Test JS Secret in Node

command_line_for_test_and_output.md

AWS_REGION=us-east-1 node test_secrets_aws.js

{
  ARN: 'arn:aws:secretsmanager:us-east-1:286165495589:secret:b7610df9-5d49-4092-a540-0641fba60a3f-3gaoPe',
  Name: 'b7610df9-5d49-4092-a540-0641fba60a3f',
  VersionId: '092701f4-443d-4195-b1c6-53c36ec428c9',
  SecretString: '{"apiKey":"blah","publicKey":"blah","privateKey":"blah","profileId":"abcd1234","expires":1567691299}',
  VersionStages: [ 'AWSCURRENT' ],
  CreatedDate: 2019-09-04T13:48:19.787Z
}

policy_applied_to_instance_or_task_role.json

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "secretsmanager:GetSecretValue",
            "Resource": "arn:aws:secretsmanager:us-east-1:286165495589:secret:b7610df9-5d49-4092-a540-0641fba60a3f-3gaoPe"
        }
    ]
}

show_ephemeral_credentials_obtained_from_role.js

var AWS = require("aws-sdk");

AWS.config.getCredentials(function(err) {
if (err) console.log(err.stack);
  // credentials not loaded
  else {
    console.log("Access key:", AWS.config.credentials.accessKeyId);
    console.log("Secret access key:", AWS.config.credentials.secretAccessKey);
    console.log("Region: ", AWS.config.region);
  }
});

test_secrets_aws.js

var AWS = require('aws-sdk');

var secretsmanager = new AWS.SecretsManager();

var params = {
  SecretId: process.env.DOCUMENT_API_KEY
 };

secretsmanager.getSecretValue(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
 });