@digitraffic/common 2023.1.18-2 → 2023.1.23-2

package/src/aws/infra/sqs-queue.ts

@@ -1,18 +1,20 @@
-import {Queue, QueueEncryption, QueueProps} from "aws-cdk-lib/aws-sqs";
-import {Duration} from "aws-cdk-lib";
-import {BlockPublicAccess, Bucket} from "aws-cdk-lib/aws-s3";
-import {PolicyStatement} from "aws-cdk-lib/aws-iam";
-import {InlineCode, Runtime} from "aws-cdk-lib/aws-lambda";
-import {RetentionDays} from "aws-cdk-lib/aws-logs";
-import {SqsEventSource} from "aws-cdk-lib/aws-lambda-event-sources";
-import {ComparisonOperator, TreatMissingData} from "aws-cdk-lib/aws-cloudwatch";
-import {SnsAction} from "aws-cdk-lib/aws-cloudwatch-actions";
-import {ManagedUpload} from "aws-sdk/clients/s3";
-import {S3} from "aws-sdk";
-import {SQSEvent, SQSHandler, SQSRecord} from "aws-lambda";
-import {Construct} from "constructs";
-import {DigitrafficStack} from "./stack/stack";
-import {MonitoredFunction} from "./stack/monitoredfunction";
+import { Queue, QueueEncryption, QueueProps } from "aws-cdk-lib/aws-sqs";
+import { Duration } from "aws-cdk-lib";
+import { BlockPublicAccess, Bucket } from "aws-cdk-lib/aws-s3";
+import { PolicyStatement } from "aws-cdk-lib/aws-iam";
+import { InlineCode, Runtime } from "aws-cdk-lib/aws-lambda";
+import { RetentionDays } from "aws-cdk-lib/aws-logs";
+import { SqsEventSource } from "aws-cdk-lib/aws-lambda-event-sources";
+import {
+    ComparisonOperator,
+    TreatMissingData,
+} from "aws-cdk-lib/aws-cloudwatch";
+import { SnsAction } from "aws-cdk-lib/aws-cloudwatch-actions";
+import { ManagedUpload } from "aws-sdk/clients/s3";
+import { S3 } from "aws-sdk";
+import { SQSEvent, SQSHandler, SQSRecord } from "aws-lambda";
+import { DigitrafficStack } from "./stack/stack";
+import { MonitoredFunction } from "./stack/monitoredfunction";
 
 /**
  * Construct for creating SQS-queues.
@@ -21,20 +23,23 @@ import {MonitoredFunction} from "./stack/monitoredfunction";
  * and an alarm for the queue.  Anything that goes to the dlq will be written into the bucket and the alarm is activated.
  */
 export class DigitrafficSqsQueue extends Queue {
-    constructor(scope: Construct, name: string, props: QueueProps) {
-        super(scope, name, props);
-    }
-
-    static create(stack: DigitrafficStack, name: string, props: QueueProps): DigitrafficSqsQueue {
+    static create(
+        stack: DigitrafficStack,
+        name: string,
+        props: QueueProps
+    ): DigitrafficSqsQueue {
         const queueName = `${stack.configuration.shortName}-${name}-Queue`;
-        const queueProps = {...props, ...{
-            encryption: QueueEncryption.KMS_MANAGED,
-            queueName,
-            deadLetterQueue: props.deadLetterQueue || {
-                maxReceiveCount: 2,
-                queue: DigitrafficDLQueue.create(stack, name),
+        const queueProps = {
+            ...props,
+            ...{
+                encryption: QueueEncryption.KMS_MANAGED,
+                queueName,
+                deadLetterQueue: props.deadLetterQueue ?? {
+                    maxReceiveCount: 2,
+                    queue: DigitrafficDLQueue.create(stack, name),
+                },
             },
-        }};
+        };
 
         return new DigitrafficSqsQueue(stack, queueName, queueProps);
     }
@@ -61,15 +66,15 @@ export class DigitrafficDLQueue {
             functionName: dlqFunctionName,
             code: getDlqCode(dlqBucket.bucketName),
             timeout: Duration.seconds(10),
-            handler: 'index.handler',
+            handler: "index.handler",
             memorySize: 128,
             reservedConcurrentExecutions: 1,
         });
 
         const statement = new PolicyStatement();
-        statement.addActions('s3:PutObject');
-        statement.addActions('s3:PutObjectAcl');
-        statement.addResources(dlqBucket.bucketArn + '/*');
+        statement.addActions("s3:PutObject");
+        statement.addActions("s3:PutObjectAcl");
+        statement.addResources(dlqBucket.bucketArn + "/*");
 
         lambda.addToRolePolicy(statement);
         lambda.addEventSource(new SqsEventSource(dlq));
@@ -84,18 +89,19 @@ function addDLQAlarm(stack: DigitrafficStack, dlqName: string, dlq: Queue) {
     const alarmName = `${dlqName}-Alarm`;
     dlq.metricNumberOfMessagesReceived({
         period: Duration.minutes(5),
-    }).createAlarm(stack, alarmName, {
-        alarmName,
-        threshold: 0,
-        evaluationPeriods: 1,
-        treatMissingData: TreatMissingData.NOT_BREACHING,
-        comparisonOperator: ComparisonOperator.GREATER_THAN_THRESHOLD,
-    }).addAlarmAction(new SnsAction(stack.warningTopic));
+    })
+        .createAlarm(stack, alarmName, {
+            alarmName,
+            threshold: 0,
+            evaluationPeriods: 1,
+            treatMissingData: TreatMissingData.NOT_BREACHING,
+            comparisonOperator: ComparisonOperator.GREATER_THAN_THRESHOLD,
+        })
+        .addAlarmAction(new SnsAction(stack.warningTopic));
 }
 
 function getDlqCode(bName: string): InlineCode {
-    const functionBody = DLQ_LAMBDA_CODE
-        .replace("__bucketName__", bName)
+    const functionBody = DLQ_LAMBDA_CODE.replace("__bucketName__", bName)
         .replace("__upload__", uploadToS3.toString())
         .replace("__doUpload__", doUpload.toString())
         .replace("__handler__", createHandler().toString().substring(23)); // remove function handler() from signature
@@ -103,38 +109,64 @@ function getDlqCode(bName: string): InlineCode {
     return new InlineCode(functionBody);
 }
 
-async function uploadToS3(s3: S3, bName: string, body: string, objectName: string): Promise<void> {
+async function uploadToS3(
+    s3: S3,
+    bName: string,
+    body: string,
+    objectName: string
+): Promise<void> {
     try {
-        console.info('writing %s to %s', objectName, bName);
+        console.info("writing %s to %s", objectName, bName);
         await doUpload(s3, bName, body, objectName);
     } catch (error) {
         console.warn(error);
-        console.warn('method=uploadToS3 retrying upload to bucket %s', bName);
+        console.warn("method=uploadToS3 retrying upload to bucket %s", bName);
         try {
             await doUpload(s3, bName, body, objectName);
         } catch (e2) {
-            console.error('method=uploadToS3 failed retrying upload to bucket %s', bName);
+            console.error(
+                "method=uploadToS3 failed retrying upload to bucket %s",
+                bName
+            );
         }
     }
 }
 
-function doUpload(s3: S3, bName: string, Body: string, Key: string): Promise<ManagedUpload.SendData> {
-    return s3.upload({
-        Bucket: bName, Body, Key,
-    }).promise();
+function doUpload(
+    s3: S3,
+    bName: string,
+    Body: string,
+    Key: string
+): Promise<ManagedUpload.SendData> {
+    return s3
+        .upload({
+            Bucket: bName,
+            Body,
+            Key,
+        })
+        .promise();
 }
 
 // bucketName is unused, will be overridden in the actual lambda code below
-const bucketName = '';
+const bucketName = "";
 
 function createHandler(): SQSHandler {
     return async function handler(event: SQSEvent): Promise<void> {
-        // eslint-disable-next-line @typescript-eslint/no-var-requires
-        const AWS = require('aws-sdk');
+        // eslint-disable-next-line @typescript-eslint/no-var-requires, @typescript-eslint/no-unsafe-assignment
+        const AWS = require("aws-sdk");
 
         const millis = new Date().getTime();
-        await Promise.all(event.Records.map((e: SQSRecord, idx: number) =>
-            uploadToS3(new AWS.S3(), bucketName, e.body, `dlq-${millis}-${idx}.json`)));
+        await Promise.all(
+            event.Records.map((e: SQSRecord, idx: number) =>
+                uploadToS3(
+                    // eslint-disable-next-line @typescript-eslint/no-unsafe-argument, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access
+                    new AWS.S3(),
+                    bucketName,
+                    e.body,
+                    `dlq-${millis}-${idx}.json`
+                )
+            )
+        );
     };
 }
 

package/src/aws/infra/stack/lambda-configs.ts

@@ -6,7 +6,7 @@ import {
     Runtime,
 } from "aws-cdk-lib/aws-lambda";
 import { Duration } from "aws-cdk-lib";
-import { ISecurityGroup, IVpc, SubnetSelection } from "aws-cdk-lib/aws-ec2";
+import { IVpc, SubnetSelection } from "aws-cdk-lib/aws-ec2";
 import { RetentionDays } from "aws-cdk-lib/aws-logs";
 import { Role } from "aws-cdk-lib/aws-iam";
 import { DigitrafficStack } from "./stack";
@@ -19,26 +19,6 @@ export type DBLambdaEnvironment = LambdaEnvironment & {
     DB_APPLICATION: string;
 };
 
-export interface LambdaConfiguration {
-    vpcId: string;
-    allowFromIpAddresses?: string[];
-    privateSubnetIds: string[];
-    availabilityZones: string[];
-    lambdaDbSgId: string;
-    dbProps?: DbProps;
-    defaultLambdaDurationSeconds?: number;
-    logsDestinationArn: string;
-    memorySize?: number;
-    runtime?: Runtime;
-}
-
-declare interface DbProps {
-    username: string;
-    password: string;
-    uri?: string;
-    ro_uri?: string;
-}
-
 export function databaseFunctionProps(
     stack: DigitrafficStack,
     environment: LambdaEnvironment,
@@ -61,9 +41,9 @@ export function databaseFunctionProps(
             config
         ),
         ...{
-            vpc: stack.vpc || undefined,
+            vpc: stack.vpc ?? undefined,
             vpcSubnets,
-            securityGroup: stack.lambdaDbSg || undefined,
+            securityGroup: stack.lambdaDbSg ?? undefined,
         },
     };
 }
@@ -101,47 +81,6 @@ function getAssetCode(
     return new AssetCode(lambdaPath);
 }
 
-/**
- * Creates a base configuration for a Lambda that uses an RDS database
- * @param vpc "Private" Lambdas are associated with a VPC
- * @param lambdaDbSg Security Group shared by Lambda and RDS
- * @param props Database connection properties for the Lambda
- * @param config Lambda configuration
- */
-export function dbLambdaConfiguration(
-    vpc: IVpc,
-    lambdaDbSg: ISecurityGroup,
-    props: LambdaConfiguration,
-    config: FunctionParameters
-): FunctionProps {
-    return {
-        runtime: props.runtime ?? Runtime.NODEJS_16_X,
-        memorySize: props.memorySize ?? config.memorySize ?? 1024,
-        functionName: config.functionName,
-        code: config.code,
-        role: config.role,
-        handler: config.handler,
-        timeout: Duration.seconds(
-            config.timeout ?? props.defaultLambdaDurationSeconds ?? 60
-        ),
-        environment: config.environment ?? {
-            DB_USER: props.dbProps?.username ?? "",
-            DB_PASS: props.dbProps?.password ?? "",
-            DB_URI:
-                (config.readOnly
-                    ? props.dbProps?.ro_uri
-                    : props.dbProps?.uri) ?? "",
-        },
-        logRetention: RetentionDays.ONE_YEAR,
-        vpc: vpc,
-        vpcSubnets: {
-            subnets: vpc.privateSubnets,
-        },
-        securityGroups: [lambdaDbSg],
-        reservedConcurrentExecutions: config.reservedConcurrentExecutions ?? 3,
-    };
-}
-
 export function defaultLambdaConfiguration(
     config: FunctionParameters
 ): FunctionProps {
@@ -155,7 +94,7 @@ export function defaultLambdaConfiguration(
         reservedConcurrentExecutions: config.reservedConcurrentExecutions,
         code: config.code,
         role: config.role,
-        timeout: Duration.seconds(config.timeout || 10),
+        timeout: Duration.seconds(config.timeout ?? 10),
     };
     if (config.vpc) {
         return {
@@ -163,7 +102,7 @@ export function defaultLambdaConfiguration(
             ...{
                 vpc: config.vpc,
                 vpcSubnets: {
-                    subnets: config.vpc?.privateSubnets,
+                    subnets: config.vpc.privateSubnets,
                 },
             },
         };
@@ -178,9 +117,7 @@ export interface FunctionParameters {
     code: Code;
     handler: string;
     readOnly?: boolean;
-    environment?: {
-        [key: string]: string;
-    };
+    environment?: Record<string, string>;
     reservedConcurrentExecutions?: number;
     role?: Role;
     vpc?: IVpc;

