Decrypting SecureString Parameter Store parameters with Node.js by Josh Sherman

0
32

Parameter Store, part of AWS Systems Manager gives you a quick and easy way to store parameters that you’d like to use in your applications. By selecting the
SecureString type, you get the added bonus of encryption for you most secret parameters.

By default, when you fetch a SecureString type parameter, you will receive the encrypted version, which more than likely will not be of much use to you:

import * as AWS from 'aws-sdk';

const ssm = new AWS.SSM();

const parameter = await ssm.getParameter(
	Name: 'secureParam',
).promise();

const parameters = await ssm.getParameters(
	Names: ['insecureParam', 'secureParam'],
).promise();

const byPath = await ssm.getParametersByPath(
	Path: '/secureParams/',
).promise();

Fortunately, there’s no real effort to decrypting the variables. No keys to store or additional processing that needs to be done manually. To fetch the
SecureString type parameters and have them decrypted along the way, simply include the WithDecryption property:

import * as AWS from 'aws-sdk';

const ssm = new AWS.SSM();

const parameter = await ssm.getParameter(
	Name: 'secureParam',
	WithDecryption: true,
).promise();

const parameters = await ssm.getParameters(
	Names: ['insecureParam', 'secureParam'],
	WithDecryption: true,
).promise();

const byPath = await ssm.getParametersByPath(
	Path: '/secureParams/',
	WithDecryption: true,
).promise();

Good stuff? Want more?

Weekly emails about technology, development, and sometimes sauerkraut.

100% Fresh, Grade A Content, Never Spam.

Source

LEAVE A REPLY

Please enter your comment!
Please enter your name here