https://netsuiteprofessionals.com logo
Join Slack
Powered by
am I allowed to use a secret, from the secrets man...
# suitescript
d
am I allowed to use a secret, from the secrets manager in a https post body?
Copy code
define(["N/runtime", "N/https"],
  (runtime, https) => {
    const get = (requestParams) => {
      
      let secureString = https.createSecureString({
        input: '{custsecret_my_custom_secret}' // <<- another thread here suggested this format with the '{secret_id}'
      });

      let body = {
        test: 'test',
        secret: '{'+secureString+'}',  			
        , key1: "custsecret_my_custom_secret" 	
        , key2: 'custsecret_my_custom_secret' 	
		, key3: '{custsecret_my_custom_secret}'
      };
      let response = <http://https.post|https.post>({
        body: JSON.stringify(body),
        url: "<https://my.domain.com/v1/endpoint>",
        credentials: ['custsecret_my_custom_secret'],  // <<- i've also tried wrapping in {} too
        headers: {
          Authorization: "Basic abcdefghijklmnopqrstuvwzyz=",
          'Content-Type': "application/json",
          Accept: '*/*'
        }
      });
	}});
This is the body I capture on the other end:
Copy code
[
  {
    "test": "test",
    "secret": "{
      https.SecureString
    }",
    "key1": "custsecret_my_custom_secret",
    "key2": "custsecret_my_custom_secret",
    "key3": "{
      custsecret_my_custom_secret
    }"
  }
]
b
key3 is the closest to being correct
though your server looks like its receiving it wrong, there shouldnt be new lines in that string
d
yeah, so I thought that https module would replace the value in the body
in the netsuite docs it says on 
https.SecureString
An https.SecureString is returned by https.createSecureString(options)SecureString.appendString(options), and SecureString.appendSecureString(options). It can also be used as the options.credentials parameter in a call to https.request(options).
b
your secure string is being destroyed in your code
its an object converted to a string
d
it doesn't specifically call out https.post(options), was hoping that was just bad docs
b
which means it isnt a secure string anymore
d
is it this line?
Copy code
secret: '{'+secureString+'}',
b
a string plus an object is a string
and a string is not a secure string
d
I took that line out, but still no dice
b
normal advice
log the response body
d
{ "args": {}, "data": "{\\"test\\":\\"test\\",\\"key1\\":\\"custsecret_my_custom_secret\\",\\"key2\\":\\"custsecret_my_custom_secret\\",\\"key3\\":\\"{custsecret_my_custom_secret}\\"}", "files": {}, "form": {}, "headers": { "Accept": "*/*", "Accept-Encoding": "gzip, deflate", "Authorization": "Basic abcdefghijklmnopqrstuvwzyz=", "Content-Length": "143", "Content-Type": "application/json", "Host": "httpbin.org", "User-Agent": "NetSuite/2021.1 (SuiteScript)", "X-Amzn-Trace-Id": "Root=1-61426ebd-2163e4f84545532432d5febf" }, "json": { "key1": "custsecret_my_custom_secret", "key2": "custsecret_my_custom_secret", "key3": "{custsecret_my_custom_secret}", "test": "test" }, "origin": "a.b.c.d", "url": "https://httpbin.org/post"}
is there an example out there of how to use https.SecureString in a post?
b
secrets and guids work as template expressions
the input parameter to a securestring is a template that netsuite renders
if you were trying to generate json, you would put the output of 
JSON.stringify(body)
in the input of your secure string
i dont think thats your problem here, because you can also use the body of the https.post as a template input instead
id double check that the secret doesnt have a restriction preventing it from running for your script
d
AH! thanks @battk I get it now: • Create a string template • pass that as input to https.createSecureString • pass that into the https.post • set the options.credentials
Copy code
let body = {
	test: 'test',
	secret: '{custsecret_my_secret}'
};

let secureString = https.createSecureString({
	input: JSON.stringify(body)
});

let response = <http://https.post|https.post>({
	body: secureString,
	url: "<https://httpbin.org/post>",
	credentials: ['custsecret_my_secret'],
4 Views
Open in Slack
PreviousNext
Powered by