UNPKG

cdk-encrypted-secret

Version:

CDK Construct that creates an AWS Secret Manager Secret and sets the value from an encrypted Ciphertext.

github.com/nickwillan/cdk-encrypted-secret

nickwillan/cdk-encrypted-secret

46 lines 6.65 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.handler = void 0; const client_kms_1 = require("@aws-sdk/client-kms"); // ES Modules import const client_secrets_manager_1 = require("@aws-sdk/client-secrets-manager"); function isNullOrEmpty(value) { return value === undefined || value === null || value.trim() === ''; } class SecretSettingLambda { constructor() { this.secretsClient = new client_secrets_manager_1.SecretsManager({ region: process.env.AWS_DEFAULT_REGION, }); this.kmsClient = new client_kms_1.KMSClient({ region: process.env.KMS_KEY_REGION, // The region of the KMS key used to encrypt the secret }); } /// Handler decrypts the secret and sets it in Secrets Manager async handler(props) { if (isNullOrEmpty(props.secretArn) || isNullOrEmpty(props.cipherText) || isNullOrEmpty(props.keyId)) { throw new Error('Missing required properties: secretArn, cipherText, and keyId are required.'); } try { console.log('Decrypting ciphertextBlob'); // Decrypt Secret const response = await this.kmsClient.send(new client_kms_1.DecryptCommand({ CiphertextBlob: Buffer.from(props.cipherText, 'base64'), KeyId: props.keyId, })); console.log('Setting secret in Secrets Manager'); // Set Secret in Secrets Manager await this.secretsClient.putSecretValue({ SecretId: props.secretArn, SecretString: new TextDecoder().decode(response.Plaintext), }); } catch (error) { console.error('Error decrypting and setting secret:', error); throw error; } console.log('Secret decrypted and set successfully'); } } const handler = (event) => new SecretSettingLambda().handler(event); exports.handler = handler; //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvbGFtYmRhL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLG9EQUFnRSxDQUFDLG9CQUFvQjtBQUNyRiw0RUFBaUU7QUFRakUsU0FBUyxhQUFhLENBQUMsS0FBZ0M7SUFDckQsT0FBTyxLQUFLLEtBQUssU0FBUyxJQUFJLEtBQUssS0FBSyxJQUFJLElBQUksS0FBSyxDQUFDLElBQUksRUFBRSxLQUFLLEVBQUUsQ0FBQztBQUN0RSxDQUFDO0FBRUQsTUFBTSxtQkFBbUI7SUFJdkI7UUFDRSxJQUFJLENBQUMsYUFBYSxHQUFHLElBQUksdUNBQWMsQ0FBQztZQUN0QyxNQUFNLEVBQUUsT0FBTyxDQUFDLEdBQUcsQ0FBQyxrQkFBa0I7U0FDdkMsQ0FBQyxDQUFDO1FBQ0gsSUFBSSxDQUFDLFNBQVMsR0FBRyxJQUFJLHNCQUFTLENBQUM7WUFDN0IsTUFBTSxFQUFFLE9BQU8sQ0FBQyxHQUFHLENBQUMsY0FBYyxFQUFFLHVEQUF1RDtTQUM1RixDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsOERBQThEO0lBQzlELEtBQUssQ0FBQyxPQUFPLENBQUMsS0FBcUI7UUFDakMsSUFBSSxhQUFhLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxJQUFJLGFBQWEsQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLElBQUksYUFBYSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQ3BHLE1BQU0sSUFBSSxLQUFLLENBQUMsNkVBQTZFLENBQUMsQ0FBQztRQUNqRyxDQUFDO1FBRUQsSUFBSSxDQUFDO1lBQ0gsT0FBTyxDQUFDLEdBQUcsQ0FBQywyQkFBMkIsQ0FBQyxDQUFDO1lBQ3pDLGlCQUFpQjtZQUNqQixNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUN4QyxJQUFJLDJCQUFjLENBQUM7Z0JBQ2pCLGNBQWMsRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLEVBQUUsUUFBUSxDQUFDO2dCQUN2RCxLQUFLLEVBQUUsS0FBSyxDQUFDLEtBQUs7YUFDbkIsQ0FBQyxDQUNILENBQUM7WUFFRixPQUFPLENBQUMsR0FBRyxDQUFDLG1DQUFtQyxDQUFDLENBQUM7WUFDakQsZ0NBQWdDO1lBQ2hDLE1BQU0sSUFBSSxDQUFDLGFBQWEsQ0FBQyxjQUFjLENBQUM7Z0JBQ3RDLFFBQVEsRUFBRSxLQUFLLENBQUMsU0FBUztnQkFDekIsWUFBWSxFQUFFLElBQUksV0FBVyxFQUFFLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUM7YUFDM0QsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7WUFDZixPQUFPLENBQUMsS0FBSyxDQUFDLHNDQUFzQyxFQUFFLEtBQUssQ0FBQyxDQUFDO1lBQzdELE1BQU0sS0FBSyxDQUFDO1FBQ2QsQ0FBQztRQUNELE9BQU8sQ0FBQyxHQUFHLENBQUMsdUNBQXVDLENBQUMsQ0FBQztJQUN2RCxDQUFDO0NBQ0Y7QUFDTSxNQUFNLE9BQU8sR0FBRyxDQUFDLEtBQXFCLEVBQUUsRUFBRSxDQUFDLElBQUksbUJBQW1CLEVBQUUsQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLENBQUM7QUFBOUUsUUFBQSxPQUFPLFdBQXVFIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgS01TQ2xpZW50LCBEZWNyeXB0Q29tbWFuZCB9IGZyb20gJ0Bhd3Mtc2RrL2NsaWVudC1rbXMnOyAvLyBFUyBNb2R1bGVzIGltcG9ydFxuaW1wb3J0IHsgU2VjcmV0c01hbmFnZXIgfSBmcm9tICdAYXdzLXNkay9jbGllbnQtc2VjcmV0cy1tYW5hZ2VyJztcblxuaW50ZXJmYWNlIFNlY3JldFNldFByb3BzIHtcbiAgc2VjcmV0QXJuOiBzdHJpbmc7XG4gIGNpcGhlclRleHQ6IHN0cmluZztcbiAga2V5SWQ6IHN0cmluZztcbn1cblxuZnVuY3Rpb24gaXNOdWxsT3JFbXB0eSh2YWx1ZTogc3RyaW5nIHwgdW5kZWZpbmVkIHwgbnVsbCk6IGJvb2xlYW4ge1xuICByZXR1cm4gdmFsdWUgPT09IHVuZGVmaW5lZCB8fCB2YWx1ZSA9PT0gbnVsbCB8fCB2YWx1ZS50cmltKCkgPT09ICcnO1xufVxuXG5jbGFzcyBTZWNyZXRTZXR0aW5nTGFtYmRhIHtcbiAgcHJpdmF0ZSBzZWNyZXRzQ2xpZW50OiBTZWNyZXRzTWFuYWdlcjtcbiAgcHJpdmF0ZSBrbXNDbGllbnQ6IEtNU0NsaWVudDtcblxuICBjb25zdHJ1Y3RvcigpIHtcbiAgICB0aGlzLnNlY3JldHNDbGllbnQgPSBuZXcgU2VjcmV0c01hbmFnZXIoe1xuICAgICAgcmVnaW9uOiBwcm9jZXNzLmVudi5BV1NfREVGQVVMVF9SRUdJT04sXG4gICAgfSk7XG4gICAgdGhpcy5rbXNDbGllbnQgPSBuZXcgS01TQ2xpZW50KHtcbiAgICAgIHJlZ2lvbjogcHJvY2Vzcy5lbnYuS01TX0tFWV9SRUdJT04sIC8vIFRoZSByZWdpb24gb2YgdGhlIEtNUyBrZXkgdXNlZCB0byBlbmNyeXB0IHRoZSBzZWNyZXRcbiAgICB9KTtcbiAgfVxuXG4gIC8vLyBIYW5kbGVyIGRlY3J5cHRzIHRoZSBzZWNyZXQgYW5kIHNldHMgaXQgaW4gU2VjcmV0cyBNYW5hZ2VyXG4gIGFzeW5jIGhhbmRsZXIocHJvcHM6IFNlY3JldFNldFByb3BzKTogUHJvbWlzZTx2b2lkPiB7XG4gICAgaWYgKGlzTnVsbE9yRW1wdHkocHJvcHMuc2VjcmV0QXJuKSB8fCBpc051bGxPckVtcHR5KHByb3BzLmNpcGhlclRleHQpIHx8IGlzTnVsbE9yRW1wdHkocHJvcHMua2V5SWQpKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoJ01pc3NpbmcgcmVxdWlyZWQgcHJvcGVydGllczogc2VjcmV0QXJuLCBjaXBoZXJUZXh0LCBhbmQga2V5SWQgYXJlIHJlcXVpcmVkLicpO1xuICAgIH1cblxuICAgIHRyeSB7XG4gICAgICBjb25zb2xlLmxvZygnRGVjcnlwdGluZyBjaXBoZXJ0ZXh0QmxvYicpO1xuICAgICAgLy8gRGVjcnlwdCBTZWNyZXRcbiAgICAgIGNvbnN0IHJlc3BvbnNlID0gYXdhaXQgdGhpcy5rbXNDbGllbnQuc2VuZChcbiAgICAgICAgbmV3IERlY3J5cHRDb21tYW5kKHtcbiAgICAgICAgICBDaXBoZXJ0ZXh0QmxvYjogQnVmZmVyLmZyb20ocHJvcHMuY2lwaGVyVGV4dCwgJ2Jhc2U2NCcpLFxuICAgICAgICAgIEtleUlkOiBwcm9wcy5rZXlJZCxcbiAgICAgICAgfSksXG4gICAgICApO1xuXG4gICAgICBjb25zb2xlLmxvZygnU2V0dGluZyBzZWNyZXQgaW4gU2VjcmV0cyBNYW5hZ2VyJyk7XG4gICAgICAvLyBTZXQgU2VjcmV0IGluIFNlY3JldHMgTWFuYWdlclxuICAgICAgYXdhaXQgdGhpcy5zZWNyZXRzQ2xpZW50LnB1dFNlY3JldFZhbHVlKHtcbiAgICAgICAgU2VjcmV0SWQ6IHByb3BzLnNlY3JldEFybixcbiAgICAgICAgU2VjcmV0U3RyaW5nOiBuZXcgVGV4dERlY29kZXIoKS5kZWNvZGUocmVzcG9uc2UuUGxhaW50ZXh0KSxcbiAgICAgIH0pO1xuICAgIH0gY2F0Y2ggKGVycm9yKSB7XG4gICAgICBjb25zb2xlLmVycm9yKCdFcnJvciBkZWNyeXB0aW5nIGFuZCBzZXR0aW5nIHNlY3JldDonLCBlcnJvcik7XG4gICAgICB0aHJvdyBlcnJvcjtcbiAgICB9XG4gICAgY29uc29sZS5sb2coJ1NlY3JldCBkZWNyeXB0ZWQgYW5kIHNldCBzdWNjZXNzZnVsbHknKTtcbiAgfVxufVxuZXhwb3J0IGNvbnN0IGhhbmRsZXIgPSAoZXZlbnQ6IFNlY3JldFNldFByb3BzKSA9PiBuZXcgU2VjcmV0U2V0dGluZ0xhbWJkYSgpLmhhbmRsZXIoZXZlbnQpO1xuIl19