Reusable mTLS certificate loader for NestJS using AWS Secrets Manager
npm install nestjs-mtls-loader
> Reusable mTLS certificate loader for NestJS applications using AWS Secrets Manager.
- š Securely loads TLS/mTLS certificates from AWS Secrets Manager
- āļø Supports NestJS with Express or Fastify
- š§© Usable as a standalone class or injectable service
- š¦ Lightweight and production-ready
---
``bash`
npm install nestjs-mtls-loader
`typescript
import { CertLoader, CertRole } from 'nestjs-mtls-loader';
const loader = new CertLoader({
region: 'us-east-1',
role: CertRole.BOTH,
secrets: {
caCert: 'ca-cert',
clientCert: 'client-cert',
clientKey: 'client-key',
serverCert: 'server-cert',
serverKey: 'server-key',
},
});
await loader.load();
`
`typescript
import { CertLoaderModule } from 'nestjs-mtls-loader';
@Module({
imports: [
CertLoaderModule.register({
region: 'us-east-1',
role: 'server',
secrets: {
caCert: 'ca-cert',
serverCert: 'server-cert',
serverKey: 'server-key',
},
}),
],
})
export class AppModule {}
`
- Secrets are saved in /tmp/certs by default:
`bash`
/tmp/certs/
āāā ca-cert.pem
āāā client-cert.pem
āāā client-key.pem
āāā server-cert.pem
āāā server-key.pem
* You can override the output path via the certDir option.
* AWS_REGION
* CERT_ROLE
`typescript`
export interface CertLoaderOptions {
region?: string;
certDir?: string;
role?: CertRole;
secrets: {
caCert: string;
clientCert?: string;
clientKey?: string;
serverCert?: string;
serverKey?: string;
};
}
`typescript``
export enum CertRole {
SERVER = 'server',
CLIENT = 'client',
BOTH = 'both',
}
- Please check folder nestjs-mtls-demo for a complete example.