zerobyte/app/server/modules/repositories/repository-config-secrets.ts
2026-04-22 22:33:18 +02:00

66 lines
1.8 KiB
TypeScript

import type { RepositoryConfig } from "@zerobyte/core/restic";
import { cryptoUtils, transformOptionalSecret, type SecretTransformer } from "~/server/utils/crypto";
export const mapRepositoryConfigSecrets = async (
config: RepositoryConfig,
transformSecret: SecretTransformer,
): Promise<RepositoryConfig> => {
const customPassword = await transformOptionalSecret(config.customPassword, transformSecret);
const cacert = await transformOptionalSecret(config.cacert, transformSecret);
switch (config.backend) {
case "s3":
case "r2":
return {
...config,
customPassword,
cacert,
accessKeyId: await transformSecret(config.accessKeyId),
secretAccessKey: await transformSecret(config.secretAccessKey),
};
case "gcs":
return {
...config,
customPassword,
cacert,
credentialsJson: await transformSecret(config.credentialsJson),
};
case "azure":
return {
...config,
customPassword,
cacert,
accountKey: await transformSecret(config.accountKey),
};
case "rest":
return {
...config,
customPassword,
cacert,
username: await transformOptionalSecret(config.username, transformSecret),
password: await transformOptionalSecret(config.password, transformSecret),
};
case "sftp":
return {
...config,
customPassword,
cacert,
privateKey: await transformSecret(config.privateKey),
};
case "local":
case "rclone":
return {
...config,
customPassword,
cacert,
};
}
};
export const encryptRepositoryConfig = async (config: RepositoryConfig): Promise<RepositoryConfig> => {
return await mapRepositoryConfigSecrets(config, cryptoUtils.sealSecret);
};
export const decryptRepositoryConfig = async (config: RepositoryConfig): Promise<RepositoryConfig> => {
return await mapRepositoryConfigSecrets(config, cryptoUtils.resolveSecret);
};