package/src/aws/infra/stack/monitoredfunction.ts

@@ -82,7 +82,8 @@ export class MonitoredFunction extends Function {
             stack.configuration.production
         ) {
             throw new Error(
-                `Function ${functionProps.functionName} has DISABLE_ALARMS.  Remove before installing to production or define your own properties!`
+                // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+                `Function ${functionProps.functionName!} has DISABLE_ALARMS.  Remove before installing to production or define your own properties!`
             );
         }
 

package/src/aws/infra/stacks/db-stack.ts

@@ -139,7 +139,7 @@ export class DbStack extends Stack {
                 vpc,
                 securityGroups: [securityGroup],
                 vpcSubnets: {
-                    subnetType: SubnetType.PRIVATE_WITH_NAT,
+                    subnetType: SubnetType.PRIVATE_WITH_EGRESS,
                 },
                 instanceType: configuration.dbInstanceType,
                 parameterGroup,

package/src/aws/infra/stacks/network-stack.ts

@@ -1,7 +1,8 @@
 import { Stack } from "aws-cdk-lib";
 import { Construct } from "constructs";
-import { SubnetType, Vpc } from "aws-cdk-lib/aws-ec2";
+import { IVpc, SubnetType, Vpc } from "aws-cdk-lib/aws-ec2";
 import { InfraStackConfiguration } from "./intra-stack-configuration";
+import { exportValue } from "../import-util";
 
 export interface NetworkConfiguration {
     readonly vpcName: string;
@@ -9,6 +10,8 @@ export interface NetworkConfiguration {
 }
 
 export class NetworkStack extends Stack {
+    readonly vpc: IVpc;
+
     constructor(
         scope: Construct,
         id: string,
@@ -19,7 +22,8 @@ export class NetworkStack extends Stack {
             env: isc.env,
         });
 
-        this.createVpc(configuration);
+        this.vpc = this.createVpc(configuration);
+        exportValue(this, isc.environmentName, "VPCID", this.vpc.vpcId);
     }
 
     createVpc(configuration: NetworkConfiguration): Vpc {
@@ -38,7 +42,7 @@ export class NetworkStack extends Stack {
                 {
                     name: "private",
                     cidrMask: 24,
-                    subnetType: SubnetType.PRIVATE_WITH_NAT,
+                    subnetType: SubnetType.PRIVATE_WITH_EGRESS,
                 },
             ],
         });

package/src/aws/runtime/digitraffic-integration-response.ts

@@ -1,11 +1,13 @@
-import {IntegrationResponse} from "aws-cdk-lib/aws-apigateway";
-import {MediaType} from "../types/mediatypes";
-import {RESPONSE_DEFAULT_LAMBDA} from "../infra/api/response";
+import { IntegrationResponse } from "aws-cdk-lib/aws-apigateway";
+import { MediaType } from "../types/mediatypes";
+import {
+    getDeprecatedDefaultLambdaResponse,
+    RESPONSE_DEFAULT_LAMBDA,
+} from "../infra/api/response";
 
 export abstract class DigitrafficIntegrationResponse {
-
-    static ok(mediaType: MediaType): IntegrationResponse {
-        return this.create("200", mediaType);
+    static ok(mediaType: MediaType, sunset?: string): IntegrationResponse {
+        return this.create("200", mediaType, sunset);
     }
 
     static badRequest(mediaType?: MediaType): IntegrationResponse {
@@ -16,13 +18,18 @@ export abstract class DigitrafficIntegrationResponse {
         return this.create("501", mediaType ?? MediaType.TEXT_PLAIN);
     }
 
