0

Trying to retrieve data from secret manager using Node.js usign async / await.

using function for example fetchSecret('SECRETKEY')

var aws = require("aws-sdk");
var client = new aws.SecretsManager({
    region: 'ap-southeast-1' // Your region
});
var secret, decodedBinarySecret;
//context.callbackWaitsForEmptyEventLoop = false;
exports.handler = (event, context, callback) => {
    client.getSecretValue({
        SecretId: 'MyFirstSecret'
    }, function(err, data) {
        if (err) {
            if (err.code === 'DecryptionFailureException')
                // Secrets Manager can't decrypt the protected secret text using the provided KMS key.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'InternalServiceErrorException')
                // An error occurred on the server side.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'InvalidParameterException')
                // You provided an invalid value for a parameter.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'InvalidRequestException')
                // You provided a parameter value that is not valid for the current state of the resource.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'ResourceNotFoundException')
                // We can't find the resource that you asked for.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
        } else {
            // Decrypts secret using the associated KMS CMK.
            // Depending on whether the secret is a string or binary, one of these fields will be populated.
            if ('SecretString' in data) {
                secret = data.SecretString;
            } else {
                let buff = new Buffer(data.SecretBinary, 'base64');
                decodedBinarySecret = buff.toString('ascii');
            }
        }
// Your code goes here. 
        console.log(secret);
    });
};

Tried how do I use aws secret manager with nodejs lambda Setting Secrets from AWS Secrets manager in Node.JS

insoftservice
  • 820
  • 8
  • 15

2 Answers2

0

Again. Although you are using callbacks your code it is still async. So you should change your lambda function for async.

You could also go promisifying the .getSecretValue by doing: return new Promise((resolve, reject)=> getSecretValue(...resolve()) but AWS comes with a promise() function that does that for you. With that in mind lest improve your code a little bit.

1 - Making it async
2 - Putting into a async context

var aws = require("aws-sdk");
var client = new aws.SecretsManager({
    region: 'ap-southeast-1' // Your region
});
var secret, decodedBinarySecret;

//changes - async keyword
exports.handler = async (event, context) => {

const secretValue =  client.getSecretValue({ SecretId: 'MyFirstSecret' }).promise()

return secretValue
 .then((data)=>{

  // Decrypts secret using the associated KMS CMK.
  // Depending on whether the secret is a string or binary, one of these fields will be populated.
    if ('SecretString' in data) {
                secret = data.SecretString;
     } else {
                let buff = new Buffer(data.SecretBinary, 'base64');
                decodedBinarySecret = buff.toString('ascii');
     }
  // Your code goes here. 
  console.log(secret);


}).catch(err=> {

            if (err.code === 'DecryptionFailureException')
                // Secrets Manager can't decrypt the protected secret text using the provided KMS key.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'InternalServiceErrorException')
                // An error occurred on the server side.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'InvalidParameterException')
                // You provided an invalid value for a parameter.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'InvalidRequestException')
                // You provided a parameter value that is not valid for the current state of the resource.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'ResourceNotFoundException')
                // We can't find the resource that you asked for.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
 
})
  
};
Dharman
  • 30,962
  • 25
  • 85
  • 135
iwaduarte
  • 1,600
  • 17
  • 23
0

To connect your AWS secret manager, you need to install the SDK ie. aws-sdk

import { SecretsManager } from 'aws-sdk';

Code to fetch the secret values from the AWS secret manager.

let SecretsManagerClient = new SecretsManager(
                           { region: 'YOUR_SECRET_MANAGER_REGION'});

const SecretsManagerResult = await SecretsManagerClient
                            .getSecretValue({
                                SecretId: 'YOUR_SECRET_MANAGER_KEY',
                             })
                            .promise();

SecretsManagerClient().getSecretValue() will return data so you need to parse this data as.

const SecretsManagerResponse = JSON.parse(SecretsManagerResult.SecretString);
const {clsa_key, clsa_secret} = SecretsManagerResponse;

Thanks

Shubham Verma
  • 8,783
  • 6
  • 58
  • 79