Providers
A zero-dependency catalog of every provider the SDK ships and the env vars each one reads - for building config UIs, sync engines, and onboarding flows.
files-sdk/providers
The files-sdk/providers subpath is a static, zero-dependency catalog of every storage provider in the SDK. It imports no provider SDKs and no adapter code, so you can pull it into a build script, a config UI, or a multi-provider sync engine without dragging in @aws-sdk/client-s3 and friends.
Each entry carries the display name, a one-line description, the optional peer dependencies the adapter needs, and a structured spec of the environment variables it reads.
import { PROVIDER_NAMES, getProvider } from "files-sdk/providers";
for (const slug of PROVIDER_NAMES) {
const provider = getProvider(slug)!;
console.log(provider.name, provider.peerDeps);
}
PROVIDER_NAMES (the sorted list of slugs) and the Provider / ProviderSlug types are also re-exported from the package root for discovery, but the catalog data and helpers live on the subpath.
Environment variables
The env spec models how providers actually authenticate, rather than flattening everything into a single “required” flag:
required- variables needed regardless of which credential mode is used (e.g.SUPABASE_URL, an Azurecontainer).credentialModes- mutually exclusive ways to authenticate. You satisfy exactly one group. Azure, for instance, accepts a connection string or an account key or a SAS token or anonymous access.optional- tuning variables that are safe to omit.config- non-env configuration the adapter still needs as a constructor option (e.g.bucket,region,endpoint).
Each variable is tagged with whether it is a secret and who reads it:
readBy: "files-sdk"- the adapter reads it directly.readBy: "sdk-chain"- files-sdk never reads it; the underlying provider SDK’s credential chain resolves it (the AWS SDK readingAWS_ACCESS_KEY_ID, Google Application Default Credentials, etc.). It is listed for completeness, but it may also come from an IAM role, shared profile, or metadata server.
import { getProvider, getSecretEnvVars } from "files-sdk/providers";
// Every secret to inject for one provider:
const secrets = getSecretEnvVars("s3").map((v) => v.key);
// → ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"]
// Validate that one of Azure's credential modes is fully satisfied:
const azure = getProvider("azure")!;
const ok = azure.env.credentialModes?.some((mode) =>
mode.vars.every(
(v) => process.env[v.key] ?? v.aliases?.some((a) => process.env[a])
)
);
Types
The catalog is fully typed, and the shapes are exported from both files-sdk/providers and the package root so you can build against them. They nest top-down: a Provider holds a ProviderEnvSpec in its env field, that spec groups credentials into EnvGroups, and each group lists individual EnvVars.
A Provider is one catalog entry - its display name, description, peer dependencies, import slug, and env spec.
descriptionstring
One-line summary of the provider and how it authenticates.
stringenvProviderEnvSpec
Environment the adapter reads.
ProviderEnvSpecnamestring
Display name (e.g. "AWS S3").
stringpeerDepsreadonly string[]
Native provider SDKs the adapter imports, listed as optional peer dependencies on `files-sdk`. Empty for adapters that depend only on the runtime (Bun's native S3 client, Node's `node:fs`).
readonly string[]slugstring
Import subpath suffix and CLI `--provider` value (e.g. "s3").
stringA ProviderEnvSpec is the env field of a provider: what it reads from the environment, split by role - always-required variables, mutually exclusive credentialModes, optional tuning - plus non-env config options the adapter still needs.
config?readonly string[]
Non-env configuration the adapter still requires, passed as constructor options (or CLI flags) rather than environment variables — e.g. `bucket`, `region`, `endpoint`, `container`. Informational; not every option is listed, only the ones without a sensible default.
readonly string[]credentialModes?readonly EnvGroup[]
Mutually exclusive credential modes; the caller satisfies exactly one. Omitted for providers that take no credentials (the local filesystem) or whose credentials are only ever passed in code.
readonly EnvGroup[]notes?string
Free-form caveats that the structured fields can't capture.
stringoptional?readonly EnvVar[]
Optional tuning variables — safe to omit.
readonly EnvVar[]required?readonly EnvVar[]
Variables needed regardless of which credential mode is used (e.g. a bucket name read from the environment, or the project URL).
readonly EnvVar[]An EnvGroup is a single credential mode inside credentialModes - one self-contained way to authenticate (a connection string, an account key, a SAS token). The caller satisfies exactly one group.
labelstring
Human-readable name for this mode (e.g. "Account key", "SAS token").
stringvarsreadonly EnvVar[]
The variables that together satisfy this mode. May be empty for a mode that needs no env vars at all (e.g. an in-code binding or anonymous read).
readonly EnvVar[]An EnvVar is a single variable, tagged with any aliases, whether it is a secret to mask, and who reads it (files-sdk directly, or the provider SDK’s own credential chain via sdk-chain).
aliases?readonly string[]
Alternative names accepted for the same value, in the order the adapter falls back through them. Empty/absent when there is only one name.
readonly string[]descriptionstring
Short description of what the value is.
stringkeystring
The canonical environment variable name.
stringreadBy"files-sdk" | "sdk-chain"
Who actually reads this variable: - `"files-sdk"` — the adapter reads it directly via `readEnv`. - `"sdk-chain"` — files-sdk never reads it; the underlying provider SDK's credential chain resolves it (e.g. the AWS SDK reading `AWS_ACCESS_KEY_ID`, or Google Application Default Credentials). Listed here for completeness so callers know what to set, but it is resolved outside of files-sdk and may also come from an IAM role, profile, or metadata server.
"files-sdk" | "sdk-chain"secretboolean
Whether the value is a secret (token, key, password) and should be masked.
booleanHelpers
getProvider(slug)- look up one provider; returnsundefinedfor unknown slugs.listEnvVars(slug)- every env var a provider references, flattened acrossrequired, all credential modes, andoptional, de-duplicated by key.getSecretEnvVars(slug)- the subset oflistEnvVarsflagged as secrets.