Getting APP_ID, PRIVATE_KEY, and WEBHOOK_SECRET from AWS SecretsManager when using Lambda functions

[eagraf]

As the title suggests, I'm trying to programmatically retrieve the values for the necessary environment variables from AWS SecretsManager in a Lambda function. The problem is that when NODE_ENV is set to production, these checks cause an error to be thrown before my code has a chance to grab those values and override the existing environment via the CreateProbotOptions passed to createProbot.

I know that others have used SecretsManager to retrieve these values before, so I think this should be possible.

Is there a way around this issue, or am I taking the wrong approach right now?

cc: @gr2m @oscard0m

[jamime]

You need to get these values before loading Probot. Consider using https://middy.js.org/docs/middlewares/secrets-manager/ and the same approach as createNodeMiddleware.

Here is an untested example.

import middy from "@middy/core";
import httpHeaderNormalizer from "@middy/http-header-normalizer";
import secretsManager from "@middy/secrets-manager";
import { Probot } from "probot";
import app from "./app";

let probot;
middy((event, context) => {
  return { statusCoode: 200 };
})
  .use(
    secretsManager({
      fetchData: {
        apiToken: "dev/probot",
      },
      awsClientOptions: {
        region: "us-east-1",
      },
      setToContext: true,
    })
  )
  .use(httpHeaderNormalizer())
  .before(async (request) => {
    const {
      context: {
        probot: { APP_ID, PRIVATE_KEY },
        event: { headers, body },
      },
    } = request;

    if (!probot) {
      probot = new Probot({
        APP_ID,
        PRIVATE_KEY,
      });
      probot.load(app);
    }

    await probot.webhooks.verifyAndReceive({
      id: headers["x-github-delivery"],
      name: headers["x-github-event"],
      signature: headers["x-hub-signature-256"],
      payload: body,
    });
  });