-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.js
27 lines (23 loc) · 1023 Bytes
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
'use strict'
const AWS = require('aws-sdk')
const msRestAzure = require('ms-rest-azure')
const KeyVault = require('azure-keyvault')
module.exports = {
withPrefix: async function (roleKey, vaultName, environment, awsRegion = 'us-east-1') {
const vaultUri = `https://${vaultName}.vault.azure.net`
const suffix = environment ? `-${environment}` : ''
let credentials
if (process.env.MSI_ENDPOINT) {
credentials = await msRestAzure.loginWithAppServiceMSI({ resource: 'https://vault.azure.net' })
} else {
credentials = await msRestAzure.interactiveLogin()
}
const keyVaultClient = new KeyVault.KeyVaultClient(credentials)
const accessKeyId = (await keyVaultClient.getSecret(vaultUri, `${roleKey}-key${suffix}`, '')).value
const secretAccessKey = (await keyVaultClient.getSecret(vaultUri, `${roleKey}-secret${suffix}`, '')).value
AWS.config.accessKeyId = accessKeyId
AWS.config.secretAccessKey = secretAccessKey
AWS.config.region = awsRegion
return AWS
}
}