The official CDK construct for self-hosted ots.
Create a new CDK app if you don't already have one:
> mkdir dev; cd dev
dev> npx cdk init app --language typescript
dev> npx cdk bootstrap 'aws://123456789012/us-east-1' --profile devMake sure you're authenticated with the GitHub registry using a PAT:
> npm config set @sniptt-official:registry https://npm.pkg.github.com
> npm config set -- '//npm.pkg.github.com/:_authToken' $GITHUB_TOKENInstall the ots-aws construct:
dev> npm i @sniptt-official/ots-cdkAdd to your stack:
import { Ots } from '@sniptt-official/ots-cdk';
import { Stack, StackProps } from 'aws-cdk-lib';
import { Construct } from 'constructs';
export class DevStack extends Stack {
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props);
// When you run `ots new` the resulting "View URL" will be composed
// using this value. For example:
//
// https://my-ots-web-view.com/burn-secret?id=xxx#xxx
//
// Make sure this web view implements client-side decryption of the secret.
const webViewUrl = 'https://my-ots-web-view.com/burn-secret';
const ots = new Ots(this, 'Ots', { webViewUrl });
}
}Deploy:
> npx cdk deploy DevStack --profile devGrab the resulting API Gateway URL and API key and configure your ots cli via ~/.ots.yaml:
apiUrl: https://YOUR_API_ID.execute-api.YOUR_REGION.amazonaws.com/prod/secrets
apiKey: YOUR_API_KEYUse ots as before:
> ots new -x 2h
Using config file: /Users/xxx/.ots.yaml
Enter your secret: ***
Your secret is now available on the below URL.
https://my-ots-web-view.com/burn-secret?id=xxx&ref=ots-cli®ion=us-east-1&v=debug#xxx
You should only share this URL with the intended recipient.
Please note that once retrieved, the secret will no longer
be available for viewing. If not viewed, the secret will
automatically expire at approximately xx xxx xxxx xx:xx:xx.> npm ci
> npm run build