@xplora-uk/secrets
v1.7.0
Published
shared secrets reader library
Downloads
79
Readme
secrets
use AWS SDK and read settings from Secrets Manager
It covers two scenarios:
A:
The secret my_app is already loaded into process.env e.g. in an AWS ECS container.
process.env.my_app is { "DB_PASS": "secretPassword" }
Then, result.data is an object based on JSON.parse(process.env.my_app).
B:
The secret is not in process.env but only in AWS Secrets Manager.
Then, result.data is an object based on JSON.parse(secret) the secret found on AWS.
DEV
Check code inside src.
requirements for dev
- Node v18.x
install, build, configure, test
npm i
npm run buildcp _sample.env .env
# edit itSample:
AWS_ACCESS_KEY_ID="key"
AWS_SECRET_ACCESS_KEY="secret"
AWS_REGION="eu-central-1"
my_app='{ "PASSWORD": "pass1234" }'
DB_HOST="${MYSQL_HOST}"Run tests:
# check tests inside src/__tests__
npm run test
npm run test:coverageUSAGE
requirements for usage
- Node v18.x
installation
npm i @xplora-uk/secretsconfiguration
import { newSecretsReader } from '@xplora-uk/secrets';
// configure and load
const secretsReader = newSecretsReader({}); // defaults to aws
//const secretsReader = newSecretsReader({ kind: 'aws' });
// use with side-effect on process.env
const secret = await secretsReader.readSecret({ secretId: process.env.APP_ID, env: process.env, updateEnv: true });
if (secret.error) console.error('failed to read secret', secret.error);
// also, secret.data contains secret objectbatch reader
Sample:
const env: IEnvSettings = {
...process.env, // use a copy of process.env, if you do not change it!
PROGRAM_NAME: 'my-test-app',
};
const { errors } = await batchReadSecrets({ env }); // note side-effect on env- Load
_defaults.envfile. - Load
_sharedSecrets.json, if it was injected by CI/CD script. - Load
sharedsecret from AWS, if it exists. - Load
_secrets.jsonfile, if it was injected by CI/CD script. - Load
{env.PROGRAM_NAME}secret from AWS, if it exists. - Load
.envfile, if it exists. Developers can copy default settings and override. - Expand variables using dotenv-expand.
In each step, we will merge settings found into env object.