Open in app

Sign in

Write

Sign in

How to import environment variable from AWS secrets manager & use it for Cypress test automation

Bothi Palani
2 min readOct 9, 2023

I worked in a project for end to end automation where the application deployed on aws cloud so some of the details like auth_realm, auth_clientid , auth_base_url etc required for authentication were stored in aws secrets manager.

In this story, let us learn about importing secrets stored in aws and merge these values along with cypress default configuration.

As you know end to end tests have to be run across different environments, Cypress allows you define environment specific variables with different ways as outlined here, https://docs.cypress.io/guides/guides/environment-variables

one of the ways to achieve multiple environment setup is to create environment specific json file to store the key & value pair. For example create a file dev.json and add the values

{
  "env": {
    baseurl: https://dev.com
  }
}

create another file, test.json

{
  "env": {
    baseurl: https://test.com
  }
}

It is not recommended to put down and check-in the secrets in these files, so we have to import them and add on the fly during the test execution.

packages need to be installed : @aws-sdk/client-secrets-manager

create a method in cypress.config.ts to load the environment variables from specfif file

// Load configuration from an environment specific file.
// By default this will load from the 'ci' environment file.
// Environment file is specified by the fileConfig Cypress env var.
async function getConfigurationByFile(config) {
  const file = config.env.fileConfig || 'ci';
  const pathToConfigFile = path.resolve('.', 'cypress', 'config', `${file}.json`);
  const fileConfig = await fs.readJson(pathToConfigFile);
  const merged = merge(config, fileConfig);
  return merged;
}

create another method in cypress.config.ts to load secrets from aws secret manager. Prerequisite for this one AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY should be set in the terminal before running the tests.

const { SecretsManagerClient, GetSecretValueCommand } = require('@aws-sdk/client-secrets-manager');

// Load configuration from AWS secrets manager
// Useful for test secrets which are environment specific.
async function getConfigurationFromSecretsManager(config) {
  const client = new SecretsManagerClient({
    region: 'eu-west-1',
  });
  const command = new GetSecretValueCommand({
    SecretId: 'qa/secrets/test-secrets',
  });

  const secretData = await client.send(command);

  const secret =
    'SecretString' in secretData ? secretData.SecretString : Buffer.from(secretData.SecretBinary, 'base64');

  return merge(config, {
    env: JSON.parse(secret),
  });
}

merge both the environment specific variables inside the setupNode events and all the variables loaded on environment variables section.

const merge = require('lodash.merge');

module.exports = defineConfig({
  e2e: {
    setupNodeEvents(on, cypressConf) {
      const mergedConfig = getConfigurationByFile(cypressConf)
        .then(getConfigurationFromSecretsManager);
      return mergedConfig;
    },
  },
});
Cypress Automation
Cypressio
Aws Secrets Manager
Cypress Testing
Environment Configuration

--

--

Bothi Palani

Written by Bothi Palani

11 Followers

Senior SDET & Test Automation Consultant

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams