aws-secrets-parser

AWS secrets parser

Fetch and parse JSON from AWS secrets manager.

Motivation

If I have a JSON secret:

{
  "username": "***",
  "password": "***"
}

• I want to be able to programmatically retrieve and parse it into an object:

import { retrieve } from "aws-secrets-parser";

retrieve("database-secret", "us-east-1").then(({ username, password }) => { ... });

• I want to be able to pass it to jq:

> aws-secrets-parser database-secret | jq "."
{
  "username": "***",
  "password": "***"
}

• I want to be able to format and export the values to environment variables:

> source <(aws-secrets-parser database-secret --naming constant --prefix DATABASE --output export)
> printenv

DATABASE_USERNAME=***
DATABASE_PASSWORD=***

• I want to be able to format and export them to a .env file:

> aws-secrets-parser database-secret --naming constant --prefix DATABASE --output dotenv > .env

This produces a .env file with:

DATABASE_USERNAME=***
DATABASE_PASSWORD=***

Installing

npm install aws-secrets-parser

To make the cli accessible install the package globally with the -g flag or invoke it with npx.

Usage

Fetch and parse a JSON secret:

import { retrieve } from "aws-secrets-parser";

retrieve("database-secret", "us-east-1");

CLI

aws-secrets-parser <name>

Fetch and parse JSON from AWS secrets manager.

Positionals:
  name  The secret name                                                                                         [string]

Options:
  -h, --help     Show help                                                                                     [boolean]
  -v, --version  Show version number                                                                           [boolean]
  -r, --region   Set the AWS region                                                      [string] [default: "us-east-1"]
  -n, --naming   Set the key naming format    [string] [choices: "preserve", "constant", "pascal"] [default: "preserve"]
  -p, --prefix   Add a prefix to the keys                                                                       [string]
  -P, --postgres Aggregate postgres variables                                                 [boolean] [default: false]
  -o, --output   Set the output format                  [string] [choices: "json", "export", "dotenv"] [default: "json"]

Naming formats:

• preserve → No formatting
• constant → CONSTANT_CASE
• pascal → PascalCase

Output formats:

• json → { ... }
• export → export key='value'
• dotenv → key=value

Examples

> aws-secrets-parser database-secret --naming constant --prefix DATABASE --output export

export DATABASE_USERNAME='***'
export DATABASE_PASSWORD='***'

The cli prints export statements since you can't set environment variables from a script directly. Running the cli with source will consume them:

> source <(aws-secrets-parser database-secret --naming constant --prefix DATABASE --output export)
> printenv

DATABASE_USERNAME=***
DATABASE_PASSWORD=***

You can also output them in dotenv format to consume later:

> aws-secrets-parser database-secret --naming constant --prefix DATABASE --output dotenv > .env

This produces a .env file with:

DATABASE_USERNAME=***
DATABASE_PASSWORD=***

Tooling

Dependencies

To install dependencies:

yarn install

Tests

To run tests:

yarn test

Documentation

To generate the documentation locally:

yarn docs

Linters

To run linters:

yarn lint

Formatters

To run formatters:

yarn format

Contributing

Please read this repository's Code of Conduct which outlines our collaboration standards and the Changelog for details on breaking changes that have been made.

This repository adheres to semantic versioning standards. For more information on semantic versioning visit SemVer.

Bump2version is used to version and tag changes. For example:

bump2version patch

Contributors

• Joel Lefkowitz - Initial work

Remarks

Lots of love to the open source community!