haven-secrets-core
Version:
Core for Haven, the easy to use centralized secrets manager.
55 lines (48 loc) • 1.47 kB
JavaScript
import getItem from "../aws/dynamodb/items/getItem.js";
import decryptItem from "../aws/encryption/decryptItem.js";
import base64ToAscii from "../utils/base64ToAscii.js";
import constructTableName from "../utils/constructTableName.js";
import putLoggingItem from "../aws/dynamodb/items/putLoggingItem.js";
import { keyAlias } from "../utils/config.js";
const getSecret = async (project, environment, secretName, version = "") => {
try {
const tableName = constructTableName(project, environment);
version = String(version);
const result = await getItem(secretName, tableName, version);
const encryptedSecret = version
? result.Item?.SecretValue.B
: result.Items[0].SecretValue.B;
if (!version) version = result.Items[0].Version.S;
if (!encryptedSecret)
return console.log("The specified secret does not exist");
const decryptedSecretBlob = await decryptItem(
secretName,
encryptedSecret,
version,
tableName,
keyAlias
);
const decryptedSecret = base64ToAscii(decryptedSecretBlob);
putLoggingItem(
project,
environment,
"get",
secretName,
version,
"Succcessful"
);
return decryptedSecret;
} catch (error) {
console.log(`${error.code}: ${error.message}`);
putLoggingItem(
project,
environment,
"get",
secretName,
version,
error.code
);
return error;
}
};
export default getSecret;