Get secrets in AWS lambda node.js

Question

Can anyone provide a simple, complete node.js lambda function where I can get a secret from secrets manager and use it? I am struggling with the async/await process. I have already tried several suggestions from other posts, but all of them, at the end, can't really use the secret in the main function. For example, I have a main function and call a second function to retrieve the secret:

xxx = retrieve_secret('mysecret');

Then, in the retrieve_secret function I am able to retrieve the secret, I can print it using console.log, but when I try to use it in the main function, it says "Promise ".

Please, help. Thanks in advance!

Sounds like adding an await would solve that. So `xxx = await retrieve_secret('mysecret');` This makes the function where that line is asynchronous, so it requires the `async` keyword. — mtkopone, May 11 '20 at 19:58
Right. I tried it. But it didn't work. It seems to be a little more complicated because inside the retrieve_secret function we need to call the secrets api (client.getSecretValue), so should this one also be async? I tried several things, following several articles, but none of them address it completely. — user13520400, May 11 '20 at 20:10

score 9 · Accepted Answer · answered May 15 '20 at 00:27

So, after a few days working on it, I was finally able to solve it :) Here is the code that worked for me:

exports.handler = async (event, context, callback) => {

   // Get Secret
   var AWS       = require('aws-sdk');
   var MyPromise = new AWS.SecretsManager();

   var Vsecret   = await MyPromise.getSecretValue({
      SecretId: 'enter-the-secret-id-here'
      }).promise();

   var MyOpenSecret = JSON.parse(Vsecret.SecretString);

   // From here, we can use the secret:
   var Vhost     = MyOpenSecret.host;
   var Vuser     = MyOpenSecret.username;
   var Vpassword = MyOpenSecret.password; 
   var Vdatabase = .....

score 0 · Answer 2 · answered May 12 '20 at 06:19

0

Looking at your question seems you are not able to read response from retrieve_secret('mysecret') method as you have mentioned it return promise, you can read it by using .then() after promise. Try doing this -

xxx.then(res => {
    console.log(res)
})

Or here is the code to call get your secret details:

import AWS from "aws-sdk";

getSecretValue(secretName: string): Promise<string> {
        const client = new AWS.SecretsManager({ 
            region: '',
            accessKeyId: '',
            secretAccessKey: '',
        });
        const secretId = "secretName";
        return new Promise((resolve, reject) =>
            client.getSecretValue({ SecretId: secretId }, (err, data) => {
                if (err) {
                    reject(err);
                } else {
                    resolve(data.SecretString);
                }
            })
        );
    }

answered May 12 '20 at 06:19

Abhishek Bajpai

9
3

Hi Abhishek, thanks for your answer. I have 2 questions: 1) For the example you gave with xxx - will the secret value return to xxx variable? If I do console.log(xxx), I will see the secret? 2) Sorry but I am just a beginner with node.js - I just copied/pasted your code, and it says "unexpected token". Do I need to replace something? Is this a function? How do I pass the secret name which I want to retrieve to this function? Thanks! – user13520400 May 12 '20 at 13:31
Also: Tried to implement the xxx.then, and received the following error: "errorMessage": "xxx.then is not a function", – user13520400 May 12 '20 at 13:39
xxx = retrieve_secret('mysecret'); xxx is the name of variable in which you have assigned your retrieve_Secret('mysecret') function. If you are using my code then add give details of "region", "accessKeyId", "secretAccessKey". Also in place of "secretName" give name of your secret. – Abhishek Bajpai May 13 '20 at 14:21
But why we would need to provide "accessKeyId" and "secretAccessKey if we are running it from lambda? The lambda function already has the required permissions in the role attached. At least , for other services than secrets, I don't need to provide it. – user13520400 May 13 '20 at 14:46

Get secrets in AWS lambda node.js

2 Answers2