npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

auth0-deploy-cli-config-values

v1.0.10

Published

Reads the configuration file for auth0-deploy-cli and replaces values found in AWS Secret Manager.

Downloads

268

Readme

Summary

Provides the ability to externalize the secure values of your auth0-cli-deploy configuration file to AWS Secret manager. This way they are not stored in source control where the value can be accidentally leaked.

Usage

  1. Install npm i -g auth0-deploy-cli-config-values aws-sdk
  2. Setup AWS aws configure. You can alternatively edit your .credentials file directly. The aws-sdk in use within this module will pickup the values appropriately. This includes being able to specify a profile at execution time. Make sure the account/profile you are using has permissions to read the secrets, see Permissions below for more details.
  3. Update your configuration file for auth0 deploy CLI. Each value you want replaced must be in the format of secret:{aws secret manager path}:{key within secrets}. See more on this below.
  4. Execute auth0-deploy-cli-config-values to modify your configuration file, before it is used. a0deploy-config --profile dev --config ./a0deploy.json --output ./a0deploy.dev.json --profile some-profile.

Double Hash

Before secrets are resolved, the file has all of its double hash values resolved. Within your secret values you can use double hash to distinguish which environment the configuration will be for. The below example shows you an example configuration file were the environment is used to choose a different secret bundle based on the environment.

The logic will also respect nested values, so you can chain them as appropriate.

{
  "AUTH0_DOMAIN": "YOUR_DOMAIN.auth0.com",
  "AUTH0_CLIENT_ID": "secretmanager:/##STAGE##/auth0Deploy:CLIENT_ID",
  "AUTH0_CLIENT_SECRET": "secretmanager:/##STAGE##/auth0Deploy:CLIENT_ID",
  "AUTH0_ALLOW_DELETE": true,
  "AUTH0_KEYWORD_REPLACE_MAPPINGS": {
    "ENVIRONMENT": "dev",
    "STAGE": "##ENVIRONMENT##-PR102",
    "APP1_SECRET": "secretmanager:/##STAGE##/app1:SUPER_SECRET",
    "APP2_SECRET": "secretmanager:/##STAGE##/app2:SUPER_SECRET"
  }
}

AWS Secret Lookup

Secrets will be added to values of the configurations by looking for secretmanager: at the begining of a value. Next, the AWS Secret to lookup will be determined between the two semi-colons. Next, the final value will be looked up in the secret file. If nothing is found, an exception is thrown.

For instance, if you have a secret file called /dev/auth0Secrets and its contents are {"FOO":"bar"}. To inject this value into your configuraiton file you would specify secret:/dev/auth0Secrets:FOO. This functionallity respects the double hash notation of auth0-deploy-cli, see the Double Hash section for more details.

{
  "AUTH0_DOMAIN": "YOUR_DOMAIN.auth0.com",
  "AUTH0_CLIENT_ID": "secretmanager:/##STAGE##/auth0Deploy:CLIENT_ID",
  "AUTH0_CLIENT_SECRET": "secretmanager:/##STAGE##/auth0Deploy:CLIENT_ID",
  "AUTH0_ALLOW_DELETE": true,
  "AUTH0_KEYWORD_REPLACE_MAPPINGS": {
    "ENVIRONMENT": "dev",
    "STAGE": "##ENVIRONMENT##-PR102",
    "APP1_SECRET": "secretmanager:/##STAGE##/app1:SUPER_SECRET",
    "APP2_SECRET": "secretmanager:/##STAGE##/app2:SUPER_SECRET"
  }
}

Permissions

  • Effect: "Allow" Action: - "secretsmanager:DescribeSecret" - "secretsmanager:GetSecretValue" Resource: - arn:aws:secretsmanager:#{AWS::Region}:#{AWS::AccountId}:secret:/${self:provider.stage}/users*

CLI Arguments

Use --help to get a complete list of commands.