Basic
test script for retrieving a password [1] from AWS Secrets Manager. One
can obviously use the password variable for an actual operation instead of echoing the password.
You will need a IAM role with the SecretsManagerReadWrite [2] policy attached to it. Configure the AWS CLI with the user keys.
Initially
I attempted to use the native AWS CLI --query option [3], but it spit
out the username as well as some punctiation that was not needed. To get
around this, I used "jq" to parse the JSON results and spit out just the password.
Modified from the following resources [4-6]
#!/bin/bash
testuser_pw="$(aws secretsmanager get-secret-value --secret-id testsecret
| jq --raw-output '.SecretString' | jq -r .testuser)"
echo $testuser_pw
Here is a screenshot of the 3 stages of testing, with the last line finally outputting just the password as desired.
References:
[2] https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-policies.html
[3] https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-output.html#cli-usage-output-filter
[4] https://stackoverflow.com/questions/50911540/parsing-secrets-from-aws-secrets-manager-using-aws-cli
[5] https://stackoverflow.com/questions/36452555/bash-script-to-loop-through-output-from-aws-command-line-client
[6] https://stackoverflow.com/questions/44296729/aws-cli-command-inside-bash-script-cant-locate-file
No comments:
Post a Comment