@embley/google-secrets-manager-cloudflare
Advanced tools
Integrating Google Secret Manager with Cloudflare Workers to securely manage and dynamically retrieve sensitive information at the edge with 0 dependencies.
Before you begin, make sure you have the following:
Install as a dependency on your Cloudflare worker:
npm install google-cloud-secrets-manager
To retrieve secrets from Google Secrets Manager, create an instance of SecretStore like:
new SecretsStore({ user, key, project_name })
user is the Google Cloud Platform user or service account that has at least the following permissions to handle secrets and
secrets versions:key is the Private Key. To obtain this key,
follow the official Google documentationIMPORTANT
The
keyin the format of -----BEGIN PRIVATE KEY----- .... -----END PRIVATE KEY----- taken from the JSON needs to be processed to make the '\n' real new lines because Cloudflare adds an extra '' making it a '\n' and then the decryption of the key does not work. This happens both throughwrangler secret addand in the Cloudflare dashboard.It does not happen in your local environment, though.
project_name is the Google Cloud Platform project name.The project provides the following functionalities:
const secretsStore = new SecretsStore({ user, key, project_name });
await secretsStore.storeCredential('secretId', 'secret', { 'label1': 'labelValue1', 'label2': 'labelValue2' });
const secretsStore = new SecretsStore({ user, key, project_name });
await secretsStore.retrieveCredential('secretId');
const secretsStore = new SecretsStore({ user, key, project_name });
await secretsStore.updateCredential('secretId', 'newSecret');
This project is not supported by or part of Google Cloud or Cloudflare.
FAQs
Google Secrets Manager - Cloudflare
The npm package @embley/google-secrets-manager-cloudflare receives a total of 14 weekly downloads. As such, @embley/google-secrets-manager-cloudflare popularity was classified as not popular.
We found that @embley/google-secrets-manager-cloudflare demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.