The official CDK construct for self-hosted ots
.
Create a new CDK app if you don't already have one:
> mkdir dev; cd dev
dev> npx cdk init app --language typescript
dev> npx cdk bootstrap 'aws://123456789012/us-east-1' --profile dev
Make sure you're authenticated with the GitHub registry using a PAT:
> npm config set @sniptt-official:registry https://npm.pkg.github.com
> npm config set -- '//npm.pkg.github.com/:_authToken' $GITHUB_TOKEN
Install the ots-aws
construct:
dev> npm i @sniptt-official/ots-cdk
Add to your stack:
import { Ots } from '@sniptt-official/ots-cdk';
import { Stack, StackProps } from 'aws-cdk-lib';
import { Construct } from 'constructs';
export class DevStack extends Stack {
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props);
// When you run `ots new` the resulting "View URL" will be composed
// using this value. For example:
//
// https://my-ots-web-view.com/burn-secret?id=xxx#xxx
//
// Make sure this web view implements client-side decryption of the secret.
const webViewUrl = 'https://my-ots-web-view.com/burn-secret';
const ots = new Ots(this, 'Ots', { webViewUrl });
}
}
Deploy:
> npx cdk deploy DevStack --profile dev
Grab the resulting API Gateway URL and API key and configure your ots cli via ~/.ots.yaml
:
apiUrl: https://YOUR_API_ID.execute-api.YOUR_REGION.amazonaws.com/prod/secrets
apiKey: YOUR_API_KEY
Use ots
as before:
> ots new -x 2h
Using config file: /Users/xxx/.ots.yaml
Enter your secret: ***
Your secret is now available on the below URL.
https://my-ots-web-view.com/burn-secret?id=xxx&ref=ots-cli®ion=us-east-1&v=debug#xxx
You should only share this URL with the intended recipient.
Please note that once retrieved, the secret will no longer
be available for viewing. If not viewed, the secret will
automatically expire at approximately xx xxx xxxx xx:xx:xx.
> npm ci
> npm run build