@middy/secrets-manager 2.5.1 → 3.0.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/LICENSE +1 -1
  2. package/README.md +1 -4
  3. package/index.d.ts +2 -13
  4. package/package.json +7 -7
  5. package/index.js +0 -95
package/LICENSE CHANGED
@@ -1,6 +1,6 @@
1
1
  MIT License
2
2
 
3
- Copyright (c) 2017-2021 Luciano Mammino, will Farrell and the [Middy team](https://github.com/middyjs/middy/graphs/contributors)
3
+ Copyright (c) 2017-2022 Luciano Mammino, will Farrell and the [Middy team](https://github.com/middyjs/middy/graphs/contributors)
4
4
 
5
5
  Permission is hereby granted, free of charge, to any person obtaining a copy
6
6
  of this software and associated documentation files (the "Software"), to deal
package/README.md CHANGED
@@ -53,13 +53,10 @@ npm install --save @middy/secrets-manager
53
53
  - `disablePrefetch` (boolean) (default `false`): On cold start requests will trigger early if they can. Setting `awsClientAssumeRole` disables prefetch.
54
54
  - `cacheKey` (string) (default `secrets-manager`): Cache key for the fetched data responses. Must be unique across all middleware.
55
55
  - `cacheExpiry` (number) (default `-1`): How long fetch data responses should be cached for. `-1`: cache forever, `0`: never cache, `n`: cache for n ms.
56
- - `setToEnv` (boolean) (default `false`): Store secrets to `process.env`. **Storing secrets in `process.env` is considered security bad practice**
57
56
  - `setToContext` (boolean) (default `false`): Store secrets to `request.context`.
58
57
 
59
58
  NOTES:
60
59
  - Lambda is required to have IAM permission for `secretsmanager:GetSecretValue`
61
- - `setToEnv` and `setToContext` are included for legacy support and should be avoided for performance and security reasons. See main documentation for best practices.
62
- - `setToEnv` can only assign secrets of type string
63
60
 
64
61
  ## Sample usage
65
62
 
@@ -99,7 +96,7 @@ Everyone is very welcome to contribute to this repository. Feel free to [raise i
99
96
 
100
97
  ## License
101
98
 
102
- Licensed under [MIT License](LICENSE). Copyright (c) 2017-2021 Luciano Mammino, will Farrell, and the [Middy team](https://github.com/middyjs/middy/graphs/contributors).
99
+ Licensed under [MIT License](LICENSE). Copyright (c) 2017-2022 Luciano Mammino, will Farrell, and the [Middy team](https://github.com/middyjs/middy/graphs/contributors).
103
100
 
104
101
  <a href="https://app.fossa.io/projects/git%2Bgithub.com%2Fmiddyjs%2Fmiddy?ref=badge_large">
105
102
  <img src="https://app.fossa.io/api/projects/git%2Bgithub.com%2Fmiddyjs%2Fmiddy.svg?type=large" alt="FOSSA Status" style="max-width:100%;">
package/index.d.ts CHANGED
@@ -1,19 +1,8 @@
1
1
  import { SecretsManager } from 'aws-sdk'
2
- import { captureAWSClient } from 'aws-xray-sdk'
3
2
  import middy from '@middy/core'
3
+ import { Options as MiddyOptions } from '@middy/util'
4
4
 
5
- interface Options<SM = SecretsManager> {
6
- AwsClient?: new() => SM
7
- awsClientOptions?: Partial<SecretsManager.Types.ClientConfiguration>
8
- awsClientAssumeRole?: string
9
- awsClientCapture?: typeof captureAWSClient
10
- fetchData?: { [key: string]: string }
11
- disablePrefetch?: boolean
12
- cacheKey?: string
13
- cacheExpiry?: number
14
- setToEnv?: boolean
15
- setToContext?: boolean
16
- }
5
+ interface Options<SM = SecretsManager> extends MiddyOptions<SM, SecretsManager.Types.ClientConfiguration> {}
17
6
 
18
7
  declare function secretsManager (options?: Options): middy.MiddlewareObj
19
8
 
package/package.json CHANGED
@@ -1,16 +1,16 @@
1
1
  {
2
2
  "name": "@middy/secrets-manager",
3
- "version": "2.5.1",
3
+ "version": "3.0.0-alpha.0",
4
4
  "description": "Secrets Manager middleware for the middy framework",
5
- "type": "commonjs",
5
+ "type": "module",
6
6
  "engines": {
7
- "node": ">=12"
7
+ "node": ">=14"
8
8
  },
9
9
  "engineStrict": true,
10
10
  "publishConfig": {
11
11
  "access": "public"
12
12
  },
13
- "main": "index.js",
13
+ "exports": "./index.js",
14
14
  "types": "index.d.ts",
15
15
  "files": [
16
16
  "index.d.ts"
@@ -44,12 +44,12 @@
44
44
  },
45
45
  "homepage": "https://github.com/middyjs/middy#readme",
46
46
  "dependencies": {
47
- "@middy/util": "^2.5.1"
47
+ "@middy/util": "^3.0.0-alpha.0"
48
48
  },
49
49
  "devDependencies": {
50
- "@middy/core": "^2.5.1",
50
+ "@middy/core": "^3.0.0-alpha.0",
51
51
  "aws-sdk": "^2.939.0",
52
52
  "aws-xray-sdk": "^3.3.3"
53
53
  },
54
- "gitHead": "df18e5eff7d73492a96a2ca4780a2eae45d1cedb"
54
+ "gitHead": "c533f62841c8a39d061d7b94f30ba178f002c8db"
55
55
  }
package/index.js DELETED
@@ -1,95 +0,0 @@
1
- "use strict";
2
-
3
- const {
4
- canPrefetch,
5
- createPrefetchClient,
6
- createClient,
7
- processCache,
8
- getCache,
9
- modifyCache,
10
- jsonSafeParse,
11
- getInternal
12
- } = require('@middy/util');
13
-
14
- const SecretsManager = require('aws-sdk/clients/secretsmanager'); // v2
15
- // const { SecretsManager } = require('@aws-sdk/client-secrets-manager') // v3
16
-
17
-
18
- const defaults = {
19
- AwsClient: SecretsManager,
20
- awsClientOptions: {},
21
- awsClientAssumeRole: undefined,
22
- awsClientCapture: undefined,
23
- fetchData: {},
24
- // If more than 2, consider writing own using ListSecrets
25
- disablePrefetch: false,
26
- cacheKey: 'secrets-manager',
27
- cacheExpiry: -1,
28
- setToEnv: false,
29
- // can return object when requesting db credentials, cannot set to process.env
30
- setToContext: false
31
- };
32
-
33
- const secretsManagerMiddleware = (opts = {}) => {
34
- const options = { ...defaults,
35
- ...opts
36
- };
37
-
38
- const fetch = (request, cachedValues = {}) => {
39
- const values = {}; // Multiple secrets can be requested in a single requests,
40
- // however this is likely uncommon IRL, increases complexity to handle,
41
- // and will require recursive promise resolution impacting performance.
42
- // See https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/SecretsManager.html#listSecrets-property
43
-
44
- for (const internalKey of Object.keys(options.fetchData)) {
45
- if (cachedValues[internalKey]) continue;
46
- values[internalKey] = client.getSecretValue({
47
- SecretId: options.fetchData[internalKey]
48
- }).promise() // Required for aws-sdk v2
49
- .then(resp => jsonSafeParse(resp.SecretString)).catch(e => {
50
- var _getCache$value, _getCache;
51
-
52
- const value = (_getCache$value = (_getCache = getCache(options.cacheKey)) === null || _getCache === void 0 ? void 0 : _getCache.value) !== null && _getCache$value !== void 0 ? _getCache$value : {};
53
- value[internalKey] = undefined;
54
- modifyCache(options.cacheKey, value);
55
- throw e;
56
- });
57
- }
58
-
59
- return values;
60
- };
61
-
62
- let prefetch, client;
63
-
64
- if (canPrefetch(options)) {
65
- client = createPrefetchClient(options);
66
- prefetch = processCache(options, fetch);
67
- }
68
-
69
- const secretsManagerMiddlewareBefore = async request => {
70
- var _prefetch;
71
-
72
- if (!client) {
73
- client = await createClient(options, request);
74
- }
75
-
76
- const {
77
- value
78
- } = (_prefetch = prefetch) !== null && _prefetch !== void 0 ? _prefetch : processCache(options, fetch, request);
79
- Object.assign(request.internal, value);
80
-
81
- if (options.setToContext || options.setToEnv) {
82
- const data = await getInternal(Object.keys(options.fetchData), request);
83
- if (options.setToEnv) Object.assign(process.env, data);
84
- if (options.setToContext) Object.assign(request.context, data);
85
- }
86
-
87
- prefetch = null;
88
- };
89
-
90
- return {
91
- before: secretsManagerMiddlewareBefore
92
- };
93
- };
94
-
95
- module.exports = secretsManagerMiddleware;