UNPKG

6.02 kBMarkdownView Raw
1<div align="center">
2 <h1>Middy secrets-manager middleware</h1>
3 <img alt="Middy logo" src="https://raw.githubusercontent.com/middyjs/middy/main/docs/img/middy-logo.svg"/>
4 <p><strong>Secrets Manager middleware for the middy framework, the stylish Node.js middleware engine for AWS Lambda</strong></p>
5<p>
6 <a href="https://www.npmjs.com/package/@middy/secrets-manager?activeTab=versions">
7 <img src="https://badge.fury.io/js/%40middy%2Fsecrets-manager.svg" alt="npm version" style="max-width:100%;">
8 </a>
9 <a href="https://packagephobia.com/result?p=@middy/secrets-manager">
10 <img src="https://packagephobia.com/badge?p=@middy/secrets-manager" alt="npm install size" style="max-width:100%;">
11 </a>
12 <a href="https://github.com/middyjs/middy/actions/workflows/tests.yml">
13 <img src="https://github.com/middyjs/middy/actions/workflows/tests.yml/badge.svg?branch=main&event=push" alt="GitHub Actions CI status badge" style="max-width:100%;">
14 </a>
15 <br/>
16 <a href="https://standardjs.com/">
17 <img src="https://img.shields.io/badge/code_style-standard-brightgreen.svg" alt="Standard Code Style" style="max-width:100%;">
18 </a>
19 <a href="https://snyk.io/test/github/middyjs/middy">
20 <img src="https://snyk.io/test/github/middyjs/middy/badge.svg" alt="Known Vulnerabilities" data-canonical-src="https://snyk.io/test/github/middyjs/middy" style="max-width:100%;">
21 </a>
22 <a href="https://lgtm.com/projects/g/middyjs/middy/context:javascript">
23 <img src="https://img.shields.io/lgtm/grade/javascript/g/middyjs/middy.svg?logo=lgtm&logoWidth=18" alt="Language grade: JavaScript" style="max-width:100%;">
24 </a>
25 <a href="https://bestpractices.coreinfrastructure.org/projects/5280">
26 <img src="https://bestpractices.coreinfrastructure.org/projects/5280/badge" alt="Core Infrastructure Initiative (CII) Best Practices" style="max-width:100%;">
27 </a>
28 <br/>
29 <a href="https://gitter.im/middyjs/Lobby">
30 <img src="https://badges.gitter.im/gitterHQ/gitter.svg" alt="Chat on Gitter" style="max-width:100%;">
31 </a>
32 <a href="https://stackoverflow.com/questions/tagged/middy?sort=Newest&uqlId=35052">
33 <img src="https://img.shields.io/badge/StackOverflow-[middy]-yellow" alt="Ask questions on StackOverflow" style="max-width:100%;">
34 </a>
35</p>
36<p>You can read the documentation at: <a href="https://middy.js.org/docs/middlewares/secrets-manager">https://middy.js.org/docs/middlewares/secrets-manager</a></p>
37</div>
38
39This middleware fetches secrets from [AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html).
40
41Secrets to fetch can be defined by by name. See AWS docs [here](https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_basic.html).
42
43Secrets are assigned to the function handler's `context` object.
44
45The Middleware makes a single [API request](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html) for each secret as Secrets Manager does not support batch get.
46
47For each secret, you also provide the name under which its value should be added to `context`.
48
49## Install
50
51To install this middleware you can use NPM:
52
53```bash
54npm install --save @middy/secrets-manager
55```
56
57## Options
58
59- `AwsClient` (object) (default `AWS.SecretsManager`): AWS.SecretsManager class constructor (e.g. that has been instrumented with AWS XRay). Must be from `aws-sdk` v2.
60- `awsClientOptions` (object) (default `undefined`): Options to pass to AWS.SecretsManager class constructor.
61- `awsClientAssumeRole` (string) (default `undefined`): Internal key where secrets are stored. See [@middy/sts](/packages/sts/README.md) on to set this.
62- `awsClientCapture` (function) (default `undefined`): Enable XRay by passing `captureAWSClient` from `aws-xray-sdk` in.
63- `fetchData` (object) (required): Mapping of internal key name to API request parameter `SecretId`.
64- `disablePrefetch` (boolean) (default `false`): On cold start requests will trigger early if they can. Setting `awsClientAssumeRole` disables prefetch.
65- `cacheKey` (string) (default `secrets-manager`): Cache key for the fetched data responses. Must be unique across all middleware.
66- `cacheExpiry` (number) (default `-1`): How long fetch data responses should be cached for. `-1`: cache forever, `0`: never cache, `n`: cache for n ms.
67- `setToContext` (boolean) (default `false`): Store secrets to `request.context`.
68
69NOTES:
70- Lambda is required to have IAM permission for `secretsmanager:GetSecretValue`
71
72## Sample usage
73
74```javascript
75import middy from '@middy/core'
76import secretsManager from '@middy/secrets-manager'
77
78const handler = middy((event, context) => {
79 return {}
80})
81
82handler.use(secretsManager({
83 fetchData: {
84 apiToken: 'dev/api_token'
85 },
86 awsClientOptions: {
87 region: 'us-east-1',
88 },
89 setToContext: true,
90}))
91
92// Before running the function handler, the middleware will fetch from Secrets Manager
93handler(event, context, (_, response) => {
94 // assuming the dev/api_token has two keys, 'Username' and 'Password'
95 t.is(context.apiToken.Username,'username')
96 t.is(context.apiToken.Password,'password')
97})
98```
99
100## Middy documentation and examples
101
102For more documentation and examples, refers to the main [Middy monorepo on GitHub](https://github.com/middyjs/middy) or [Middy official website](https://middy.js.org).
103
104## Contributing
105
106Everyone is very welcome to contribute to this repository. Feel free to [raise issues](https://github.com/middyjs/middy/issues) or to [submit Pull Requests](https://github.com/middyjs/middy/pulls).
107
108## License
109
110Licensed under [MIT License](LICENSE). Copyright (c) 2017-2022 [Luciano Mammino](https://github.com/lmammino), [will Farrell](https://github.com/willfarrell), and the [Middy team](https://github.com/middyjs/middy/graphs/contributors).
111
112<a href="https://app.fossa.io/projects/git%2Bgithub.com%2Fmiddyjs%2Fmiddy?ref=badge_large">
113 <img src="https://app.fossa.io/api/projects/git%2Bgithub.com%2Fmiddyjs%2Fmiddy.svg?type=large" alt="FOSSA Status" style="max-width:100%;">
114</a>