![](/img/trans.png)
[英]Access AWS Secrets Manager secret from AWS Lambda with JS
[英]how to access aws credentials info from credentials file within the browser to retrieve secrets from secrets manager -Cypress
我的本地 windows 機器中有 aws 憑據文件和配置文件。 使用下面的 javascript 代碼,我可以從包含用戶名和密碼的 aws 秘密管理器獲取秘密。但問題是,我的代碼通過 cypress 在瀏覽器中運行,它無法從我的本地訪問 aws 憑證文件。因此,如您所見,我已經硬編碼了我的 aws 憑據信息來獲取它。
我的問題是,如何從本地訪問 aws 憑據文件,以便擺脫硬編碼令牌?請告知
\.aws\credentials
[default]
aws_access_key_id=<access key>
aws_secret_access_key= <secret key>
aws_session_token=<session token>
aws_expiration=<datetime>
awssecretmanager.ts:
const AWS = require('aws-sdk'); const region = 'eu-central-1'; const secretName = 'secretname of my application'; const secretManager = new AWS.SecretsManager({ region, accessKeyId: 'qbxx1234556', //hardcoded secretAccessKey: 'axyx124545', //hardcoded sessionToken: 'x1234; //hardcoded }); const getSecrets = async () => { return await new Promise((resolve, reject) => { secretManager.getSecretValue({ SecretId: secretName }, (err, result) => { if (err) { reject(err); } else { resolve(JSON.parse(result.SecretString)); } }); }); }; const getSecret = async () => { const secret = await getSecrets(); return secret; //secret contains username and password }; export {getSecret};
如何從我的測試文件中訪問它? 測試規范.ts
const secret = await getSecret(); if (secret;== undefined){ username = secret['username']; password = secret['password'];
我嘗試使用下面的代碼,但它不起作用,因為瀏覽器無法訪問本地憑據文件
const credentials = new AWS.SharedIniFileCredentials({ profile: "default" });
AWS.config.credentials = credentials;
有一個更簡單的解決方法。
1.由於我們使用“Azure devops”進行 CI,我們更容易通過 Azure devops 管道任務從 AWS Secret Manager 獲取機密。 2.一旦你得到秘密,我們設置環境變量,如CYPRESS_USERNAME,CYPRESS_PASSWORD 3.在測試中,我們可以通過使用Cypress.env('USERNAME')和Cypress.env('PASSWORD')來引用環境變量
Step1 和 Step2:下面的 azure-pipeline.yml 文件包含任務
jobs: - job: run_e2e_tests steps: - task: SecretsManagerGetSecret@1 displayName: Get AWS secrets inputs: awsCredentials: 'aws credentials' regionName: 'eu-central-1' secretIdOrName: 'secretname' variableName: 'variable-containing-secrets' - powershell: | $variablecontainingsecrets ='$(variable-containing-secrets)' | ConvertFrom-Json echo "##vso[task.setvariable variable=TestUsername;isOutput=true;issecret=true;]$($variablecontainingsecrets.'username')" echo "##vso[task.setvariable variable=TestPassword;isOutput=true;issecret=true;]$($variablecontainingsecrets.'password')" name: secrets displayName: Set environment variables from secrets JSON - task: PowerShell@2 displayName: 'Setup environment variables for Cypress tests' inputs: targetType: 'inline' script: | Write-Host "##vso[task.setvariable variable=CYPRESS_USERNAME;]$(secrets.TestUsername)" Write-Host "About to set environment variable for username ($env:CYPRESS_USERNAME)" Write-Host "##vso[task.setvariable variable=CYPRESS_PASSWORD;]$(secrets.TestPassword)" Write-Host "About to set environment variable for password ($env:CYPRESS_PASSWORD)"
Step3:在 cypress 測試中,我們然后像這樣引用 env 變量
cy.get('input#signInFormUsername').type(Cypress.env('USERNAME'));
請注意,如果您在本地運行它,您可能需要設置環境變量。 例如,我需要設置環境變量,如CYPRESS_USERNAME=username
、 CYPRESS_PASSWORD=password
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.