-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.js
47 lines (43 loc) · 1.36 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
const fs = require('fs')
const ms = require('ms')
const AwsKms = require('aws-sdk/clients/kms')
const dotenv = require('dotenv')
const LRU = require('lru-cache')
const debug = require('debug')('shh')
function shh (options) {
const opts = options || {}
if (!opts.file) throw new Error('shh is missing file option')
debug('options %j', opts)
const Kms = new AwsKms(options)
const cache = LRU({
max: 500,
maxAge: opts.maxAge || ms('1d'),
length: (n, key) => n.length
})
return (req, res, next) => {
// we have decrypted already and cache is not too old...
if (cache.get(`decrypted:${opts.file}`)) {
debug('cache found')
const unecrypted = cache.get(`decrypted:${opts.file}`)
for (var k in unecrypted) {
debug('setting %j environment variable', k)
process.env[k] = unecrypted[k]
}
next()
} else {
const blob = fs.readFileSync(opts.file)
Kms.decrypt({ CiphertextBlob: blob }, (err, data) => {
if (err) return next(err)
const envConfig = dotenv.parse(data.Plaintext)
for (var k in envConfig) {
debug('setting %j environment variable', k)
process.env[k] = envConfig[k]
debug('setting cache for %j', `decrypted:${opts.file}`)
cache.set(`decrypted:${opts.file}`, envConfig)
}
next()
})
}
}
}
module.exports = shh