briareus/lib/service/controllers/secrets.js

Briareus assists with Feature Branch deploys to ECS

'use strict'

const express = require('express');
const AWS = require('aws-sdk');

const mw = require('../middleware');

module.exports = function (service) {
  let controller = express.Router();
  controller.use(mw.auth());

  /************************
  * Encrypt Secret
  *************************/
  controller.post('/encrypt', (req, res, next) => {
    const kms = new AWS.KMS();

    const params = {
      KeyId: service.config.get('kmsKeyArn'),
      Plaintext: req.body.plaintext
    };

    kms.encrypt(params, function (err, data) {
      if (err) return next(err);
      res.send({ encrypted: data.CiphertextBlob.toString('base64') });
    });
  });

  /************************
  * Decrypt Secret
  *************************/
  controller.post('/decrypt', mw.validate(service, 'decrypt'), (req, res, next) => {
    const kms = new AWS.KMS();
    const params = {
      CiphertextBlob: new Buffer(req.body.encrypted, 'base64')
    };

    kms.decrypt(params, function (err, data) {
      if (err) return next(err);
      res.send({ plaintext: data.Plaintext.toString() });
    });
  });


  return controller;
};