-    static create(statusCode: string, mediaType: MediaType): IntegrationResponse {
+    static create(
+        statusCode: string,
+        mediaType: MediaType,
+        sunset?: string
+    ): IntegrationResponse {
         return {
             statusCode,
             responseTemplates: {
-                [mediaType]: RESPONSE_DEFAULT_LAMBDA,
+                [mediaType]: sunset
+                    ? getDeprecatedDefaultLambdaResponse(sunset)
+                    : RESPONSE_DEFAULT_LAMBDA,
             },
         };
     }
 }
-

package/src/aws/runtime/secrets/dbsecret.ts

@@ -1,11 +1,4 @@
-import { GenericSecret, withSecret, withSecretAndPrefix } from "./secret";
-
-export interface DbSecret {
-    readonly username: string;
-    readonly password: string;
-    readonly host: string;
-    readonly ro_host: string;
-}
+import { GenericSecret } from "./secret";
 
 export enum RdsProxySecretKey {
     username = "username",
@@ -24,115 +17,6 @@ export enum RdsSecretKey {
 export type RdsProxySecret = Record<RdsProxySecretKey, string>;
 export type RdsSecret = Record<RdsSecretKey, string>;
 
-export enum DatabaseEnvironmentKeys {
-    DB_USER = "DB_USER",
-    DB_PASS = "DB_PASS",
-    DB_URI = "DB_URI",
-    DB_RO_URI = "DB_RO_URI",
-    DB_APPLICATION = "DB_APPLICATION",
-}
-
-function setDbSecret(secret: DbSecret) {
-    process.env[DatabaseEnvironmentKeys.DB_USER] = secret.username;
-    process.env[DatabaseEnvironmentKeys.DB_PASS] = secret.password;
-    process.env[DatabaseEnvironmentKeys.DB_URI] = secret.host;
-    process.env[DatabaseEnvironmentKeys.DB_RO_URI] = secret.ro_host;
-}
-
-// cached at Lambda container level
-// eslint-disable-next-line @typescript-eslint/no-explicit-any
-let cachedSecret: any;
-
-const missingSecretErrorText = "Missing or empty secretId";
-
-/**
- * You can give the following options for retrieving a secret:
- *
- * expectedKeys: the list of keys the secret must include.  If not, an error will be thrown.
- * prefix: a prefix that's included in retrieved secret's keys.  Only keys begining with the prefix will be included.
- * The secret that is passed to the given function will not include the prefix in it's keys.
-
- */
-export interface SecretOptions {
-    readonly expectedKeys?: string[];
-    readonly prefix?: string;
-}
-
-export type SecretToPromiseFunction<Secret, Response = void> = (
-    secret: Secret
-) => Promise<Response> | void;
-export type SecretFunction<Secret, Response = void> = (
-    secretId: string,
-    fn: SecretToPromiseFunction<Secret, Response>,
-    options?: SecretOptions
-) => Promise<Response | void>;
-export type EmptySecretFunction<Response = void> = SecretFunction<
-    DbSecret,
-    Response
->;
-
-/**
- * Run the given function with secret retrieved from Secrets Manager.  Also injects database-credentials into environment.
- *
- * @deprecated use SecretHolder & ProxyHolder
- * @see SecretOptions
- *
- * @param {string} secretId
- * @param {function} fn
- * @param {SecretOptions} options
- */
-export async function withDbSecret<Secret, Response>(
-    secretId: string,
-    fn: SecretToPromiseFunction<Secret, Response>,
-    options?: SecretOptions
-): Promise<Response | void> {
-    if (!secretId) {
-        console.error(missingSecretErrorText);
-        return Promise.reject(missingSecretErrorText);
-    }
-
-    if (!cachedSecret) {
-        // if prefix is given, first set db values and then fetch secret
-        if (options?.prefix) {
-            // first set db values
-            await withSecret(secretId, (fetchedSecret: DbSecret) => {
-                setDbSecret(fetchedSecret);
-            });
-
-            // then actual secret
-            await withSecretAndPrefix(
-                secretId,
-                options.prefix,
-                (fetchedSecret: Secret) => {
-                    cachedSecret = fetchedSecret;
-                }
-            );
-        } else {
-            await withSecret(secretId, (fetchedSecret: DbSecret) => {
-                setDbSecret(fetchedSecret);
-                cachedSecret = fetchedSecret;
-            });
-        }
-    }
-    try {
-        if (options?.expectedKeys?.length) {
-            checkExpectedSecretKeys(options.expectedKeys, cachedSecret);
-        }
-        return fn(cachedSecret);
-    } catch (error) {
-        console.error(
-            "method=withDbSecret Caught an error, refreshing secret",
-            error
-        );
-        // try to refetch secret in case it has changed
-        await withSecret(secretId, (fetchedSecret: DbSecret) => {
-            setDbSecret(fetchedSecret);
-            cachedSecret = fetchedSecret;
-        });
-        return fn(cachedSecret);
-    }
-}
-
 export function checkExpectedSecretKeys<Secret extends GenericSecret>(
     keys: string[],
     secret: Secret

