UNPKG

@techlinksolutions/get-aws-secrets

Version:

Utility to get secrets from AWS secure secrets manager.

71 lines (65 loc) 2.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
/** * Utility module that gets the client secrets at runtime. * @module @techlinksolutions/get-aws-secrets * */ const AWS = require('aws-sdk') /** * Module exports.getSecret * * @param {string} secretName - The name of the secret you would like to retrieve. * @param {string} region - The region in which the secret resides. * * @returns {Promise} - A promise object representing the secret key-value pairs * returned from the Secrets Manager. */ const getSecret = async (secretName, region) => { let awsRegion = region, secretKeyName = secretName var secret // Create a Secrets Manager client const ssm = new AWS.SecretsManager({ region: awsRegion, }) const params = { SecretId: secretKeyName, } const response = await ssm .getSecretValue(params, function(err, data) { if (err) { if (err.code === 'DecryptionFailureException') // Secrets Manager can't decrypt the protected secret text using the provided KMS key. // Deal with the exception here, and/or rethrow at your discretion. throw err else if (err.code === 'InternalServiceErrorException') // An error occurred on the server side. // Deal with the exception here, and/or rethrow at your discretion. throw err else if (err.code === 'InvalidParameterException') // You provided an invalid value for a parameter. // Deal with the exception here, and/or rethrow at your discretion. throw err else if (err.code === 'InvalidRequestException') // You provided a parameter value that is not valid for the current state of the resource. // Deal with the exception here, and/or rethrow at your discretion. throw err else if (err.code === 'ResourceNotFoundException') // We can't find the resource that you asked for. // Deal with the exception here, and/or rethrow at your discretion. throw err } else { // Decrypts secret using the associated KMS CMK. // Depending on whether the secret is a string or binary, one of these fields will be populated. if ('SecretString' in data) { secret = data.SecretString } else { let buff = new Buffer(data.SecretBinary, 'base64') secret = buff.toString('ascii') } } return secret }) .promise() return response } module.exports.getSecret = getSecret