node.js - AWS Lambda: How to store secret to external API? -


i'm building monitoring tool based on aws lambda. given set of metrics, lambdas should able send sms using twilio api. able use api, twilio provide account sid , auth token.

how , should store these secrets?

i'm thinking use aws kms there might other better solutions.

here i've come with. i'm using aws kms encrypt secrets file upload code aws lambda. decrypt when need use them.

here steps follow.

first create kms key. can find documentation here: http://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html

then encrypt secret , put result file. can achieved cli with: 

aws kms encrypt --key-id some_key_id --plaintext "this scret want encrypt" --query ciphertextblob --output text | base64 -d > ./encrypted-secret

you need upload file part of lambda. can decrypt , use secret in lambda follow.

var fs = require('fs'); var aws = require('aws-sdk'); var kms = new aws.kms({region:'eu-west-1'});  var secretpath = './encrypted-secret'; var encryptedsecret = fs.readfilesync(secretpath);  var params = {   ciphertextblob: encryptedsecret };  kms.decrypt(params, function(err, data) {   if (err) console.log(err, err.stack);   else {     var decryptedscret = data['plaintext'].tostring();     console.log(decryptedscret);   } });

i hope you'll find useful.


Comments

Post a Comment

Popular posts from this blog

cakephp - simple blog with croogo -

i not problem, made simple blog in croogo, problem is not adding or modifying or delete, because arabic language ?? function add in controller `public function admin_add() { $this->set('title_for_layout', __('add part')); if (!empty($this->request->data)) { $this->part->create(); if ($this->part->save($this->request->data)) { $this->session->setflash(__('the part has been saved'), 'default', array('class' => 'success')); $this->redirect(array('action' => 'index'));//, $this->part->id)); } else { $this->session->setflash(__('the part not saved. please, try again.'), 'default', array('class' => 'error')); } } }` => model `class part extends appmodel { public $name = 'part'; var $belongst...
Read more

How to group boxplot outliers in gnuplot -

i have large set of data points. try plot them boxplot, of outliers exact same value , represented on line beside each other. found how set horizontal distance between outliers in gnuplot boxplot , doesn't much, apparently not possible. is possible group outliers together, print 1 point , print number in brackets beside indicate how many points there are? think make more readable in graph. for information, have 3 boxplots 1 x value , times 6 in 1 graph. using gnuplot 5 , played around pointsize, doesn't reduce distance anymore. hope can help! edit: set terminal pdf set output 'dat.pdf' file0 = 'dat1.dat' file1 = 'dat2.dat' file2 = 'dat3.dat' set pointsize 0.2 set notitle set xlabel 'x' set ylabel 'y' header = system('head -1 '.file0); n = words(header) set xtics ('' 1) set [i=1:n] xtics add (word(header, i) i) set style data boxplot plot file0 using (1-0.25):1:(0.2) boxplot lw 2 lc rgb '#8b0000...
Read more

bash - Performing variable substitution in a string -

i have string contains use of variable, , i'd substitute variable's value string. right best have is #!/bin/bash foo='$name; echo bar' name="the name" expanded="$(eval echo "$foo")" echo "$expanded" which has obvious defects: prints the name bar while i'd print the name; echo bar instead of eval can bash's regex matching bash's string replacement: foo='$name; echo bar' name="the name" [[ "$foo" =~ \$([[:alnum:]]+) ]] && s="${!bash_rematch[1]}" && expanded="${foo/\$${bash_rematch[1]}/$s}" echo "$expanded" name; echo bar
Read more