/
handler.js
40 lines (36 loc) · 1.02 KB
/
handler.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
"use strict";
const aws = require("aws-sdk");
const fs = require("fs");
const path = require("path");
async function decryptSecret(secretName) {
let kms = new aws.KMS();
const secretsFilePath = path.join(
process.env.LAMBDA_TASK_ROOT,
"secret-baker-secrets.json"
);
const file = fs.readFileSync(secretsFilePath);
const secrets = JSON.parse(file);
const params = {
CiphertextBlob: Buffer.from(secrets[secretName]["ciphertext"], "base64"),
EncryptionContext: { PARAMETER_ARN: secrets[secretName]["arn"] }
};
const response = await kms.decrypt(params).promise();
return response.Plaintext.toString("ascii");
}
module.exports.hello = async (event, context) => {
const secrets = [
"MY_SECRET",
"MY_OTHER_SECRET",
"CUSTOM_SECRET"
];
let output = "";
try {
for (const secret of secrets) {
const value = await decryptSecret(secret);
output = output + `Secret ${secret}: ${value.slice(0, 3)}...\n`;
}
} catch (error) {
return `ERROR!: ${error}`;
}
return output;
};