I'm trying to get an AWS secret I need using the aws-sdk in a JS function but I keep getting an error about a missing credentials in config or a request object, this is the code I am using:
Cypress.Commands.add("get_secret", () => {
Cypress.env('AWS_ACCESS_KEY_ID', 'REMOVED')
Cypress.env('AWS_SECRET_ACCESS_KEY', 'REMOVED')
Cypress.env('AWS_SESSION_TOKEN', 'REMOVED')
var AWS = require("aws-sdk"),
region = "REMOVED",
secretName = "REMOVED",
secret,
decodedBinarySecret;
// Create a Secrets Manager client
var client = new AWS.SecretsManager({
region: region,
});
client.getSecretValue({ SecretId: secretName }, function (err, data) {
if (err) {
if (err.code === "DecryptionFailureException")
// Secrets Manager can't decrypt the protected secret text using the provided KMS key.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === "InternalServiceErrorException")
// An error occurred on the server side.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === "InvalidParameterException")
// You provided an invalid value for a parameter.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === "InvalidRequestException")
// You provided a parameter value that is not valid for the current state of the resource.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
else if (err.code === "ResourceNotFoundException")
// We can't find the resource that you asked for.
// Deal with the exception here, and/or rethrow at your discretion.
throw err;
} else {
// Decrypts secret using the associated KMS CMK.
// Depending on whether the secret is a string or binary, one of these fields will be populated.
if ("SecretString" in data) {
secret = data.SecretString;
} else {
let buff = new Buffer(data.SecretBinary, "base64");
decodedBinarySecret = buff.toString("ascii");
}
}
return client.getSecretValue({ SecretId: "REMOVED" }).promise();
});
});
Calling this I get config.js:390 Uncaught (in promise) CredentialsError: Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1
If I replace return client.getSecretValue({ SecretId: "REMOVED" }).promise(); with cy.wrap(client.getSecretValue("REMOVED")).as("key1"); it yields a request object but I can't see my secret anywhere in it.
Can someone see what I'm doing wrong?
Try passing the credentials directly to the client like this:
const client = new AWS.SecretsManager({
region: region,
accessKeyId: 'abcdefghi',
secretAccessKey: 'abcdefghi123456789',
sessionToken: 'abcd1234'
});
or better, use the AWS.Config Class before creating the client:
AWS.config.update({
accessKeyId: 'abcdefghi',
secretAccessKey: 'abcdefghi123456789',
sessionToken: 'abcd1234'
})
According to the Cypress documentation for Cypress.env, OS-level environment variables are different from Cypress environment variables:
In Cypress, “environment variables” are variables that are accessible via Cypress.env. These are not the same as OS-level environment variables. However, it is possible to set Cypress environment variables from OS-level environment variables.
This means that they won't be picked up by the AWS SDK.
For more info on how to set credentials in the SDK, see Setting Credentials in Node.js.