+  it('falls back to key with no environment', async () => {
+    const keys = await createKeys();
+
+    process.env.APP_CONFIG_SECRETS_PUBLIC_KEY = keys.publicKeyArmored;
+    process.env.APP_CONFIG_SECRETS_KEY = keys.privateKeyArmored;
+    process.env.APP_CONFIG_ENV = 'prod';
+
+    const privateKey = await loadPrivateKey(undefined, defaultEnvOptions);
+    const publicKey = await loadPublicKey(undefined, defaultEnvOptions);
+
+    expect(privateKey.getFingerprint()).toEqual(keys.privateKey.getFingerprint());
+    expect(publicKey.getFingerprint()).toEqual(keys.publicKey.getFingerprint());
+  });
+});
+
 const createKey = async () => {
   const { privateKeyArmored } = await initializeKeysManually({
     name: 'Tester',
diff --git a/app-config-encryption/src/encryption.ts b/app-config-encryption/src/encryption.ts
@@ -156,7 +156,7 @@ export async function loadPrivateKey(
   if (override) {
     overrideKey = override;
   } else {
-    overrideKey = getKeyFromEnv('public', environmentOptions);
+    overrideKey = getKeyFromEnv('private', environmentOptions);
   }
 
   if (overrideKey) {
@@ -244,6 +244,11 @@ function getKeyFromEnv(keyType: 'private' | 'public', envOptions?: EnvironmentOp
     }
   }
 
+  // if we didn't find a key with an environment, fallback on one without if it exists
+  if (!key) {
+    key = process.env[envVarPrefix];
+  }
+
   return key;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -156,7 +156,7 @@ export async function loadPrivateKey(`
`156`	`156`	`if (override) {`
`157`	`157`	`overrideKey = override;`
`158`	`158`	`} else {`
`159`		`- overrideKey = getKeyFromEnv('public', environmentOptions);`
	`159`	`+ overrideKey = getKeyFromEnv('private', environmentOptions);`
`160`	`160`	`}`
`161`	`161`
`162`	`162`	`if (overrideKey) {`
`@@ -244,6 +244,11 @@ function getKeyFromEnv(keyType: 'private' \| 'public', envOptions?: EnvironmentOp`
`244`	`244`	`}`
`245`	`245`	`}`
`246`	`246`
	`247`	`+ // if we didn't find a key with an environment, fallback on one without if it exists`
	`248`	`+ if (!key) {`
	`249`	`+ key = process.env[envVarPrefix];`
	`250`	`+ }`
	`251`	`+`
`247`	`252`	`return key;`
`248`	`253`	`}`
`249`	`254`