Wondering what’s next for npm?Check out our public roadmap! »

    @middy/secrets-manager
    TypeScript icon, indicating that this package has built-in type declarations

    2.0.1 • Public • Published

    Middy secrets-manager middleware

    Middy logo

    Secrets Manager middleware for the middy framework, the stylish Node.js middleware engine for AWS Lambda

    This middleware fetches secrets from AWS Secrets Manager.

    Secrets to fetch can be defined by by name. See AWS docs here.

    Secrets are assigned to the function handler's context object.

    The Middleware makes a single API request for each secret as Secrets Manager does not support batch get.

    For each secret, you also provide the name under which its value should be added to context.

    Install

    To install this middleware you can use NPM:

    npm install --save @middy/secrets-manager

    Options

    • AwsClient (object) (default AWS.SecretsManager): AWS.SecretsManager class constructor (e.g. that has been instrumented with AWS XRay). Must be from aws-sdk v2.
    • awsClientOptions (object) (optional): Options to pass to AWS.SecretsManager class constructor.
    • awsClientAssumeRole (string) (optional): Internal key where secrets are stored. See @middy/sts on to set this.
    • awsClientCapture (function) (optional): Enable XRay by passing captureAWSClient from aws-xray-sdk in.
    • fetchData (object) (required): Mapping of internal key name to API request parameter SecretId.
    • disablePrefetch (boolean) (default false): On cold start requests will trigger early if they can. Setting awsClientAssumeRole disables prefetch.
    • cacheKey (string) (default secrets-manager): Internal cache key for the fetched data responses.
    • cacheExpiry (number) (default -1): How long fetch data responses should be cached for. -1: cache forever, 0: never cache, n: cache for n ms.
    • setToEnv (boolean) (default false): Store secrets to process.env. Storing secrets in process.env is considered security bad practice
    • setToContext (boolean) (default false): Store secrets to request.context.

    NOTES:

    • Lambda is required to have IAM permission for secretsmanager:GetSecretValue
    • setToEnv and setToContext are included for legacy support and should be avoided for performance and security reasons. See main documentation for best practices.
    • setToEnv can only assign secrets of type string

    Sample usage

    import middy from '@middy/core'
    import secretsManager from '@middy/secrets-manager'
    
    const handler = middy((event, context) => {
      return {}
    })
    
     handler.use(secretsManager({
       fetchData: {
        apiToken: 'dev/api_token'
      }
    }))
    
    // Before running the function handler, the middleware will fetch from Secrets Manager
    handler(event, context, (_, response) => {
      // assuming the dev/rds_login has two keys, 'Username' and 'Password'
      t.is(context.RDS_LOGIN.Username,'username')
      t.is(context.RDS_LOGIN.Password,'password')
    })

    Middy documentation and examples

    For more documentation and examples, refers to the main Middy monorepo on GitHub or Middy official website.

    Contributing

    Everyone is very welcome to contribute to this repository. Feel free to raise issues or to submit Pull Requests.

    License

    Licensed under MIT License. Copyright (c) 2017-2021 Luciano Mammino, will Farrell, and the Middy team.

    FOSSA Status

    Install

    npm i @middy/secrets-manager

    DownloadsWeekly Downloads

    10,499

    Version

    2.0.1

    License

    MIT

    Unpacked Size

    10.2 kB

    Total Files

    5

    Last publish

    Collaborators

    • avatar
    • avatar
    • avatar