From 6deb09d1fa076ad5ba95973ae768f26b2aa79bb9 Mon Sep 17 00:00:00 2001
From: Aschen <adrien@maret.email>
Date: Tue, 19 Jan 2021 06:09:54 +0100
Subject: [PATCH 1/2] feat(cryptonomicon): support YAML file format

---
 package-lock.json    |  5 +++++
 package.json         |  4 +++-
 src/Cryptonomicon.ts | 34 ++++++++++++++++++----------------
 src/Vault.ts         | 25 ++++++++++++++++++++-----
 4 files changed, 46 insertions(+), 22 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 9c9b3b7..6bf0118 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -3405,6 +3405,11 @@
       "integrity": "sha1-HBH5IY8HYImkfdUS+TxmmaaoHVI=",
       "dev": true
     },
+    "yaml": {
+      "version": "1.10.0",
+      "resolved": "https://registry.npmjs.org/yaml/-/yaml-1.10.0.tgz",
+      "integrity": "sha512-yr2icI4glYaNG+KWONODapy2/jDdMSDnrONSjblABjD9B4Z5LgiircSt8m8sRZFNi08kG9Sm0uSHtEmP3zaEGg=="
+    },
     "yargs-unparser": {
       "version": "1.5.0",
       "resolved": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-1.5.0.tgz",
diff --git a/package.json b/package.json
index 00baa86..cebd2ad 100644
--- a/package.json
+++ b/package.json
@@ -25,7 +25,9 @@
     "url": "https://github.com/kuzzleio/kuzzle-vault/issues"
   },
   "homepage": "https://github.com/kuzzleio/kuzzle-vault#readme",
-  "dependencies": {},
+  "dependencies": {
+    "yaml": "^1.10.0"
+  },
   "devDependencies": {
     "@types/mocha": "^7.0.2",
     "@types/mock-fs": "^4.10.0",
diff --git a/src/Cryptonomicon.ts b/src/Cryptonomicon.ts
index a9cf5da..458d5f7 100644
--- a/src/Cryptonomicon.ts
+++ b/src/Cryptonomicon.ts
@@ -56,25 +56,27 @@ export default class Cryptonomicon {
    *
    * @returns {Object} Object with decrypted values
    */
-  decryptObject (encryptedSecrets: any, path?: string): {} {
-    const secrets: any = {};
+  decryptObject (encryptedSecrets: any): {} {
+    if (Array.isArray(encryptedSecrets)) {
+      const secrets: any = [];
+
+      for (const value of Object.values(encryptedSecrets)) {
+        secrets.push(
+          typeof value === 'string'
+            ? this.decryptString(value)
+            : this.decryptObject(value)
+        );
+      }
 
-    for (const key of Object.keys(encryptedSecrets)) {
-      const value: string|any = encryptedSecrets[key];
+      return secrets;
+    }
 
-      const currentPath = [path, key].filter(e => e).join('.');
+    const secrets: any = {}
 
-      if (value && typeof value === 'object' && !Array.isArray(value)) {
-        secrets[key] = this.decryptObject(value, currentPath);
-      }
-      else if (typeof value === 'string') {
-        try {
-          secrets[key] = this.decryptString(value);
-        }
-        catch (error) {
-          throw new Error(`Error when decrypting "${currentPath}": ${error.message}`);
-        }
-      }
+    for (const [key, value] of Object.entries(encryptedSecrets)) {
+      secrets[key] = typeof value === 'string'
+        ? this.decryptString(value)
+        : this.decryptObject(value);
     }
 
     return secrets;
diff --git a/src/Vault.ts b/src/Vault.ts
index 01cb604..0b72ebe 100644
--- a/src/Vault.ts
+++ b/src/Vault.ts
@@ -21,8 +21,11 @@
 
 'use strict';
 
-import * as fs from 'fs'
-import Cryptonomicon from './Cryptonomicon'
+import * as fs from 'fs';
+
+import * as YAML from 'yaml';
+
+import Cryptonomicon from './Cryptonomicon';
 
 export default class Vault {
   public cryptonomicon: Cryptonomicon;
@@ -54,7 +57,16 @@ export default class Vault {
     this.secrets = {};
   }
 
-  decrypt (encryptedVaultPath: string): void {
+  /**
+   * Decrypt the provided file with the vault key
+   *
+   * @param encryptedVaultPath Path to the encrypted file
+   * @param options
+   *   - `format`: encrypted file format, either `json` (default) or `yaml`
+   */
+  decrypt (encryptedVaultPath: string, options?: { format?: 'json' | 'yaml' }): {} {
+    const { format } = options || { format: 'json' };
+
     if (this.cryptonomicon.emptyKey) {
       throw new Error('No Vault key provided');
     }
@@ -63,16 +75,19 @@ export default class Vault {
       throw new Error(`Unable to find vault at "${encryptedVaultPath}"`);
     }
 
+    const parser = format === 'json' ? JSON.parse : YAML.parse;
+
     let encryptedSecrets;
     try {
-      encryptedSecrets = JSON.parse(fs.readFileSync(encryptedVaultPath, 'utf-8'));
-
+      encryptedSecrets = parser(fs.readFileSync(encryptedVaultPath, 'utf-8'));
     }
     catch (error) {
       throw new Error(`Cannot parse encrypted secrets from file "${encryptedVaultPath}": ${error.message}`);
     }
 
     this.secrets = this.cryptonomicon.decryptObject(encryptedSecrets);
+
+    return this.secrets;
   }
 }
 

From 03004c5692e47ecaeac39687a27f4a3d912a5aac Mon Sep 17 00:00:00 2001
From: Aschen <adrien@maret.email>
Date: Tue, 19 Jan 2021 06:10:09 +0100
Subject: [PATCH 2/2] 2.0.1

---
 package-lock.json | 2 +-
 package.json      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 6bf0118..7aea50f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "kuzzle-vault",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/package.json b/package.json
index cebd2ad..5acb8b0 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "kuzzle-vault",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "description": "Share and version sensitive data with your team by using cryptography.",
   "main": "build/src/index.js",
   "types": "build/src/index.d.ts",