Today is yet short one, but ideally will already save a whole lot of headaches for some people.
Scenario: You have stored the contents of a string using AWS SSM parameter store (side note: if you are not using it yet, you should definitely have a look), but when retrieving it decrypted via CLI, you notice that the string has new lines ('\n') substituted by spaces (' ').
In my case, I was storing a private SSH key encrypted to integrate with some Ansible scripts triggered via AWS CodePipeline + CodeBuild. CodeBuild makes it realy easy to access secrets stored in SSM store, however it was retrieving my key incorrectly, which in term domino-crashed my ansible scripts.
Here you can also confirm more people are facing this issue. After following the suggestion of using AWS SDK - in my case with python boto3 - it finally worked. So here is a gist to overwrite an AWS SSM parameter, and then retrieving it back:
my_string = """ | |
your string \n seperated \n by \n new \n lines. | |
""" | |
account_id = '12345678910' | |
region = 'eu-west-1' | |
parameter_name = 'some-secret-name' | |
key_id = 'your-key-id' | |
kms_key_id = 'arn:aws:kms:{region}:{account_id}:key/{key_id}'.format(region=region, account_id=account_id, key_id=key_id) | |
ssm = boto3.client('ssm') | |
response = ssm.put_parameter( | |
Name=parameter_name, | |
Description='My encrypted secret blob', | |
Value=my_string, | |
Type='SecureString', | |
KeyId=kms_key_id, | |
Overwrite=True, | |
) | |
response = ssm.get_parameter( | |
Name=parameter_name, | |
WithDecryption=True | |
) | |
print(response.get('Parameter', {}).get('Value')) |
Hope this helps!
Top comments (0)