npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@alicloud/credentials

v2.4.0

Published

alibaba cloud node.js sdk credentials

Downloads

41,325

Readme

English | 简体中文

Alibaba Cloud Credentials for TypeScript/Node.js

npm version NodeJS codecov license

Installation

npm install @alicloud/credentials

Node.js >= 12 required.

Quick Examples

Before you begin, you need to sign up for an Alibaba Cloud account and retrieve your Credentials.

Credential Type

access_key

Setup access_key credential through User Information Management, it have full authority over the account, please keep it safe. Sometimes for security reasons, you cannot hand over a primary account AccessKey with full access to the developer of a project. You may create a sub-account RAM Sub-account , grant its authorization,and use the AccessKey of RAM Sub-account.

import Credential, { Config } from '@alicloud/credentials';

const config: Config = {
  type:               'access_key',       // credential type
  accessKeyId:        'accessKeyId',      // AccessKeyId of your account
  accessKeySecret:    'accessKeySecret',  // AccessKeySecret of your account
}
const cred = new Credential(config);
const {
  accessKeyId,
  accessKeySecret,
  type
} = await cred.getCredential();

sts

Create a temporary security credential by applying Temporary Security Credentials (TSC) through the Security Token Service (STS).

import Credential, { Config } from '@alicloud/credentials';

const config: Config = {
  type:                  'sts',             // credential type
  accessKeyId:           'accessKeyId',     // AccessKeyId of your account
  accessKeySecret:       'accessKeySecret', // AccessKeySecret of your account
  securityToken:         'securityToken',   // Temporary Security Token
}
const cred = new Credential(config);
const {
  accessKeyId,
  accessKeySecret,
  securityToken,
  type
} = await cred.getCredential();

ram_role_arn

By specifying RAM Role, the credential will be able to automatically request maintenance of STS Token. If you want to limit the permissions(How to make a policy) of STS Token, you can assign value for Policy.

import Credential, { Config } from '@alicloud/credentials';

const config: Config = {
  type:                 'ram_role_arn',     // credential type
  accessKeyId:          'accessKeyId',      // AccessKeyId of your account
  accessKeySecret:      'accessKeySecret',  // AccessKeySecret of your account
  roleArn:              'roleArn',          // Format: acs:ram::USER_ID:role/ROLE_NAME
  roleSessionName:      'roleSessionName',  // Role Session Name
  policy:               'policy',           // Not required, limit the permissions of STS Token
  roleSessionExpiration: 3600,              // Not required, limit the Valid time of STS Token
}
const cred = new Credential(config);
const {
  accessKeyId,
  accessKeySecret,
  securityToken,
  type
} = await cred.getCredential();

oidc_role_arn

By specifying OIDC Role, the credential will be able to automatically request maintenance of STS Token. If you want to limit the permissions(How to make a policy) of STS Token, you can assign value for Policy.

import Credential, { Config } from '@alicloud/credentials';

const config: Config = {
  type:                   'oidc_role_arn',    // credential type
  roleArn:                'roleArn',          // Format: acs:ram::USER_Id:role/ROLE_NAME roleArn can be replaced by setting environment variable: ALIBABA_CLOUD_ROLE_ARN
  oidcProviderArn:        'oidcProviderArn',  // Format: acs:ram::USER_Id:oidc-provider/ROLE_NAME oidcProviderArn can be replaced by setting environment variable: ALIBABA_CLOUD_OIDC_PROVIDER_ARN
  oidcTokenFilePath:      '/Users/xxx/xxx',   // Format: path  OIDCTokenFilePath can be replaced by setting environment variable: ALIBABA_CLOUD_OIDC_TOKEN_FILE
  roleSessionName:        'roleSessionName',  // Role Session Name
  policy:                 'policy',           // Not required, limit the permissions of STS Token
  roleSessionExpiration:   3600,              // Not required, limit the Valid time of STS Token
}
const cred = new Credential(config);
const {
  accessKeyId,
  accessKeySecret,
  securityToken,
  type
} = await cred.getCredential();

ecs_ram_role

By specifying the role name, the credential will be able to automatically request maintenance of STS Token.

