cypress-aws-secrets-manager v1.1.0
Load AWS Secrets into Cypress as env-variable
Integrate the power of AWS Secrets Manager seamlessly into your Cypress tests with the cypress-aws-secrets-manager plugin. This lightweight yet powerful plugin facilitates the secure loading of secrets stored in AWS Secrets Manager directly into your Cypress environment variables, ensuring a streamlined and secure approach to managing sensitive information in your test scripts.
Install
$ npm install cypress-aws-secrets-manager --save-dev
or as a global module
$ npm install -g cypress-aws-secrets-manager
Prerequisites
- AWS CLI Install/Update
- A user to SSO via AWS Identity and Access Management.
Configuration
Code in cypress.config.js:
In your cypress.config.js file:
module.exports = defineConfig({
e2e: {
async setupNodeEvents(on, config, __dirname) {
const getSecretFromAWS = require("cypress-aws-secrets-manager")
await getSecretFromAWS(on, config, __dirname)
},
},
})
Define AWS login strategy
- AWS_SSO_STRATEGY:
'profile'|'default'|'iam'|'unset'|'multi'
- If
profile
will use the profile name specified inside the awsSecretsManagerConfig (If the profile is not specified, the default profile will be used). - If
default
will use the default sso config. - If
iam
will log with aws credentials, need access_key, secret_key and session_token specified in a pathToCredential variable. - If
unset
will login without sso authentication, used mostly when running cypress on CI tools, cause them are already authenticated. - If
multi
will try with every strategy, fails only after trying them all.
- If
If not specified the 'multi' strategy will be used.
Define awsSecretsManagerConfig object:
The awsSecretsManagerConfig is an object containing the following parameters: | Parameter | Mandatory | Notes | | ---------- | --------- | -------------------------- | | secretName | TRUE | AWS secret name | | profile | FALSE | AWS SSO profile name, if not set the plugin will use 'default' profile | | region | TRUE | AWS Secrets Manager region | | pathToCredentials | WITH STRATEGY 'IAM' | path to credentials file |
Credential File example:
//pathToCredentials.json
{
"accessKeyId": "xxxxxx",
"secretAccessKey": "xxxxxx",
"sessionToken": "xxxxxx"
}
Pass your AWS configuration to cypress
After defining your strategy and your awsSecretsManagerConfig.
I propose two solutions for you to import this configuration into cypress, it's up to you to decide which one to choose
"Easy" way with cypress-env plugin:
PRO: Zero code solution
CONS: cypress-env needed
Following the plugin's guide, you should end up with a JSON file, which must respect this syntax:
//environment.json
{
"baseUrl": "https://www.google.com",
"env": {
"var1": "value1",
"var2": "value2",
"var3": "value3"
}
}
Simply add "AWS_SSO_STRATEGY" inside the "env" object and add awsSecretsManagerConfig as follows:
//environment.json
{
"baseUrl": "https://www.google.com",
"env": {
"AWS_SSO_STRATEGY": "strategy_type",
"var1": "value1",
"var2": "value2",
"var3": "value3"
},
"awsSecretsManagerConfig": {
"secretName": "AWS_SECRET_NAME",
"profile": "AWS_PROFILE_NAME",
"region": "AWS_REGION",
"pathToCredentials": "PATH_TO_AWS_CREDENTIALS"
}
}
No other changes needed
"Complex" way inside cypress.config.js:
PRO: No cypress-env needed
CONS: Solution with some code
//cypress.config.js
module.exports = defineConfig({
e2e: {
async setupNodeEvents(on, config, __dirname) {
const option = {
awsSecretsManagerConfig: {
secretName: "AWS_SECRET_NAME",
profile: "AWS_PROFILE_NAME",
region: "AWS_REGION",
pathToCredentials: "PATH_TO_AWS_CREDENTIALS.JSON",
},
}
config = {
...config,
...option,
}
const getSecretFromAWS = require("cypress-aws-secrets-manager")
await getSecretFromAWS(on, config, __dirname)
},
},
env: {
AWS_SSO_STRATEGY: "strategy_type",
},
})
Overwrite AWS_SSO_STRATEGY property when running on a different machine or on CI
Sometimes you'll need to override the AWS_SSO_STRATEGY property that was provided inside cypress.config.env.
To do so, you'll need to run cypress with the following command:
npx cypress run -e AWS_SSO_STRATEGY=$OVERWRITING_AWS_SSO_STRATEGY
Where $OVERWRITING_AWS_SSO_STRATEGY is the new strategy value.
Results
Correct configuration
====================================================================================================
Starting plugin: cypress-aws-secrets-manager
AWS SSO strategy: profile
1st attempt: Trying to login into AWS with profile: "AWS_PROFILE_NAME"
AWS SDK credentials are set up correctly!
Extracting secret from: "AWS Secrets Manger"
secret: "{
"username": "*****",
"password": "*****"
}"
√ Secret loaded correctly from: "AWS_SECRET_NAME"
====================================================================================================
Missing configuration
Description
Cypress has starter without plugin configurations
====================================================================================================
Starting plugin: cypress-aws-secrets-manager
√ Missing awsSecretsManagerConfig, continue without secrets!
====================================================================================================
Wrong configuration
Description
Properties: secretName & region are mandatory
====================================================================================================
Starting plugin: cypress-aws-secrets-manager
ConfigurationError!
"awsSecretsManagerConfig" object MUST contains these mandatory properties: secretName,region
Passed: {
"profile": "AWS_PROFILE_NAME"
}
Missing: [
"secretName",
"region"
]
====================================================================================================
Wrong credentials
Description
Your credentials are invalid
====================================================================================================
Starting plugin: cypress-aws-secrets-manager
AWS SSO strategy: "multi"
1st attempt: Trying to login into AWS with profile: "AWS_PROFILE_NAME"
2nd attempt: Trying to login into AWS with profile: "default"
3rd attempt: Trying without specifying credentials
Incorrect plugin configuration!
ERROR: Could not load credentials from any providers
====================================================================================================
Little tip for you
You can create a bash file that verifies if you are already logged into the AWS account:
NB Change AWS_PROFILE_NAME with your profile name
#awslogin_script.sh
#!/bin/bash
# Check to see if we are already logged in
SSO_ACCOUNT=$(aws sts get-caller-identity --query "Account" --profile AWS_PROFILE_NAME)
# If response is the sso_account_id we are already logged in (it has length 14)
if [ ${#SSO_ACCOUNT} -eq 14 ]; then
echo "AWS SSO session still valid, no login needed" ;
# Else we login with "aws sso login --profile AWS_PROFILE_NAME"
else
echo "" ; echo "AWS SSO session expired, login needed" ; echo ""
aws sso login --profile AWS_PROFILE_NAME
fi
Then in your package.json file create a script like this:
//package.json
{
"scripts": {
"cy:open": "sh awslogin_script.sh && npx cypress open",
"cy:run": "sh awslogin_script.sh && npx cypress run"
}
}
So you'll only have to type this command to open cypress and login into aws:
npm run cy:open
THE JOB IS DONE!
Happy testing to everyone!
ALEC-JS