From c2518d97fbede4d3784ac83a8f97afaf696b76c2 Mon Sep 17 00:00:00 2001
From: 0xngmi <0xngmi@protonmail.com>
Date: Sat, 6 Jan 2024 17:49:53 +0000
Subject: [PATCH] populate secrets from ddb

---
 serverless.yml                                    |  5 +++++
 src/peggedAssets/storePeggedAssets/storePegged.ts | 13 +++++++++++++
 src/utils/shared/dynamodb.ts                      |  1 +
 3 files changed, 19 insertions(+)

diff --git a/serverless.yml b/serverless.yml
index 9d903f6d..809806f8 100644
--- a/serverless.yml
+++ b/serverless.yml
@@ -32,6 +32,11 @@ provider:
         - dynamodb:BatchGetItem
       Resource:
         - "Fn::GetAtt": [DynamoTable, Arn]
+    - Effect: "Allow"
+      Action:
+        - dynamodb:GetItem
+      Resource:
+        - "arn:aws:dynamodb:eu-central-1:856461987125:table/secrets"
     - Effect: Allow # Lambda logs on cloudwatch
       Action:
         - logs:CreateLogGroup
diff --git a/src/peggedAssets/storePeggedAssets/storePegged.ts b/src/peggedAssets/storePeggedAssets/storePegged.ts
index b87c48a7..6c2ad750 100644
--- a/src/peggedAssets/storePeggedAssets/storePegged.ts
+++ b/src/peggedAssets/storePeggedAssets/storePegged.ts
@@ -4,6 +4,7 @@ import peggedAssets from "../../peggedData/peggedData";
 import { importAdapter } from "../utils/importAdapter";
 import { executeAndIgnoreErrors } from "./errorDb";
 import { getCurrentUnixTimestamp } from "../../utils/date";
+import dynamodb from "../../utils/shared/dynamodb";
 
 const maxRetries = 4;
 const chainBlocks = undefined; // not needed by any adapters
@@ -52,6 +53,18 @@ async function iteratePeggedAssets(peggedIndexes: number[]) {
   return;
 }
 
+async function setEnvSecrets() {
+  try {
+    const { Item } = await dynamodb.getEnvSecrets()
+    Object.entries((Item as any)).forEach(([key, value]: any) => {
+      if (key !== 'PK' && key !== 'SK') process.env[key] = value
+    })
+  } catch (e) {
+    console.log('Unable to get env secrets: ', e)
+  }
+}
+
 export default async (peggedIndexes: number[]) => {
+  await setEnvSecrets()
   await iteratePeggedAssets(peggedIndexes);
 };
diff --git a/src/utils/shared/dynamodb.ts b/src/utils/shared/dynamodb.ts
index bdfa63f3..46c26ab8 100644
--- a/src/utils/shared/dynamodb.ts
+++ b/src/utils/shared/dynamodb.ts
@@ -34,6 +34,7 @@ const dynamodb = {
       })
       .promise(),
   scan: () => client.scan({ TableName }).promise(),
+  getEnvSecrets: (key: AWS.DynamoDB.DocumentClient.Key = { PK: 'lambda-secrets' }) => client.get({ TableName: 'secrets', Key: key }).promise()
 };
 export default dynamodb;