Decrypting SecureString Parameter Store parameters with Node.js

Parameter Store, part of AWS Systems Manager gives you a quick and easy way to
store parameters that you’d like to use in your applications. By selecting the
SecureString type, you get the added bonus of encryption for you most secret
parameters.

By default, when you fetch a SecureString type parameter, you will receive the
encrypted version, which more than likely won’t be of much use to you:

import * as AWS from 'aws-sdk'

const ssm = new AWS.SSM

const parameter = await ssm.getParameter({
	Name: 'secureParam',
}).promise

const parameters = await ssm.getParameters({
	Names: ['insecureParam', 'secureParam'],
}).promise

const byPath = await ssm.getParametersByPath({
	Path: '/secureParams/',
}).promise

Fortunately, there’s no real effort to decrypting the variables. No keys to
store or additional processing that needs to be done manually. To fetch the
SecureString type parameters and have them decrypted along the way, simply
include the WithDecryption property:

import * as AWS from 'aws-sdk'

const ssm = new AWS.SSM

const parameter = await ssm.getParameter({
	Name: 'secureParam',
	WithDecryption: true,
}).promise

const parameters = await ssm.getParameters({
	Names: ['insecureParam', 'secureParam'],
	WithDecryption: true,
}).promise

const byPath = await ssm.getParametersByPath({
	Path: '/secureParams/',
	WithDecryption: true,
}).promise
Josh Sherman - The Man, The Myth, The Avatar

About Josh

Husband. Father. Pug dad. Musician. Founder of Holiday API, Head of Engineering and Emoji Specialist at Mailshake, and author of the best damn Lorem Ipsum Library for PHP.


If you found this article helpful, please consider buying me a coffee.