1 | <div align="center">
|
2 | <h1>Middy secrets-manager middleware</h1>
|
3 | <img alt="Middy logo" src="https://raw.githubusercontent.com/middyjs/middy/main/docs/img/middy-logo.svg"/>
|
4 | <p><strong>Secrets Manager middleware for the middy framework, the stylish Node.js middleware engine for AWS Lambda</strong></p>
|
5 | <p>
|
6 | <a href="https://www.npmjs.com/package/@middy/secrets-manager?activeTab=versions">
|
7 | <img src="https://badge.fury.io/js/%40middy%2Fsecrets-manager.svg" alt="npm version" style="max-width:100%;">
|
8 | </a>
|
9 | <a href="https://packagephobia.com/result?p=@middy/secrets-manager">
|
10 | <img src="https://packagephobia.com/badge?p=@middy/secrets-manager" alt="npm install size" style="max-width:100%;">
|
11 | </a>
|
12 | <a href="https://github.com/middyjs/middy/actions/workflows/tests.yml">
|
13 | <img src="https://github.com/middyjs/middy/actions/workflows/tests.yml/badge.svg?branch=main&event=push" alt="GitHub Actions CI status badge" style="max-width:100%;">
|
14 | </a>
|
15 | <br/>
|
16 | <a href="https://standardjs.com/">
|
17 | <img src="https://img.shields.io/badge/code_style-standard-brightgreen.svg" alt="Standard Code Style" style="max-width:100%;">
|
18 | </a>
|
19 | <a href="https://snyk.io/test/github/middyjs/middy">
|
20 | <img src="https://snyk.io/test/github/middyjs/middy/badge.svg" alt="Known Vulnerabilities" data-canonical-src="https://snyk.io/test/github/middyjs/middy" style="max-width:100%;">
|
21 | </a>
|
22 | <a href="https://lgtm.com/projects/g/middyjs/middy/context:javascript">
|
23 | <img src="https://img.shields.io/lgtm/grade/javascript/g/middyjs/middy.svg?logo=lgtm&logoWidth=18" alt="Language grade: JavaScript" style="max-width:100%;">
|
24 | </a>
|
25 | <a href="https://bestpractices.coreinfrastructure.org/projects/5280">
|
26 | <img src="https://bestpractices.coreinfrastructure.org/projects/5280/badge" alt="Core Infrastructure Initiative (CII) Best Practices" style="max-width:100%;">
|
27 | </a>
|
28 | <br/>
|
29 | <a href="https://gitter.im/middyjs/Lobby">
|
30 | <img src="https://badges.gitter.im/gitterHQ/gitter.svg" alt="Chat on Gitter" style="max-width:100%;">
|
31 | </a>
|
32 | <a href="https://stackoverflow.com/questions/tagged/middy?sort=Newest&uqlId=35052">
|
33 | <img src="https://img.shields.io/badge/StackOverflow-[middy]-yellow" alt="Ask questions on StackOverflow" style="max-width:100%;">
|
34 | </a>
|
35 | </p>
|
36 | <p>You can read the documentation at: <a href="https://middy.js.org/docs/middlewares/secrets-manager">https://middy.js.org/docs/middlewares/secrets-manager</a></p>
|
37 | </div>
|
38 |
|
39 | This middleware fetches secrets from [AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html).
|
40 |
|
41 | Secrets to fetch can be defined by by name. See AWS docs [here](https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_basic.html).
|
42 |
|
43 | Secrets are assigned to the function handler's `context` object.
|
44 |
|
45 | The Middleware makes a single [API request](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html) for each secret as Secrets Manager does not support batch get.
|
46 |
|
47 | For each secret, you also provide the name under which its value should be added to `context`.
|
48 |
|
49 | ## Install
|
50 |
|
51 | To install this middleware you can use NPM:
|
52 |
|
53 | ```bash
|
54 | npm install --save @middy/secrets-manager
|
55 | ```
|
56 |
|
57 | ## Options
|
58 |
|
59 | - `AwsClient` (object) (default `AWS.SecretsManager`): AWS.SecretsManager class constructor (e.g. that has been instrumented with AWS XRay). Must be from `aws-sdk` v2.
|
60 | - `awsClientOptions` (object) (default `undefined`): Options to pass to AWS.SecretsManager class constructor.
|
61 | - `awsClientAssumeRole` (string) (default `undefined`): Internal key where secrets are stored. See [@middy/sts](/packages/sts/README.md) on to set this.
|
62 | - `awsClientCapture` (function) (default `undefined`): Enable XRay by passing `captureAWSClient` from `aws-xray-sdk` in.
|
63 | - `fetchData` (object) (required): Mapping of internal key name to API request parameter `SecretId`.
|
64 | - `disablePrefetch` (boolean) (default `false`): On cold start requests will trigger early if they can. Setting `awsClientAssumeRole` disables prefetch.
|
65 | - `cacheKey` (string) (default `secrets-manager`): Cache key for the fetched data responses. Must be unique across all middleware.
|
66 | - `cacheExpiry` (number) (default `-1`): How long fetch data responses should be cached for. `-1`: cache forever, `0`: never cache, `n`: cache for n ms.
|
67 | - `setToContext` (boolean) (default `false`): Store secrets to `request.context`.
|
68 |
|
69 | NOTES:
|
70 | - Lambda is required to have IAM permission for `secretsmanager:GetSecretValue`
|
71 |
|
72 | ## Sample usage
|
73 |
|
74 | ```javascript
|
75 | import middy from '@middy/core'
|
76 | import secretsManager from '@middy/secrets-manager'
|
77 |
|
78 | const handler = middy((event, context) => {
|
79 | return {}
|
80 | })
|
81 |
|
82 | handler.use(secretsManager({
|
83 | fetchData: {
|
84 | apiToken: 'dev/api_token'
|
85 | },
|
86 | awsClientOptions: {
|
87 | region: 'us-east-1',
|
88 | },
|
89 | setToContext: true,
|
90 | }))
|
91 |
|
92 | // Before running the function handler, the middleware will fetch from Secrets Manager
|
93 | handler(event, context, (_, response) => {
|
94 | // assuming the dev/api_token has two keys, 'Username' and 'Password'
|
95 | t.is(context.apiToken.Username,'username')
|
96 | t.is(context.apiToken.Password,'password')
|
97 | })
|
98 | ```
|
99 |
|
100 | ## Middy documentation and examples
|
101 |
|
102 | For more documentation and examples, refers to the main [Middy monorepo on GitHub](https://github.com/middyjs/middy) or [Middy official website](https://middy.js.org).
|
103 |
|
104 | ## Contributing
|
105 |
|
106 | Everyone is very welcome to contribute to this repository. Feel free to [raise issues](https://github.com/middyjs/middy/issues) or to [submit Pull Requests](https://github.com/middyjs/middy/pulls).
|
107 |
|
108 | ## License
|
109 |
|
110 | Licensed under [MIT License](LICENSE). Copyright (c) 2017-2022 [Luciano Mammino](https://github.com/lmammino), [will Farrell](https://github.com/willfarrell), and the [Middy team](https://github.com/middyjs/middy/graphs/contributors).
|
111 |
|
112 | <a href="https://app.fossa.io/projects/git%2Bgithub.com%2Fmiddyjs%2Fmiddy?ref=badge_large">
|
113 | <img src="https://app.fossa.io/api/projects/git%2Bgithub.com%2Fmiddyjs%2Fmiddy.svg?type=large" alt="FOSSA Status" style="max-width:100%;">
|
114 | </a>
|