Last active
February 18, 2020 22:44
-
-
Save Greyeye/ded7dea494705d0e059410d5d4afb1eb to your computer and use it in GitHub Desktop.
aws secretsmanager using aws-sdk-go v1.6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // this is a mock code, will not compile | |
| func getToken(ctx context.Context) (string, error) { | |
| secretsmanagerwrapper.NewSecretsManager(context) | |
| xray.AWS(secretsmanagerwrapper.Client()) | |
| var token | |
| token = secretsmanagerwrapper.GetSecrets(strings.Replace(c.Host(), "-", "", -1)) | |
| if token == "" { | |
| return nil, errors.New("failed to get token") | |
| } | |
| return token, nil | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package secretsmanagerwrapper | |
| import ( | |
| "context" | |
| "encoding/json" | |
| "github.com/aws/aws-sdk-go/aws" | |
| "github.com/aws/aws-sdk-go/aws/client" | |
| "github.com/aws/aws-sdk-go/aws/session" | |
| "github.com/aws/aws-sdk-go/service/secretsmanager" | |
| "github.com/aws/aws-sdk-go/service/secretsmanager/secretsmanageriface" | |
| "log" | |
| ) | |
| func (s *Service) GetSecrets(key string) (secret string) { | |
| log.Printf("searching for key %v, from secretID %v", key, s.SecretID) | |
| input := &secretsmanager.GetSecretValueInput{ | |
| SecretId: aws.String(*s.SecretID), | |
| } | |
| result, err := s.sm.GetSecretValueWithContext(s.ctx, input) | |
| if err != nil { | |
| log.Printf("failed to get secrets for %v, error: %v", input, err) | |
| return "" | |
| } | |
| var secrets map[string]interface{} | |
| err = json.Unmarshal([]byte(*result.SecretString), &secrets) | |
| if err != nil { | |
| log.Println("json parse error") | |
| return "" | |
| } | |
| if secrets[key] == nil { | |
| log.Println("no matching key found") | |
| return "" | |
| } | |
| return secrets[key].(string) | |
| } | |
| // new secretsManager service initialiser | |
| func (s *Service) NewSecretsManager(ctx context.Context) error { | |
| //load AWS credentials file under ~/.aws, or obtain assigned role if running inside AWS environment | |
| sess := session.Must(session.NewSession()) | |
| // return struct which can be mocked during the unit test | |
| smanager := secretsmanager.New(sess, aws.NewConfig().WithRegion("ap-southeast-2")) | |
| s.sm = smanager | |
| s.client = smanager.Client | |
| s.ctx = ctx | |
| return nil | |
| } | |
| //exposing Client to help, so consumer can use *client.Client to capture xray trace. | |
| func (s *Service) Client() *client.Client { | |
| return s.client | |
| } | |
| type Serviceiface interface { | |
| NewSecretsManager(ctx context.Context) error | |
| GetSecrets(key string) (secret string) | |
| Client() *client.Client | |
| } | |
| // secretsmanageriface.Service will be mocked during Testing. | |
| type Service struct { | |
| SecretID *string | |
| sm secretsmanageriface.SecretsManagerAPI | |
| client *client.Client | |
| ctx context.Context | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment