npm
Sign UpSign In

cypress-aws-secrets-manager
TypeScript icon, indicating that this package has built-in type declarations

1.1.0 • Public • Published

Load AWS Secrets into Cypress as env-variable

Integrate the power of AWS Secrets Manager seamlessly into your Cypress tests with the cypress-aws-secrets-manager plugin. This lightweight yet powerful plugin facilitates the secure loading of secrets stored in AWS Secrets Manager directly into your Cypress environment variables, ensuring a streamlined and secure approach to managing sensitive information in your test scripts.

Install

$ npm install cypress-aws-secrets-manager --save-dev

or as a global module

$ npm install -g cypress-aws-secrets-manager

Prerequisites

Configuration

Code in cypress.config.js:

In your cypress.config.js file:

module.exports = defineConfig({
  e2e: {
    async setupNodeEvents(on, config, __dirname) {
      const getSecretFromAWS = require("cypress-aws-secrets-manager")
      await getSecretFromAWS(on, config, __dirname)
    },
  },
})

Define AWS login strategy

  • AWS_SSO_STRATEGY: 'profile'|'default'|'iam'|'unset'|'multi'
    • If profile will use the profile name specified inside the awsSecretsManagerConfig (If the profile is not specified, the default profile will be used).
    • If default will use the default sso config.
    • If iam will log with aws credentials, need access_key, secret_key and session_token specified in a pathToCredential variable.
    • If unset will login without sso authentication, used mostly when running cypress on CI tools, cause them are already authenticated.
    • If multi will try with every strategy, fails only after trying them all.

If not specified the 'multi' strategy will be used.

Define awsSecretsManagerConfig object:

The awsSecretsManagerConfig is an object containing the following parameters:

Parameter Mandatory Notes
secretName TRUE AWS secret name
profile FALSE AWS SSO profile name, if not set the plugin will use 'default' profile
region TRUE AWS Secrets Manager region
pathToCredentials WITH STRATEGY 'IAM' path to credentials file

Credential File example:

//pathToCredentials.json

{
  "accessKeyId": "xxxxxx",
  "secretAccessKey": "xxxxxx",
  "sessionToken": "xxxxxx"
}

Pass your AWS configuration to cypress

After defining your strategy and your awsSecretsManagerConfig.
I propose two solutions for you to import this configuration into cypress, it's up to you to decide which one to choose

"Easy" way with cypress-env plugin:

PRO: Zero code solution
CONS: cypress-env needed

Following the plugin's guide, you should end up with a JSON file, which must respect this syntax:

//environment.json
{
  "baseUrl": "https://www.google.com",
  "env": {
    "var1": "value1",
    "var2": "value2",
    "var3": "value3"
  }
}

Simply add "AWS_SSO_STRATEGY" inside the "env" object and add awsSecretsManagerConfig as follows:

//environment.json
{
  "baseUrl": "https://www.google.com",
  "env": {
    "AWS_SSO_STRATEGY": "strategy_type",
    "var1": "value1",
    "var2": "value2",
    "var3": "value3"
  },
  "awsSecretsManagerConfig": {
    "secretName": "AWS_SECRET_NAME",
    "profile": "AWS_PROFILE_NAME",
    "region": "AWS_REGION",
    "pathToCredentials": "PATH_TO_AWS_CREDENTIALS"
  }
}

No other changes needed

"Complex" way inside cypress.config.js:

PRO: No cypress-env needed
CONS: Solution with some code

//cypress.config.js
module.exports = defineConfig({
  e2e: {
    async setupNodeEvents(on, config, __dirname) {
      const option = {
        awsSecretsManagerConfig: {
          secretName: "AWS_SECRET_NAME",
          profile: "AWS_PROFILE_NAME",
          region: "AWS_REGION",
          pathToCredentials: "PATH_TO_AWS_CREDENTIALS.JSON",
        },
      }
      config = {
        ...config,
        ...option,
      }
      const getSecretFromAWS = require("cypress-aws-secrets-manager")
      await getSecretFromAWS(on, config, __dirname)
    },
  },
  env: {
    AWS_SSO_STRATEGY: "strategy_type",
  },
})

