@bluehalo/fhir-secrets
v0.10.0
Published
AWS KMS Secrets retrieval promisified
Downloads
4
Keywords
Readme
FHIR-Secrets
AWS KMS Secrets retrieval promisified.
Install
yarn add @bluehalo/fhir-secrets
Prerequisites
- You will need an AWS Account.
- You should have the CiphertextBlob you need to decrypt.
- You can authenticate with AWS.
Usage
Depending on where you are running this code, the setup portion may change. If you have a default AWS profile with region and everything else set, you can use the decrypt function as follows:
const secrets = require('@bluehalo/fhir-secrets');
// This is output when you encrypt a secret with kms
// https://docs.aws.amazon.com/cli/latest/reference/kms/encrypt.html
let CiphertextBlob = 'somefakeblobcontent=';
// Lets assume this blob contains metadata for a plaintext secret with value foobar
secrets
.decrypt({ CiphertextBlob })
.then((secret) => {
console.log(secret);
// logs foobar
})
.catch(console.error);
If you need to configure the setup process with region or other properties in the client class constructor, you can do so and chain the process.
const secrets = require('@bluehalo/fhir-secrets');
secrets
.configure({ region: 'us-east-2' })
.decrypt({ CiphertextBlob: 'somefakeblobcontent=' })
.then((secret) => doThingsWithSecret())
.catch(console.error);
See fhir-secrets tests for more usage examples.
Methods
configure
Configures the service class with any AWS or service class specific configurations.
This takes a single options object. See https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/KMS.html#constructor-property. It returns this
so you can immediately call decrypt
after configuring it.
decrypt
Wrapper on kms.decrypt but returns a promise which resolves the plain text of the secret.
This takes a single options object. See https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/KMS.html#decrypt-property. The only necessary property from this is CiphertextBlob
.