1.0.0 • Published 5 years ago

fabric-sdk-kvs-secretsmanager v1.0.0

Weekly downloads
1
License
Apache-2.0
Repository
github
Last release
5 years ago

fabric-sdk-kvs-secretsmanager

A pluggable key value store for storing and retrieving secrets generated by fabric-sdk-node onto AWS Secrets Manager. This can be installed via NPM.

Install

npm i fabric-sdk-kvs-secretsmanager

Config

  1. configure your network definition to use AWS Secrets Manager. Note that the parameter called 'profile' below should be used for development purpose only. The AWS credentials should come from IAM role attached to the lambda function or EC2.
# your network.yaml
client:
  # node.js SDK supports pluggable KV stores, the properties under "credentialStore"
  # are implementation specific
  credentialStore:
    url: 'https://secretsmanager.us-east-1.amazonaws.com'
    region: 'us-east-1'
    profile: 'test' # This parameter called profile should be used for development purpose only. The AWS credentials should come from IAM role attached to the lambda function or EC2. 

    # Specific to the CryptoSuite implementation. Software-based implementations like
    # CryptoSuite_ECDSA_AES.js requires a key store. PKCS#11 based implementations does
    # not.
    cryptoStore:
      # Specific to the underlying KeyValueStore that backs the crypto key store.
      url: 'https://secretsmanager.us-east-1.amazonaws.com'
      region: 'us-east-1'
      profile: 'test'  # This parameter called profile should be used for development purpose only. The AWS credentials should come from IAM role attached to the lambda function or EC2.
  1. config fabric-sdk-node to use fabric-ca-kvs-secretsmanager 
const Client = require('fabric-client');

//set the key-value-store to use fabric-sdk-kvs-secretsmanager
Client.setConfigSetting('key-value-store', 'fabric-sdk-kvs-secretsmanager');

// load the network.yaml 
const client = Client.loadFromConfig('<path-to-your-network.yaml>');

// initialize credential stores to use AWS Secrets Manager
await client.initCredentialStores();

// then you can set and get secrets from secrets manager via this module

const user = await client.loadUserFromStateStore(username);
await client.setUserContext(user);

// now you can run invoke/query with this identity

Check the credentials from AWS

use AWS Console to see what is in AWS Secrets Manager.

License

This library is licensed under the Apache 2.0 License.

debugaws-sdk
@infinitebrahmanuniverse/nolb-fab@everything-registry/sub-chunk-1643@zalastax/nolb-fab
1.0.0

5 years ago