Skip to content
This repository was archived by the owner on Jul 26, 2022. It is now read-only.

Commit 731edb1

Browse files
arruzkFlydiverny
arruzk
authored and
Flydiverny
committed
feat: support Secret Binary from AWS Secrets Manager (#197)
* Retrieve binary secrets from AWS Secrets Manager
1 parent 165662c commit 731edb1

File tree

2 files changed

+25
-1
lines changed

2 files changed

+25
-1
lines changed

lib/backends/secrets-manager-backend.js

+8-1
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,14 @@ class SecretsManagerBackend extends KVBackend {
3939
.getSecretValue({ SecretId: secretKey })
4040
.promise()
4141

42-
return data.SecretString
42+
if ('SecretBinary' in data) {
43+
return data.SecretBinary
44+
} else if ('SecretString' in data) {
45+
return data.SecretString
46+
}
47+
48+
this._logger.error(`Unexpected data from Secrets Manager secret ${secretKey}`)
49+
return null
4350
}
4451
}
4552

lib/backends/secrets-manager-backend.test.js

+17
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,23 @@ describe('SecretsManagerBackend', () => {
5555
expect(secretPropertyValue).equals('fakeSecretPropertyValue')
5656
})
5757

58+
it('returns binary secret', async () => {
59+
getSecretValuePromise.promise.resolves({
60+
SecretBinary: Buffer.from('fakeSecretPropertyValue', 'utf-8')
61+
})
62+
63+
const secretPropertyValue = await secretsManagerBackend._get({
64+
secretKey: 'fakeSecretKey'
65+
})
66+
67+
expect(clientMock.getSecretValue.calledWith({
68+
SecretId: 'fakeSecretKey'
69+
})).to.equal(true)
70+
expect(clientFactoryMock.getCall(0).args).deep.equals([])
71+
expect(assumeRoleMock.callCount).equals(0)
72+
expect(secretPropertyValue.toString()).equals('fakeSecretPropertyValue')
73+
})
74+
5875
it('returns secret property value assuming a role', async () => {
5976
getSecretValuePromise.promise.resolves({
6077
SecretString: 'fakeAssumeRoleSecretValue'

0 commit comments

Comments
 (0)