Home > Blockchain >  How to retrieve values of aws secretsmanager?
How to retrieve values of aws secretsmanager?

Time:06-02

I am trying to retrieve a secret value from aws secretsmanager.

The individual secret contains multiple key/value pairs.

key will be machine IP address and value will be machine ssh key.

This is used in our internal automation.

To retrieve a value, I ran below command.

Present, I got like this.

aws secretsmanager get-secret-value --secret-id ssh_key --version-stage AWSCURRENT 
{
    "Name": "ssh_key", 
    "VersionId": "1c8acb5c-26e5-4991-b45d-ddd7e7769ebf",
    "SecretString": "{\"10.1.90.198\":\"-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAsdjy2h9hKD3KmgTPmKttKZEs BR4xSKVJA PTm R5v5Z JHQ rkRzUPKquEgmiUtzewCvwk0P6AbkQC7Mzv4Ub dKMPQvHOog4 YHgA0QjG43lzBL wAipWRbEAssELrLXa1aJP1F1I89tp/DwAoV86tNpsgNQDbgNDJQVdhy1fnWorxIC 88HsVUYPh/v1lXz0D kuj/VBdPHvLitqpOIs9hsEWqfZOVzkMZeEcvieJFMCCPY  J26KSdf09TCKsxibgD9U6N7 ttkYz3/CHVR9wUmE2W4JupujdTBNOMap1/RDhJyS RLwJGy9H31N6OfJE w eLG7jVv8EGrgK0ZEa5wIDAQABAoIBAQCupIA2OcJKpgMi I79ICG719p3WLyQ5UbBq7Oyo9V6tGvB265mkx4sF3oZO2GsfP3xzOUVe5BXOn5Xc gRiV22NuUA3G7MKm/jK2GNkcobeybzkfuklolhjWZ0isBXhh8zUfLqcwCmmhdLwV wr tejAk2N5d9GrUTfxicbhxd9eyCWt4ubZ559fiwBESI3P7KzCIT9lol LO/3Tt v3CjO/MmdbFD95OCwdYKe/Kg7JZjqpTIWek82O0Yr0 RUspKf6fVM3c6Xsdcly0s o4/Kw5ni1zcRNy bMUb7n2AN4D9FURjTIsuhl2g2NrxhrpxHBNUawqwnDCYNaaZD jhUPcUHhAoGBAMKeoLkH2BujIjdYfvR3UUDn/1AxAimvRv1ctvNkLRVY74J/WjHq  q4jy0mazLtusJrpw jh0teRHmX5zsPzcxjYMSFyrron /Yv8d8kZiy16N 9SkeX NnyUVAYujNUeurkRjPsoCPuV5u8kk1Md3koe5V5 TGYYFJaR9uNIZQGzAoGBAOnw J0WMIgHqa02/Kr/auaW mAdruKsRu0k3GJlrhduBtA OzCr6/HQ4BNq8TDBK/eBO 21Ken9fiaUzJohupwq7Kokmee//nCQMac6GE6B/aMNLGMVfvfQKtF0tlDCkQaxSn 32Y27OZbIyKc44QnUrPZQQ3i5WJ Ca3oRRL871/9AoGAVk/Vhdn1vOQPg64qt67H CVsafu0NQYFroWfh93WBDQuhRSXH0YWd4WccfCs8CxAfIMT1zq2APXwtmBo 2eZ5 FlRv6M4KNA== -----END RSA PRIVATE KEY-----\",\"some\":\"value\"}",
    "VersionStages": [
        "AWSCURRENT"
    ],
    "CreatedDate": 1654095742.095,
    "ARN": "arn:aws:secretsmanager:us-west-2:<accountid>:secret:ssh_key-Jmv1r1"
}

The main secret id/name is ssh_key and individual key/value pairs are ipaddress/sshkey pairs. So, how to retrieve in a bash script, so that when we provide input as ipaddress, it should retrieve the related sshkey value and save it as a file, like ssh_key.pem.

