Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws ssm get-parameters --with-decryption removes \n from returned value #2596

Closed
fundkis opened this issue May 11, 2017 · 15 comments
Closed

aws ssm get-parameters --with-decryption removes \n from returned value #2596

fundkis opened this issue May 11, 2017 · 15 comments
Labels
closing-soon This issue will automatically close in 4 days unless further comments are made. guidance Question that needs advice or information. service-api This issue is due to a problem in a service API, not the SDK implementation.

Comments

@fundkis
Copy link

fundkis commented May 11, 2017

We saved a private RSA key encrypted in the parameter store.
we use iam roles to retrieve it with the following instruction:
aws ssm get-parameters --with-decryption --names our-parameter-name
In the returned JSON, the parameters value does not have any \n in it!
When viewing key (decrypted) on the EC2 console, I can see the \n.
Here is the aws --version:
aws-cli/1.11.84 Python/2.7.12 Linux/4.4.51-40.58.amzn1.x86_64 botocore/1.5.47
@JordonPhillips
Copy link
Member

So to clarify, you've got an RSA key that looks like this:

-----BEGIN RSA PRIVATE KEY-----
randombytes
morebytes
-----END RSA PRIVATE KEY-----

And it's coming back like this:

-----BEGIN RSA PRIVATE KEY-----randombytesmorebytes-----END RSA PRIVATE KEY-----

@JordonPhillips JordonPhillips added api-question closing-soon This issue will automatically close in 4 days unless further comments are made. labels May 11, 2017
@fundkis
Copy link
Author

fundkis commented May 11, 2017

Actually, '\n' are replaced by ' '. So It's coming like this:
-----BEGIN RSA PRIVATE KEY----- randombytes morebytes -----END RSA PRIVATE KEY-----

@JordonPhillips JordonPhillips added investigating This issue is being investigated and/or work is in progress to resolve the issue. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels May 11, 2017
@JordonPhillips
Copy link
Member

How are you submitting the key? I found that if I paste the key into the console I can reproduce the error, but if I submit it via boto3 or the cli it comes back as expected.

@JordonPhillips JordonPhillips added closing-soon This issue will automatically close in 4 days unless further comments are made. and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. labels May 11, 2017
@JordonPhillips
Copy link
Member

I've forwarded this issue on to the service team

@fundkis
Copy link
Author

fundkis commented May 12, 2017

I copy-pasted the key on the console... I'll submit it with the cli to avoid this problem.
Thank you Jordon.

@chgangaraju chgangaraju mentioned this issue Aug 1, 2017
Closed
@coffeepac coffeepac mentioned this issue Feb 8, 2018
Closed
@jeremykoerber
Copy link

I'm having the same problem. Pasting into the console will end up stripping the newlines. I use the Ruby SDK from the CLI to get around it. But it would be great to have the console work as expected.

@dawilliams
Copy link

@jeremykoerber how are you manipulating your file in ruby to send it to parameter store. I’m trying to work around this issue too

@sruehlmann
Copy link

Can this be re-opened as we are still observing this behaviour with aws cli as well as the javascript sdk

@misterkbar
Copy link

happens with BOTO3 also. This is ultra annoying, why are you doing this?!?!?!

@goatandsheep
Copy link

They should replace their <input> with a <textarea>

@jiabiao
Copy link

jiabiao commented Dec 13, 2018

Can this be re-opened as we are still observing this behaviour with aws cli as well as the dotnet sdk

@diehlaws diehlaws added guidance Question that needs advice or information. service-api This issue is due to a problem in a service API, not the SDK implementation. and removed api-question labels Jan 4, 2019
@angeloskyratzakos
Copy link

Take a look here: https://blog.rubiconred.com/removing-ssh-pem-files-from-jump-boxes-in-aws-part-2-getting-it-working/
The proposed solution is:
aws ssm get-parameters --name /example/example.pem --with-decryption --query "Parameters[*].{Value:Value}" --region ap-southeast-2 --output text

@EspadaV8
Copy link

EspadaV8 commented Jun 5, 2019

Also had this issue, we're looking at base64-ing the key into SSM and then decoding it when we need to use it, since that will keep new lines. A bit of a dirty hack but should work.

@juhasev
Copy link

juhasev commented Jan 11, 2020

Seems to be an issue still. You should to be able to store RSA keys from cloud formation without issues. It would be nice if this would get fixed finally!

@MikeWhittakerRyff
Copy link

Is this an issue of JSON character escaping ? "\n" needs escaping !
see https://tools.ietf.org/html/rfc7159#section-8.1

"The representation of strings is similar to conventions used in the C
family of programming languages. A string begins and ends with
quotation marks. All Unicode characters may be placed within the
quotation marks, except for the characters that must be escaped:
quotation mark, reverse solidus, and the control characters (U+0000
through U+001F)."

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
closing-soon This issue will automatically close in 4 days unless further comments are made. guidance Question that needs advice or information. service-api This issue is due to a problem in a service API, not the SDK implementation.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests