renovate/lib/config/decrypt.js

const crypto = require('crypto');

module.exports = {
  decryptConfig,
};

function decryptConfig(config, privateKey) {
  logger.trace({ config }, 'decryptConfig()');
  const decryptedConfig = { ...config };
  for (const [key, val] of Object.entries(config)) {
    if (key === 'encrypted' && isObject(val)) {
      logger.debug({ config: val }, 'Found encrypted config');
      if (privateKey) {
        for (const [eKey, eVal] of Object.entries(val)) {
          try {
            const decryptedStr = crypto
              .privateDecrypt(privateKey, Buffer.from(eVal, 'base64'))
              .toString();
            logger.info(`Decrypted ${eKey}`);
            if (eKey === 'npmToken') {
              logger.info('Migrating npmToken to npmrc');
              decryptedConfig.npmrc = `//registry.npmjs.org/:_authToken=${decryptedStr}\n`;
            } else {
              decryptedConfig[eKey] = decryptedStr;
            }
          } catch (err) {
            logger.warn({ err }, `Error decrypting ${eKey}`);
          }
        }
      } else {
        logger.error('Found encrypted data but no privateKey');
      }
      delete decryptedConfig.encrypted;
    } else if (isObject(val) && key !== 'content') {
      decryptedConfig[key] = decryptConfig(val, privateKey);
    } else if (Array.isArray(val)) {
      decryptedConfig[key] = [];
      val.forEach(item => {
        if (isObject(item)) {
          decryptedConfig[key].push(decryptConfig(item, privateKey));
        } else {
          decryptedConfig[key].push(item);
        }
      });
    }
  }
  delete decryptedConfig.encrypted;
  logger.trace({ config: decryptedConfig }, 'decryptedConfig');
  return decryptedConfig;
}

function isObject(obj) {
  return Object.prototype.toString.call(obj) === '[object Object]';
}
feat: encrypted configuration strings (#759) A new config object `encrypted` can be defined at any level and contain encrypted configuration strings. Initial use is for encrypting an npm token for use with the hosted renovate app. Closes #650 2017-09-01 04:45:51 +00:00			`const crypto = require('crypto');`

