I am trying to migrate from my credentials and secrets to AWS Secrets Manager in my Express Project.

The current structure has a config.json file which loads in sync when the express app.

But when I try to fetch credentials from AWS API, the flow won't work. Because in my previous approach, files are getting loaded in sync, therefore, all credentials are available when the app is starting but same is not possible when credentials are getting fetched from AWS API.

I want to understand what is the ideal method to work with any secret manager where API call is required in Express/Node Projects for fetching credentials.

Here's how I fetch secrets for sequelize migrations.

1. Rename config.json to config.js, make sure to update .sequelizerc accordingly.
2. Inside config.js paste this:

const aws = require('aws-sdk');
aws.config.update({
  region: 'ca-central-1', // IMPORTANT: configure your aws region
});

const returnSequelizeConfig = async () => {
  const secretsManager = new aws.SecretsManager();
  const secret = await secretsManager
    .getSecretValue({ SecretId: 'dev/postgres' }) // fetch secret
    .promise();
  const parsedSecret = JSON.parse(secret.SecretString);

  return {
    development: {
      database: parsedSecret.dbname,
      username: parsedSecret.username,
      password: parsedSecret.password,
      host: 'db-instance.XXXXX.ca-central-1.rds.amazonaws.com', // replace with host
      dialect: 'postgres',
    },
    test: {
      username: 'postgres',
      password: 'postgres',
      database: 'db',
      host: 'localhost',
      dialect: 'postgres',
    },
  };
};

module.exports = returnSequelizeConfig;

Then, when running your sequelize migrations it will first fetch the secrets and then return the config.