Merge pull request #1 from sidebase/feat/add-exec-command

feat: add exec command implementation

Author: phoenix-ru

README.md

@@ -27,13 +27,15 @@
 <!-- Badges End -->
 
 **Simple AWS SSM Secrets Manager CLI**
+
 Securely manage your AWS SSM Parameters — authenticate once via your OS keyring and easily list, get, write, or delete secrets.
 
 ## ✨ Features
 
 * 🔐 **Secure local credential storage** using native OS keyrings
   (via [`keyring-node`](https://github.com/Brooooooklyn/keyring-node), powered by [`keyring-rs`](https://github.com/open-source-cooperative/keyring-rs))
 * 🧩 **List / get / put / delete** SSM parameters
+* 🏃 **Run** commands with environment variables from SSM parameters
 * 🧠 **Output formatting** as `.env` or JSON
 * 🪄 Works with AWS SSM Parameter Store, recursive listing included
 * 🧰 Both **CLI** and **programmatic API** available
@@ -167,6 +169,36 @@ Outputs:
 ✅ Parameter deleted
 ```
 
+### 💿 Execute a command with SSM environment
+
+Fetches all parameters from a given SSM path, transforms them into environment
+variables, and executes the provided command with that environment.
+
+Variable names are uppercased and stripped of the path prefix.
+Example: `/my/app/parameter` becomes `PARAMETER` environment variable.
+
+```bash
+ssm-secrets exec my/app -- node server.js
+````
+
+If you need to pass `--argument`s to your command, separate them using a double dash:
+
+```bash
+ssm-secrets exec my/app -- node server.js --inspect
+```
+
+Options:
+* `--no-overwrite`
+  Do not overwrite existing environment variables.
+
+* `--ignore <names...>`
+  Ignore specific parameter names (case-sensitive, without path prefix).
+  Example:
+
+  ```bash
+  ssm-secrets exec my/app --ignore FOO bar -- node server.js
+  ```
+
 ## ⚙️ Programmatic API
 
 You can also use the API directly in Node.js:
@@ -221,6 +253,7 @@ ssm-secrets auth
 ssm-secrets put my/app DB_USER myuser
 ssm-secrets put my/app DB_PASS mypassword
 ssm-secrets list my/app --format env
+ssm-secrets exec my/app -- node server.js
 ```
 
 Output:

src/cli.ts

@@ -6,6 +6,7 @@ import { listCommand } from './commands/list.js'
 import { getCommand } from './commands/get.js'
 import { putCommand } from './commands/put.js'
 import { deleteCommand } from './commands/delete.js'
+import { execCommand } from './commands/exec.js'
 
 const program = new Command()
 program.name('ssm-secrets').description('Simple AWS SSM secrets manager CLI').version(packageJson.version)
@@ -15,6 +16,7 @@ listCommand(program)
 getCommand(program)
 putCommand(program)
 deleteCommand(program)
+execCommand(program)
 
 try {
   await program.parseAsync(process.argv)

src/commands/exec.ts

@@ -0,0 +1,59 @@
+import { Command } from 'commander'
+import { listParameters } from '../aws.js'
+import { prettifyParameter } from '../utils.js'
+import { spawn } from 'node:child_process'
+
+const SUMMARY = 'Execute the command with the environment from SSM'
+const DESCRIPTION = `${SUMMARY}.
+This command will fetch the parameters from SSM and provide them as environment variables to the specified command.
+
+The variable names are stripped of path prefix and uppercased.
+Example: parameter with path my/app/parameter becomes PARAMETER environment variable.`
+
+export function execCommand(program: Command) {
+  program
+    .command('exec')
+    .summary(SUMMARY)
+    .description(DESCRIPTION)
+    .argument('<path>', 'SSM parameter path')
+    .argument('<command>', 'Command to execute')
+    .argument('[args...]', 'Arguments for the command. Use -- before command to ensure that arguments are passed correctly: ssm-secrets exec my/path -- command --argument')
+    .option('--no-overwrite', 'Do not overwrite existing environment variables')
+    .option(
+      '--ignore <ignores...>',
+      'Do not include the parameters with the given names to environment. '
+      + 'The parameter names are case-sensitive and should match the name inside SSM excluding path prefix. '
+      + 'Example: if you want to ignore my/app/parameter1 and my/app/parameter2, use --ignore parameter1 parameter2'
+    )
+    .action(async (path: string, command: string, args: string[], options: { overwrite: boolean, ignore: string[] | undefined }) => {
+      // Normalize options
+      const ignore = options.ignore ?? []
+
+      const ssmParameters = await listParameters(path)
+
+      const filteredPrettyParams = ssmParameters
+        .map(param => prettifyParameter(param, path))
+        .filter(param => param.Name !== undefined && !ignore.includes(param.Name))
+
+      const envs = Object.fromEntries(filteredPrettyParams.map(param => [param.Name?.toUpperCase(), param.Value]))
+
+      // Merge into environment
+      const env = options.overwrite
+        ? {
+          ...process.env,
+          ...envs,
+        }
+        : {
+          ...envs,
+          ...process.env,
+        }
+
+      // Replace current process
+      const child = spawn(command, args, {
+        env,
+        stdio: 'inherit',
+      })
+
+      child.on('exit', code => process.exit(code ?? 0))
+    })
+}