stackoom
  简体   繁体   中英

how to update secrets manager secret value from lambda function?

 原文  2022-07-26 15:11:26       amazon-web-services/ aws-lambda/ aws-sdk/ aws-secrets-manager

Question

I have a access token retrieved from an api and its lifetimes is 5 hours. I saw that secrets manager can rotate a secret but minimum rotation time is 1 day. Because of this i thought that i can write a lambda function that works every 5 hours and takes a new token from api and updates secret with this token. This answer https://stackoverflow.com/a/66610124/11902308 mentions that it can be done but i couldn't find any resource about how to update a secret from a lambda function.

Note: I have multiple task and token is invalid when a new one is generated because of that task have to share it.

1 answers

solution1
 0 ACCPTED  2022-07-26 15:41:32

You didn't mention which AWS SDK you are using, but here is an example for AWS SDK for JS to create or update a Secret. Additionally, it handles the case for deleted secrets (SecretsManager doesn't delete secrets immediately, it marks them as scheduled for deletion) and restores and updates them.

import { AWSError } from 'aws-sdk';
import SecretsManager, { SecretARNType } from 'aws-sdk/clients/secretsmanager';

const secretsManager = new SecretsManager({ apiVersion: '2017-10-17' });

const putSecret = async (name: string, secret: Record<string, unknown>, secretId?: SecretARNType): Promise<SecretARNType> => {
  try {
    const result = secretId
      ? secretsManager.updateSecret({
          SecretId: secretId,
          SecretString: JSON.stringify(secret),
        })
      : secretsManager.createSecret({
          Name: name,
          SecretString: JSON.stringify(secret),
        });

    const { ARN } = await result.promise();

    if (!ARN) throw new Error(`Error saving secret ${name}`);

    return ARN;
  } catch (error) {
    const awsError = error as AWSError;

    // InvalidRequestException indicates that the secret is scheduled for deletion
    if (awsError.code === 'InvalidRequestException') {
      // restore existng secret
      await secretsManager
        .restoreSecret({
          SecretId: secretId || name,
        })
        .promise();
      // update secret
      const { ARN } = await secretsManager
        .updateSecret({
          SecretId: secretId || name,
          SecretString: JSON.stringify(secret),
        })
        .promise();

      if (!ARN) throw new Error(`Error restoring secret ${name}`);

      return ARN;
    }

    throw error;
  }
};

The code is in TypeScript, but should be easily converted into the language of your choice because the AWS SDK functions have the same name in other languages.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS Secret Manager Lambda function to rotate secrets How to call secret manager from lambda function Access AWS Secrets Manager secret from AWS Lambda with JS Retrieve secrets from AWS Secrets Manager in a Lambda function Secrets Manager - rotate secret with lambda in another account How to access a key value pair secret from AWS Secrets Manager, in concourse? AWS Lambda function, secret manager cannot get secret value How do retrieve the specific value of an AWS Secrets Manager secret? How to restrict federated user to see a secret from secrets manager? CORS issues when calling AWS secrets manager from Lambda function
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM