node.js - 从 Node.js 中的 AWS Secrets Manager 检索密钥
问题描述
尝试使用 Node.js 使用异步/等待从秘密管理器检索数据。
例如使用函数fetchSecret('SECRETKEY')
var aws = require("aws-sdk");
var client = new aws.SecretsManager({
region: 'ap-southeast-1' // Your region
});
var secret, decodedBinarySecret;
//context.callbackWaitsForEmptyEventLoop = false;
exports.handler = (event, context, callback) => {
client.getSecretValue({
SecretId: 'MyFirstSecret'
}, function(err, data) {
if (err) {
if (err.code === 'DecryptionFailureException')
// Secrets Manager can't decrypt the protected secret text using the provided KMS key.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === 'InternalServiceErrorException')
// An error occurred on the server side.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === 'InvalidParameterException')
// You provided an invalid value for a parameter.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === 'InvalidRequestException')
// You provided a parameter value that is not valid for the current state of the resource.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === 'ResourceNotFoundException')
// We can't find the resource that you asked for.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
} else {
// Decrypts secret using the associated KMS CMK.
// Depending on whether the secret is a string or binary, one of these fields will be populated.
if ('SecretString' in data) {
secret = data.SecretString;
} else {
let buff = new Buffer(data.SecretBinary, 'base64');
decodedBinarySecret = buff.toString('ascii');
}
}
// Your code goes here.
console.log(secret);
});
};
尝试 了如何在 Node.JS 中使用 AWS Secrets Manager 中的 AWS Secrets Manager 和 nodejs lambda Setting Secrets
解决方案
再次。尽管您正在使用回调代码,但它仍然是异步的。因此,您应该将 lambda 函数更改为异步。
您也可以通过以下方式对 .getSecretValue 进行承诺:
return new Promise((resolve, reject)=> getSecretValue(...resolve())
但AWS附带了一个promise()
可以为您执行此操作的函数。考虑到这一点,以免稍微改进您的代码。
1 - 使其异步
2 - 放入异步上下文
var aws = require("aws-sdk");
var client = new aws.SecretsManager({
region: 'ap-southeast-1' // Your region
});
var secret, decodedBinarySecret;
//changes - async keyword
exports.handler = async (event, context) => {
const secretValue = client.getSecretValue({ SecretId: 'MyFirstSecret' }).promise()
return secretValue
.then((data)=>{
// Decrypts secret using the associated KMS CMK.
// Depending on whether the secret is a string or binary, one of these fields will be populated.
if ('SecretString' in data) {
secret = data.SecretString;
} else {
let buff = new Buffer(data.SecretBinary, 'base64');
decodedBinarySecret = buff.toString('ascii');
}
// Your code goes here.
console.log(secret);
}).catch(err=> {
if (err.code === 'DecryptionFailureException')
// Secrets Manager can't decrypt the protected secret text using the provided KMS key.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === 'InternalServiceErrorException')
// An error occurred on the server side.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === 'InvalidParameterException')
// You provided an invalid value for a parameter.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === 'InvalidRequestException')
// You provided a parameter value that is not valid for the current state of the resource.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === 'ResourceNotFoundException')
// We can't find the resource that you asked for.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
})
};
推荐阅读
- validation - 在 Access 中对字段使用数据验证时,如何使表达式有条件?
- java - 如何在颤振资产中运行 java 代码?
- css - CSS悬停在堆叠元素上
- flutter - 如何在文本字段颤动中获得价值
- laravel - Laravel查询两列之和之差
- latex - 为什么 Latex 会一直写到超过页脚和下边距?
- java - 使用 Jackson 将 JSON 字符串解析为数组
- java - 当我的应用程序没有任何控制器,没有 controlleradvice 时,spring boot 应用程序中的休眠验证异常处理
- html - 如何在 SASS 中的单个查询中组合相同的媒体查询
- php - 如何在循环中显示表格的特定列并在任何地方使用这些值