Skip to content

secretary/node

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

151 Commits

.github/workflows

.github/workflows

 
 

packages

packages

 
 

.editorconfig

.editorconfig

 
 

.eslintrc.js

.eslintrc.js

 
 

.gitignore

.gitignore

 
 

.prettierrc.js

.prettierrc.js

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

lerna.json

lerna.json

 
 

nx.json

nx.json

 
 

package.json

package.json

 
 

tsconfig.json

tsconfig.json

 
 

yarn.lock

yarn.lock

 
 

Repository files navigation

Secretary - NodeJS Secrets Management

Build Stats codecov

Downloads/week License

Secretary (etymology: Keeper of secrets) provides an abstract way to manage secrets.

Currently supports the following adapters:

Cli Tool

There is also a CLI package that can be used to inject secrets as environment variables into a script

All it takes is install the package with:

yarn global add @secretary/cli

or

npm i -g @secretary/cli

and then place a config file (.secretaryrc.js) in your root directory:

const {Adapter} = require("@secretary/aws-secrets-manager-adapter");
const {SecretsManager} = require('@aws-sdk/client-secrets-manager');

// You can specify an object here as the export, or a function
// if you need to do some async calls in here
module.exports = async (manager) => ({
    sources: {
        aws: new Adapter(new SecretsManager({
            region: 'us-east-1',
        })),
    },
    secrets: [
        {
            name: 'BOT_TOKEN',
            secret: 'bot/development',
            property: 'token',
            source: 'aws',
            callback(value) {
                return value.replace(/^Bot /, '');
            }
        }
    ]
})

Then run the following:

$ secretary inject yarn build

Your build script will then have a BOT_TOKEN environment variable set with the secret value's.

Installation

// If you want to use AWS Secrets Manager
$ npm install @secretary/core @secretary/aws-secrets-manager-adapter

// If you want to use Hashicorp Vault
$ npm install @secretary/core @secretary/hashicorp-vault-adapter

Check the install docs of the adapter you want to use for specific instructions.

Usage

import {Manager} from '@secretary/core';
import {Adapter} from '@secretary/aws-secrets-manager';
// Or: import {Adapter} from '@secretary/hashicorp-vault-adapter';
// Or: import {Adapter} from '@secretary/json-file-adapter'; // Note: this is not for production
import {SecretsManager} from '@aws-sdk/client-secrets-manager';

const manager = new Manager({aws: new Adapter(new SecretsManager())});

Fetch Secrets

const someSecret = await manager.getSecret('some/database/secret', 'aws');
// or, aws as the first (and only) adapter in the manager, `default` is another key that works,
// which is what source getSecret defaults to
const someSecret = await manager.getSecret('some/database/secret');

console.log(someSecret.value.dsn); // redis://localhost:6379

Create Secrets

const secret = new Secret('some/database/secret', {dsn: 'redis://localhost:6379'});
await manager.putSecret(secret, 'aws');

console.log(someSecret.value.dsn); // redis://localhost:6379

Delete Secrets

const secret = await manager.getSecret('some/database/secret');

await manager.deleteSecret(secret, 'aws');

Check the usage docs of the adapter you want to use for specific instructions.

About

Core repo for the nodejs Secretary library

Topics

nodejs vault secrets hashicorp-vault credstash secrets-management secretsmanager secrets-manager

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

4 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

41 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages