cypress-aws-secrets-manager
Advanced tools
Cypress Plugin | Integrate the power of AWS Secrets Manager seamlessly into your Cypress tests with the cypress-aws-secrets-manager plugin. This lightweight yet powerful plugin facilitates the secure loading of secrets stored in AWS Secrets Manager direct
Integrate the power of AWS Secrets Manager seamlessly into your Cypress tests with the cypress-aws-secrets-manager plugin. This lightweight yet powerful plugin facilitates the secure loading of secrets stored in AWS Secrets Manager directly into your Cypress environment variables, ensuring a streamlined and secure approach to managing sensitive information in your test scripts.
$ npm install cypress-aws-secrets-manager --save-dev
or as a global module
$ npm install -g cypress-aws-secrets-manager
In your cypress.config.js file:
module.exports = defineConfig({
e2e: {
async setupNodeEvents(on, config, __dirname) {
const getSecretFromAWS = require("cypress-aws-secrets-manager")
await getSecretFromAWS(on, config, __dirname)
},
},
})
'profile'|'default'|'iam'|'unset'|'multi'
profile will use the profile name specified inside the awsSecretsManagerConfig (If the profile is not specified, the default profile will be used).default will use the default sso config.iam will log with aws credentials, need access_key, secret_key and session_token specified in a pathToCredential variable.unset will login without sso authentication, used mostly when running cypress on CI tools, cause them are already authenticated.multi will try with every strategy, fails only after trying them all.If not specified the 'multi' strategy will be used.
The awsSecretsManagerConfig is an object containing the following parameters:
| Parameter | Mandatory | Notes |
|---|---|---|
| secretName | TRUE | AWS secret name |
| profile | FALSE | AWS SSO profile name, if not set the plugin will use 'default' profile |
| region | TRUE | AWS Secrets Manager region |
| pathToCredentials | WITH STRATEGY 'IAM' | path to credentials file |
//pathToCredentials.json
{
"accessKeyId": "xxxxxx",
"secretAccessKey": "xxxxxx",
"sessionToken": "xxxxxx"
}
After defining your strategy and your awsSecretsManagerConfig.
I propose two solutions for you to import this configuration into cypress, it's up to you to decide which one to choose
PRO: Zero code solution
CONS: cypress-env needed
Following the plugin's guide, you should end up with a JSON file, which must respect this syntax:
//environment.json
{
"baseUrl": "https://www.google.com",
"env": {
"var1": "value1",
"var2": "value2",
"var3": "value3"
}
}
Simply add "AWS_SSO_STRATEGY" inside the "env" object and add awsSecretsManagerConfig as follows:
//environment.json
{
"baseUrl": "https://www.google.com",
"env": {
"AWS_SSO_STRATEGY": "strategy_type",
"var1": "value1",
"var2": "value2",
"var3": "value3"
},
"awsSecretsManagerConfig": {
"secretName": "AWS_SECRET_NAME",
"profile": "AWS_PROFILE_NAME",
"region": "AWS_REGION",
"pathToCredentials": "PATH_TO_AWS_CREDENTIALS"
}
}
No other changes needed
PRO: No cypress-env needed
CONS: Solution with some code
//cypress.config.js
module.exports = defineConfig({
e2e: {
async setupNodeEvents(on, config, __dirname) {
const option = {
awsSecretsManagerConfig: {
secretName: "AWS_SECRET_NAME",
profile: "AWS_PROFILE_NAME",
region: "AWS_REGION",
pathToCredentials: "PATH_TO_AWS_CREDENTIALS.JSON",
},
}
config = {
...config,
...option,
}
const getSecretFromAWS = require("cypress-aws-secrets-manager")
await getSecretFromAWS(on, config, __dirname)
},
},
env: {
AWS_SSO_STRATEGY: "strategy_type",
},
})
Sometimes you'll need to override the AWS_SSO_STRATEGY property that was provided inside cypress.config.env.
To do so, you'll need to run cypress with the following command:
npx cypress run -e AWS_SSO_STRATEGY=$OVERWRITING_AWS_SSO_STRATEGY
Where $OVERWRITING_AWS_SSO_STRATEGY is the new strategy value.
====================================================================================================
Starting plugin: cypress-aws-secrets-manager
AWS SSO strategy: profile
1st attempt: Trying to login into AWS with profile: "AWS_PROFILE_NAME"
AWS SDK credentials are set up correctly!
Extracting secret from: "AWS Secrets Manger"
secret: "{
"username": "*****",
"password": "*****"
}"
√ Secret loaded correctly from: "AWS_SECRET_NAME"
====================================================================================================
Description
Cypress has starter without plugin configurations
====================================================================================================
Starting plugin: cypress-aws-secrets-manager
√ Missing awsSecretsManagerConfig, continue without secrets!
====================================================================================================
Description
Properties: secretName & region are mandatory
====================================================================================================
Starting plugin: cypress-aws-secrets-manager
ConfigurationError!
"awsSecretsManagerConfig" object MUST contains these mandatory properties: secretName,region
Passed: {
"profile": "AWS_PROFILE_NAME"
}
Missing: [
"secretName",
"region"
]
====================================================================================================
Description
Your credentials are invalid
====================================================================================================
Starting plugin: cypress-aws-secrets-manager
AWS SSO strategy: "multi"
1st attempt: Trying to login into AWS with profile: "AWS_PROFILE_NAME"
2nd attempt: Trying to login into AWS with profile: "default"
3rd attempt: Trying without specifying credentials
Incorrect plugin configuration!
ERROR: Could not load credentials from any providers
====================================================================================================
You can create a bash file that verifies if you are already logged into the AWS account:
NB Change AWS_PROFILE_NAME with your profile name
#awslogin_script.sh
#!/bin/bash
# Check to see if we are already logged in
SSO_ACCOUNT=$(aws sts get-caller-identity --query "Account" --profile AWS_PROFILE_NAME)
# If response is the sso_account_id we are already logged in (it has length 14)
if [ ${#SSO_ACCOUNT} -eq 14 ]; then
echo "AWS SSO session still valid, no login needed" ;
# Else we login with "aws sso login --profile AWS_PROFILE_NAME"
else
echo "" ; echo "AWS SSO session expired, login needed" ; echo ""
aws sso login --profile AWS_PROFILE_NAME
fi
Then in your package.json file create a script like this:
//package.json
{
"scripts": {
"cy:open": "sh awslogin_script.sh && npx cypress open",
"cy:run": "sh awslogin_script.sh && npx cypress run"
}
}
So you'll only have to type this command to open cypress and login into aws:
npm run cy:open
Happy testing to everyone!
ALEC-JS
FAQs
Cypress Plugin | Integrate the power of AWS Secrets Manager seamlessly into your Cypress tests with the cypress-aws-secrets-manager plugin. This lightweight yet powerful plugin facilitates the secure loading of secrets stored in AWS Secrets Manager direct
The npm package cypress-aws-secrets-manager receives a total of 567 weekly downloads. As such, cypress-aws-secrets-manager popularity was classified as not popular.
We found that cypress-aws-secrets-manager demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Malicious Ruby gems typosquat Fastlane plugins to steal Telegram bot tokens, messages, and files, exploiting demand after Vietnam’s Telegram ban.
Research
Security News
Socket uncovered four malicious npm packages that exfiltrate up to 85% of a victim’s Ethereum or BSC wallet using obfuscated JavaScript.
Security News
TC39 advances 9 JavaScript proposals, including Array.fromAsync, Error.isError, and Explicit Resource Management, which are now headed into the ECMAScript spec.