fix: encryption environment adding and reading old key revisions

johnb8 · johnb8 · commit ac2d0772d062 · 2023-06-05T16:54:35.000-06:00
diff --git a/app-config-cli/src/index.ts b/app-config-cli/src/index.ts
@@ -44,6 +44,7 @@ import {
   shouldUseSecretAgent,
   startAgent,
   disconnectAgents,
+  getRevisionNumber,
 } from '@app-config/encryption';
 import { loadSchema, JSONSchema } from '@app-config/schema';
 import { generateTypeFiles } from '@app-config/generate';
@@ -595,7 +596,6 @@ export const cli = yargs
               ],
               options: {
                 environmentOverride: environmentOverrideOption,
-                environmentVariableName: environmentVariableNameOption,
               },
             },
             async (opts) => {
@@ -623,7 +623,6 @@ export const cli = yargs
               ],
               options: {
                 environmentOverride: environmentOverrideOption,
-                environmentVariableName: environmentVariableNameOption,
               },
             },
             async (opts) => {
@@ -636,7 +635,14 @@ export const cli = yargs
               let revision: string;
 
               if (keys.length > 0) {
-                revision = latestSymmetricKeyRevision(keys);
+                const latestRevison = latestSymmetricKeyRevision(keys);
+                const revNumber = getRevisionNumber(latestRevison);
+
+                if (environment) {
+                  revision = `${environment}-${revNumber + 1}`;
+                } else {
+                  revision = `${revNumber + 1}`;
+                }
               } else if (environment) {
                 revision = `${environment}-1`;
               } else {
@@ -708,7 +714,6 @@ export const cli = yargs
                 'Creates an encryption key that can be used without a passphrase (useful for CI)',
               options: {
                 environmentOverride: environmentOverrideOption,
-                environmentVariableName: environmentVariableNameOption,
               },
             },
             async (opts) => {
@@ -757,7 +762,6 @@ export const cli = yargs
               },
               options: {
                 environmentOverride: environmentOverrideOption,
-                environmentVariableName: environmentVariableNameOption,
               },
             },
             async (opts) => {
@@ -791,7 +795,6 @@ export const cli = yargs
               },
               options: {
                 environmentOverride: environmentOverrideOption,
-                environmentVariableName: environmentVariableNameOption,
               },
             },
             async (opts) => {
@@ -822,7 +825,6 @@ export const cli = yargs
                 clipboard: clipboardOption,
                 agent: secretAgentOption,
                 environmentOverride: environmentOverrideOption,
-                environmentVariableName: environmentVariableNameOption,
               },
             },
             async (opts) => {
@@ -890,7 +892,6 @@ export const cli = yargs
                 clipboard: clipboardOption,
                 agent: secretAgentOption,
                 environmentOverride: environmentOverrideOption,
-                environmentVariableName: environmentVariableNameOption,
               },
             },
             async (opts) => {
diff --git a/app-config-meta/src/index.ts b/app-config-meta/src/index.ts
@@ -101,6 +101,9 @@ export async function loadMetaConfig({
     const parsed = await source.read(defaultMetaExtensions());
     const value = parsed.toJSON() as MetaProperties;
 
+    // normalize all revisions to be strings even if they're numbers
+    normalizeMetaEncryptionKeyRevisions(value);
+
     const fileSources = parsed.sources.filter((s) => s instanceof FileSource) as FileSource[];
     const [{ filePath, fileType }] = fileSources.filter((s) => s.filePath.includes(fileNameBase));
 
@@ -124,6 +127,26 @@ export async function loadMetaConfig({
   }
 }
 
+function normalizeMetaEncryptionKeyRevisions(meta: MetaProperties): MetaProperties {
+  const stringifyRevision = (keys: EncryptedSymmetricKey[]) => {
+    for (const key of keys) {
+      if (typeof key.revision !== 'string') {
+        key.revision = (key.revision as number).toString();
+      }
+    }
+  };
+
+  if (Array.isArray(meta.encryptionKeys)) {
+    stringifyRevision(meta.encryptionKeys);
+  } else if (meta.encryptionKeys) {
+    for (const env of Object.keys(meta.encryptionKeys)) {
+      stringifyRevision(meta.encryptionKeys[env]);
+    }
+  }
+
+  return meta;
+}
+
 let metaConfig: Promise<MetaConfiguration> | undefined;
 
 export async function loadMetaConfigLazy(options?: MetaLoadingOptions): Promise<MetaConfiguration> {
diff --git a/docs/guide/intro/encryption.md b/docs/guide/intro/encryption.md
@@ -213,4 +213,5 @@ encryptionKeys:
     - revision: 1
       key: '...'
 ```
-To create a new encryption environment use the `init-key` CLI subcommand while setting one of the standard App-Config environment variables (`ENV`, `NODE_ENV`, or `APP_CONFIG_ENV`) with the new encryption environment.
+
+To create a new encryption environment use the `init-repo` CLI subcommand while setting one of the standard App-Config environment variables (`ENV`, `NODE_ENV`, or `APP_CONFIG_ENV`) with the new encryption environment.
