Use testing credentials secret for JWT key

Author: devksingh4

generate_jwt.js

@@ -20,7 +20,7 @@ export const getSecretValue = async (secretId) => {
   }
 };
 
-const secrets = await getSecretValue("infra-core-api-config");
+const secrets = await getSecretValue("infra-core-api-testing-credentials");
 const client = new STSClient({ region: "us-east-1" });
 const command = new GetCallerIdentityCommand({});
 let data;

src/api/index.ts

@@ -15,6 +15,7 @@ import {
   environmentConfig,
   genericConfig,
   SecretConfig,
+  SecretTesting,
 } from "../common/config.js";
 import organizationsPlugin from "./routes/organizations.js";
 import authorizeFromSchemaPlugin from "./plugins/authorizeFromSchema.js";
@@ -252,13 +253,20 @@ async function init(prettyPrint: boolean = false) {
   app.dynamoClient = dynamoClient;
   app.secretsManagerClient = secretsManagerClient;
   app.redisClient = redisClient;
-  app.secretConfig = secret;
   app.refreshSecretConfig = async () => {
     app.secretConfig = (await getSecretValue(
       app.secretsManagerClient,
       genericConfig.ConfigSecretName,
     )) as SecretConfig;
+    if (app.environmentConfig.TestingCredentialsSecret) {
+      const temp = (await getSecretValue(
+        app.secretsManagerClient,
+        app.environmentConfig.TestingCredentialsSecret,
+      )) as SecretTesting;
+      app.secretConfig = { ...app.secretConfig, ...temp };
+    }
   };
+  app.refreshSecretConfig();
   app.addHook("onRequest", (req, _, done) => {
     req.startTime = now();
     const hostname = req.hostname;

src/common/config.ts

@@ -23,6 +23,7 @@ export type ConfigType = {
   PaidMemberPriceId: string;
   AadValidReadOnlyClientId: string;
   LinkryCloudfrontKvArn?: string;
+  TestingCredentialsSecret?: string;
 };
 
 export type GenericConfigType = {
@@ -98,6 +99,7 @@ const environmentConfig: EnvironmentConfigType = {
       /^https:\/\/(?:.*\.)?acmuiuc\.pages\.dev$/,
       /http:\/\/localhost:\d+$/,
     ],
+    TestingCredentialsSecret: "infra-core-api-testing-credentials",
     AadValidClientId: "39c28870-94e4-47ee-b4fb-affe0bf96c9f",
     LinkryBaseUrl: "https://core.aws.qa.acmuiuc.org",
     PasskitIdentifier: "pass.org.acmuiuc.qa.membership",
@@ -137,7 +139,6 @@ const environmentConfig: EnvironmentConfigType = {
 };
 
 export type SecretConfig = {
-  jwt_key?: string;
   discord_guild_id: string;
   discord_bot_token: string;
   entra_id_private_key?: string;
@@ -151,6 +152,10 @@ export type SecretConfig = {
   redis_url: string;
 };
 
+export type SecretTesting = {
+  jwt_key: string;
+}
+
 const roleArns = {
   Entra: process.env.EntraRoleArn,
 };

tests/e2e/base.ts

@@ -30,7 +30,7 @@ async function getSecrets() {
   let response = { PLAYWRIGHT_USERNAME: "", PLAYWRIGHT_PASSWORD: "" };
   let keyData;
   if (!process.env.PLAYWRIGHT_USERNAME || !process.env.PLAYWRIGHT_PASSWORD) {
-    keyData = await getSecretValue("infra-core-api-config");
+    keyData = await getSecretValue("infra-core-api-testing-credentials");
   }
   response["PLAYWRIGHT_USERNAME"] =
     process.env.PLAYWRIGHT_USERNAME ||

tests/live/utils.ts

@@ -30,7 +30,7 @@ async function getSecrets() {
   const response = { JWTKEY: "" };
   let keyData;
   if (!process.env.JWT_KEY) {
-    keyData = await getSecretValue("infra-core-api-config");
+    keyData = await getSecretValue("infra-core-api-testing-credentials");
   }
   response["JWTKEY"] =
     process.env.JWT_KEY || ((keyData ? keyData["jwt_key"] : "") as string);