aws-secrets-parser

AWS secrets parser

Fetch and parse JSON from AWS secrets manager.

Review Version Downloads Size Quality Coverage

Motivation

If I have a JSON secret:

{
  "username": "***",
  "password": "***"
}

I want to programmatically retrieve and parse it into an object:

import { retrieve } from "aws-secrets-parser";

retrieve("database-secret", "us-east-1").then(({ username, password }) => { ... });

I also want to format and export the values to environment variables:

> source <(aws-secrets-parser database-secret --naming constant --prefix DATABASE)
> printenv

DATABASE_USERNAME=***
DATABASE_PASSWORD=***

I also want to format and export them to a .env file:

> aws-secrets-parser database-secret --naming constant --prefix DATABASE --output dotenv > .env

This produces a .env file with:

DATABASE_USERNAME=***
DATABASE_PASSWORD=***

Installing

npm install aws-secrets-parser

To make the cli accessible install the package globally with the -g flag or invoke it with npx.

Usage

Fetch and parse a JSON secret:

import { retrieve } from "aws-secrets-parser";

retrieve("database-secret", "us-east-1");

CLI

aws-secrets-parser <name>

Fetch and parse JSON from AWS secrets manager.

Positionals:
  name  The secret name                                                                                         [string]

Options:
  -h, --help     Show help                                                                                     [boolean]
  -v, --version  Show version number                                                                           [boolean]
  -r, --region   Set the AWS region                                                      [string] [default: "us-east-1"]
  -n, --naming   Set the key naming format    [string] [choices: "preserve", "constant", "pascal"] [default: "preserve"]
  -p, --prefix   Add a prefix to the keys                                                                       [string]
  -o, --output   Set the output format                        [string] [choices: "export", "dotenv"] [default: "export"]

Naming formats:

preserve → No formatting
constant → CONSTANT_CASE
pascal → PascalCase

Output formats:

export → export key='value'
dotenv → key=value

Examples

> aws-secrets-parser database-secret --naming constant --prefix DATABASE

export DATABASE_USERNAME='***'
export DATABASE_PASSWORD='***'

The cli prints export statements since you can't set environment variables from a script directly. Running the cli with source will consume them:

> source <(aws-secrets-parser database-secret --naming constant --prefix DATABASE)
> printenv

DATABASE_USERNAME=***
DATABASE_PASSWORD=***

You can also output them in dotenv format to consume later:

> aws-secrets-parser database-secret --naming constant --prefix DATABASE --output dotenv > .env

This produces a .env file with:

DATABASE_USERNAME=***
DATABASE_PASSWORD=***

Tooling

Dependencies

To install dependencies:

yarn install

Tests

To run tests:

yarn test

Documentation

To generate the documentation locally:

yarn docs

Linters

To run linters:

yarn lint

Formatters

To run formatters:

yarn format

Contributing

Please read this repository's Code of Conduct which outlines our collaboration standards and the Changelog for details on breaking changes that have been made.

This repository adheres to semantic versioning standards. For more information on semantic versioning visit SemVer.

Bump2version is used to version and tag changes. For example: