UNPKG

envilder

Version:

A CLI and GitHub Action that securely centralizes your environment variables from AWS SSM or Azure Key Vault as a single source of truth

70 lines 3.15 kB
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; import { GetParametersCommand } from '@aws-sdk/client-ssm'; import { ExpiredCredentialsError, isExpiredCredentialsError, } from '../../domain/expired-credentials-error.js'; import { isSsoSessionExpiredError, SsoSessionExpiredError, } from '../../domain/sso-session-expired-error.js'; const SSM_BATCH_SIZE = 10; /** * {@link ISecretProvider} backed by AWS SSM Parameter Store. * * Parameters are retrieved with decryption enabled so that * SecureString values are returned in plain text. * * SSM supports fetching up to 10 parameters per request, * so names are chunked into batches automatically. */ export class AwsSsmSecretProvider { constructor(ssmClient, profile) { if (!ssmClient) { throw new Error('ssmClient cannot be null'); } this.ssmClient = ssmClient; this.profile = profile; } getSecrets(names) { return __awaiter(this, void 0, void 0, function* () { var _a; const result = new Map(); if (names.length === 0) { return result; } for (const name of names) { if (!(name === null || name === void 0 ? void 0 : name.trim())) { throw new Error('Secret name cannot be null or whitespace'); } } for (let i = 0; i < names.length; i += SSM_BATCH_SIZE) { const batch = names.slice(i, i + SSM_BATCH_SIZE); try { const response = yield this.ssmClient.send(new GetParametersCommand({ Names: batch, WithDecryption: true, })); for (const param of (_a = response.Parameters) !== null && _a !== void 0 ? _a : []) { if (param.Name && param.Value != null) { result.set(param.Name, param.Value); } } } catch (error) { if (isSsoSessionExpiredError(error)) { throw new SsoSessionExpiredError(this.profile, error); } if (isExpiredCredentialsError(error)) { throw new ExpiredCredentialsError(error); } throw error; } } return result; }); } } //# sourceMappingURL=aws-ssm-secret-provider.js.map