从 Node.js 中的 AWS Secrets Manager 检索密钥

【问题标题】:Retrieve secrets from AWS Secrets Manager in Node.js从 Node.js 中的 AWS Secrets Manager 检索密钥
【发布时间】:2021-10-29 00:13:31
【问题描述】:

尝试使用 Node.js 使用异步/等待从秘密管理器检索数据。

使用函数 例如fetchSecret('SECRETKEY')

var aws = require("aws-sdk");
var client = new aws.SecretsManager({
    region: 'ap-southeast-1' // Your region
});
var secret, decodedBinarySecret;
//context.callbackWaitsForEmptyEventLoop = false;
exports.handler = (event, context, callback) => {
    client.getSecretValue({
        SecretId: 'MyFirstSecret'
    }, function(err, data) {
        if (err) {
            if (err.code === 'DecryptionFailureException')
                // Secrets Manager can't decrypt the protected secret text using the provided KMS key.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'InternalServiceErrorException')
                // An error occurred on the server side.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'InvalidParameterException')
                // You provided an invalid value for a parameter.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'InvalidRequestException')
                // You provided a parameter value that is not valid for the current state of the resource.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'ResourceNotFoundException')
                // We can't find the resource that you asked for.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
        } else {
            // Decrypts secret using the associated KMS CMK.
            // Depending on whether the secret is a string or binary, one of these fields will be populated.
            if ('SecretString' in data) {
                secret = data.SecretString;
            } else {
                let buff = new Buffer(data.SecretBinary, 'base64');
                decodedBinarySecret = buff.toString('ascii');
            }
        }
// Your code goes here. 
        console.log(secret);
    });
};

试过了 how do I use aws secret manager with nodejs lambda Setting Secrets from AWS Secrets manager in Node.JS

【问题讨论】:

    标签: node.js aws-secrets-manager


    【解决方案1】:

    再次。尽管您正在使用回调代码,但它仍然是异步的。因此,您应该将 lambda 函数更改为异步。

    您还可以通过执行以下操作来承诺 .getSecretValue: return new Promise((resolve, reject)=> getSecretValue(...resolve())AWS 附带了一个 promise() 函数,可以为您执行此操作。 考虑到这一点,以免稍微改进您的代码。

    1 - 使其异步
    2 - 放入异步上下文

    var aws = require("aws-sdk");
var client = new aws.SecretsManager({
    region: 'ap-southeast-1' // Your region
});
var secret, decodedBinarySecret;

//changes - async keyword
exports.handler = async (event, context) => {

const secretValue =  client.getSecretValue({ SecretId: 'MyFirstSecret' }).promise()

return secretValue
 .then((data)=>{

  // Decrypts secret using the associated KMS CMK.
  // Depending on whether the secret is a string or binary, one of these fields will be populated.
    if ('SecretString' in data) {
                secret = data.SecretString;
     } else {
                let buff = new Buffer(data.SecretBinary, 'base64');
                decodedBinarySecret = buff.toString('ascii');
     }
  // Your code goes here. 
  console.log(secret);


}).catch(err=> {

            if (err.code === 'DecryptionFailureException')
                // Secrets Manager can't decrypt the protected secret text using the provided KMS key.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'InternalServiceErrorException')
                // An error occurred on the server side.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'InvalidParameterException')
                // You provided an invalid value for a parameter.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'InvalidRequestException')
                // You provided a parameter value that is not valid for the current state of the resource.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
            else if (err.code === 'ResourceNotFoundException')
                // We can't find the resource that you asked for.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw err;
 
})
  
};

    【讨论】:

    • 谢谢。尝试但失败 exports.handler = async (event, context) => { console.log("test") ... 。没有 o/p 。任何建议
    • 已经尝试过这个blog.datanextsolutions.com/… 但它给出了凭据错误
    • 什么是 o/p ?你能告诉我到底是什么错误吗?
    • 链接我分享的内容给了“CredentialError”,你分享的或有问题的代码没有给出任何o/p
    • 如果我尝试 AWS 在 javascript 部分提供的代码,它会给我 502 Bad gateway 错误。我们根据角色访问 AWS。任何帮助表示赞赏
    猜你喜欢
    • 2021-06-25
    • 1970-01-01
    • 1970-01-01
    • 2021-10-22
    • 2020-09-29
    • 2019-02-15
    • 2020-10-26
    • 2020-01-09
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode