Today is yet short one, but ideally will already save a whole lot of headaches for some people.
Scenario: You have stored the contents of a string using AWS SSM parameter store (side note: if you are not using it yet, you should definitely have a look), but when retrieving it decrypted via CLI, you notice that the string has new lines (‘\n’) substituted by spaces (‘ ‘).
In my case, I was storing a private SSH key encrypted to integrate with some Ansible scripts triggered via AWS CodePipeline + CodeBuild. CodeBuild makes it realy easy to access secrets stored in SSM store, however it was retrieving my key incorrectly, which in term domino-crashed my ansible scripts.
Here you can also confirm more people are facing this issue. After following the suggestion of using AWS SDK – in my case with python boto3 – it finally worked. So here is a gist to overwrite an AWS SSM parameter, and then retrieving it back:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
my_string = """ | |
your string \n seperated \n by \n new \n lines. | |
""" | |
account_id = '12345678910' | |
region = 'eu-west-1' | |
parameter_name = 'some-secret-name' | |
key_id = 'your-key-id' | |
kms_key_id = 'arn:aws:kms:{region}:{account_id}:key/{key_id}'.format(region=region, account_id=account_id, key_id=key_id) | |
ssm = boto3.client('ssm') | |
response = ssm.put_parameter( | |
Name=parameter_name, | |
Description='My encrypted secret blob', | |
Value=my_string, | |
Type='SecureString', | |
KeyId=kms_key_id, | |
Overwrite=True, | |
) | |
response = ssm.get_parameter( | |
Name=parameter_name, | |
WithDecryption=True | |
) | |
print(response.get('Parameter', {}).get('Value')) |
Hope this helps!