package/src/aws/runtime/secrets/proxy-holder.ts

@@ -1,10 +1,7 @@
 import { SecretHolder } from "./secret-holder";
-import {
-    DatabaseEnvironmentKeys,
-    RdsProxySecretKey,
-    RdsProxySecret,
-} from "./dbsecret";
+import { RdsProxySecretKey, RdsProxySecret } from "./dbsecret";
 import { getEnvVariable } from "../../../utils/utils";
+import { DatabaseEnvironmentKeys } from "../../../database/database";
 
 const RDS_PROXY_SECRET_KEYS = Object.values(RdsProxySecretKey);
 

package/src/aws/runtime/secrets/rds-holder.ts

@@ -1,6 +1,7 @@
 import { SecretHolder } from "./secret-holder";
-import { DatabaseEnvironmentKeys, RdsSecret, RdsSecretKey } from "./dbsecret";
+import { RdsSecret, RdsSecretKey } from "./dbsecret";
 import { getEnvVariable } from "../../../utils/utils";
+import { DatabaseEnvironmentKeys } from "../../../database/database";
 
 const RDS_SECRET_KEYS = Object.values(RdsSecretKey);
 

package/src/aws/runtime/secrets/secret-holder.ts

@@ -1,12 +1,8 @@
 import { GenericSecret, getSecret } from "./secret";
-import {
-    checkExpectedSecretKeys,
-    DatabaseEnvironmentKeys,
-    DbSecret,
-} from "./dbsecret";
+import { checkExpectedSecretKeys } from "./dbsecret";
 import { getEnvVariable } from "../../../utils/utils";
 
-// eslint-disable-next-line @typescript-eslint/no-var-requires
+// eslint-disable-next-line @typescript-eslint/no-var-requires, @typescript-eslint/no-unsafe-assignment
 const NodeTtl = require("node-ttl");
 
 const DEFAULT_PREFIX = "";
@@ -40,6 +36,7 @@ export class SecretHolder<Secret extends GenericSecret> {
         this.prefix = prefix;
         this.expectedKeys = expectedKeys;
 
+        // eslint-disable-next-line @typescript-eslint/no-var-requires, @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call
         this.secretCache = new NodeTtl(configuration);
     }
 
@@ -48,6 +45,7 @@ export class SecretHolder<Secret extends GenericSecret> {
 
         console.info("refreshing secret " + this.secretId);
 
+        // eslint-disable-next-line @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access
         this.secretCache.push(DEFAULT_SECRET_KEY, secretValue);
     }
 
@@ -90,24 +88,14 @@ export class SecretHolder<Secret extends GenericSecret> {
     }
 
     private async getSecret<S>(): Promise<S> {
-        const secret = this.secretCache.get(DEFAULT_SECRET_KEY);
+        // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-call
+        const secret: S | undefined = this.secretCache.get(DEFAULT_SECRET_KEY);
 
         if (!secret) {
             await this.initSecret();
         }
 
-        return secret || this.secretCache.get(DEFAULT_SECRET_KEY);
-    }
-
-    /**
-     * @deprecated Use ProxyHolder
-     */
-    public async setDatabaseCredentials() {
-        const secret = await this.getSecret<DbSecret>();
-
-        process.env[DatabaseEnvironmentKeys.DB_USER] = secret.username;
-        process.env[DatabaseEnvironmentKeys.DB_PASS] = secret.password;
-        process.env[DatabaseEnvironmentKeys.DB_URI] = secret.host;
-        process.env[DatabaseEnvironmentKeys.DB_RO_URI] = secret.ro_host;
+        // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-call
+        return secret ?? (this.secretCache.get(DEFAULT_SECRET_KEY) as S);
     }
 }