env-secrets 0.1.9 → 0.2.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "env-secrets",
-  "version": "0.1.9",
+  "version": "0.2.0",
   "description": "get secrets from a secrets vault and inject them into the running environment",
   "main": "index.js",
   "author": "Mark C Allen (@markcallen)",
@@ -16,31 +16,36 @@
     "release": "release-it",
     "prettier:fix": "npx prettier --write .",
     "prettier:check": "npx prettier --check .",
-    "test": "jest"
+    "test": "npm run test:unit && npm run test:e2e",
+    "test:unit": "jest __tests__",
+    "test:unit:coverage": "jest __tests__ --coverage",
+    "test:e2e": "npm run build && jest __e2e__"
   },
   "devDependencies": {
     "@types/debug": "^4.1.12",
     "@types/jest": "^29.5.14",
-    "@types/node": "^18.19.80",
+    "@types/node": "^18.19.121",
     "@typescript-eslint/eslint-plugin": "^5.62.0",
     "@typescript-eslint/parser": "^5.62.0",
     "eslint": "^8.57.1",
-    "eslint-config-prettier": "^8.10.0",
-    "eslint-plugin-prettier": "^4.2.1",
+    "eslint-config-prettier": "^8.10.2",
+    "eslint-plugin-prettier": "^4.2.5",
     "husky": "^8.0.3",
     "jest": "^29.7.0",
     "lint-staged": "13.3.0",
     "prettier": "^2.8.8",
     "release-it": "^15.11.0",
     "rimraf": "^3.0.2",
-    "ts-jest": "^29.2.6",
+    "ts-jest": "^29.4.1",
     "ts-node": "^10.9.2",
     "typescript": "^4.9.5"
   },
   "dependencies": {
-    "aws-sdk": "^2.1692.0",
+    "@aws-sdk/client-secrets-manager": "^3.525.0",
+    "@aws-sdk/client-sts": "^3.525.0",
+    "@aws-sdk/credential-providers": "^3.525.0",
     "commander": "^9.5.0",
-    "debug": "^4.4.0"
+    "debug": "^4.4.1"
   },
   "lint-staged": {
     "*.{ts,js}": [
@@ -58,6 +63,6 @@
     "env-secrets": "./dist/index.js"
   },
   "engines": {
-    "node": "^16.14.0 || >=18.0.0"
+    "node": ">=18.0.0"
   }
 }

package/src/vaults/secretsmanager.ts

@@ -1,4 +1,9 @@
-import AWS from 'aws-sdk';
+import {
+  SecretsManagerClient,
+  GetSecretValueCommand
+} from '@aws-sdk/client-secrets-manager';
+import { STSClient, GetCallerIdentityCommand } from '@aws-sdk/client-sts';
+import { fromIni } from '@aws-sdk/credential-providers';
 import Debug from 'debug';
 
 const debug = Debug('env-secrets:secretsmanager');
@@ -9,36 +14,18 @@ interface secretsmanagerType {
   region?: string;
 }
 
-const checkConnection = async () => {
-  const sts = new AWS.STS();
+const checkConnection = async (region?: string) => {
+  const stsClient = new STSClient({ region });
+  const command = new GetCallerIdentityCommand({});
 
-  const getCallerPromise = new Promise((resolve, reject) => {
-    sts.getCallerIdentity({}, (err, data) => {
-      if (err) reject(err);
-      else {
-        resolve(data);
-      }
-    });
-  });
-
-  let value;
-  let err;
-
-  await getCallerPromise
-    .then((v) => {
-      value = v;
-    })
-    .catch((e) => {
-      err = e;
-    });
-
-  if (err) {
+  try {
+    const data = await stsClient.send(command);
+    debug(data);
+    return true;
+  } catch (err) {
     console.error(err);
     return false;
   }
-  debug(value);
-
-  return !!value;
 };
 
 export const secretsmanager = async (options: secretsmanagerType) => {
@@ -47,37 +34,38 @@ export const secretsmanager = async (options: secretsmanagerType) => {
     AWS_ACCESS_KEY_ID: awsAccessKeyId,
     AWS_SECRET_ACCESS_KEY: awsSecretAccessKey
   } = process.env;
+
+  let credentials;
   if (profile) {
     debug(`Using profile: ${profile}`);
-    const credentials = new AWS.SharedIniFileCredentials({
-      profile
-    });
-    AWS.config.credentials = credentials;
+    credentials = fromIni({ profile });
   } else if (awsAccessKeyId && awsSecretAccessKey) {
     debug('Using environment variables');
+    credentials = undefined; // Will use environment variables automatically
   } else {
     debug('Using profile: default');
+    credentials = fromIni({ profile: 'default' });
   }
 
-  if (region) {
-    AWS.config.update({ region });
-  }
-  if (!AWS.config.region) {
+  const config = {
+    region,
+    credentials
+  };
+
+  if (!config.region) {
     debug('no region set');
   }
 
-  const connected = await checkConnection();
+  const connected = await checkConnection(region);
 
   if (connected) {
-    const sm = new AWS.SecretsManager();
+    const client = new SecretsManagerClient(config);
 
     try {
-      const response = await sm
-        .getSecretValue({
-          SecretId: secret
-        })
-        .promise();
-
+      const command = new GetSecretValueCommand({
+        SecretId: secret
+      });
+      const response = await client.send(command);
       const secretvalue = response.SecretString;
 
       try {
@@ -88,9 +76,9 @@ export const secretsmanager = async (options: secretsmanagerType) => {
         console.error(err);
       }
     } catch (err: any) {
-      if (err && err.code === 'ResourceNotFoundException') {
+      if (err && err.name === 'ResourceNotFoundException') {
         console.error(`${secret} not found`);
-      } else if (err && err.code === 'ConfigError') {
+      } else if (err && err.name === 'ConfigError') {
         console.error(err.message);
       } else {
         console.error(err);
@@ -100,5 +88,6 @@ export const secretsmanager = async (options: secretsmanagerType) => {
     return {};
   } else {
     console.error('Unable to connect to AWS');
+    return {};
   }
 };