Is it possible to retrieve the datasource connection options from AWS Parameter Store instead of storing them as environment variables in a general JavaScript question? I am having difficulty finding a solution and seeking expert advice on this matter.
This is my datasource class:
let options = {
type: "mssql" as any,
host: AwsParameterStore.getParameter("DATABASE_HOST").then(
async (secretKey) => {
return secretKey;
}
),
database: process.env.DATABASE_NAME,
username: process.env.DATABASE_USERNAME,
password: process.env.DATABASE_PASSWORD,
options: { encrypt: false },
synchronize: false
};
export const VcsDatabase = new DataSource((options = options));
and this is my AwsParameterStore class:
@Injectable()
export class AwsParameterStore {
constructor(private eventLogger: LoggingService) {}
static async getParameter(parameterName: string): Promise<any> {
let ssm = new SSM({ region: "eu-west-1" });
let options = {
Name: parameterName
};
let parameter = ssm.getParameter(options).promise();
return parameter.then((response) => {
let token: string = response.Parameter.Value;
return token;
});
}
}
It seems that passing the host value as a promise does not work, as TypeORM Datasource requires it as a string based on the error message received.
connection error TypeError: The "config.server" property is required and must be of type string.
I have two questions:
- Is there a way to pass the connection parameters from another service like the AwsParameterStore?
- If not feasible, would it be acceptable to store the database credentials in GitLab CI/CD variables and access them during pipeline execution?
I am primarily concerned with securing the credentials and believe storing them in SSM and retrieving them at runtime is the best approach.