Today is yet short one, but ideally will already save a whole lot of headaches for some people.
Scenario: You have stored the contents of a string using AWS SSM parameter store (side note: if you are not using it yet, you should definitely have a look), but when retrieving it decrypted via CLI, you notice that the string has new lines (‘\n’) substituted by spaces (‘ ‘).
In my case, I was storing a private SSH key encrypted to integrate with some Ansible scripts triggered via AWS CodePipeline + CodeBuild. CodeBuild makes it realy easy to access secrets stored in SSM store, however it was retrieving my key incorrectly, which in term domino-crashed my ansible scripts.
Here you can also confirm more people are facing this issue. After following the suggestion of using AWS SDK – in my case with python boto3 – it finally worked. So here is a gist to overwrite an AWS SSM parameter, and then retrieving it back:
| my_string = """ | |
| your string \n seperated \n by \n new \n lines. | |
| """ | |
| account_id = '12345678910' | |
| region = 'eu-west-1' | |
| parameter_name = 'some-secret-name' | |
| key_id = 'your-key-id' | |
| kms_key_id = 'arn:aws:kms:{region}:{account_id}:key/{key_id}'.format(region=region, account_id=account_id, key_id=key_id) | |
| ssm = boto3.client('ssm') | |
| response = ssm.put_parameter( | |
| Name=parameter_name, | |
| Description='My encrypted secret blob', | |
| Value=my_string, | |
| Type='SecureString', | |
| KeyId=kms_key_id, | |
| Overwrite=True, | |
| ) | |
| response = ssm.get_parameter( | |
| Name=parameter_name, | |
| WithDecryption=True | |
| ) | |
| print(response.get('Parameter', {}).get('Value')) |
Hope this helps!