import Credential, { Config } from '@alicloud/credentials';
const config: Config = {
  type:                 'ecs_ram_role',       // credential type
  roleName:             'roleName',           // `roleName` is optional. It will be retrieved automatically if not set. It is highly recommended to set it up to reduce requests.
  disableIMDSv1:         true,                 // `disableIMDSv1` is optional and is recommended to be turned on. It can be replaced by setting environment variable: ALIBABA_CLOUD_IMDSV1_DISABLED
}
const cred = new Credential(config);
const {
  accessKeyId,
  accessKeySecret,
  securityToken,
  type
} = await cred.getCredential();

rsa_key_pair

By specifying the public key ID and the private key file, the credential will be able to automatically request maintenance of the AccessKey before sending the request. Only Japan station is supported.

import Credential, { Config } from '@alicloud/credentials';
const config: Config = {
  type:                     'rsa_key_pair',       // credential type
  privateKeyFile:           'privateKeyFile',     // The file path to store the PrivateKey
  publicKeyId:              'publicKeyId',        // PublicKeyId of your account
}
const cred = new Credential(config);
const {
  accessKeyId,
  accessKeySecret,
  securityToken,
  type
} = await cred.getCredential();

credentials_uri

By specifying a local or remote URI to get credentials and refresh automanticly.

import Credential, { Config } from '@alicloud/credentials';
const config: Config = {
  type: 'credentials_uri',
  credentialsURI: 'http://a_local_or_remote_address/'  //credentialsURI can be replaced by setting environment variable: ALIBABA_CLOUD_CREDENTIALS_URI
};
const cred = new Credential(config);
const {
  accessKeyId,
  accessKeySecret,
  securityToken,
  type
} = await cred.getCredential();

The URI must reponse meets following conditions:

  • response status code is 200
  • response body struct must be:
{
  "Code": "Success",
  "AccessKeySecret": "AccessKeySecret",
  "AccessKeyId": "AccessKeyId",
  "Expiration": "2021-09-26T03:46:38Z",
  "SecurityToken": "SecurityToken"
}

bearer

If credential is required by the Cloud Call Centre (CCC), please apply for Bearer Token maintenance by yourself.

import Credential, { Config } from '@alicloud/credentials';
const config: Config = {
  type:                 'bearer',            // credential type
  bearerToken:          'bearerToken',       // BearerToken of your account
}
const cred = new Credential(config);
let bearerToken: string = await cred.getBearerToken();
let type: string = cred.getType();

Provider

If you call new Credential() with empty, it will use provider chain to get credential for you.

1. Environment Credentials

The program first looks for environment credentials in the environment variable. If the ALIBABA_CLOUD_ACCESS_KEY_ID and ALIBABA_CLOUD_ACCESS_KEY_SECRET environment variables are defined and are not empty, the program will use them to create the default credential. If not, the program loads and looks for the client in the configuration file.

2. Config File

If there is ~/.alibabacloud/credentials default file (Windows shows C:\Users\USER_NAME\.alibabacloud\credentials), the program will automatically create credential with the name of 'default'. The default file may not exist, but a parse error throws an exception. The specified files can also be loaded indefinitely: AlibabaCloud::load('/data/credentials', 'vfs://AlibabaCloud/credentials', ...); This configuration file can be shared between different projects and between different tools. Because it is outside the project and will not be accidentally committed to the version control. Environment variables can be used on Windows to refer to the home directory %UserProfile%. Unix-like systems can use the environment variable $HOME or ~ (tilde). The path to the default file can be modified by defining the ALIBABA_CLOUD_CREDENTIALS_FILE environment variable.

[default]                          # Default credential
type = access_key                  # Certification type: access_key
access_key_id = foo                # access key id
access_key_secret = bar            # access key secret

3. Instance RAM Role

If the environment variable ALIBABA_CLOUD_ECS_METADATA is defined and not empty, the program will take the value of the environment variable as the role name and request http://100.100.100.200/latest/meta-data/ram/security-credentials/ to get the temporary Security credential.

4. Credentials URI

If the environment variable ALIBABA_CLOUD_CREDENTIALS_URI is defined and not empty, the program will take the value of the environment variable as the credentials uri.

Test & Coverage

  • run test
npm run test
  • run code coverage
npm run cov

License

MIT

Copyright (c) 2009-present, Alibaba Cloud All rights reserved.