envio 0.8.0

A secure command-line tool for managing environment variables
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

pub mod cipher;
pub mod env;
pub mod error;
pub mod profile;
pub mod utils;

use std::path::Path;
use zeroize::Zeroizing;

pub use env::{Env, EnvMap};
pub use profile::{Profile, ProfileMetadata};

use crate::{
    cipher::{CipherKind, PASSPHRASE, SYMMETRIC},
    error::{Error, Result},
};

pub fn get_profile<P, F>(file_path: P, key_provider: Option<F>) -> Result<Profile>
where
    P: AsRef<Path>,
    F: FnOnce(&ProfileMetadata) -> Result<Zeroizing<String>>,
{
    let file_path = file_path.as_ref().to_path_buf();

    let serialized_profile = utils::get_serialized_profile(&file_path)?;
    let mut cipher = cipher::create_cipher(serialized_profile.metadata.cipher_kind, None)?;

    if let Some(cipher_metadata) = &serialized_profile.metadata.cipher_metadata {
        cipher.import_metadata(cipher_metadata.clone())?;
    }

    if matches!(
        cipher.kind(),
        CipherKind::PASSPHRASE | CipherKind::SYMMETRIC
    ) {
        let key_provider = key_provider.ok_or_else(|| {
            Error::Msg("Key provider is required for profiles using encryption".into())
        })?;

        let key = key_provider(&serialized_profile.metadata)?;

        match cipher.kind() {
            CipherKind::PASSPHRASE => cipher
                .as_any_mut()
                .downcast_mut::<PASSPHRASE>()
                .expect("Failed to cast to PASSPHRASE")
                .set_key(key),
            CipherKind::SYMMETRIC => cipher
                .as_any_mut()
                .downcast_mut::<SYMMETRIC>()
                .expect("Failed to cast to SYMMETRIC")
                .set_key(key),
            _ => {}
        }
    }

    Ok(Profile {
        metadata: serialized_profile.metadata,
        file_path,
        envs: cipher.decrypt(&serialized_profile.content)?,
        cipher,
    })
}

// Use `get_profile` when you just need the decrypted `Profile` data (e.g. to inspect,
// display, or modify it). Use `load_profile` when you want its variables actually
// injected into the current process's environment.
//
// ```ignore
// // just need the data:
// let profile = get_profile(path, key_provider)?;
// println!("{}", profile.envs.len());
//
// // need it live in std::env (e.g. before spawning a child process):
// let profile = load_profile(path, key_provider)?;
// Command::new("npm").arg("run").arg("dev").status()?;
// ```
pub fn load_profile<P, F>(file_path: P, key_provider: Option<F>) -> Result<Profile>
where
    P: AsRef<Path>,
    F: FnOnce(&ProfileMetadata) -> Result<Zeroizing<String>>,
{
    let file_path = file_path.as_ref().to_path_buf();
    let profile = get_profile(file_path, key_provider)?;

    for env in &profile.envs {
        if env.is_expired() {
            continue;
        }
        unsafe { std::env::set_var(&env.key, &env.value) };
    }

    Ok(profile)
}