Using asynchronous credentials with pg-Promise

Question

I am trying to improve application security by loading pg-promise with database information retrieved from Google Secret Manager API.

Currently pg-promise is loaded as such in my Express server:

const pgp: IMain = pgpromise(initOptions);
const db: IDatabase<{}> = pgp(config);
export default db;

Using credentials obtained like so:

export const config = {
    database: process.env.PGDATABASE,
    host: process.env.PGHOST,
    port,
    user: process.env.PGUSER,
    password: process.env.PGPASSWORD,
  }

Obviously loading secrets from an env file is not very secure, so that's where Google Secret Manager comes in. However, the secrets are loaded asynchronously. It is not possible to load the secrets synchronously, so I am wondering how pg-promise could be loaded once the secrets have been retrieved?

Edit: Corrected variable name. Running node v14.18.0. The above code is in its own module. It is then imported at the top of each controller file, which is called depending on the route.

As an example, the users controller file contains the following:

import db from '../../pgpProvider/index';

export const getUsers = async (params: UserQuery) => {
   return await db.manyOrNone(formatQuery({ file: queries.users._getUsers, params }));
};
.... many other methods similar to above

Where is the `db` imported and used? What version of nodejs are you on, can you use top-level await? — Bergi, Nov 10 '21 at 13:14
See edits. Thank you for your help. And I'm not sure what you mean by a top-level await — arano879n, Nov 10 '21 at 13:20
[The password is dynamic](https://github.com/vitaly-t/pg-promise/blob/master/typescript/pg-subset.d.ts#L84). — vitaly-t, Nov 10 '21 at 14:15
You should not use `return await`, it is an anti-pattern there. — vitaly-t, Nov 10 '21 at 14:58

Using asynchronous credentials with pg-Promise

0 Answers0