Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@meltwater/aws-configuration-fetcher
Advanced tools
Readme
A simple system for fetching configuration from both SSM and Secrets Manager in AWS
Add this as a dependency to your project using npm with
$ npm install @meltwater/aws-configuration-fetcher
or using Yarn with
$ yarn add @meltwater/aws-configuration-fetcher
The project exposes a class to help you define your configuration requests. This class is used in conjunction with the ConfigurationRepository to retrieve the values for your configuration.
import {
createConfigurationRepository,
ConfigurationRequest,
ConfigurationRequestTypes
} from '@meltwater/aws-configuration-fetcher'
const configurationRepository = createConfigurationRepository()
const configuration = configurationRepository.getConfiguration([
new ConfigurationRequest({
key: '/some/magical/parameter/path',
propertyName: 'someMagicalParameter',
type: ConfigurationRequestTypes.ssm
}),
new ConfigurationRequest({
key: 'something-super-secret',
propertyName: 'somethingSuperSecret',
type: ConfigurationRequestTypes.secret
})
])
console.log(configuration.someMagicalParameter)
console.log(configuration.somethingSuperSecret, 'Maybe I should not log this...')
The ConfigurationRequest
also allows you to adapt a value being returned. This is helpful for
providing additional validation, or converting the value to a primitive other than string.
import { createConfigurationRepository, ConfigurationRequest, ConfigurationRequestTypes } from '@meltwater/aws-configuration-fetcher'
const configurationRepository = createConfigurationRepository()
const configuration = configurationRepository.getConfiguration([
new ConfigurationRequest({
adapter: (value) => {
if(value.trim() === '') {
throw new Error('The magic has faded, because the parameter value was empty.')
}
return value
},
key: '/some/magical/parameter/path',
propertyName: 'someMagicalParameter',
type: ConfigurationRequestTypes.ssm
}),
new ConfigurationRequest({
adapter: (value) => parseInt(value)
key: 'something-super-secret',
propertyName: 'somethingSuperSecret',
type: ConfigurationRequestTypes.secret
})
])
We have provided a full API spec if you like that sorta thing!
$ git clone https://github.com/meltwater/aws-configuration-fetcher.git serverless-nodejs
$ cd serverless-nodejs
$ nvm install
$ yarn install
Run each command below in a separate terminal window:
$ yarn run offline
$ yarn run test:watch
Primary development tasks are defined under scripts
in package.json
and available via
yarn run
. View them with
$ yarn run
The source code is hosted on GitHub. Clone the project with
$ git clone git@github.com:meltwater/aws-configuration-fetcher.git
You will need Node.js with npm, Yarn, and a Node.js debugging client.
Be sure that all commands run under the correct Node version, e.g., if using nvm, install the correct version with
$ nvm install
Set the active version for each shell session with
$ nvm use
Install the development dependencies with
$ yarn install
Drone should already be configured: this section is for reference only.
The following secrets must be set on Drone. These may be set manually or by running the script
./.drone/secrets.sh
.
Note the Drone config path must be set to .drone/config.yml
after the repo is activated.
npm_token_ro
: npm token for installing packages.npm_token_rw
: npm token for publishing packages.npm_team
: npm team to grant read-only package access (format org:team
, optional).slack_webhook
: Slack webhook for build notifications.When the drone build publishes a new package version it can trigger a promotion event on a Drone repo.
drone_server
: Drone server.drone_token
: Drone token.aws_assume_role_arn_staging
: The AWS role to assume for staging.aws_assume_role_external_id_staging
: The external ID for the AWS role for staging.aws_assume_role_arn_production
: The AWS role to assume for production.aws_assume_role_external_id_production
: The external ID for the AWS role for production.Use the npm version
command to release a new version. This will push a new git tag
which will trigger a CI publish job.
Please submit and comment on bug reports and feature requests.
To submit a patch:
git checkout -b my-new-feature
).git commit -am 'Add some feature'
).git push origin my-new-feature
).This npm package is licensed under the MIT license.
This software is provided by the copyright holders and contributors "as is" and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the copyright holder or contributors be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage.
FAQs
A simple system for fetching configuration from both SSM and Secrets Manager in AWS
The npm package @meltwater/aws-configuration-fetcher receives a total of 47 weekly downloads. As such, @meltwater/aws-configuration-fetcher popularity was classified as not popular.
We found that @meltwater/aws-configuration-fetcher demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.