Skip to content

Commit 8a3ca4d

Browse files
chrisbbreuerchrisbbreuer
committed
chore: wip
1 parent 25999b8 commit 8a3ca4d

File tree

3 files changed

+40
-2
lines changed

3 files changed

+40
-2
lines changed

config/email.ts

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,21 @@ export default {
1818

1919
domain: envVars.MAIL_DOMAIN || 'stacksjs.com',
2020

21-
mailboxes: ['[email protected]', '[email protected]', '[email protected]'],
21+
/**
22+
* Mailbox users for IMAP/SMTP access.
23+
* Passwords are automatically looked up from MAIL_PASSWORD_<USERNAME> env vars.
24+
* After first deploy, passwords are synced to AWS Secrets Manager.
25+
*
26+
* Supported formats:
27+
* - Simple usernames: ['chris', 'blake'] -> chris@{domain}, blake@{domain}
28+
* - Full emails: ['[email protected]']
29+
* - Objects: [{ email: 'chris', password: '...' }]
30+
*/
31+
mailboxes: [
32+
'chris',
33+
'blake',
34+
'glenn',
35+
],
2236

2337
url: envVars.APP_URL || 'https://stacksjs.com',
2438
charset: 'UTF-8',

storage/framework/core/cloud/src/cloud/mail-server.ts

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -180,6 +180,21 @@ export class MailServerStack {
180180
resources: ['*'],
181181
}))
182182

183+
// Grant Secrets Manager access for IMAP credentials
184+
// This allows the mail server to fetch credentials from the secret
185+
// created by deploy-imap.ts or stored in stacks/mail-server/credentials
186+
instanceRole.addToPolicy(new iam.PolicyStatement({
187+
effect: iam.Effect.ALLOW,
188+
actions: [
189+
'secretsmanager:GetSecretValue',
190+
'secretsmanager:DescribeSecret',
191+
],
192+
resources: [
193+
`arn:aws:secretsmanager:${Stack.of(scope).region}:${Stack.of(scope).account}:secret:stacks/*`,
194+
`arn:aws:secretsmanager:${Stack.of(scope).region}:${Stack.of(scope).account}:secret:${props.slug}-${props.appEnv}-imap-passwords*`,
195+
],
196+
}))
197+
183198
// Create secrets for IMAP passwords
184199
const imapPasswordsSecret = new secretsmanager.Secret(scope, 'ImapPasswordsSecret', {
185200
secretName: `${props.slug}-${props.appEnv}-imap-passwords`,

storage/framework/core/types/src/email.ts

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,8 +19,17 @@ export interface EmailFilterRule {
1919
}
2020

2121
export interface MailboxConfig {
22-
address: string
22+
/** Email address (preferred) - e.g., '[email protected]' */
23+
email?: string
24+
/** @deprecated Use 'email' instead */
25+
address?: string
2326
displayName?: string
27+
/**
28+
* Password for IMAP/SMTP authentication.
29+
* If not provided, will be looked up from MAIL_PASSWORD_<USERNAME> env var.
30+
* Passwords are stored in AWS Secrets Manager after first deploy.
31+
*/
32+
password?: string
2433
forwardTo?: string[]
2534
autoResponder?: AutoResponderConfig
2635
filters?: EmailFilterRule[]

0 commit comments

Comments
 (0)