Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

aws ssm get-parameters --with-decryption removes \n from returned value #2596

Closed
fundkis opened this issue May 11, 2017 · 15 comments
Closed

aws ssm get-parameters --with-decryption removes \n from returned value #2596

fundkis opened this issue May 11, 2017 · 15 comments

Comments

@fundkis
Copy link

@fundkis fundkis commented May 11, 2017

We saved a private RSA key encrypted in the parameter store.
we use iam roles to retrieve it with the following instruction:
aws ssm get-parameters --with-decryption --names our-parameter-name
In the returned JSON, the parameters value does not have any \n in it!
When viewing key (decrypted) on the EC2 console, I can see the \n.
Here is the aws --version:
aws-cli/1.11.84 Python/2.7.12 Linux/4.4.51-40.58.amzn1.x86_64 botocore/1.5.47

@JordonPhillips
Copy link
Member

@JordonPhillips JordonPhillips commented May 11, 2017

So to clarify, you've got an RSA key that looks like this:

-----BEGIN RSA PRIVATE KEY-----
randombytes
morebytes
-----END RSA PRIVATE KEY-----

And it's coming back like this:

-----BEGIN RSA PRIVATE KEY-----randombytesmorebytes-----END RSA PRIVATE KEY-----
@fundkis
Copy link
Author

@fundkis fundkis commented May 11, 2017

Actually, '\n' are replaced by ' '. So It's coming like this:
-----BEGIN RSA PRIVATE KEY----- randombytes morebytes -----END RSA PRIVATE KEY-----

@JordonPhillips
Copy link
Member

@JordonPhillips JordonPhillips commented May 11, 2017

How are you submitting the key? I found that if I paste the key into the console I can reproduce the error, but if I submit it via boto3 or the cli it comes back as expected.

@JordonPhillips
Copy link
Member

@JordonPhillips JordonPhillips commented May 11, 2017

I've forwarded this issue on to the service team

@fundkis
Copy link
Author

@fundkis fundkis commented May 12, 2017

I copy-pasted the key on the console... I'll submit it with the cli to avoid this problem.
Thank you Jordon.

@jeremykoerber
Copy link

@jeremykoerber jeremykoerber commented Mar 5, 2018

I'm having the same problem. Pasting into the console will end up stripping the newlines. I use the Ruby SDK from the CLI to get around it. But it would be great to have the console work as expected.

@dawilliams
Copy link

@dawilliams dawilliams commented Apr 12, 2018

@jeremykoerber how are you manipulating your file in ruby to send it to parameter store. I’m trying to work around this issue too

@sruehlmann
Copy link

@sruehlmann sruehlmann commented Oct 24, 2018

Can this be re-opened as we are still observing this behaviour with aws cli as well as the javascript sdk

@misterkbar
Copy link

@misterkbar misterkbar commented Oct 30, 2018

happens with BOTO3 also. This is ultra annoying, why are you doing this?!?!?!

@goatandsheep
Copy link

@goatandsheep goatandsheep commented Nov 2, 2018

They should replace their <input> with a <textarea>

@jiabiao
Copy link

@jiabiao jiabiao commented Dec 13, 2018

Can this be re-opened as we are still observing this behaviour with aws cli as well as the dotnet sdk

@angeloskyratzakos
Copy link

@angeloskyratzakos angeloskyratzakos commented May 7, 2019

Take a look here: https://blog.rubiconred.com/removing-ssh-pem-files-from-jump-boxes-in-aws-part-2-getting-it-working/
The proposed solution is:
aws ssm get-parameters --name /example/example.pem --with-decryption --query "Parameters[*].{Value:Value}" --region ap-southeast-2 --output text

@EspadaV8
Copy link

@EspadaV8 EspadaV8 commented Jun 5, 2019

Also had this issue, we're looking at base64-ing the key into SSM and then decoding it when we need to use it, since that will keep new lines. A bit of a dirty hack but should work.

@juhasev
Copy link

@juhasev juhasev commented Jan 11, 2020

Seems to be an issue still. You should to be able to store RSA keys from cloud formation without issues. It would be nice if this would get fixed finally!

@MikeWhittakerRyff
Copy link

@MikeWhittakerRyff MikeWhittakerRyff commented May 4, 2020

Is this an issue of JSON character escaping ? "\n" needs escaping !
see https://tools.ietf.org/html/rfc7159#section-8.1

"The representation of strings is similar to conventions used in the C
family of programming languages. A string begins and ends with
quotation marks. All Unicode characters may be placed within the
quotation marks, except for the characters that must be escaped:
quotation mark, reverse solidus, and the control characters (U+0000
through U+001F)."

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet