npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

aws-get-secret-lambda

v1.0.9

Published

Installs a AWS Lambda layer via CDK

Downloads

4

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

hermanbankenhermanbanken

Keywords

Readme

aws-get-secret

This is a utility much like the awesome gcp-get-secret from Binx.io. You can wrap it around your application that consumes environment variables containing secrets. By calling aws-get-secret -- [your-cli] [--your-args] it will call your cli command (server, serverless, etc.) and fill any environment variable that starts with the aws:/// format documented below.

Note: use any libary dealing with secrets with great care. Actions you can take to prevent impact:

  1. Do not trust me. Pin down your dependencies to exact SHA-512 hashes like with npm package-lock and Golang's go.sum.
  2. Do not trust any other module (node, etc) you install: vet them & pin them.
  3. Install upgrades only after careful review & again pin your dependencies.
  4. Rotate your secrets frequently, to make it something you do with ease.
  5. Seriously, pin your dependencies.

Forks welcome

If you miss functionality, feel free to fork the repository & optionally send Pull Requests to contribute back.

Usage

First, set some environment variables that define where to get the secret:

export FIRST_SECRET=aws:///arn:aws:secretsmanager:eu-central-1:1234567:secret:First-ABCDEF
export OTHER_SECRET=aws:///arn:aws:secretsmanager:eu-central-1:1234567:secret:Other-ABCDEF

You can define query parameters on the aws:/// uri just like with binxio/gcp-get-secret:

  • default to set a default value if there is no value
  • template to pick values from a JSON secret or to wrap the value with other data
  • destination and chmod to write to a file instead of using the environment

Then wrap your executable with this tool:

# quick example:
./aws-get-secret sh -c 'echo Something $SECRET;'

# NodeJS server:
./aws-get-secret node dist/server.js

# Python server server:
./aws-get-secret python3 server.py

AWS Lambda

Call this tool as a Lambda extension script (wrapperscript) to preload secret manager secrets to environment variables.

To use this wrapper script, create a Layer including the go binary of this repository. Then include the binary in another layer and invoke it by setting AWS_LAMBDA_EXEC_WRAPPER=/opt/aws-get-secret on your lambda. Alternatively, you can use the NodeJS CDK-compatible package which does this for you.

npm i aws-get-secret-lambda

Then wrap your Lambda like this (if you're using CDK):

import { wrapLambdasWithSecrets } from "aws-get-secret-lambda"

export class SomeStack extends Stack {
  constructor(scope: Construct) {
    super(scope, 'SomeStack');

    wrapLambdasWithSecrets(this.getAllFunctions());
  }
}

Refs

  1. https://github.com/aws-samples/aws-lambda-environmental-variables-from-aws-secrets-manager
  2. https://dev.to/aws-builders/getting-the-most-of-aws-lambda-free-compute-wrapper-scripts-3h4b
  3. https://docs.aws.amazon.com/lambda/latest/dg/runtimes-modify.html#runtime-wrapper
  4. https://github.com/binxio/gcp-get-secret
  5. https://www.hermanbanken.nl/2022/03/31/aws-get-secret/