@valora/secrets-loader
Advanced tools
Library for loading secrets via Google Cloud's Secrets Manager
Load secret data from Google Cloud's Secrets Manager and parse with dotenv.
From your project directory, run:
yarn add @valora/secrets-loader
or
npm i @valora/secrets-loader
import {loadSecret} from '@valora/secrets-loader'
async function loadSecretExample() {
// ...your code...
const VERSION = 'latest'
const secretData = await loadSecret(`projects/${YOUR_PROJECT_ID}/secrets/${YOUR_SECRET_NAME}/versions/${VERSION}`)
// If secret is FOO=bar\nUSER=alice...
// ...you can use the values directly...
doStuffWithFoo(secretData.FOO)
doStuffWithUser(secretData.USER)
// ...or inject into process.env.
process.env = { ...process.env, ...secretData }
}
loadSecret is a thin wrapper for SecretManagerServiceClient.accessSecretVersion, so you may also find this example helpful.
If you plan to use actual secrets from the Google Cloud Secrets Manager (rather than mocked values) with your local service, you will need:
gcloud auth logingcloud config set project my-project . (replace my-project with your project name, as needed)If you are logged in and have all the necessary permissions, but still getting an error like failed to retrieve auth metadata with error: invalid_grant when
you try to access secrets, it may be an IDE permissions issue. Try setting your Application Default Credentials (ADC) as described here.
If you are a JetBrains aficionado, you may find this plugin enjoyable. It includes a SecretManager toolbar.
FAQs
Library for loading secrets via Google Cloud's Secrets Manager
The npm package @valora/secrets-loader receives a total of 429 weekly downloads. As such, @valora/secrets-loader popularity was classified as not popular.
We found that @valora/secrets-loader demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.
Security News
NIST's new password guidelines remove periodic changes and special character requirements, focusing on longer, more secure passwords for better authentication practices.