How to get AWS secret value in JS?

Question

I'm new to using AWS, manually I can get the secret I require but I'm trying to use the code snippet provided in AWS to get the secret value but everything I've tried just returns undefined, please can someone tell me what I'm doing wrong?

// Load the AWS SDK
var AWS = require('aws-sdk'),
    region = "REMOVED",
    secretName = "REMOVED",
    secret,
    decodedBinarySecret;

// Create a Secrets Manager client
var client = new AWS.SecretsManager({
    region: region
});

// In this sample we only handle the specific exceptions for the 'GetSecretValue' API.
// See https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
// We rethrow the exception by default.

client.getSecretValue({SecretId: secretName}, function(err, data) {
    if (err) {
        if (err.code === 'DecryptionFailureException')
            // Secrets Manager can't decrypt the protected secret text using the provided KMS key.
            // Deal with the exception here, and/or rethrow at your discretion.
            throw err;
        else if (err.code === 'InternalServiceErrorException')
            // An error occurred on the server side.
            // Deal with the exception here, and/or rethrow at your discretion.
            throw err;
        else if (err.code === 'InvalidParameterException')
            // You provided an invalid value for a parameter.
            // Deal with the exception here, and/or rethrow at your discretion.
            throw err;
        else if (err.code === 'InvalidRequestException')
            // You provided a parameter value that is not valid for the current state of the resource.
            // Deal with the exception here, and/or rethrow at your discretion.
            throw err;
        else if (err.code === 'ResourceNotFoundException')
            // We can't find the resource that you asked for.
            // Deal with the exception here, and/or rethrow at your discretion.
            throw err;
    }
    else {
        // Decrypts secret using the associated KMS CMK.
        // Depending on whether the secret is a string or binary, one of these fields will be populated.
        if ('SecretString' in data) {
            secret = data.SecretString;
        } else {
            let buff = new Buffer(data.SecretBinary, 'base64');
            decodedBinarySecret = buff.toString('ascii');
        }
    }
    
    // Your code goes here. 
    var x = client.getSecretValue("REMOVED")

Answer 1

Please try this way

import AWS from 'aws-sdk';

const client = new AWS.SecretsManager();

export default async () => {
  const secretName = `YOUR_SECRET_NAME`;
  try {
    console.log('Getting secrets');
    let secret;
    const data = await client.getSecretValue({ SecretId: secretName }).promise();
    if (data.SecretString) secret = data.SecretString;
    console.log('secret: ', secret);
    return secret ? JSON.parse(secret) : secret
  } catch (err) {
    if (err.code === 'ResourceNotFoundException') {
      console.log(`The requested secret ${secretName} was not found`);
    } else if (err.code === 'InvalidRequestException') {
      console.log(`The request was invalid due to: ${err.message}`);
    } else if (err.code === 'InvalidParameterException') {
      console.log(`The request had invalid params: ${err.message}`);
    }
    throw error;
  }
};

Import this js file and call the function.

Also, don't forget to configure your AWS CLI if you run this code on your local machine. For configuring you can use one of the following ways

1. Using aws configure command in your terminal, and following follow directions
2. Run this command in your terminal
   export AWS_ACCESS_KEY_ID=YOUR_ACCESS_KEY_HERE export AWS_SECRET_ACCESS_KEY=YOUR_SECRET_KEY_HERE export AWS_REGION=YOUR_REGION_HERE