Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

aws ssm get-parameter rsa key output to file

I have stored my private key file in AWS SSM Parameter store. I want to retrieve just the private key value from the parameter store and save it as an id_rsa file locally using aws cli.

This article: https://github.com/aws/aws-cli/issues/2742 shows me exactly how i can do that using sed. however I still get a character returned after "-----END RSA PRIVATE KEY-----" which i want to remove using sed.

This is my command i run on command line:

aws --region=us-east-1 ssm get-parameters --names "mykey" --with-decryption --output text 2>&1 | sed 's/.*----BEGIN/----BEGIN/'

And the output is:

----BEGIN RSA PRIVATE KEY-----
some text here
-----END RSA PRIVATE KEY-----   2

Notice the 2 in the end of the last line. I want to get rid of anything after -----END RSA PRIVATE KEY----- as well.

What do i need to add to my sed command to achieve that?

like image 953
H RH Avatar asked Jan 12 '18 12:01

H RH


People also ask

How do I get Arn of parameter in SSM?

You can locate the Amazon Resource Name (ARN) of the default key in the AWS KMS console on the AWS managed keys page. The default key is the one identified with aws/ssm in the Alias column.

Where are SSM parameters stored?

We can store these parameters in SSM, as encrypted secure strings, under a common path: /app/production/db/{DB_NAME, DB_USERNAME, DB_PASSWORD, DB_HOST} .

Are SSM parameters encrypted?

Each advanced parameter value is encrypted under a unique data key, and the data key is encrypted under a KMS key. You can use the AWS managed key for the account ( aws/ssm ) or any customer managed key.

What is the use of SSM parameters?

AWS Systems Manager Parameter Store (or SSM Parameter Store) is a convenient way to store hierarchical parameters in AWS. You can use it for any configuration values, including secure values like passwords or API keys. It integrates well with other AWS services too.


1 Answers

You can obtain the value alone using the following command:

aws --region=us-east-1 ssm get-parameter --name "mykey" --with-decryption --output text --query Parameter.Value

i.e. by selecting the value using --query Parameter.Value

You can then pipe it directly to the file without using sed.

like image 197
lexicalscope Avatar answered Sep 29 '22 07:09

lexicalscope