@commercetools-frontend/kms-cli NPM

@commercetools-frontend/kms-cli

This is a CLI used internally for Merchant Center applications. We do not provide any guarantees or support for the functionality.

This CLI provides useful commands to work with secrets for Custom Applications that need to be deployed in a multi cloud environment.

Installation

$ npm install --save @commercetools-frontend/kms-cli

Usage

Please make sure you have Node.js v14 or higher installed as this package uses native ES modules.

Command: `decrypt` and `encrypt`

This command decrypts the secrets for each of the given cloud environments.

pnpm kms-cli decrypt

The environments to decrypt secrets for for must be specified in a google-key-management-system cosmiconfig file for example google-key-management-system.config.cjs with the bucket region mapping to multiple environments. For example:

module.exports = {
  kms: {
    projectKey: 'my-project-key',
    keyRing: 'my-keyring',
  },
  environments: [
    {
      name: 'gcp-production-us',
      kms: {
        key: 'my-environment-key',
      },
      secrets: [{
        name: 'My secrets',
        glob: 'glob/**/*.secret.enc'
      }]
    },
  }
};

The above example defines one environment called gcp-production-us with a KMS key of my-environment-key. The default KMS projectKey and keyRing is set to my-project-key and my-keyring. Note, that the kms property of each environment can overwrite the default values of the kms properties when needed.