I tried something with jq and able to trim metadata and came till SecureString part.

aws secretsmanager get-secret-value --secret-id ssh_key --version-stage AWSCURRENT | jq '.SecretString'
"{\"ssh_key\":\"-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAsdjy2h9hKD3KmgTPmKttKZEs BR4xSKVJA PTm R5v5Z JHQ rkRzUPKquEgmiUtzewCvwk0P6AbkQC7Mzv4Ub dKMPQvHOog4 YHgA0QjG43lzBL wAipWRbEAssELrLXa1aJP1F1I89tp/DwAoV86tNpsgNQDbgNDJQVdhy1fnWorxIC 88HsVUYPh/v1lXz0D kuj/VBdPHvLitqpOIs9hsEWqfZOVzkMZeEcvieJFMCCPY  J26KSdf09TCKsxibgD9U6N7 ttkYz3/CHVR9wUmE2W4JupujdTBNOMap1/RDhJyS RLwJGy9H31N6OfJE w eLG7jVv8EGrgK0ZEa5wIDAQABAoIBAQCupIA2OcJKpgMi I79ICG719p3WLyQ5UbBq7Oyo9V6tGvB265mkx4sF3oZO2GsfP3xzOUVe5BXOn5Xc gRiV22NuUA3G7MKm/jK2GNkcobeybzkfuklolhjWZ0isBXhh8zUfLqcwCmmhdLwV wr tejAk2N5d9GrUTfxicbhxd9eyCWt4ubZ559fiwBESI3P7KzCIT9lol LO/3Tt v3CjO/MmdbFD95OCwdYKe/Kg7JZjqpTIWek82O0Yr0 RUspKf6fVM3c6Xsdcly0s o4/Kw5ni1zcRNy bMUb7n2AN4D9FURjTIsuhl2g2NrxhrpxHBNUawqwnDCYNaaZD jhUPcUHhAoGBAMKeoLkH2BujIjdYfvR3UUDn/1AxAimvRv1ctvNkLRVY74J/WjHq U9j57nti1JBvaQuZC9mKekMCgYAdb0Ahug4VW5 AusrwNN8jAaYzWNR1gdek0K/h reu7wMgdJQR/a/ET1nCV7RdRBD6JWKKz9I18JlrFdKFXBbcfMxPUW4KSokk6ALwH 2Kc0SsnV22YeAF4kVg8WR3KOQCiZAr5TKBoKqfDzy/W8jQ4U3wMWcjQWfnFNVmpK h1S/KQKBgQCCdSSZHqjsTTVUg5yLV2IkyuiKzXC6i2xbxUH stgxvtaVK4Xaz/Qb R9hLBe0R9RAH007ddESsIpd9HgAFMiA2URMpJgO JCFQoNnNm4N/7HAXTN/zOsBy 8PfXXUY/27b26mWCBkRslz3x59uaPBix7ni0d0Gmv1DiFlRv6M4KNA== -----END RSA PRIVATE KEY-----\",\"some\":\"value\"}"

But when I try to retrieve internal values, getting error as below.

 aws secretsmanager get-secret-value --secret-id ssh_key --version-stage AWSCURRENT | jq '.SecretString.ssh_key'
jq: error (at <stdin>:10): Cannot index string with string "ssh_key"

Kindly guide, how to retrieve in a bash script, so that when we provide input as ipaddress, it should retrieve the related sshkey value and save it as a file, like ssh_key.pem.

CodePudding user response:

You can pipe the .SecretString output to jq again like this:

aws secretsmanager get-secret-value --secret-id $SECRET_ID | jq -r ".SecretString" | jq -r ".ssh_key"

CodePudding user response:

With a single call to jq :

jq -r '.SecretString|fromjson|.ssh_key'

You can test existence of ssh_key this way :

jq -r '.SecretString|fromjson|select(has("ssh_key")).ssh_key'

so that if ssh_key does not exist, it will output nothing.

  • Related