Overwrite AWS_SSO_STRATEGY property when running on a different machine or on CI

Sometimes you'll need to override the AWS_SSO_STRATEGY property that was provided inside cypress.config.env.
To do so, you'll need to run cypress with the following command:

npx cypress run -e AWS_SSO_STRATEGY=$OVERWRITING_AWS_SSO_STRATEGY

Where $OVERWRITING_AWS_SSO_STRATEGY is the new strategy value.

Results

Correct configuration

====================================================================================================

Starting plugin: cypress-aws-secrets-manager

AWS SSO strategy: profile

1st attempt: Trying to login into AWS with profile: "AWS_PROFILE_NAME"

AWS SDK credentials are set up correctly!

Extracting secret from: "AWS Secrets Manger"

secret: "{
    "username": "*****",
    "password": "*****"
}"

√ Secret loaded correctly from: "AWS_SECRET_NAME"

====================================================================================================

Missing configuration

Description
Cypress has starter without plugin configurations

====================================================================================================

Starting plugin: cypress-aws-secrets-manager

√ Missing awsSecretsManagerConfig, continue without secrets!

====================================================================================================

Wrong configuration

Description
Properties: secretName & region are mandatory

====================================================================================================

Starting plugin: cypress-aws-secrets-manager

ConfigurationError!
"awsSecretsManagerConfig" object MUST contains these mandatory properties: secretName,region

Passed: {
 "profile": "AWS_PROFILE_NAME"
}
Missing: [
 "secretName",
 "region"
]

====================================================================================================

Wrong credentials

Description
Your credentials are invalid

====================================================================================================

Starting plugin: cypress-aws-secrets-manager

AWS SSO strategy: "multi"

1st attempt: Trying to login into AWS with profile: "AWS_PROFILE_NAME"

2nd attempt: Trying to login into AWS with profile: "default"

3rd attempt: Trying without specifying credentials

Incorrect plugin configuration!
ERROR: Could not load credentials from any providers

====================================================================================================

Little tip for you

You can create a bash file that verifies if you are already logged into the AWS account:
NB Change AWS_PROFILE_NAME with your profile name

#awslogin_script.sh

#!/bin/bash

# Check to see if we are already logged in
SSO_ACCOUNT=$(aws sts get-caller-identity --query "Account" --profile AWS_PROFILE_NAME)

# If response is the sso_account_id we are already logged in (it has length 14)
if [ ${#SSO_ACCOUNT} -eq 14 ];  then
echo "AWS SSO session still valid, no login needed" ;

# Else we login with "aws sso login --profile AWS_PROFILE_NAME"
else
echo "" ; echo "AWS SSO session expired, login needed" ; echo ""
aws sso login --profile AWS_PROFILE_NAME

fi

Then in your package.json file create a script like this:

//package.json
{
  "scripts": {
    "cy:open": "sh awslogin_script.sh && npx cypress open",
    "cy:run": "sh awslogin_script.sh && npx cypress run"
  }
}

So you'll only have to type this command to open cypress and login into aws:

npm run cy:open

THE JOB IS DONE!

Happy testing to everyone!

ALEC-JS

🙌 Donate to support my work & further development! 🙌

Readme

Keywords

Package Sidebar

Install

npm i cypress-aws-secrets-manager

Repository

github.com/alecmestroni/cypress-aws-secrets-manager

Homepage

github.com/alecmestroni/cypress-aws-secrets-manager#readme

Weekly Downloads

183

Version

1.1.0

License

ISC

Unpacked Size

19.5 kB

Total Files

4

Last publish

Collaborators

  • alec-js
Try on RunKit
Report malware