dot-aws-cfg

Config via AWS secrets with fallback to dotenv when running locally.

Usage no npm install needed!

<script type="module">
  import dotAwsCfg from 'https://cdn.skypack.dev/dot-aws-cfg';
</script>

README

dot-aws-cfg

AWS secrets config with local dotenv fallback. When running in an AWS EC2 instance with the "SecretsManagerReadWrite" policy it can load secrets from your secret store(s). Otherwise, it will load from a .env file.

Since loading secrets is asynchronous, you will need to call the init method with your secret stores to load the values into the config object, so be sure that you run cfg.init before requireing any modules that depend on secret values. After that you can use your secrets anywhere with cfg.get.

Secrets are loaded into memory and are not saved anywhere to disk. However, they are unencrypted in memory, so if that's a security concern for you then don't use this library.

Usage

npm install dot-aws-cfg

Using a callback:

const cfg = require('dot-aws-cfg);

cfg.init(['SECRET1', 'SECRET2'], (err) => {
    if (err) {
        // oops, config not loaded!
    } else {
        console.log(cfg.get('SECRET1.value1');
        console.log(cfg.get('VALUE_FROM_DOT_ENV_FILE');
    }
});

Using async/await:

const cfg = require('dot-aws-cfg);

try {
    await cfg.init(['SECRET1', 'SECRET2']);
} catch (err) {
    // oops, config not loaded!
}

console.log(cfg.get('SECRET1.value1');
console.log(cfg.get('VALUE_FROM_DOT_ENV_FILE');

Using a prefix (for secrets in different envs):

// Loads secrets from develop/SECRET1 and develop/SECRET2
await cfg.init(['SECRET1', 'SECRET2'], 'develop');

Remember to include the secret store name in your fallback .env variable names. For example, to propertly load SECRET1.value1 when running in .env mode, your .env file should include the following:

...
SECRET1.value1=<secret value>
...