const AWS = require('aws-sdk');
AWS.config.update({ region: 'eu-central-1' });

const encrypted = process.env['STRIPE_SECRET_KEY'];
let decrypted;


function processEvent(event) {
    // TODO handle the event here
}

exports.handler = async (event) => {
    if (!decrypted) {
        // Decrypt code should run once and variables stored outside of the
        // function handler so that these are decrypted once per container
        const kms = new AWS.KMS();
        try {
            const req = { CiphertextBlob: Buffer.from(encrypted, 'base64') };
            const data = await kms.decrypt(req).promise();
            decrypted = data.Plaintext.toString('ascii');
        } catch (err) {
            console.log('Decrypt error:', err);
            throw err;
        }
    }
    processEvent(event);
};