README
dot-aws-cfg
AWS secrets config with local dotenv fallback. When running in an AWS EC2 instance with the "SecretsManagerReadWrite" policy it can load secrets from your secret store(s). Otherwise, it will load from a .env file.
Since loading secrets is asynchronous, you will need to call the init method with your secret stores to load the values into the config object, so be sure that you run cfg.init
before require
ing any modules that depend on secret values. After that you can use your secrets anywhere with cfg.get
.
Secrets are loaded into memory and are not saved anywhere to disk. However, they are unencrypted in memory, so if that's a security concern for you then don't use this library.
Usage
npm install dot-aws-cfg
Using a callback:
const cfg = require('dot-aws-cfg);
cfg.init(['SECRET1', 'SECRET2'], (err) => {
if (err) {
// oops, config not loaded!
} else {
console.log(cfg.get('SECRET1.value1');
console.log(cfg.get('VALUE_FROM_DOT_ENV_FILE');
}
});
Using async/await:
const cfg = require('dot-aws-cfg);
try {
await cfg.init(['SECRET1', 'SECRET2']);
} catch (err) {
// oops, config not loaded!
}
console.log(cfg.get('SECRET1.value1');
console.log(cfg.get('VALUE_FROM_DOT_ENV_FILE');
Using a prefix (for secrets in different envs):
// Loads secrets from develop/SECRET1 and develop/SECRET2
await cfg.init(['SECRET1', 'SECRET2'], 'develop');
Remember to include the secret store name in your fallback .env variable names. For example, to propertly load SECRET1.value1
when running in .env mode, your .env file should include the following:
...
SECRET1.value1=<secret value>
...