env0-middy-secrets-manager
v1.4.0-add-set-env
Published
Secrets Manager middleware for the middy framework
Downloads
3
Maintainers
Readme
Middy secrets-manager middleware
This middleware fetches secrets from AWS Secrets Manager.
Secrets to fetch can be defined by by name. See AWS docs here.
Secrets are assigned to the function handler's context
object.
The Middleware makes a single API request for each secret as Secrets Manager does not support batch get.
For each secret, you also provide the name under which its value should be added to context
.
Install
To install this middleware you can use NPM:
npm install --save @middy/secrets-manager
Options
cache
(boolean) (optional): Defaults tofalse
. Set it totrue
to skip further calls to AWS Secrets ManagercacheExpiryInMillis
(int) (optional): Defaults toundefined
. Use this option to invalidate cached secrets from Secrets Managersecrets
(object) : Map of secrets to fetch from Secrets Manager, where the key is the destination, and value is secret name or secret ARN in Secrets Manager. Example:{secrets: {RDS_LOGIN: 'dev/rds_login'}}
awsSdkOptions
(object) (optional): Options to pass to AWS.SecretsManager class constructor.throwOnFailedCall
(boolean) (optional): Defaults tofalse
. Set it totrue
if you want your lambda to fail in case call to AWS Secrets Manager fails (secrets don't exist or internal error). It will only print error if secrets are not already cached.setEnvironment
(boolean) (optional): Defaults tofalse
. Set it totrue
if you want to set the secrets as environment variables in addition to the context parameter. Praticularly useful for string secrets.
NOTES:
- Lambda is required to have IAM permission for
secretsmanager:GetSecretValue
action aws-sdk
version of2.176.0
or greater is required. If your project doesn't currently useaws-sdk
, you may need to install it as adevDependency
in order to run tests
Sample usage
const middy = require('@middy/core')
const secretsManager = require('@middy/secrets-manager')
const handler = middy((event, context, cb) => {
cb(null, {})
})
handler.use(secretsManager({
cache: true,
secrets: {
RDS_LOGIN: 'dev/rds_login'
}
}))
// Before running the function handler, the middleware will fetch from Secrets Manager
handler(event, context, (_, response) => {
// assuming the dev/rds_login has two keys, 'Username' and 'Password'
expect(context.RDS_LOGIN.Username).toEqual('username')
expect(context.RDS_LOGIN.Password).toEqual('password')
})
Middy documentation and examples
For more documentation and examples, refers to the main Middy monorepo on GitHub or Middy official website.
Contributing
Everyone is very welcome to contribute to this repository. Feel free to raise issues or to submit Pull Requests.
License
Licensed under MIT License. Copyright (c) 2017-2018 Luciano Mammino and the Middy team.