All files / proxy/utils/customer-variables/secrets-manager retrieve-secret.ts

100% Statements 28/28
100% Branches 6/6
100% Functions 4/4
100% Lines 28/28

Press n or j to go to the next uncovered block, b, p or k for the previous block. 



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73 
4x
 
 
 
 
4x
4x
4x
 
 
 
 
 
 
 
 
4x
 
 
 
 
4x
26x
17x
 
17x
 
 
9x
 
9x
 
 
 
9x
 
 
 
7x
3x
 
4x
 
 
 
 
9x
9x
 
 
9x
 
7x
 
7x
2x
 
 
5x
5x
5x
 
2x
 
2x
 
 
 
4x
10x
 
 
import { CustomerVariablesRecord } from '../types'
import {
  SecretsManagerClient,
  GetSecretValueCommand,
  GetSecretValueCommandOutput,
} from '@aws-sdk/client-secrets-manager'
import { arrayBufferToString } from '../../buffer'
import { validateSecret } from './validate-secret'
import { normalizeSecret } from './normalize-secret'
 
interface CacheEntry {
  value: CustomerVariablesRecord | null
}
 
/**
 * Global cache for customer variables fetched from Secrets Manager.
 * */
const cache = new Map<string, CacheEntry>()
 
/**
 * Retrieves a secret from Secrets Manager and caches it or returns it from cache if it's still valid.
 * */
export async function retrieveSecret(secretsManager: SecretsManagerClient, key: string) {
  if (cache.has(key)) {
    const entry = cache.get(key)!
 
    return entry.value
  }
 
  const result = await fetchSecret(secretsManager, key)
 
  cache.set(key, {
    value: result,
  })
 
  return result
}
 
function convertSecretToString(result: GetSecretValueCommandOutput): string {
  if (result.SecretBinary) {
    return arrayBufferToString(result.SecretBinary)
  } else {
    return result.SecretString || ''
  }
}
 
async function fetchSecret(secretsManager: SecretsManagerClient, key: string): Promise<CustomerVariablesRecord | null> {
  try {
    const command = new GetSecretValueCommand({
      SecretId: key,
    })
    const result = await secretsManager.send(command)
 
    const secretString = convertSecretToString(result)
 
    if (!secretString) {
      return null
    }
 
    const parsedSecret = normalizeSecret(secretString)
    validateSecret(parsedSecret)
    return parsedSecret
  } catch (error) {
    console.error(`Failed to fetch and parse secret ${key}`, { error })
 
    return null
  }
}
 
export function clearSecretsCache() {
  cache.clear()
}
 
Code coverage generated by istanbul at 2025-07-01T12:18:11.658Z