@brekjs/loader-aws-secrets-manager
Version:
Brek loader for AWS Secrets Manager
62 lines • 2.46 kB
JavaScript
;
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.awsSecret = void 0;
const client_secrets_manager_1 = require("@aws-sdk/client-secrets-manager");
const toResult_1 = require("./lib/toResult");
/**
* AWS Secrets loader for brek.
*
* Config example:
*
* {
* "dbPassword": {
* "[awsSecret]": {
* "key": "my/db/password",
* "region": "us-west-2" // optional; falls back to env var AWS_REGION env var or defaults to 'us-east-1'
* }
* }
* }
*
*/
// eslint-disable-next-line max-lines-per-function
const awsSecret = (params) => __awaiter(void 0, void 0, void 0, function* () {
const region = params.region || process.env.AWS_REGION || 'us-east-1';
const client = new client_secrets_manager_1.SecretsManagerClient({ region });
const command = new client_secrets_manager_1.GetSecretValueCommand({ SecretId: params.key });
const [err, response] = yield (0, toResult_1.toResultAsync)(client.send(command));
if (err) {
throw new Error(`Error getting secret AWS Secrets Manager:
Key: ${params.key}
Region: ${params.region}
Message: ${err.message}
Code: ${err.code}
RequestId: ${err.requestId}
StatusCode: ${err.statusCode}
`);
}
if (response.SecretString) {
return response.SecretString;
}
else if (response.SecretBinary) {
// Convert binary secret to string (UTF-8 decoded)
return Buffer.from(response.SecretBinary).toString('utf-8');
}
else {
throw new Error(`Error getting secret AWS Secrets Manager:
Key: ${params.key}
Region: ${params.region}$
Message: Returned secret is empty
`);
}
});
exports.awsSecret = awsSecret;
//# sourceMappingURL=index.js.map