45 lines
1.6 KiB
JavaScript
45 lines
1.6 KiB
JavaScript
import { InfisicalSDK } from "@infisical/sdk";
|
|
import { writeFileSync } from "fs";
|
|
|
|
const INFISICAL_API_URL = process.env.INFISICAL_API_URL;
|
|
const INFISICAL_CLIENT_ID = process.env.INFISICAL_CLIENT_ID;
|
|
const INFISICAL_CLIENT_SECRET = process.env.INFISICAL_CLIENT_SECRET;
|
|
const INFISICAL_PROJECT_ID = process.env.INFISICAL_PROJECT_ID;
|
|
const INFISICAL_ENV = process.env.INFISICAL_ENV || "prod";
|
|
const SECRET_PATHS = (process.env.INFISICAL_SECRET_PATHS || "/shared").split(",");
|
|
|
|
if (!INFISICAL_API_URL || !INFISICAL_CLIENT_ID || !INFISICAL_CLIENT_SECRET || !INFISICAL_PROJECT_ID) {
|
|
process.stderr.write("Missing required Infisical environment variables\n");
|
|
process.exit(1);
|
|
}
|
|
|
|
const client = new InfisicalSDK({ siteUrl: INFISICAL_API_URL });
|
|
|
|
await client.auth().universalAuth.login({
|
|
clientId: INFISICAL_CLIENT_ID,
|
|
clientSecret: INFISICAL_CLIENT_SECRET,
|
|
});
|
|
|
|
process.stderr.write(`Loading secrets from Infisical (env: ${INFISICAL_ENV})...\n`);
|
|
|
|
const envLines = [];
|
|
|
|
for (const secretPath of SECRET_PATHS) {
|
|
const response = await client.secrets().listSecrets({
|
|
projectId: INFISICAL_PROJECT_ID,
|
|
environment: INFISICAL_ENV,
|
|
secretPath: secretPath.trim(),
|
|
expandSecretReferences: true,
|
|
});
|
|
|
|
for (const secret of response.secrets) {
|
|
const escapedValue = secret.secretValue.replace(/'/g, "'\\''");
|
|
envLines.push(`export ${secret.secretKey}='${escapedValue}'`);
|
|
}
|
|
|
|
process.stderr.write(` ${secretPath.trim()}: ${response.secrets.length} secrets loaded\n`);
|
|
}
|
|
|
|
writeFileSync(".env.infisical", envLines.join("\n"));
|
|
process.stderr.write("Secrets written to .env.infisical\n");
|