@commercetools-frontend/kms-cli

Internal CLI to encrypt/decrypt secret files.

Usage no npm install needed!

<script type="module">
  import commercetoolsFrontendKmsCli from 'https://cdn.skypack.dev/@commercetools-frontend/kms-cli';
</script>

README

@commercetools-frontend/kms-cli

This is a CLI used internally for Merchant Center applications. We do not provide any guarantees or support for the functionality.

This CLI provides useful commands to work with secrets for Custom Applications that need to be deployed in a multi cloud environment.

Installation

$ npm install --save @commercetools-frontend/kms-cli

Usage

Please make sure you have Node.js v14 or higher installed as this package uses native ES modules.

Command: decrypt and encrypt

This command decrypts the secrets for each of the given cloud environments.

yarn kms-cli decrypt

The environments to decrypt secrets for for must be specified in a google-key-management-system cosmiconfig file for example google-key-management-system.config.cjs with the bucket region mapping to multiple environments. For example:

module.exports = {
  kms: {
    projectKey: 'my-project-key',
    keyRing: 'my-keyring',
  },
  environments: [
    {
      name: 'gcp-production-us',
      kms: {
        key: 'my-environment-key',
      },
      secrets: [{
        name: 'My secrets',
        glob: 'glob/**/*.secret.enc'
      }]
    },
  }
};

The above example defines one environment called gcp-production-us with a KMS key of my-environment-key. The default KMS projectKey and keyRing is set to my-project-key and my-keyring. Note, that the kms property of each environment can overwrite the default values of the kms properties when needed.