阅读背景:

解密多个环境。 AWS Lambda中的变量

来源:互联网 

I've got a number of encrypted environmental variables I need to decrypt in an AWS Lambda function. They give an example bit of code, but I'd rather not run a huge chunk for each value I need to decrypt:

我需要在AWS Lambda函数中解密许多加密的环境变量。他们给出了一些示例代码,但我不想为我需要解密的每个值运行一个巨大的块:

const AWS = require('aws-sdk');

const encrypted = process.env['my_password'];
let decrypted;


function processEvent(event, context, callback) {
    // TODO handle the event here
}

exports.handler = (event, context, callback) => {
    if (decrypted) {
        processEvent(event, context, callback);
    } else {
        // Decrypt code should run once and variables stored outside of the function
        // handler so that these are decrypted once per container
        const kms = new AWS.KMS();
        kms.decrypt({ CiphertextBlob: new Buffer(encrypted, 'base64') }, (err, data) => {
            if (err) {
                console.log('Decrypt error:', err);
                return callback(err);
            }
            decrypted = data.Plaintext.toString('ascii');
            processEvent(event, context, callback);
        });
    }
};

I'm wondering if the AWS SDK includes a function that lets me decrypt multiple values at once. Failing that, is there a way to elegantly chain these calls together so they don't take up ~75 lines of my otherwise simple function?

我想知道AWS SDK是否包含一个允许我一次解密多个值的函数。如果不这样做,有没有办法优雅地将这些调用链接在一起,这样他们就不会占用我这个简单功能的~75行?

1 个解决方案

#1


11  

You can use promises to achieve this. See the example below for decrypting both a username and password via KMS. You can add as many additional decryption promises to the decryptPromises array as you'd like:

你可以使用promises来实现这一目标。请参阅下面的示例,以通过KMS解密用户名和密码。您可以根据需要向decryptPromises数组添加任意数量的其他解密承诺:

    const AWS = require('aws-sdk');

    const encrypted = {
        username: process.env.username,
        password: process.env.password
    };

    let decrypted = {};

    function processEvent(event, context, callback) {
        //do work
    }

    exports.handler = (event, context, callback) => {
        if ( decrypted.username && decrypted.password ) {
            processEvent(event, context, callback);
        } else {
            const kms = new AWS.KMS();

            const decryptPromises = [
                kms.decrypt( { CiphertextBlob: new Buffer(encrypted.username, 'base64') } ).promise(),
                kms.decrypt( { CiphertextBlob: new Buffer(encrypted.password, 'base64') } ).promise()
            ];

            Promise.all( decryptPromises ).then( data => {
                decrypted.username = data[0].Plaintext.toString('ascii');
                decrypted.password = data[1].Plaintext.toString('ascii');

                processEvent(event, context, callback);
            }).catch( err => {
                console.log('Decrypt error:', err);
                return callback(err);
            });
        }
    };

You can find more information on how promises have been implimented for the AWS SDK in the Support for Promises in the SDK documentation.

您可以在SDK文档的Support for Promises中找到有关如何为AWS SDK实现promises的更多信息。


分享到: