add a cli command

ddebin · ddebin · commit a09aa47d8c0f · 2026-03-24T19:34:29.000+01:00
diff --git a/eslint.config.js b/eslint.config.js
@@ -52,4 +52,10 @@ export default defineConfig([
       '@typescript-eslint/no-unsafe-return': 'off',
     },
   },
+  {
+    files: ['src/index.ts'],
+    rules: {
+      '@typescript-eslint/no-unsafe-argument': 'off',
+    },
+  },
 ])
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,8 +1,22 @@
 {
   "name": "ssh-agent-secrets",
   "version": "0.0.1",
+  "keywords": [
+    "ssh",
+    "encryption",
+    "typescript",
+    "ssh-agent",
+    "cli"
+  ],
+  "homepage": "https://github.com/ddebin/ssh-agent-secrets",
+  "bugs": {
+    "url": "https://github.com/ddebin/ssh-agent-secrets/issues"
+  },
   "license": "MIT",
   "type": "module",
+  "bin": {
+    "ssh-crypt": "./dist/src/index.js"
+  },
   "scripts": {
     "build": "tsc -b",
     "coverage": "nyc --reporter=lcov --reporter=text-summary npm test",
@@ -15,7 +29,11 @@
     "test": "mocha",
     "typecheck": "tsc --noEmit"
   },
+  "dependencies": {
+    "commander": "^14"
+  },
   "devDependencies": {
+    "@commander-js/extra-typings": "^14.0.0",
     "@eslint/js": "^10",
     "@types/chai": "^5",
     "@types/chai-as-promised": "^8",
diff --git a/src/index.ts b/src/index.ts
@@ -0,0 +1,52 @@
+#!/usr/bin/env node
+import * as fs from 'fs'
+import { program } from 'commander'
+import { SSHAgentClient } from './lib/ssh_agent_client.js'
+
+program.name('ssh-crypt').description('Encryption through SSH Agent')
+
+program
+  .command('encrypt')
+  .description('Encrypt a file with your ssh-agent private key')
+  .argument('<source>', 'file to encrypt')
+  .argument('[destination]', 'output path (default to stdout)')
+  .requiredOption('-k, --key <string>', 'select the first matching pubkey in the ssh-agent')
+  .requiredOption('-s, --seed <string>', 'is used to generate the secret')
+  .action(async (source, destination, options) => {
+    const agent = new SSHAgentClient()
+    const key = await agent.getIdentity(options.key)
+    if (!key) {
+      throw new Error(`No SSH key found for "${options.key}"!`)
+    }
+    const data = fs.readFileSync(source)
+    const output = await agent.encrypt(key, options.seed, data)
+    if (destination) {
+      fs.writeFileSync(destination, output)
+    } else {
+      process.stdout.write(output)
+    }
+  })
+
+program
+  .command('decrypt')
+  .description('Decrypt a file with your ssh-agent private key')
+  .argument('<source>', 'file to decrypt')
+  .argument('[destination]', 'output path (default to stdout)')
+  .requiredOption('-k, --key <string>', 'select the first matching pubkey in the ssh-agent')
+  .requiredOption('-s, --seed <string>', 'is used to generate the secret')
+  .action(async (source, destination, options) => {
+    const agent = new SSHAgentClient()
+    const key = await agent.getIdentity(options.key)
+    if (!key) {
+      throw new Error(`No SSH key found for "${options.key}"!`)
+    }
+    const data = fs.readFileSync(source, { encoding: 'ascii' })
+    const output = await agent.decrypt(key, options.seed, data)
+    if (destination) {
+      fs.writeFileSync(destination, output)
+    } else {
+      process.stdout.write(output)
+    }
+  })
+
+program.parse()
diff --git a/src/lib/ssh_agent_client.ts b/src/lib/ssh_agent_client.ts
diff --git a/src/type/commander.d.ts b/src/type/commander.d.ts
@@ -0,0 +1,3 @@
+declare module 'commander' {
+  export * from '@commander-js/extra-typings'
+}
diff --git a/test/ssh_agent_client.spec.ts b/test/ssh_agent_client.spec.ts
@@ -1,5 +1,5 @@
 import { describe, it } from 'mocha'
-import { SSHAgentClient } from '../src/ssh_agent_client.js'
+import { SSHAgentClient } from '../src/lib/ssh_agent_client.js'
 import * as chai from 'chai'
 
 describe('SSHAgentClient tests', () => {
diff --git a/test/ssh_agent_mandatory_rsa.spec.ts b/test/ssh_agent_mandatory_rsa.spec.ts
@@ -1,5 +1,5 @@
 import { describe, it } from 'mocha'
-import { SSHAgentClient } from '../src/ssh_agent_client.js'
+import { SSHAgentClient } from '../src/lib/ssh_agent_client.js'
 import * as chai from 'chai'
 import chaiAsPromised from 'chai-as-promised'
 
diff --git a/test/ssh_agent_socket.spec.ts b/test/ssh_agent_socket.spec.ts
@@ -1,5 +1,5 @@
 import { describe, it } from 'mocha'
-import { SSHAgentClient } from '../src/ssh_agent_client.js'
+import { SSHAgentClient } from '../src/lib/ssh_agent_client.js'
 import * as chai from 'chai'
 import * as net from 'net'
 import * as fs from 'fs'
diff --git a/tsconfig.json b/tsconfig.json
@@ -6,6 +6,9 @@
     "outDir": "dist",
     "strict": true,
     "skipLibCheck": true,
+    "paths": {
+      "commander": ["./src/type/commander.d.ts"]
+    },
     "types": ["node"]
   },
   "include": ["src", "test"]

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+declare module 'commander' {`
	`2`	`+ export * from '@commander-js/extra-typings'`
	`3`	`+}`