Decrypting SecureString Parameter Store parameters with Node.js
Parameter Store, part of AWS Systems Manager gives you a quick and easy way to
store parameters that you'd like to use in your applications. By selecting the
SecureString type, you get the added bonus of encryption for you most secret
parameters.
By default, when you fetch a SecureString type parameter, you will receive the
encrypted version, which more than likely won't be of much use to you:
import * as AWS from 'aws-sdk';
const ssm = new AWS.SSM();
const parameter = await ssm.getParameter({
Name: 'secureParam',
}).promise();
const parameters = await ssm.getParameters({
Names: ['insecureParam', 'secureParam'],
}).promise();
const byPath = await ssm.getParametersByPath({
Path: '/secureParams/',
}).promise();
Fortunately, there's no real effort to decrypting the variables. No keys to
store or additional processing that needs to be done manually. To fetch the
SecureString type parameters and have them decrypted along the way, simply
include the WithDecryption property:
import * as AWS from 'aws-sdk';
const ssm = new AWS.SSM();
const parameter = await ssm.getParameter({
Name: 'secureParam',
WithDecryption: true,
}).promise();
const parameters = await ssm.getParameters({
Names: ['insecureParam', 'secureParam'],
WithDecryption: true,
}).promise();
const byPath = await ssm.getParametersByPath({
Path: '/secureParams/',
WithDecryption: true,
}).promise();