Secrets not found #7
Comments
|
Thanks for the report. Could you supply the code and/or cli command that's resulting in that error, as well as the file structure?
|
|
Hi thanks for the fast reply. This is a screenshot of my file structure, I'm using serverless-webpack plugin. |
|
A frontend project-- that's interesting. Maybe an obvious question, but I have to make sure: You're using your cryptex secrets during the webpack build process rather than trying to access them from the frontend, right? ;-) Ultimately, it looks like the cryptex.json isn't being found and loaded, which is likely because of webpack/serverless copying it around to places where it's not expected to be. There's a super simple solution to this problem, though: rather than use a cryptex.json which is path-dependent, you can put all that same configuration right in the javascript code, or define it in environment variables. See 5 configuration steps at the top of the README -- each one shows you both the configuration keys to use, as well as the (very predictable) name of the env vars. I personally still think it's worth having a cryptex.json, as that will allow the cli tool to run even if your env vars aren't set -- but for the application execution and where your secrets are physically stored, either of the other options would fit your use case better. |
|
I'm using webpack only for bundling node_packages and babel compiler, I'm writing the modules in ES6, but it's still a serverless only project. I already tried importing the .json inside a .js file like this
The file gets transpiled successfully, but I went ahead and used kms directly with AWS SDK, but I'll give it a try to cryptex with the env vars later. Thanks! |
|
What I was getting at is, Cryptex is not at all meant for in-browser use. It uses the server-side AWS SDK, not the client-side one, and will not work even if compiled with node polyfills. If you're using it in the browser, it won't work regardless of configuration type. I'd also, from a security standpoint, heavily recommend against that. If a browser can get at the secret, it might as well not even be encrypted. There's nothing to stop a human from collecting it and sharing it. |
|
Yes, but as I said is entirely server/serverless side, not front end. The front end side is a React/React Native implementation that calls an endpoint that returns a new access_token from a provider, but that provider needs its 'client_id' and 'client_secret', that was what I tried to encrypt. I'm using AWS SDK server side apart from cryptex and it works just fine. Other thing I tried was
But it says "use is not a function", in the end I think webpack is the problem here, maybe cryptex is not bundling correctly with babel. |
|
Ah, I understand! Sorry, I was unfamiliar with how Serverless works. The error message is accurate, though -- |
|
Cool thanks! Will try this approach later on. Thanks again! |
|
Ran into the use() is not a function problem too @TomFrost . The Cryptex docs disagree with you ;)
Docs could do with updating. Thanks for the awesome package! :) |
I followed this tutorial http://technologyadvice.github.io/lock-up-your-customer-accounts-give-away-the-key/
And no matter what, it always says Failed getting secrets Error: Secret "clientId" not found
this is my cryptex.json
{ "default": { "keySource": "kms", "keySourceOpts": { "region": "us-east-1", "dataKey": "key" }, "secrets": { "clientId" : "xb2xLesErQec45zZbO4Qxg2YKdIUgyrxG91iBBP/h4DL+sg4TumOJ0DEh84KbmX34HGIFtgRW189lu5LqTao5zOQfu+Xpb0b+wYxF+6DkZMNhlWmhs6PC4lQ/iMke2Tz1x0mIMzqyZ9BhvU8cJUVqw==" } } }The text was updated successfully, but these errors were encountered: