尝试使用 Node.js 使用 async/await 从秘密管理器检索数据。
使用功能 例如
fetchSecret('SECRETKEY')
var aws = require("aws-sdk");
var client = new aws.SecretsManager({
region: 'ap-southeast-1' // Your region
});
var secret, decodedBinarySecret;
//context.callbackWaitsForEmptyEventLoop = false;
exports.handler = (event, context, callback) => {
client.getSecretValue({
SecretId: 'MyFirstSecret'
}, function(err, data) {
if (err) {
if (err.code === 'DecryptionFailureException')
// Secrets Manager can't decrypt the protected secret text using the provided KMS key.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === 'InternalServiceErrorException')
// An error occurred on the server side.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === 'InvalidParameterException')
// You provided an invalid value for a parameter.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === 'InvalidRequestException')
// You provided a parameter value that is not valid for the current state of the resource.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === 'ResourceNotFoundException')
// We can't find the resource that you asked for.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
} else {
// Decrypts secret using the associated KMS CMK.
// Depending on whether the secret is a string or binary, one of these fields will be populated.
if ('SecretString' in data) {
secret = data.SecretString;
} else {
let buff = new Buffer(data.SecretBinary, 'base64');
decodedBinarySecret = buff.toString('ascii');
}
}
// Your code goes here.
console.log(secret);
});
};
尝试过 如何将 aws Secret Manager 与 NodeJS Lambda 一起使用 在 Node.JS 中从 AWS Secrets Manager 设置 Secrets
再次。尽管您正在使用回调,但您的代码仍然是异步的。所以你应该将 lambda 函数更改为异步。
您还可以通过执行以下操作来承诺 .getSecretValue:
return new Promise((resolve, reject)=> getSecretValue(...resolve())
但是 AWS 附带了 promise()
函数可以为您完成此操作。
记住这一点,以免稍微改进你的代码。
1 - 使其异步
2 - 放入异步上下文
var aws = require("aws-sdk");
var client = new aws.SecretsManager({
region: 'ap-southeast-1' // Your region
});
var secret, decodedBinarySecret;
//changes - async keyword
exports.handler = async (event, context) => {
const secretValue = client.getSecretValue({ SecretId: 'MyFirstSecret' }).promise()
return secretValue
.then((data)=>{
// Decrypts secret using the associated KMS CMK.
// Depending on whether the secret is a string or binary, one of these fields will be populated.
if ('SecretString' in data) {
secret = data.SecretString;
} else {
let buff = new Buffer(data.SecretBinary, 'base64');
decodedBinarySecret = buff.toString('ascii');
}
// Your code goes here.
console.log(secret);
}).catch(err=> {
if (err.code === 'DecryptionFailureException')
// Secrets Manager can't decrypt the protected secret text using the provided KMS key.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === 'InternalServiceErrorException')
// An error occurred on the server side.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === 'InvalidParameterException')
// You provided an invalid value for a parameter.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === 'InvalidRequestException')
// You provided a parameter value that is not valid for the current state of the resource.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === 'ResourceNotFoundException')
// We can't find the resource that you asked for.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
})
};
要连接您的AWS秘密管理器,您需要安装SDK,即。 AWS-SDK
import { SecretsManager } from 'aws-sdk';
用于从 AWS 秘密管理器获取秘密值的代码。
let SecretsManagerClient = new SecretsManager(
{ region: 'YOUR_SECRET_MANAGER_REGION'});
const SecretsManagerResult = await SecretsManagerClient
.getSecretValue({
SecretId: 'YOUR_SECRET_MANAGER_KEY',
})
.promise();
SecretsManagerClient().getSecretValue() 将返回数据,因此您需要将此数据解析为。
const SecretsManagerResponse = JSON.parse(SecretsManagerResult.SecretString);
const {clsa_key, clsa_secret} = SecretsManagerResponse;
谢谢