node.js - how to make faasd secrets available to function using node12 template?

Question

While writing this question I found the answer, but still it might be helpful to someone else that start using node12 template model for making functions on openfaas and needs accessing secrets defined using faas-cli.

By creating a function for build and deploy with openfaas (or faasd in my case), we need a function.yml file as follow:

provider:
  name: openfaas
  gateway: https://faasd.mygateway.com
functions:
  my_function:
    lang: node12
    handler: ./my_function
    image: my_org/my_function:latest

Until here the function deployed will work, but the directory "/var/openfaas/secrets/" will not be available or visible to the function, as it needs to be stated explicity in the yaml file as follows:

provider:
  name: openfaas
  gateway: https://faasd.mygateway.com
functions:
  my_function:
    lang: node12
    handler: ./my_function
    image: my_org/my_function:latest
    secrets:
        - mysecret
        - second-secret
        - third-secret

Now, after a new build/push and deploy the openfaas engine will make a link to each one of the secrets. Note that, the function only can acces those secrets stated on the yaml file, even if there are more secrets on the gatweay machine.

here is a good example: https://www.openfaas.com/blog/faasd-tls-terraform/

From here, a secret is easyly accessed using fs.readFile as follows:

async function getsecret(name) {
    try {
        var secretval = ""
        secretval = await fs.readFile("/var/openfaas/secrets/" + name, "utf8")
        return secretval;
    } catch (error) {
        return "ERROR: on getting secret " + name
    }
}

note that the function needs to be async and the fs must use promises:

const fs = require('fs').promises;

so it can be used as:

   try {
        let mysecret = await getsecret("mysecret"); 

//... other bussiness logic
        return wathever;
    } catch (error) {
        return "ERROR" 
    }

All this came up because I followed an outdated example, and by thinking that secrets are available to functions by default, which is not crearly started on the docs. But somehow, it made me realize how well structured and secure the process is implemented in openfaas, Thanks Alex Ellis and the openfaas team and community!.

Hope this helps someone.

Regards, Enrique

note this is my first write in StackOverflow.. hope is readable and into to the standards.

question from:https://stackoverflow.com/questions/65602942/how-to-make-faasd-secrets-available-to-function-using-node12-template

Answer 1

Waitting for answers