Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Creating a Secret with KeyMaterial KeyPair value in secretStringTemplate

See original GitHub issue

❓ General Issue

The Question

Hi !

Don’t know if it’s an issue but I’m creating a KeyPair with a CDK CustomResource & trying to put it in a Secret and I’ve a : Failed to parse SecretStringTemplate as JSON

Only for the KeyMaterial, wich is the Private Key like :

“KeyMaterial”: “-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAoWVCG…”

No pb with the other values, they are correctly insert in the Secret; here the code :

const KeyPair = new CustomResource.AwsCustomResource(...)

new secretsmanager.Secret(... , { ...
    generateSecretString: { ...
        secretStringTemplate: JSON.stringify({
          KeyMaterial: KeyPair.getResponseField('KeyMaterial'),
          KeyName: KeyPair.getResponseField('KeyName'),
          KeyPairId: KeyPair.getResponseField('KeyPairId'),
          KeyFingerprint: KeyPair.getResponseField('KeyFingerprint')
        }),

When I put (or not) the key in plaintext string in KeyMaterial: , it’s working.

Any ideas ?

Environment

CDK CLI Version: CDK Version: 1.35.0 (build e0810c8)
OS: all
Language: TypeScript

Other information

Issue Analytics

State:
Created 3 years ago
Comments:15 (7 by maintainers)

Top GitHub Comments

1reaction

njlynchcommented, Aug 14, 2020

Ah, now I see. You’re calling the “callback” versions of the SDK functions, which aren’t guaranteed to return prior to you returning from the function. Try this:

        case "Create":
            const keyPair = await ec2.createKeyPair(params).promise();
            responseData['PrivateKey'] = keyPair.KeyMaterial.replace(/\n/g, '\\n');
            responseData['KeyName'] = keyPair.KeyName;
            responseData['KeyPairId'] = keyPair.KeyPairId;
            responseData['KeyFingerprint'] = keyPair.KeyFingerprint;
            respond('SUCCESS','Create OK');
            return {
                PhysicalResourceId: id,
                Data: responseData
            };

Also, make sure your Lambda role has appropriate IAM policies to allow it to create key pairs.

0reactions

Cloudragecommented, Aug 14, 2020

Perfect, it’s working now 😃 Thanks again for your help @njlynch !

I’ve created a similar mecanism few years ago with Sceptre but in Python; now using CDK with TypeScript, let’s say it’s quite different ^^ I was at 2 fingers to reuse the Python code 😉

Top Results From Across the Web

Create an AWS Secrets Manager secret with AWS ...

This example creates a secret named CloudFormationCreatedSecret- a1b2c3d4e5f6 . The secret value is the following JSON, with a 32-character password that is ...

Best Practices Of Storing Encryption Keys in AWS Secrets ...

Normally, creation and retrieval of sensitive values from Secrets Manager is pretty straightforward. AWS has done a really good job in creating multiple...

How to add a key into an existing AWS::SecretsManager::Secret

First I create a AWS::SecretsManager::Secret and save there values that I will use as MasterUserPassword MasterUsername and DBName in AWS::RDS:: ...

AWS::SecretsManager::Secret - Amazon CloudFormation

The text to encrypt and store in the secret. We recommend you use a JSON structure of key/value pairs for your secret value....

AWS Secrets Manager - Working with Secrets - YouTube

AWS Secrets Manager allows you to protect secrets such as passwords, access keys, database connection strings, and licenses.