-
-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathsecrets.ts
More file actions
88 lines (79 loc) · 2.69 KB
/
secrets.ts
File metadata and controls
88 lines (79 loc) · 2.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
import {SecretManagerServiceClient} from '@google-cloud/secret-manager'
import {refreshConfig} from 'common/envs/prod'
import {IS_LOCAL} from 'common/hosting/constants'
import {debug} from 'common/logger'
import {zip} from 'lodash'
// List of secrets that are available to backend (api, functions, scripts, etc.)
// Edit them at:
// https://console.cloud.google.com/security/secret-manager?project=compass-130ba
export const secrets = (
[
// 'STRIPE_APIKEY',
// 'STRIPE_WEBHOOKSECRET',
'SUPABASE_KEY',
'SUPABASE_JWT_SECRET',
'SUPABASE_DB_PASSWORD',
'TEST_CREATE_USER_KEY',
'GEODB_API_KEY',
'RESEND_KEY',
'COMPASS_API_KEY',
'NEXT_PUBLIC_FIREBASE_API_KEY',
'DISCORD_WEBHOOK_MEMBERS',
'DISCORD_WEBHOOK_GENERAL',
'DISCORD_WEBHOOK_HEALTH',
'DISCORD_WEBHOOK_REPORTS',
'DISCORD_WEBHOOK_CONTACT',
'VAPID_PUBLIC_KEY',
'VAPID_PRIVATE_KEY',
'DB_ENC_MASTER_KEY_BASE64',
'GOOGLE_CLIENT_SECRET',
'GEMINI_API_KEY',
// Some typescript voodoo to keep the string literal types while being not readonly.
] as const
).concat()
type SecretId = (typeof secrets)[number]
// Fetches all secrets from google cloud.
// For deployed google cloud service, no credential is needed.
// For local and Vercel deployments: requires credentials json object.
export const getSecrets = async (credentials?: any, ...ids: SecretId[]) => {
if (!ids.length && IS_LOCAL) return {}
// console.debug('Fetching secrets...')
let client: SecretManagerServiceClient
if (credentials) {
const projectId = credentials['project_id']
client = new SecretManagerServiceClient({
credentials,
projectId,
})
} else {
client = new SecretManagerServiceClient()
}
const projectId = await client.getProjectId()
const secretIds = ids.length > 0 ? ids : secrets
debug('secretIds', secretIds)
const fullSecretNames = secretIds.map(
(secret: string) => `${client.projectPath(projectId)}/secrets/${secret}/versions/latest`,
)
const secretResponses = await Promise.all(
fullSecretNames.map((name) =>
client.accessSecretVersion({
name,
}),
),
)
const secretValues = secretResponses.map(([response]) => response.payload!.data!.toString())
const pairs = zip(secretIds, secretValues) as [string, string][]
return Object.fromEntries(pairs)
}
// Fetches all secrets and loads them into process.env.
// Useful for running random backend code.
export const loadSecretsToEnv = async (credentials?: any) => {
const allSecrets = await getSecrets(credentials)
for (const [key, value] of Object.entries(allSecrets)) {
if (key && value) {
process.env[key] = value
// console.debug(key, value)
}
}
refreshConfig()
}