Blog History

December 31, 2020

AWS Secrets Manager password retrieval via BASH script

Basic test script for retrieving a password [1] from AWS Secrets Manager. One can obviously use the password variable for an actual operation instead of echoing the password.

You will need a IAM role with the SecretsManagerReadWrite [2] policy attached to it. Configure the AWS CLI with the user keys.

Initially I attempted to use the native AWS CLI --query option [3], but it spit out the username as well as some punctiation that was not needed. To get around this, I used "jq" to parse the JSON results and spit out just the password.

Modified from the following resources [4-6]


testuser_pw="$(aws secretsmanager get-secret-value --secret-id testsecret
| jq --raw-output '.SecretString' | jq -r .testuser)"

echo $testuser_pw

Here is a screenshot of the 3 stages of testing, with the last line finally outputting just the password as desired.








No comments:

Post a Comment