Middy secrets-manager middleware

Middy logo

Secrets Manager middleware for the middy framework, the stylish Node.js middleware engine for AWS Lambda

npm version npm install size GitHub Actions CI status badge
Standard Code Style Known Vulnerabilities Language grade: JavaScript Core Infrastructure Initiative (CII) Best Practices
Chat on Gitter Ask questions on StackOverflow

You can read the documentation at: https://middy.js.org/docs/middlewares/secrets-manager

This middleware fetches secrets from [AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html). Secrets to fetch can be defined by by name. See AWS docs [here](https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_basic.html). Secrets are assigned to the function handler's `context` object. The Middleware makes a single [API request](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html) for each secret as Secrets Manager does not support batch get. For each secret, you also provide the name under which its value should be added to `context`. ## Install To install this middleware you can use NPM: ```bash npm install --save @middy/secrets-manager ``` ## Options - `AwsClient` (object) (default `AWS.SecretsManager`): AWS.SecretsManager class constructor (e.g. that has been instrumented with AWS XRay). Must be from `aws-sdk` v2. - `awsClientOptions` (object) (default `undefined`): Options to pass to AWS.SecretsManager class constructor. - `awsClientAssumeRole` (string) (default `undefined`): Internal key where secrets are stored. See [@middy/sts](/packages/sts/README.md) on to set this. - `awsClientCapture` (function) (default `undefined`): Enable XRay by passing `captureAWSClient` from `aws-xray-sdk` in. - `fetchData` (object) (required): Mapping of internal key name to API request parameter `SecretId`. - `disablePrefetch` (boolean) (default `false`): On cold start requests will trigger early if they can. Setting `awsClientAssumeRole` disables prefetch. - `cacheKey` (string) (default `secrets-manager`): Cache key for the fetched data responses. Must be unique across all middleware. - `cacheExpiry` (number) (default `-1`): How long fetch data responses should be cached for. `-1`: cache forever, `0`: never cache, `n`: cache for n ms. - `setToContext` (boolean) (default `false`): Store secrets to `request.context`. NOTES: - Lambda is required to have IAM permission for `secretsmanager:GetSecretValue` ## Sample usage ```javascript import middy from '@middy/core' import secretsManager from '@middy/secrets-manager' const handler = middy((event, context) => { return {} }) handler.use(secretsManager({ fetchData: { apiToken: 'dev/api_token' }, awsClientOptions: { region: 'us-east-1', }, setToContext: true, })) // Before running the function handler, the middleware will fetch from Secrets Manager handler(event, context, (_, response) => { // assuming the dev/api_token has two keys, 'Username' and 'Password' t.is(context.apiToken.Username,'username') t.is(context.apiToken.Password,'password') }) ``` ## Middy documentation and examples For more documentation and examples, refers to the main [Middy monorepo on GitHub](https://github.com/middyjs/middy) or [Middy official website](https://middy.js.org). ## Contributing Everyone is very welcome to contribute to this repository. Feel free to [raise issues](https://github.com/middyjs/middy/issues) or to [submit Pull Requests](https://github.com/middyjs/middy/pulls). ## License Licensed under [MIT License](LICENSE). Copyright (c) 2017-2022 [Luciano Mammino](https://github.com/lmammino), [will Farrell](https://github.com/willfarrell), and the [Middy team](https://github.com/middyjs/middy/graphs/contributors). FOSSA Status