Add 'yarn dev:encrypt' and 'yarn dev:decrypt' tasks
Closed this issue · 2 comments
(depends on #25 )
To facilitate local development of the encryption and decryption functionality, we should add yarn tasks to encrypt and decrypt configuration files located in the example folder.
To do so, we want to add the following yarn scripts that complement the existing yarn dev:load and yarn dev:validate:
yarn dev:encrypt: Encrypt the example config files based on a KMS setup that was parametrized while constructingnew StrongConfig(params). To make this work, we need an actual KMS setup for testing purposes.yarn dev:decrypt: Decrypt encrypted example config files. This does not require external parameters, as thesops-metadata, which is included in encrypted config files, is sufficient to decrypt the config.
As both are dev commands, we do not require a dynamic runtime environment for now. Instead, we statically encrypt/decrypt, e.g., /example/development.yml.
Thus, the scope of this task is:
- Change example config(s) to contain encrypted fields
- Implement
yarn dev:encrypt - Implement
yarn dev:decrypt
What is the desired behaviour of both commands? Do both write the input file in-place or output to a new file? Maybe we want to make syntax as
yarn dev:decrypt > decrypted.yaml
possible. Thoughts?
I'd say let's start with the current behavior => write to the actual file and also print the results out on the CLI, e.g.:
NODE_ENV=development yarn dev:encrypt
[output of 'echo config/development.yml']