I have stored my private key file in AWS SSM Parameter store. I want to retrieve just the private key value from the parameter store and save it as an id_rsa file locally using aws cli.
This article: https://github.com/aws/aws-cli/issues/2742 shows me exactly how i can do that using sed
. however I still get a character returned after "-----END RSA PRIVATE KEY-----"
which i want to remove using sed
.
This is my command i run on command line:
aws --region=us-east-1 ssm get-parameters --names "mykey" --with-decryption --output text 2>&1 | sed 's/.*----BEGIN/----BEGIN/'
And the output is:
----BEGIN RSA PRIVATE KEY-----
some text here
-----END RSA PRIVATE KEY----- 2
Notice the 2
in the end of the last line. I want to get rid of anything after -----END RSA PRIVATE KEY-----
as well.
What do i need to add to my sed
command to achieve that?
You can locate the Amazon Resource Name (ARN) of the default key in the AWS KMS console on the AWS managed keys page. The default key is the one identified with aws/ssm in the Alias column.
We can store these parameters in SSM, as encrypted secure strings, under a common path: /app/production/db/{DB_NAME, DB_USERNAME, DB_PASSWORD, DB_HOST} .
Each advanced parameter value is encrypted under a unique data key, and the data key is encrypted under a KMS key. You can use the AWS managed key for the account ( aws/ssm ) or any customer managed key.
AWS Systems Manager Parameter Store (or SSM Parameter Store) is a convenient way to store hierarchical parameters in AWS. You can use it for any configuration values, including secure values like passwords or API keys. It integrates well with other AWS services too.
You can obtain the value alone using the following command:
aws --region=us-east-1 ssm get-parameter --name "mykey" --with-decryption --output text --query Parameter.Value
i.e. by selecting the value using --query Parameter.Value
You can then pipe it directly to the file without using sed.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With