问题描述
我有许多需要在AWS Lambda函数中解密的加密环境变量.他们给出了一些示例代码,但我不想为需要解密的每个值运行大量代码:
I've got a number of encrypted environmental variables I need to decrypt in an AWS Lambda function. They give an example bit of code, but I'd rather not run a huge chunk for each value I need to decrypt:
const AWS = require('aws-sdk');
const encrypted = process.env['my_password'];
let decrypted;
function processEvent(event, context, callback) {
// TODO handle the event here
}
exports.handler = (event, context, callback) => {
if (decrypted) {
processEvent(event, context, callback);
} else {
// Decrypt code should run once and variables stored outside of the function
// handler so that these are decrypted once per container
const kms = new AWS.KMS();
kms.decrypt({ CiphertextBlob: new Buffer(encrypted, 'base64') }, (err, data) => {
if (err) {
console.log('Decrypt error:', err);
return callback(err);
}
decrypted = data.Plaintext.toString('ascii');
processEvent(event, context, callback);
});
}
};
我想知道AWS开发工具包是否包含使我能够一次解密多个值的功能.失败了,有没有办法将这些调用优雅地链接在一起,以免占用我原本简单的函数中的〜75行?
I'm wondering if the AWS SDK includes a function that lets me decrypt multiple values at once. Failing that, is there a way to elegantly chain these calls together so they don't take up ~75 lines of my otherwise simple function?
推荐答案
您可以使用promises来实现.请参阅以下示例,以通过KMS解密用户名和密码.您可以根据需要向decryptPromises
数组添加尽可能多的其他解密承诺:
You can use promises to achieve this. See the example below for decrypting both a username and password via KMS. You can add as many additional decryption promises to the decryptPromises
array as you'd like:
const AWS = require('aws-sdk');
const encrypted = {
username: process.env.username,
password: process.env.password
};
let decrypted = {};
function processEvent(event, context, callback) {
//do work
}
exports.handler = (event, context, callback) => {
if ( decrypted.username && decrypted.password ) {
processEvent(event, context, callback);
} else {
const kms = new AWS.KMS();
const decryptPromises = [
kms.decrypt( { CiphertextBlob: new Buffer(encrypted.username, 'base64') } ).promise(),
kms.decrypt( { CiphertextBlob: new Buffer(encrypted.password, 'base64') } ).promise()
];
Promise.all( decryptPromises ).then( data => {
decrypted.username = data[0].Plaintext.toString('ascii');
decrypted.password = data[1].Plaintext.toString('ascii');
processEvent(event, context, callback);
}).catch( err => {
console.log('Decrypt error:', err);
return callback(err);
});
}
};
您可以在 SDK文档中的对承诺的支持.
这篇关于解密多个环境. AWS Lambda中的变量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!