Search for previous posts

Blog History

12/31/20

AWS Secrets Manager password retrieval via BASH script

Basic test script for retrieving a password [1] from AWS Secrets Manager. One can obviously use the password variable for an actual operation instead of echoing the password.

You will need a IAM role with the SecretsManagerReadWrite [2] policy attached to it. Configure the AWS CLI with the user keys.

Initially I attempted to use the native AWS CLI --query option [3], but it spit out the username as well as some punctiation that was not needed. To get around this, I used "jq" to parse the JSON results and spit out just the password.

Modified from the following resources [4-6]

#!/bin/bash

testuser_pw="$(aws secretsmanager get-secret-value --secret-id testsecret
| jq --raw-output '.SecretString' | jq -r .testuser)"

echo $testuser_pw

Here is a screenshot of the 3 stages of testing, with the last line finally outputting just the password as desired.

 

 

 

 

References:

[1] https://docs.aws.amazon.com/cli/latest/reference/secretsmanager/get-secret-value.html
[2] https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-policies.html
[3] https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-output.html#cli-usage-output-filter
[4] https://stackoverflow.com/questions/50911540/parsing-secrets-from-aws-secrets-manager-using-aws-cli
[5] https://stackoverflow.com/questions/36452555/bash-script-to-loop-through-output-from-aws-command-line-client
[6] https://stackoverflow.com/questions/44296729/aws-cli-command-inside-bash-script-cant-locate-file

 

No comments:

Post a Comment