Add aws key management

index.mjs

@@ -1,9 +1,23 @@
 import { Client } from 'ssh2';
+import {
+  SecretsManagerClient,
+  GetSecretValueCommand,
+} from "@aws-sdk/client-secrets-manager";
 export const handler = async (event) => {
   let result = "did not send";
-  if (event.subject == "You have deliveries" || event.subject == "You have a delivery"){
+  if (event.subject == "You have deliveries" || event.subject == "You have a delivery") {
     // Trigger home notification
-    console.info("Matched Subject");
+    console.info("Matched Subject, pull key");
+    const keyClient = new SecretsManagerClient({ region: "us-west-2" });
+    let keyResponse;
+    try {
+      keyResponse = await keyClient.send(new GetSecretValueCommand({
+        SecretId: process.env.TRIGGER_SECRET
+      }));
+    } catch (err) {
+      console.warn(err);
+      result = err;
+    }
     const command = `ssh ${process.env.INTERNAL_HOST} "/usr/bin/tmux neww -d \"/usr/bin/mplayer '${process.env.INTERNAL_FILE}'\""`;
     console.info("Import ssh2");
     const connection = new Client();
@@ -27,7 +41,7 @@ export const handler = async (event) => {
       host: process.env.TRIGGER_HOST,
       port: 22,
       username: process.env.TRIGGER_USERNAME,
-      privateKey: process.env.TRIGGER_PRIVATEKEY
+      privateKey: keyResponse.SecretString
     });
   }
   const response = {

package.json

@@ -6,7 +6,7 @@
   "scripts": {
     "deploy": "npm run lint && npm run package && aws lambda update-function-code --function-name Deliveries --region us-west-2 --zip-file fileb://./lambda.zip",
     "package": "zip -r -9 lambda.zip .",
-    "lint": "npx eslint index.mjs --fix" 
+    "lint": "npx eslint index.mjs --fix"
   },
   "repository": {
     "type": "git",
@@ -15,6 +15,7 @@
   "author": "Elizabeth Cray",
   "license": "Apache-2.0",
   "dependencies": {
+    "@aws-sdk/client-secrets-manager": "^3.665.0",
     "@stylistic/eslint-plugin": "^2.8.0",
     "ssh2": "^1.16.0"
   },