UNPKG

@agent-base/secret-client

Version:

A TypeScript client for Google Cloud Secret Manager.

github.com/agent-base/agent-base-backend/tree/main/packages/secret-client

agent-base/agent-base-backend

132 lines (93 loc) 4.33 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# @agent-base/secret-client A simple and modern TypeScript client for interacting with Google Cloud Secret Manager. This package provides a convenient wrapper around the official `@google-cloud/secret-manager` library, offering a streamlined interface for common secret management operations. ## Features - Easy-to-use API for creating, retrieving, and checking existence of secrets. - Strongly-typed for enhanced developer experience with TypeScript. - Configurable for Google Cloud Project ID and credentials. - Designed for ES Module environments. ## Installation ```bash pnpm install @agent-base/secret-client # or yarn add @agent-base/secret-client # or npm install @agent-base/secret-client ``` ## Prerequisites Before using this client, ensure you have: 1. A Google Cloud Platform project. 2. The Secret Manager API enabled for your project. 3. Authentication configured. This can be through: * Application Default Credentials (ADC) by running `gcloud auth application-default login`. * A service account key JSON file. ## Usage ```typescript import { GoogleSecretManager } from '@agent-base/secret-client'; async function main() { // Initialize the client // Option 1: Using Application Default Credentials (ADC) const gsmClient = new GoogleSecretManager({ projectId: 'your-gcp-project-id', }); // Option 2: Using a service account key /* const credentials = { client_email: 'your-service-account-email@your-project-id.iam.gserviceaccount.com', private_key: '-----BEGIN PRIVATE KEY-----\nYOUR_PRIVATE_KEY\n-----END PRIVATE KEY-----\n', }; const gsmClientWithCreds = new GoogleSecretManager({ projectId: 'your-gcp-project-id', credentials, }); */ const secretId = 'my-api-key'; const secretValue = 's3cr3tV@lu3'; try { // Store a secret (creates if not exists, then adds a new version) await gsmClient.storeSecret(secretId, secretValue); console.log(`Secret '${secretId}' stored successfully.`); // Retrieve the latest version of the secret const retrievedValue = await gsmClient.getSecret(secretId); if (retrievedValue !== null) { console.log(`Retrieved secret '${secretId}': ${retrievedValue}`); } else { console.log(`Secret '${secretId}' not found or has no value.`); } // Check if a secret exists const exists = await gsmClient.secretExists(secretId); console.log(`Secret '${secretId}' exists: ${exists}`); // Example: Storing another version await gsmClient.storeSecret(secretId, 'newS3cr3tV@lu3_v2'); console.log(`Stored new version for secret '${secretId}'.`); const updatedValue = await gsmClient.getSecret(secretId); console.log(`Retrieved updated secret '${secretId}': ${updatedValue}`); // Attempt to retrieve a non-existent secret const nonExistentSecret = await gsmClient.getSecret('non-existent-secret'); console.log(`Value of 'non-existent-secret': ${nonExistentSecret}`); // Expected: null } catch (error) { console.error('An error occurred:', error); } } main(); ``` ## API ### `new GoogleSecretManager(config: GoogleSecretManagerConfig)` Creates a new instance of the `GoogleSecretManager` client. **Config:** * `projectId: string`: Your Google Cloud Project ID. * `credentials?: { client_email: string; private_key: string; }`: Optional. Service account credentials. If not provided, ADC will be used. ### `async storeSecret(secretId: string, value: string): Promise<void>` Stores a secret value. - If the secret does not exist, it creates the secret and adds the value as the first version. - If the secret exists, it adds a new version with the provided value. ### `async getSecret(secretId: string): Promise<string | null>` Retrieves the latest version of a secret's value. Returns `null` if the secret or version is not found, or if the version has no data. ### `async secretExists(secretId: string): Promise<boolean>` Checks if a secret with the given `secretId` exists. ## Error Handling The client methods may throw errors originating from the `@google-cloud/secret-manager` library or custom errors like `GoogleSecretManagerError` for configuration issues. ## Contributing Contributions are welcome! Please see the main repository's contributing guidelines. ## License [MIT](./LICENSE)