This repository has been archived by the owner on Sep 9, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 38
/
main.go
86 lines (78 loc) · 2.46 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
package main
import (
"encoding/base64"
"fmt"
"os"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/arn"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/secretsmanager"
)
func main() {
secretArn := os.Getenv("SECRET_ARN")
var AWSRegion string
if arn.IsARN(secretArn) {
arnobj, _ := arn.Parse(secretArn)
AWSRegion = arnobj.Region
} else {
fmt.Println("Not a valid ARN")
os.Exit(1)
}
sess, err := session.NewSession()
svc := secretsmanager.New(sess, &aws.Config{
Region: aws.String(AWSRegion),
})
input := &secretsmanager.GetSecretValueInput{
SecretId: aws.String(secretArn),
VersionStage: aws.String("AWSCURRENT"),
}
result, err := svc.GetSecretValue(input)
if err != nil {
if aerr, ok := err.(awserr.Error); ok {
switch aerr.Code() {
case secretsmanager.ErrCodeResourceNotFoundException:
fmt.Println(secretsmanager.ErrCodeResourceNotFoundException, aerr.Error())
case secretsmanager.ErrCodeInvalidParameterException:
fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
case secretsmanager.ErrCodeInvalidRequestException:
fmt.Println(secretsmanager.ErrCodeInvalidRequestException, aerr.Error())
case secretsmanager.ErrCodeDecryptionFailure:
fmt.Println(secretsmanager.ErrCodeDecryptionFailure, aerr.Error())
case secretsmanager.ErrCodeInternalServiceError:
fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
default:
fmt.Println(aerr.Error())
}
} else {
// Print the error, cast err to awserr.Error to get the Code and
// Message from an error.
fmt.Println(err.Error())
}
return
}
// Decrypts secret using the associated KMS CMK.
// Depending on whether the secret is a string or binary, one of these fields will be populated.
var secretString, decodedBinarySecret string
if result.SecretString != nil {
secretString = *result.SecretString
writeOutput(secretString)
} else {
decodedBinarySecretBytes := make([]byte, base64.StdEncoding.DecodedLen(len(result.SecretBinary)))
len, err := base64.StdEncoding.Decode(decodedBinarySecretBytes, result.SecretBinary)
if err != nil {
fmt.Println("Base64 Decode Error:", err)
return
}
decodedBinarySecret = string(decodedBinarySecretBytes[:len])
writeOutput(decodedBinarySecret)
}
}
func writeOutput(output string) {
f, err := os.Create("/tmp/secret")
if err != nil {
return
}
defer f.Close()
f.WriteString(output)
}