Cerberus Node Client

This is a node client for interacting with a Cerberus backend. It can be used in any environment that has AWS credentials available.

To learn more about Cerberus, please visit the Cerberus website.

This library is compatible with node 12.x +, for previous versions of Node use the 1.x versions of the client

Node.js CI
codecov NPM License

Installation

npm install --save cerberus-node-client

Usage

See the CerberusClient class on the the docs site

Authentication

The cerberus client uses the AWS SDK Credentials provider chain to load AWS IAM credentials and authenticates with Cerberus via the sts auth endpoint
This client will work in any environment that has access to AWS Credentials.

Cerberus will attempt to authenticate one its first call. The authentication result will be stored and reused. If the token has expired on a subsequent call, authentication will be repeated with the original configuration. You should not have to worry about authentication or token expiration; just use the client.

Testing

First, make sure the following environment variables are set before running the Node Client integration tests:

export CERBERUS_HOST="https://example.cerberus.com"
export TEST_REGION="us-west-2"
export TEST_SDB="my-sdb"
export TEST_SDB_CATEGORY="app"

Ensure the TEST_SDB and TEST_SDB_CATEGORY variables match up with the path to your test sdb (i.e. app/my-sdb/test-path)

Then make sure AWS credentials have been obtained. One method is by running gimme-aws-creds:

gimme-aws-creds

Next, in the project directory run:

npm run style && npm run test:unit:local && npm run test:integration

If applicable, we recommend running the Node Client integration tests in both AWS Global and AWS China using the corresponding hosts, regions, and AWS credentials.

A Note about Lambdas and Cerberus

While this client supports any env with IAM credentials, generally it does NOT make sense to store Lambda secrets in Cerberus for two reasons:

  1. Cerberus can't support the scale that lambdas may need, e.g. thousands of requests per second
  2. Lambdas will not want the extra latency needed to authenticate and read from Cerberus

A better solution for Lambda secrets is using the encrypted environmental variables
feature provided by AWS.

Another option is to store Lambda secrets in Cerberus but only read them at Lambda deploy time, then storing them as encrypted
environmental variables, to avoid the extra Cerberus runtime latency.

License

Cerberus Management Service is released under the Apache License, Version 2.0

[coverage img]codecov