Hi, My code is working perfectly by using the api key manually but I want to use this via secret manager using velo.
I’m using sendGrid to send email using REST api. I’ve used the following code:
let key; //globally declared
export function getFirstSecretValue() {
return wixSecretsBackend.listSecretInfo()
.then((secrets) => {
key = wixSecretsBackend.getSecret(secrets[0].name);
console.log (key);
})
.catch((error) => {
console.error(error);
});
}
//then used here as with variable key.
Please let me know if I’m doing something wrong.
There’s really no reason for your use case to retrieve the list of secrets. Also, it could very well be that the secret you want is not the first one that you have stored. I would suggest that you use getSecret() API function instead to directly retrieve your sendgrid key, something like this:
await wixSecretsBackend.getSecret("mySendgridKey")
You forgot about promises. here is the working code.
let key; //globally declared
export function getFirstSecretValue() {
return wixSecretsBackend.listSecretInfo()
.then(async(secrets) => {
key = await wixSecretsBackend.getSecret(secrets[0].name);
console.log (key);
})
.catch((error) => {
console.error(error);
});
}
Hi, I’ve used the mentioned function too but the issue is getting api name. Is this safe to use the api name manually in the code?
@akgarg804 Sure, it’s save to use the API name in code. The main security issue is to guard your secret key, and since this is all in backend code this is not a problem. The API name really doesn’t reveal any sensitive information.
In fact, since this is backend code, it’s even OK to hard-code the secret key. The wix-secrets API allows you to add additional developers to your site, without giving them access to your secret keys. If you’re the only developer in the site, then it’s OK to hard code the key. Using wix-secrets is best practice and highly recommended.
Also, as @team40951 pointed out, don’t forget that getSecret() returns a Promise which you will have to properly handle.
@yisrael-wix Yes, I know that’s a promise & use .then() but as the code was not working I tried using async function and I was doing that wrong. Rashid helps me with this for future knowledge. I don’t have expert level knowledge could you please check the code if I’m using in the function in a right way.
I’m using this in sendGrid.js
import { fetch } from 'wix-fetch';
import wixSecretsBackend from 'wix-secrets-backend';
import {getSecret} from 'wix-secrets-backend';
let mySecret;
let key;
export function sendWithService(sender, recipient, subject, body) {
key = async function (){ await getSecret("sendgrid_api_key"); }
const url = "[Link here not allowed]";
const headers = {
"Authorization": "Bearer " + key,
"Content-Type": "application/x-www-form-urlencoded"
};
const data = `from=akgarg804@gmail.com&to=${recipient}&subject=${subject}&text=${body}&replyTo=${sender}`;
const request = {
"method": "post",
"headers": headers,
"body": data
};
return fetch(url, request)
.then(response => response.json());
}
If I’m wrong, then how should I proceed. Only authorization failed because I’m not getting api key in a right way.
Thank again today to help me with async function. Now, I will keep this in mind where to mention “async”. 
@akgarg804 The function isn’t being invoked correctly. I would suggest something like this:
export async function sendWithService(sender, recipient, subject, body) {
let key = await getSecret("sendgrid_api_key");
@yisrael-wix Thanks, it’s working now. You’re great a savior. Have a great day!
@akgarg804 BTW - That was a good idea that you had with the one-line async/await. I now see what’s wrong with your version. You want this:
const key = (async function (){ return await getSecret("spam_API_key"); } ) ();
Notice the parentheses at the end of the statement. That’s what causes the function to actually execute. Without those parens, the functions is only declared, but it doesn’t run. And, you also need a return.
Note: Some developers claim that using an inline anonymous function is not a good idea due to memory leaks and whatnot. I’m not really sure. Interesting idea though.