feat: add aws secrets manager plugin

johnb8 · johnb8 · commit 7269ceaf838f · 2025-05-21T16:27:45.000-06:00
diff --git a/app-config-aws-secrets-manager/.eslintrc.js b/app-config-aws-secrets-manager/.eslintrc.js
@@ -0,0 +1 @@
+module.exports = require('@lcdev/eslint-config/cwd')(__dirname);
diff --git a/app-config-aws-secrets-manager/README.md b/app-config-aws-secrets-manager/README.md
diff --git a/app-config-aws-secrets-manager/package.json b/app-config-aws-secrets-manager/package.json
@@ -0,0 +1,46 @@
+{
+  "name": "@app-config/aws-secrets-manager",
+  "description": "AWS Secrets Manager support for App Config",
+  "version": "2.9.0-beta.1",
+  "license": "MPL-2.0",
+  "author": {
+    "name": "Launchcode",
+    "email": "admin@lc.dev",
+    "url": "https://lc.dev"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/launchcodedev/app-config.git"
+  },
+  "main": "dist/index.js",
+  "module": "dist/es/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "/dist",
+    "!**/*.tsbuildinfo",
+    "!**/*.test.*"
+  ],
+  "scripts": {
+    "build": "tsc -b",
+    "build:es": "tsc -b tsconfig.es.json",
+    "clean": "rm -rf dist *.tsbuildinfo",
+    "lint": "eslint src",
+    "fix": "eslint --fix src",
+    "test": "jest",
+    "prepublishOnly": "yarn clean && yarn build && yarn build:es"
+  },
+  "dependencies": {
+    "@app-config/extension-utils": "^2.9.0-beta.1",
+    "@aws-sdk/client-secrets-manager": "3.810.0"
+  },
+  "peerDependencies": {
+    "@app-config/main": "^2.9.0-beta.1"
+  },
+  "devDependencies": {
+    "@app-config/main": "^2.9.0-beta.1"
+  },
+  "prettier": "@lcdev/prettier",
+  "jest": {
+    "preset": "@lcdev/jest"
+  }
+}
diff --git a/app-config-aws-secrets-manager/src/index.ts b/app-config-aws-secrets-manager/src/index.ts
@@ -0,0 +1,42 @@
+import type { ParsingExtension, Json } from '@app-config/main';
+import { named, forKey, validateOptions } from '@app-config/extension-utils';
+import { SecretsManager } from '@aws-sdk/client-secrets-manager';
+
+function awsSecretsManagerParsingExtension(): ParsingExtension {
+  return named(
+    '$awsSecretsManager',
+    forKey(
+      '$awsSecretsManager',
+      validateOptions(
+        (SchemaBuilder) =>
+          SchemaBuilder.emptySchema().addString('secretId').addString('select', {}, false),
+        ({ secretId, select }) =>
+          async (parse) => {
+            const client = new SecretsManager();
+            const secret = await client.getSecretValue({ SecretId: secretId });
+
+            if (!secret.SecretString) {
+              throw new Error(`Secret ID ${secretId} not found in AWS Secrets Manager`);
+            }
+
+            let value = secret.SecretString as Json;
+
+            if (select) {
+              const json = JSON.parse(secret.SecretString) as Record<string, Json>;
+              value = json[select];
+
+              if (!value) {
+                throw new Error(
+                  `Could not select ${select} JSON key from Secret ID ${secretId} in AWS Secrets Manager`,
+                );
+              }
+            }
+
+            return parse(value, { shouldFlatten: true });
+          },
+      ),
+    ),
+  );
+}
+
+export default awsSecretsManagerParsingExtension;
diff --git a/app-config-aws-secrets-manager/tsconfig.es.json b/app-config-aws-secrets-manager/tsconfig.es.json
@@ -0,0 +1,8 @@
+{
+  "extends": "./tsconfig.json",
+  "compilerOptions": {
+    "target": "es2019",
+    "module": "es2020",
+    "outDir": "./dist/es"
+  }
+}
diff --git a/app-config-aws-secrets-manager/tsconfig.json b/app-config-aws-secrets-manager/tsconfig.json
@@ -0,0 +1,12 @@
+{
+  "extends": "@lcdev/tsconfig",
+  "compilerOptions": {
+    "rootDir": "./src",
+    "outDir": "./dist"
+  },
+  "include": ["src"],
+  "exclude": ["node_modules"],
+  "references": [
+    { "path": "../app-config-test-utils" }
+  ]
+}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+module.exports = require('@lcdev/eslint-config/cwd')(__dirname);`