从 Node.js 中的 AWS Secrets Manager 检索密钥

问题描述 投票:0回答:2

尝试使用 Node.js 使用 async/await 从秘密管理器检索数据。

使用功能 例如

fetchSecret('SECRETKEY')

var aws = require("aws-sdk");
var client = new aws.SecretsManager({
    region: 'ap-southeast-1' // Your region
});
var secret, decodedBinarySecret;
//context.callbackWaitsForEmptyEventLoop = false;
exports.handler = (event, context, callback) => {
    client.getSecretValue({
        SecretId: 'MyFirstSecret'
    }, function(err, data) {
        if (err) {
            if (err.code === 'DecryptionFailureException')
                // Secrets Manager can't decrypt the protected secret text using the provided KMS key.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'InternalServiceErrorException')
                // An error occurred on the server side.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'InvalidParameterException')
                // You provided an invalid value for a parameter.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'InvalidRequestException')
                // You provided a parameter value that is not valid for the current state of the resource.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'ResourceNotFoundException')
                // We can't find the resource that you asked for.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
        } else {
            // Decrypts secret using the associated KMS CMK.
            // Depending on whether the secret is a string or binary, one of these fields will be populated.
            if ('SecretString' in data) {
                secret = data.SecretString;
            } else {
                let buff = new Buffer(data.SecretBinary, 'base64');
                decodedBinarySecret = buff.toString('ascii');
            }
        }
// Your code goes here. 
        console.log(secret);
    });
};

尝试过 如何将 aws Secret Manager 与 NodeJS Lambda 一起使用 在 Node.JS 中从 AWS Secrets Manager 设置 Secrets

node.js aws-secrets-manager
2个回答
0
投票

再次。尽管您正在使用回调,但您的代码仍然是异步的。所以你应该将 lambda 函数更改为异步。

您还可以通过执行以下操作来承诺 .getSecretValue: 

return new Promise((resolve, reject)=>  getSecretValue(...resolve())
但是 AWS 附带了 
promise()
函数可以为您完成此操作。 记住这一点,以免稍微改进你的代码。

1 - 使其异步
2 - 放入异步上下文

var aws = require("aws-sdk");
var client = new aws.SecretsManager({
    region: 'ap-southeast-1' // Your region
});
var secret, decodedBinarySecret;

//changes - async keyword
exports.handler = async (event, context) => {

const secretValue =  client.getSecretValue({ SecretId: 'MyFirstSecret' }).promise()

return secretValue
 .then((data)=>{

  // Decrypts secret using the associated KMS CMK.
  // Depending on whether the secret is a string or binary, one of these fields will be populated.
    if ('SecretString' in data) {
                secret = data.SecretString;
     } else {
                let buff = new Buffer(data.SecretBinary, 'base64');
                decodedBinarySecret = buff.toString('ascii');
     }
  // Your code goes here. 
  console.log(secret);


}).catch(err=> {

            if (err.code === 'DecryptionFailureException')
                // Secrets Manager can't decrypt the protected secret text using the provided KMS key.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'InternalServiceErrorException')
                // An error occurred on the server side.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'InvalidParameterException')
                // You provided an invalid value for a parameter.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'InvalidRequestException')
                // You provided a parameter value that is not valid for the current state of the resource.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'ResourceNotFoundException')
                // We can't find the resource that you asked for.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
 
})
  
};
0
投票

要连接您的AWS秘密管理器,您需要安装SDK,即。 AWS-SDK

import { SecretsManager } from 'aws-sdk';

用于从 AWS 秘密管理器获取秘密值的代码。

let SecretsManagerClient = new SecretsManager(
                           { region: 'YOUR_SECRET_MANAGER_REGION'});

const SecretsManagerResult = await SecretsManagerClient
                            .getSecretValue({
                                SecretId: 'YOUR_SECRET_MANAGER_KEY',
                             })
                            .promise();

SecretsManagerClient().getSecretValue() 将返回数据,因此您需要将此数据解析为。

const SecretsManagerResponse = JSON.parse(SecretsManagerResult.SecretString);
const {clsa_key, clsa_secret} = SecretsManagerResponse;

谢谢

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.