Contents of your config file, for example config.json
:
{
"appSettings": {
"DBConfig": {
"user": { "_encryptedTextBlob_": "AQECAHhEJQBbQ8N+ .... some b64 encoded encrypted text blob" },
"password": { "_encryptedTextBlob_": "AQECAHhEJQBbQ8N+ .... some b64 encoded encrypted text blob" },
"server": "some-server",
"database": "some-database"
}
}
}
// or to minimise rountrips to KMS, better encrypt whole section
{
"appSettings": {
"DBConfig": {
"_encryptedTextBlob_": "AQECAHhEJQBbQ8N+ .... some b64 encoded encrypted text blob" }
"server": "some-server",
"database": "some-database"
}
}
}
Strings must be encrypted using AWS Key Management Service and your lambda execution role should have kms:Decrypt
permissions to use the key.
Store config.json
locally and include it in your lambda package, or upload it to a public hosting service like AWS S3.
Load config.json
as follows:
var cfg = require('lambda-config');
cfg.loadFromFile("local-path-or-url-to-config.json", function (err, config) {
if (err) {
console.log(err, err.stack); // an error occurred
}
else {
console.log(config);
}
}, "your-aws-region");
Note that if your KMS encryption key is in the same region as the lambda you don't need to pass the region since process.env['AWS_DEFAULT_REGION']
will be used.
If they are in different regions and you don't pass region parameter, key will be looked for in us-east-1 region.
You can also load configuration json from another source file. For example, you can have file rootConfig.json
with the following contents:
{
"appSettings": {
"_loadFrom_": "./config.json"
}
}
// and then use it same way as above:
var cfg = require('lambda-config');
cfg.loadFromFile("local-path-or-url-to-rootConfig.json", function (err, config) {
...
});
// in this case, config object should have the following structure
{
"appSettings": {
"DBConfig": {
"user": "some-decrypted-username",
"password": "some-decrypted-password",
"server": "some-server",
"database": "some-database"
}
}
}
You can also use the loadFromString
method with configuration json string:
var cfg = require('lambda-config');
cfg.loadFromString("some-configuration-json-string", function (err, config) {
...
});
or call loadFromObject
:
var cfgSource = { _loadFrom_: "./path-to-file" }
cfg.loadFromObject(cfgSource, function (err, config) {
...
});
If you have mixed section with _loadFrom_
or _encryptedTextBlob_
and regular fields, all will be merged together in a resulting object:
// userConfig.json
{
"user": "some-user",
"password": "some-password"
}
// rootConfig.json
{
"appSettings": {
"_loadFrom_": "./userConfig.json",
"server": "some-server"
}
}
// calling loadFromFile with "./rootConfig.json" as a parameter will return the following
{
"appSettings": {
"user": "some-user",
"password": "some-password",
"server": "some-server"
}
}
Note that you may need to flatten your dependencies folder before publishing to AWS Lambda to avoid the path character limit.