Getting String and SecureString Parameter Store parameters with Node.js by Josh Sherman


Parameter Store has slowly become one of my favorite things about AWS. It makes it easy to share things between ECS tasks and services, and Lambdas. The parameters can be references inside of a CodeBuild buildspec file, and it’s all language agnostic, which is handy if you are running different technologies across your infrastructure.

With support for both String and SecureString parameter types, you can choose your own adventure in terms of how securely stored a parameter needs to be. I opt to use SecureString for anything sensitive (passwords, API keys, and such) and String for just about everything else.

While there is also a StringList type, I do not ever use it. I’m sure it’s a fine parameter type, but as all it does is store a comma separated list of strings, and does not have a SecureStringList counterpart, I do not see the need in reaching for it.

So let’s say you have a mix of String and SecureString parameters. We know that if we want to fetch a SecureStringwe have to pass in the
WithDecryption parameter when making the request. Does that mean we’ll have to make separate requests, one with WithDecryption and one without
WithDecryption (or with it set to false)?

Nope, as it turns out, the WithDecryption value can be set when getting plain ol ‘ String parameter types. It’s smart enough to know that the value does not need decrypted and will return the value. Because of this, we can fetch both
String and SecureString parameter types together:

import * as AWS from 'aws-sdk';

const ssm = new AWS.SSM();

const parameters = await ssm.getParameters(
	Names: ['insecureParam', 'secureParam'],
	WithDecryption: true,

Good stuff? Want more?

Weekly emails about technology, development, and sometimes sauerkraut.

100% Fresh, Grade A Content, Never Spam.



Please enter your comment!
Please enter your name here