/
aws_secretsmanager.go
56 lines (49 loc) · 1.78 KB
/
aws_secretsmanager.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
package repository
import (
"encoding/base64"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/secretsmanager"
"github.com/aws/aws-secretsmanager-caching-go/secretcache"
)
type AWSSecretsManagerRepositoryInterface interface {
GetSecretString(secretName string) (string, error)
}
type AWSSecretsManagerRepository struct {
sm *secretsmanager.SecretsManager
cache *secretcache.Cache
session *session.Session
}
// NewAWSSecretsManagerRepository returns NewAWSSecretsManagerRepository instance.
func NewAWSSecretsManagerRepository(sm *secretsmanager.SecretsManager, sess *session.Session, cache *secretcache.Cache) *AWSSecretsManagerRepository {
return &AWSSecretsManagerRepository{
sm: sm,
cache: cache,
session: sess,
}
}
// GetSecretString gets a secret string from secretsmanager.
func (r *AWSSecretsManagerRepository) GetSecretString(secretName string) (string, error) {
input := &secretsmanager.GetSecretValueInput{
SecretId: aws.String(secretName),
// VersionStage defaults to AWSCURRENT if unspecified
VersionStage: aws.String("AWSCURRENT"),
}
result, err := r.sm.GetSecretValue(input)
if err != nil {
return "", err
}
if result.SecretString != nil { // pragma: allowlist secret
return *result.SecretString, nil
}
decodedBinarySecretBytes := make([]byte, base64.StdEncoding.DecodedLen(len(result.SecretBinary)))
length, err := base64.StdEncoding.Decode(decodedBinarySecretBytes, result.SecretBinary)
if err != nil {
return "", err
}
return string(decodedBinarySecretBytes[:length]), nil
}
// GetCacheSecretString gets a cache secret string from secretsmanager.
func (r *AWSSecretsManagerRepository) GetCacheSecretString(secretName string) (string, error) {
return r.cache.GetSecretString(secretName)
}