Exposes secrets from AWS Secrets Manager in a variety ways so they can be used by your build process, CICD, or application runtime.
Only string
and JSON as string
type secrets from AWS Secrets Manager are supported
- Create file
.mystiko.json
in folder where you run it with below syntax. Seeexample
folder or below JSON Every secret can have:
-
env
target, so it is saved asenvname
intoprocess.env
object -
file
target, so it is saved underfilename
path in file system (absolute or relative to current folder) - have
keyValues
property instead of target, which means Secret is a JSON object itself and every property in it should be treated as separate secret with own config as in 1) or 2) option above
{
"environments": {
"<any_env_name>": {
"region": "<AWS Region,e.g. me-south-1>",
"secrets": [
{
"name": "<secret_name_in_AWS_Secret_Manager>",
"target": "env",
"envname": "<name of env variable to put secret value to>"
},
{
"name": "<secret_name_in_AWS_Secret_Manager>",
"keyValues": [
{
"key": "<key in AWS Secret>",
"target": "file",
"filename": "<relative or absolute path of target file to put secret value to>"
}
]
}
]
}
}
}
- Call mystiko anywhere you want to add your secrets
The mystiko
function is async since calls to AWS Secrets Manager to fetch secrets are async. It can be consumed using await
or .then()
.
n.b. mystiko
uses standard AWS IAM authentication see Configuration settings and precedence to access Secrets Manager.
/* Use import */
import mystiko from 'mystiko';
/* Use require */
const mystiko = require('mystiko');
/* Use await */
await mystiko({ env: 'dev' });
// Secrets are now available
/* Use .then() */
mystiko({ env: 'dev' }).then(() => {
// Secrets are now available
});
- Use your Secret
Depending on your
.mystiko.json
configuration, your secrets will now be stored in theprocess.env
object or saved in files.
Run tests with npm run test
. When adding a new feature, make sure the code coverage does not go down.