Can't encrypt text using kms provider

scotty-p commented 8 years ago

I've tried a bunch of inputs to get this to work, but so far unsuccessful. My IAM user has kms:Encrypt and kms:Decrypt permissions for the particular key-arn. Posting command and error stack.

sls secret encrypt -r us-east-1 -p kms -t "Hello world" -a <key-arn>

/usr/local/lib/node_modules/serverless/node_modules/bluebird/js/release/async.js:61
        fn = function () { throw arg; };
                           ^

TypeError: Cannot read property 'kms' of undefined
    at Object._encryptor [as kms] (/Users/<me>/Workspace/serverless_projects/xc-api-sp/node_modules/serverless-secrets/src/encryptors/providers/kms.js:25:31)
    at ServerlessSecrets._encrypt (/Users/<me>/Workspace/serverless_projects/xc-api-sp/node_modules/serverless-secrets/src/index.js:134:39)
From previous event:
    at /usr/local/lib/node_modules/serverless/lib/Serverless.js:186:31
    at Array.reduce (native)
    at /usr/local/lib/node_modules/serverless/lib/Serverless.js:185:32
From previous event:
    at Serverless._execute (/usr/local/lib/node_modules/serverless/lib/Serverless.js:183:12)
    at Serverless.actions.(anonymous function) (/usr/local/lib/node_modules/serverless/lib/Serverless.js:429:20)
    at Serverless.command (/usr/local/lib/node_modules/serverless/lib/Serverless.js:398:38)
    at /usr/local/lib/node_modules/serverless/bin/serverless:19:16
    at processImmediate [as _immediateCallback] (timers.js:383:17)
From previous event:
    at Object.<anonymous> (/usr/local/lib/node_modules/serverless/bin/serverless:18:4)
    at Module._compile (module.js:413:34)
    at Object.Module._extensions..js (module.js:422:10)
    at Module.load (module.js:357:32)
    at Function.Module._load (module.js:314:12)
    at Function.Module.runMain (module.js:447:10)
    at startup (node.js:139:18)
    at node.js:999:3

shortjared commented 8 years ago

Great catch. You found a bug, I will get a patch out today. In the meantime, here is a fix.

Serverless: Please specify a kms key arn with --arn or set a default kms key in project custom configs.
            You can also set shortcuts and use --arn prod to access the prod arn shown below.

            "custom": {
              "secrets": {
                "kms": {
                  "default": "arn:aws:kms:us-east-1:123456789012:alias/MyAliasName",
                  "prod": "arn:aws:kms:us-east-1:123456789012:alias/ProdAliasName"
                }
              }
            }

shortjared commented 8 years ago

@scotty-p This has been fixed in the 2.0.1 release. npm update serverless-secrets

trek10inc / serverless-secrets

Can't encrypt text using kms provider #6