aws-secrets-parser
AWS secrets parser
Fetch and parse JSON from AWS secrets manager.
Motivation
If I have a JSON secret:
{
"username": "***",
"password": "***"
}
- I want to be able to programmatically retrieve and parse it into an object:
import { retrieve } from "aws-secrets-parser";
retrieve("database-secret", "us-east-1").then(({ username, password }) => { ... });
- I want to be able to pass it to
jq:
> aws-secrets-parser database-secret | jq "."
{
"username": "***",
"password": "***"
}
- I want to be able to format and export the values to environment variables:
> source <(aws-secrets-parser database-secret --naming constant --prefix DATABASE --output export)
> printenv
DATABASE_USERNAME=***
DATABASE_PASSWORD=***
- I want to be able to format and export them to a
.envfile:
> aws-secrets-parser database-secret --naming constant --prefix DATABASE --output dotenv > .env
This produces a .env file with:
DATABASE_USERNAME=***
DATABASE_PASSWORD=***
Installing
npm install aws-secrets-parser
To make the cli accessible install the package globally with the -g flag or invoke it with npx.
Usage
Fetch and parse a JSON secret:
import { retrieve } from "aws-secrets-parser";
retrieve("database-secret", "us-east-1");
CLI
aws-secrets-parser <name>
Fetch and parse JSON from AWS secrets manager.
Positionals:
name The secret name [string]
Options:
-h, --help Show help [boolean]
-v, --version Show version number [boolean]
-r, --region Set the AWS region [string] [default: "us-east-1"]
-n, --naming Set the key naming format [string] [choices: "preserve", "constant", "pascal"] [default: "preserve"]
-p, --prefix Add a prefix to the keys [string]
-P, --postgres Aggregate postgres variables [boolean] [default: false]
-o, --output Set the output format [string] [choices: "json", "export", "dotenv"] [default: "json"]
Naming formats:
preserve→ No formattingconstant→CONSTANT_CASEpascal→PascalCase
Output formats:
json→{ ... }export→export key='value'dotenv→key=value
Examples
> aws-secrets-parser database-secret --naming constant --prefix DATABASE --output export
export DATABASE_USERNAME='***'
export DATABASE_PASSWORD='***'
The cli prints export statements since you can't set environment variables from a script directly. Running the cli with source will consume them:
> source <(aws-secrets-parser database-secret --naming constant --prefix DATABASE --output export)
> printenv
DATABASE_USERNAME=***
DATABASE_PASSWORD=***
You can also output them in dotenv format to consume later:
> aws-secrets-parser database-secret --naming constant --prefix DATABASE --output dotenv > .env
This produces a .env file with:
DATABASE_USERNAME=***
DATABASE_PASSWORD=***
Tooling
Dependencies
To install dependencies:
yarn install
Tests
To run tests:
yarn test
Documentation
To generate the documentation locally:
yarn docs
Linters
To run linters:
yarn lint
Formatters
To run formatters:
yarn format
Contributing
Please read this repository's Code of Conduct which outlines our collaboration standards and the Changelog for details on breaking changes that have been made.
This repository adheres to semantic versioning standards. For more information on semantic versioning visit SemVer.
Bump2version is used to version and tag changes. For example:
bump2version patch
Contributors
- Joel Lefkowitz - Initial work
Remarks
Lots of love to the open source community!
