const AWS = require('aws-sdk'); AWS.config.update({ region: 'eu-central-1' }); const encrypted = process.env['STRIPE_SECRET_KEY']; let decrypted; function processEvent(event) { // TODO handle the event here } exports.handler = async (event) => { if (!decrypted) { // Decrypt code should run once and variables stored outside of the // function handler so that these are decrypted once per container const kms = new AWS.KMS(); try { const req = { CiphertextBlob: Buffer.from(encrypted, 'base64') }; const data = await kms.decrypt(req).promise(); decrypted = data.Plaintext.toString('ascii'); } catch (err) { console.log('Decrypt error:', err); throw err; } } processEvent(event); };