我正在使用 Sequelize CLI 对数据库运行迁移,并且我有以下
.sequelizerc// .sequelizerc
const path = require('path');
module.exports = {
"config": path.resolve('src', 'database', 'config.js'),
"models-path": path.resolve('src', 'models'),
"seeders-path": path.resolve('src', 'database', 'seeders'),
"migrations-path": path.resolve('src', 'database', 'migrations'),
};
我们数据库的凭据保存在机密管理器中,因此可以轻松轮换它们,并且永远不会存储在我们的存储库或某人的计算机中。因此,我们的
config.js// src/database/config.js
const { AsyncObtainDBCredentials } = require("../utilities");
async function setupDBCreds() {
const dbConfig = await AsyncObtainDBCredentials();
return dbConfig;
}
module.export = setupDBCreds(); // exports a promise and does not work
Sequelize CLI 需要类似的配置 JSON
const dotenv = require('dotenv')
dotenv.config()
const dbConfig = {
host: process.env.DB_HOST ?? 'localhost',
username: process.env.DB_USER ?? 'postgres',
port: process.env.DB_PORT ?? '5432',
database: process.env.DB_NAME ?? 'myDBName',
password: process.env.DB_PASSWORD ?? 'SuperSecretPasswd',
dialect: "postgres"
};
module.exports = dbConfig;
有没有办法完成这项工作,这样我们就可以避免用户将凭据写入
.env这是一个老问题,但我在尝试弄清楚如何从 Secret Manager 中提取连接信息时遇到了这个问题。我通过做这样的事情让它工作:
const getSettings = async() => {
const client = new SecretsManagerClient({
region: AWS_REGION
});
const response = await client.send(
new GetSecretValueCommand({
SecretId: AWS_SECRET
}),
);
const settings = JSON.parse(response.SecretString);
return {
username: settings.DATABASE_USERNAME,
password: settings.DATABASE_PASSWORD,
database: settings.DATABASE_NAME,
host: settings.DATABASE_HOST,
port: settings.DATABASE_PORT,
dialect: 'postgres',
};
};
module.exports = async() => ({
development: {
// local settings
},
production: await getSettings(),
});关键是您可以在
async()module.exports