如何从浏览器中的凭证文件中访问 aws 凭证信息以从秘密管理器-赛普拉斯检索秘密

Question

I have aws credentials file and config file in my local windows machine. With below javascript code, I can get the secrets from aws secret manager containing username and password.But the problem is, My code runs within the browser through cypress and It cannot access the aws credentials file from my local.Hence, as you can see, I have hardcoded my aws credentials info to get it.

My question is, How do I access the aws credentials file from my local so that I can get rid of hardcodes tokens?Please advise

\.aws\credentials 
[default] 
aws_access_key_id=<access key>
aws_secret_access_key= <secret key> 
aws_session_token=<session token>
aws_expiration=<datetime>

awssecretmanager.ts:

 const AWS = require('aws-sdk'); const region = 'eu-central-1'; const secretName = 'secretname of my application'; const secretManager = new AWS.SecretsManager({ region, accessKeyId: 'qbxx1234556', //hardcoded secretAccessKey: 'axyx124545', //hardcoded sessionToken: 'x1234; //hardcoded }); const getSecrets = async () => { return await new Promise((resolve, reject) => { secretManager.getSecretValue({ SecretId: secretName }, (err, result) => { if (err) { reject(err); } else { resolve(JSON.parse(result.SecretString)); } }); }); }; const getSecret = async () => { const secret = await getSecrets(); return secret; //secret contains username and password }; export {getSecret};

How to access it from my test file? test.spec.ts

 const secret = await getSecret(); if (secret;== undefined){ username = secret['username']; password = secret['password'];

I tried using below code, but it does not work as the browser cannot access the local credentials file

const credentials = new AWS.SharedIniFileCredentials({ profile: "default" });
AWS.config.credentials = credentials;

Answer 1

Had a workaround solution which was much more simpler.

1.As we are using 'Azure devops' for CI, it was easier for us to get the secrets from AWS Secret manager through the Azure devops pipeline tasks. 2.Once you get the secrets, we set the environment variables like CYPRESS_USERNAME, CYPRESS_PASSWORD 3. In the test, we are able to refer the environment variable by using Cypress.env('USERNAME') and Cypress.env('PASSWORD')

Step1 and Step2: azure-pipeline.yml file below containing tasks

 jobs: - job: run_e2e_tests steps: - task: SecretsManagerGetSecret@1 displayName: Get AWS secrets inputs: awsCredentials: 'aws credentials' regionName: 'eu-central-1' secretIdOrName: 'secretname' variableName: 'variable-containing-secrets' - powershell: | $variablecontainingsecrets ='$(variable-containing-secrets)' | ConvertFrom-Json echo "##vso[task.setvariable variable=TestUsername;isOutput=true;issecret=true;]$($variablecontainingsecrets.'username')" echo "##vso[task.setvariable variable=TestPassword;isOutput=true;issecret=true;]$($variablecontainingsecrets.'password')" name: secrets displayName: Set environment variables from secrets JSON - task: PowerShell@2 displayName: 'Setup environment variables for Cypress tests' inputs: targetType: 'inline' script: | Write-Host "##vso[task.setvariable variable=CYPRESS_USERNAME;]$(secrets.TestUsername)" Write-Host "About to set environment variable for username ($env:CYPRESS_USERNAME)" Write-Host "##vso[task.setvariable variable=CYPRESS_PASSWORD;]$(secrets.TestPassword)" Write-Host "About to set environment variable for password ($env:CYPRESS_PASSWORD)"

Step3: In the cypress tests, we then referenced the env variable like this

  cy.get('input#signInFormUsername').type(Cypress.env('USERNAME'));

Please note that if you are running it in local, you may need to set up the environment variables. eg, I need to set the environment variables like CYPRESS_USERNAME=username , CYPRESS_PASSWORD=password