This is a node client for interacting with a Cerberus backend. It can be used in any environment that has AWS credentials available.
To learn more about Cerberus, please visit the Cerberus website.
This library is compatible with node 8.x +, for previous versions of Node use the 1.x versions of the client
npm install --save cerberus-node-client
See the CerberusClient class on the the docs site
The cerberus client uses the AWS SDK Credentials provider chain to load AWS IAM credentials and authenticates with Cerberus via the sts auth endpoint This client will work in any environment that has access to AWS Credentials.
Cerberus will attempt to authenticate one its first call. The authentication result will be stored and reused. If the token has expired on a subsequent call, authentication will be repeated with the original configuration. You should not have to worry about authentication or token expiration; just use the client.
While this client supports any env with IAM credentials, generally it does NOT make sense to store Lambda secrets in Cerberus for two reasons:
- Cerberus can't support the scale that lambdas may need, e.g. thousands of requests per second
- Lambdas will not want the extra latency needed to authenticate and read from Cerberus
A better solution for Lambda secrets is using the encrypted environmental variables feature provided by AWS.
Another option is to store Lambda secrets in Cerberus but only read them at Lambda deploy time, then storing them as encrypted environmental variables, to avoid the extra Cerberus runtime latency.
Cerberus Management Service is released under the Apache License, Version 2.0