While writing this question I found the answer, but still it might be helpful to someone else that start using node12 template model for making functions on openfaas and needs accessing secrets defined using faas-cli.
By creating a function for build and deploy with openfaas (or faasd in my case), we need a function.yml file as follow:
provider:
name: openfaas
gateway: https://faasd.mygateway.com
functions:
my_function:
lang: node12
handler: ./my_function
image: my_org/my_function:latest
Until here the function deployed will work, but the directory "/var/openfaas/secrets/" will not be available or visible to the function, as it needs to be stated explicity in the yaml file as follows:
provider:
name: openfaas
gateway: https://faasd.mygateway.com
functions:
my_function:
lang: node12
handler: ./my_function
image: my_org/my_function:latest
secrets:
- mysecret
- second-secret
- third-secret
Now, after a new build/push and deploy the openfaas engine will make a link to each one of the secrets. Note that, the function only can acces those secrets stated on the yaml file, even if there are more secrets on the gatweay machine.
here is a good example: https://www.openfaas.com/blog/faasd-tls-terraform/
From here, a secret is easyly accessed using fs.readFile as follows:
async function getsecret(name) {
try {
var secretval = ""
secretval = await fs.readFile("/var/openfaas/secrets/" + name, "utf8")
return secretval;
} catch (error) {
return "ERROR: on getting secret " + name
}
}
note that the function needs to be async and the fs must use promises:
const fs = require('fs').promises;
so it can be used as:
try {
let mysecret = await getsecret("mysecret");
//... other business logic
return whatever;
} catch (error) {
return "ERROR"
}
All this came up because I followed an outdated example, and by thinking that secrets are available to functions by default, which is not crearly started on the docs. But somehow, it made me realize how well structured and secure the process is implemented in openfaas, Thanks Alex Ellis and the openfaas team and community!.
Hope this helps someone.
Regards, Enrique
note this is my first write in StackOverflow.. hope is readable and into to the standards.
