aws-lambda-kms-encryption/src/decrypt.js at master · goci-io/aws-lambda-kms-encryption · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
'use strict';

const AWS = require('aws-sdk');
const KMS = new AWS.KMS();

exports.handler = (event, context, callback) => {
    const map = (event.value ? { result: event.value } : event.map) || {};
    const keys = Object.keys(map || {});

    if (event.list) {
        event.list.forEach(item => {
            const key = Object.keys(item).pop();
            map[key] = item[key];
            keys.push(key);
        });
    }

    if (!map || !keys.length) {
        callback(null, {});
        return;
    }

    const tasks = keys
        .filter(item => map[item])
        .map(item => KMS.decrypt({CiphertextBlob: Buffer.from(map[item], 'base64')})
        .promise()
        .then(result => map[item] = result.Plaintext.toString('utf-8'))
        .catch(err => {
            console.error(`Error during decryption of secret ${item}`, err);
            map[item] = null;
        }));

    Promise.all(tasks)
        .then(results => callback(null, map))
        .catch(err => {
            console.log('Could not resolve any decryption task for any of ' + keys.join(', '), err);
            callback(err, null);
        });
};