			`module.exports = {`
			`decryptConfig,`
			`};`

refactor: use global logger (#1116) 2017-11-08 05:44:03 +00:00			`function decryptConfig(config, privateKey) {`
chore: reduce logger.debug volume 2018-03-27 19:57:02 +00:00			`logger.trace({ config }, 'decryptConfig()');`
refactor: perform decrypt as part of merge renovate.json (#1086) Also clarify docs that encrypted config must be contained in renovate.json (i.e. not package.json). 2017-11-03 06:51:44 +00:00			`const decryptedConfig = { ...config };`
refactor: use Object.entries when looping over key/val (#1141) Closes #1079 2017-11-10 12:46:16 +00:00			`for (const [key, val] of Object.entries(config)) {`
feat: encrypted configuration strings (#759) A new config object `encrypted` can be defined at any level and contain encrypted configuration strings. Initial use is for encrypting an npm token for use with the hosted renovate app. Closes #650 2017-09-01 04:45:51 +00:00			`if (key === 'encrypted' && isObject(val)) {`
			`logger.debug({ config: val }, 'Found encrypted config');`
			`if (privateKey) {`
refactor: use Object.entries when looping over key/val (#1141) Closes #1079 2017-11-10 12:46:16 +00:00			`for (const [eKey, eVal] of Object.entries(val)) {`
feat: encrypted configuration strings (#759) A new config object `encrypted` can be defined at any level and contain encrypted configuration strings. Initial use is for encrypting an npm token for use with the hosted renovate app. Closes #650 2017-09-01 04:45:51 +00:00			`try {`
fix: don’t massage encrypted npm token (#760) 2017-09-01 05:43:49 +00:00			`const decryptedStr = crypto`
refactor: use Object.entries when looping over key/val (#1141) Closes #1079 2017-11-10 12:46:16 +00:00			`.privateDecrypt(privateKey, Buffer.from(eVal, 'base64'))`
feat: encrypted configuration strings (#759) A new config object `encrypted` can be defined at any level and contain encrypted configuration strings. Initial use is for encrypting an npm token for use with the hosted renovate app. Closes #650 2017-09-01 04:45:51 +00:00			`.toString();`
refactor: use Object.entries when looping over key/val (#1141) Closes #1079 2017-11-10 12:46:16 +00:00			logger.info(`Decrypted ${eKey}`);
			`if (eKey === 'npmToken') {`
fix: don’t massage encrypted npm token (#760) 2017-09-01 05:43:49 +00:00			`logger.info('Migrating npmToken to npmrc');`
fix: add full npmjs scope when migrating npmToken commit 7e15d3d488c927df2f11f728f35d493e2821477d Author: Rhys Arkins <rhys@arkins.net> Date: Wed Jan 10 14:26:44 2018 +0100 Revert "refactor: use _auth= when migrating npm tokens" This reverts commit 4a2fdd04770ae5779b188ed83ad9f047055e54b8. 2018-01-10 13:27:19 +00:00			decryptedConfig.npmrc = `//registry.npmjs.org/:_authToken=${decryptedStr}\n`;
fix: don’t massage encrypted npm token (#760) 2017-09-01 05:43:49 +00:00			`} else {`
refactor: use Object.entries when looping over key/val (#1141) Closes #1079 2017-11-10 12:46:16 +00:00			`decryptedConfig[eKey] = decryptedStr;`
fix: don’t massage encrypted npm token (#760) 2017-09-01 05:43:49 +00:00			`}`
feat: encrypted configuration strings (#759) A new config object `encrypted` can be defined at any level and contain encrypted configuration strings. Initial use is for encrypting an npm token for use with the hosted renovate app. Closes #650 2017-09-01 04:45:51 +00:00			`} catch (err) {`
refactor: use Object.entries when looping over key/val (#1141) Closes #1079 2017-11-10 12:46:16 +00:00			logger.warn({ err }, `Error decrypting ${eKey}`);
feat: encrypted configuration strings (#759) A new config object `encrypted` can be defined at any level and contain encrypted configuration strings. Initial use is for encrypting an npm token for use with the hosted renovate app. Closes #650 2017-09-01 04:45:51 +00:00			`}`
			`}`
			`} else {`
			`logger.error('Found encrypted data but no privateKey');`
			`}`
			`delete decryptedConfig.encrypted;`
refactor: use global logger (#1116) 2017-11-08 05:44:03 +00:00			`} else if (isObject(val) && key !== 'content') {`
			`decryptedConfig[key] = decryptConfig(val, privateKey);`
feat: encrypted configuration strings (#759) A new config object `encrypted` can be defined at any level and contain encrypted configuration strings. Initial use is for encrypting an npm token for use with the hosted renovate app. Closes #650 2017-09-01 04:45:51 +00:00			`} else if (Array.isArray(val)) {`
			`decryptedConfig[key] = [];`
			`val.forEach(item => {`
			`if (isObject(item)) {`
refactor: use global logger (#1116) 2017-11-08 05:44:03 +00:00			`decryptedConfig[key].push(decryptConfig(item, privateKey));`
feat: encrypted configuration strings (#759) A new config object `encrypted` can be defined at any level and contain encrypted configuration strings. Initial use is for encrypting an npm token for use with the hosted renovate app. Closes #650 2017-09-01 04:45:51 +00:00			`} else {`
			`decryptedConfig[key].push(item);`
			`}`
			`});`
			`}`
			`}`
			`delete decryptedConfig.encrypted;`
fix: don’t massage encrypted npm token (#760) 2017-09-01 05:43:49 +00:00			`logger.trace({ config: decryptedConfig }, 'decryptedConfig');`
feat: encrypted configuration strings (#759) A new config object `encrypted` can be defined at any level and contain encrypted configuration strings. Initial use is for encrypting an npm token for use with the hosted renovate app. Closes #650 2017-09-01 04:45:51 +00:00			`return decryptedConfig;`
			`}`

			`function isObject(obj) {`
			`return Object.prototype.toString.call(obj) === '[object Object]';`
			`}`