-
Notifications
You must be signed in to change notification settings - Fork 4
/
index.js
93 lines (79 loc) · 3.04 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
'use strict';
const Dynamo = require('./lib/dynamo');
const KMS = require('./lib/KMS');
const async = require('async');
const leftPad = require('left-pad');
class Credstash {
/**
* constructor - Build our Credstash object
* @param string region The region we're working in
* @param string table The name of the table our credstash credentials are in
* @param string keyId The ID of the KMS key new credentials will be encrypted with
*/
constructor(region, table, keyId='alias/credstash') {
this.region = region;
this.table = table;
this.dynamo = new Dynamo(region, table);
this.kms = new KMS(region, keyId);
}
/**
* get - Get an item that's been credstash'd
* @param string item The item's key
* @param function callback Callback function
*/
get(item, callback) {
// Get the item from DyanmoDB
this.dynamo.getItem(item, (err, encryptedItem) => {
if (err) return callback(err);
// Decrypt the item
this.kms.decryptItem(encryptedItem, callback);
});
}
/**
* getAll - Get multiple credstash'd items
* @param array items An array of item keys
* @param function callback Callback function
*/
getAll(items, callback) {
const decryptedItems = {};
async.each(items, (item, callback) => {
// Get the item from DyanmoDB
this.dynamo.getItem(item, (err, encryptedItem) => {
if (err) return callback(err);
// Decrypt the item
this.kms.decryptItem(encryptedItem, (err, decryptedItem) => {
if (err) return callback(err);
decryptedItems[item] = decryptedItem;
callback();
});
});
}, (err) => {
if (err) return callback(err);
callback(null, decryptedItems);
});
}
/**
* put - Put a item/value in to the credstash
* @param string item The key to store with the encrypted value
* @param string value The value which will be encrypted and stored
* @param function callback Callback function
*/
put(item, value, callback) {
// Grab the row we'll insert in to DynamoDB
this.kms.encryptItem(item, value, (err, row) => {
if (err) return callback(err);
// Increment the version or initialise it if this is a new item
this.dynamo.getLatestVersion(item, (err, version) => {
if (err) return callback(err);
if (version) {
row.version = leftPad(version + 1, 19, 0);
} else {
row.version = leftPad(1, 19, 0);
}
// Push the item in to DynamoDB
this.dynamo.putItem(row, callback);
});
});
}
}
module.exports = Credstash;