cerc-io/snowballtools-base
16
0
Fork 2
Code Issues 11 Pull Requests Actions Packages Projects Releases Wiki Activity

Update env encryption

Browse Source
This commit is contained in:
IshaVenikar 2025-01-29 16:51:16 +05:30
parent ebe3813b76
commit a1993f88d0
4 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
packages/backend/src/entity/Deployer.ts
View File

@ -15,8 +15,8 @@ export class Deployer {
@Column('varchar') @Column('varchar')
baseDomain!: string; baseDomain!: string;
@Column('varchar') @Column('varchar', { nullable: true})
publicKey!: string; publicKey!: string | null;
@Column('varchar', { nullable: true }) @Column('varchar', { nullable: true })
minimumPayment!: string | null; minimumPayment!: string | null;

4
packages/backend/src/entity/Deployment.ts
View File

@ -36,7 +36,9 @@ export interface ApplicationDeploymentRequest {
application: string; application: string;
lrn?: string; lrn?: string;
auction?: string; auction?: string;
config: string; config: {
ref: string;
};
meta: string; meta: string;
payment?: string; payment?: string;
} }

17
packages/backend/src/registry.ts
View File

@ -272,13 +272,24 @@ export class Registry {
"config": { "env": data.environmentVariables }, "config": { "env": data.environmentVariables },
} }
const serialized = yaml.dump(config) const binaryKey = Buffer.from(data.publicKey, 'base64');
const publicKey = await openpgp.readKey({ armoredKey: data.publicKey }); // Convert binary to ASCII-armored format
const publicKeyArmored = `-----BEGIN PGP PUBLIC KEY BLOCK-----\n\n` +
binaryKey.toString('base64').match(/.{1,64}/g)?.join('\n') +
`\n\n-----END PGP PUBLIC KEY BLOCK-----`;
// Read the public key
const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored });
// Serialize the config (convert to YAML)
const serialized = JSON.stringify(config, null, 2); // Use YAML if needed
// Encrypt the config
const encrypted = await openpgp.encrypt({ const encrypted = await openpgp.encrypt({
message: await openpgp.createMessage({ text: serialized }), message: await openpgp.createMessage({ text: serialized }),
encryptionKeys: publicKey encryptionKeys: publicKey,
format: 'binary' // Equivalent to armor=False
}); });
// To get the hash after uploading encrypted env // To get the hash after uploading encrypted env

2
packages/backend/test/publish-deploy-records.ts
View File

@ -10,7 +10,7 @@ import { Deployment, DeploymentStatus, Environment } from '../src/entity/Deploym
const log = debug('snowball:publish-deploy-records'); const log = debug('snowball:publish-deploy-records');
async function main() { async function main() {
const { registryConfig, database, misc } = await getConfig(); const { registryConfig, database } = await getConfig();
const registry = new Registry( const registry = new Registry(
registryConfig.gqlEndpoint, registryConfig.gqlEndpoint,