0

I setup secret manager on my local system and now I have .aws directory in my windows root directory. And by using the following code, I am retrieving my access-key-id and value.

client.getSecretValue({SecretId: secretName}, function(err, data) {
// console.log(err);
if (err) {
    console.log(err);
    if (err.code === 'DecryptionFailureException')
        // Secrets Manager can't decrypt the protected secret text using the provided KMS key.
        throw err;
    else if (err.code === 'InternalServiceErrorException')
        // An error occurred on the server side.
        throw err;
    else if (err.code === 'InvalidParameterException')
        // You provided an invalid value for a parameter.
        throw err;
    else if (err.code === 'InvalidRequestException')
        // You provided a parameter value that is not valid for the current state of the resource.
        throw err;
    else if (err.code === 'ResourceNotFoundException')
        // We can't find the resource that you asked for.
        throw err;
}
else {
    
    // Decrypts secret using the associated KMS CMK.
    // Depending on whether the secret is a string or binary, one of these fields will be populated.
    if ('SecretString' in data) {
        secret = JSON.parse(data.SecretString);
        secretKey = secret["AWS_ACCESS_KEY_ID"];
        clientID = secret["AWS_ACCESS_KEY_ID"];
        secret.region = "us-east-1";
        global.secret = secret;
    } else {
        let buff = new Buffer(data.SecretBinary, 'base64');
        decodedBinarySecret = buff.toString('ascii');
    }

    // routes 
   
    require('./services')(router,validation);
}

});

It is working well. But when I run the above code with docker, it gets failed with following error

Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1.

moazzam
  • 180
  • 1
  • 9
  • This will be failing because the secrets manager client is returning this error, are you specifying any credentials to this client? – Chris Williams Jul 09 '20 at 18:15
  • thanks for your quick response @Chris Williams. Actually, I have file named as .credentials in .aws directory and it has the access key id and secret. It works when I don't use docker but with docker it throws issue – moazzam Jul 09 '20 at 18:18
  • Has it been created in the Docker container? – Chris Williams Jul 09 '20 at 18:27
  • No, its not created there. Can you please suggest me how can i achieve that ? I did some r&d and found this one docker run -it -p 3000:3000 -v ~/.aws/:/root/.aws/ --user=root service-docker-image-2:latest . But it didn't work. – moazzam Jul 09 '20 at 18:37
  • When you say didn't work, did it return an error running that command or did it just have no effect? – Chris Williams Jul 09 '20 at 18:41
  • the command didn't return any error but after the if condition in my code, I have console.log (as you can see in 3rd line). it throws the same error as mentioned in question – moazzam Jul 09 '20 at 18:49
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/217558/discussion-between-chris-williams-and-moazzam). – Chris Williams Jul 09 '20 at 18:52

1 Answers1

0

You can pass these values in as environment variables via the CLI.

To do this run using the below syntax

docker run -it -p 3000:3000 -e AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE -e AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY service-docker-image-2:latest .
Chris Williams
  • 32,215
  • 4
  • 30
  • 68
  • I tried this but thows error "/usr/local/bin/docker-entrypoint.sh: 8: exec: .: Permission denied" – moazzam Jul 09 '20 at 19:56
  • Ensure that this matches what you run normally but with the environment arguments added in. This was an example command to showcase :) – Chris Williams Jul 09 '20 at 20:10