Tags: javascriptgcpnodeprogramming
September 12th, 2023

How to use Secret Manager with Node.js

Storing sensitive information like API keys, passwords, and other credentials in plain text within your codebase or configuration files can pose a significant security risk. Google Cloud Platform (GCP) offers a solution to this problem through Secret Manager, which allows you to securely store and manage your secrets.

Prerequisites

Before you begin, make sure you have the following prerequisites in place:

  1. A Google Cloud Platform (GCP) project with billing enabled.
  2. Node.js installed on your local machine.
  3. The Google Cloud SDK installed and authenticated with your GCP project.

Setting Up GCP Secret Manager

  1. Create a GCP Project: If you haven't already, create a GCP project through the GCP Console.

  2. Enable the Secret Manager API: Navigate to the GCP Console, select your project, and enable the Secret Manager API or just go to this link https://console.cloud.google.com/apis/library/secretmanager.googleapis.com

  3. Create a Secret: To get started, create a secret. You can do this through the GCP Console or by using the gcloud command-line tool. Here's an example of creating a secret using gcloud:

gcloud secrets create my-secret

  1. Add a Secret Version: You can add a secret version containing the actual secret data. This can be done via the GCP Console or by using the gcloud command:

echo -n "my-secret-value" | gcloud secrets versions add my-secret --data-file=-

Accessing Secrets in Node.js

Now that you have your secret stored in GCP Secret Manager, let's see how you can access it in your Node.js application.

  1. Install the required libraries:

You'll need the @google-cloud/secret-manager library to interact with GCP Secret Manager in your Node.js application. You can install it using npm:

npm install @google-cloud/secret-manager

  1. Authenticate your application:

Ensure that your Node.js application is authenticated with your GCP project. You can do this by setting the GOOGLE_APPLICATION_CREDENTIALS environment variable or using application default credentials.

  1. Access the secret:

You can access the secret you created in GCP Secret Manager using the following code:

const { SecretManagerServiceClient } = require('@google-cloud/secret-manager');
const client = new SecretManagerServiceClient();
const secretName = 'projects/YOUR_PROJECT_ID/secrets/my-secret/versions/latest';

async function accessSecret() {
    try {
        const [version] = await client.accessSecretVersion({
            name: secretName,
        });
        const payload = version.payload.data.toString('utf8');
        console.log(`Secret Value: ${payload}`);
    }
    catch (error) {
        console.error(`Error accessing secret: ${error.message}`);
    }
} 
accessSecret();

Replace YOUR_PROJECT_ID with your actual GCP project ID. This code fetches the latest version of the secret and retrieves its value.

Conclusion

Using GCP Secret Manager with Node.js allows you to securely manage your application's sensitive data, such as API keys and passwords. By storing secrets in GCP Secret Manager, you can improve the security of your applications and easily manage secret rotation.