Search code examples
netsuitesuitescript2.0

Testing Secrets in NetSuite SuiteScript for API Keys

I'm trying to write an API connector for NetSuite to connect to a third-party service, and want to store the API key in a Secret. I have seen several QA's regard this, such as this one, but what I can't figure out is how to know if the the Secret was successfully fetched.

The service I need to connect to is antiquated, and requires the API key sent as a POST parameter, and I want to check that my script is correctly loading the key from the Secret, but every time I try to log.debug() it, nothing comes out. Below are two examples I've tried, one with https, and the other with crypto. The Secret does exist in my account at the ID custsecret_demo_key, and is set to be accessible to all scripts (I'll narrow the scope once I get it working at all). Each of these thoroughly referenced Oracle's own examples on accessing Secrets.

It is possible to print the value of the Secret to the log to ensure it's working? If not, how am I supposed to know if it does or doesn't?

https

/**
 * @NApiVersion 2.1
 * @NScriptType UserEventScript
 */
define(['N/log', 'N/https'],
    
    function(log, https) {
        const beforeLoad = (scriptContext) => {
            const apiKey = https.createSecureString({input: '{custsecret_demo_key}'});

            log.debug({
                title: "connector test",
                details: apiKey,
            });
        };

        return {
            beforeLoad: beforeLoad
        };
});

Logs: {}

crypto

/**
 * @NApiVersion 2.1
 * @NScriptType UserEventScript
 */
define(['N/log', 'N/crypto', 'N/encode'],
    
    function(log, crypto, encode) {
        const beforeLoad = (scriptContext) => {
            const apiKey = crypto.createSecretKey({secret: '{custsecret_demo_key}', encoding: encode.Encoding.UTF_8});

            log.debug({
                title: "connector test",
                details: apiKey,
            });
        };

        return {
            beforeLoad: beforeLoad
        };
});

Logs: {"secret":"{custsecret_dt_api_key}","encoding":"UTF_8"}

Solution

  • I'm currently using NS secrets in my integrations as it is the most secure way to handle keys. However, it can be kind of tricky as you will never be able to log the secret (which makes sense). Test it out by trying to hit the api and look at the response. Try something like this to get the url:

      let baseReqUrl = https.createSecureString({
    input: 'www.myapi.com/?keyparameter='
});
let key = https.createSecureString({
    input: `{custsecret_api_secret}`
});
let completeUrl = baseReqUrl.appendSecureString({
    secureString: key
});