Creating a Secret with KeyMaterial KeyPair value in secretStringTemplate
See original GitHub issue❓ General Issue
The Question
Hi !
Don’t know if it’s an issue but I’m creating a KeyPair with a CDK CustomResource & trying to put it in a Secret and I’ve a : Failed to parse SecretStringTemplate as JSON
Only for the KeyMaterial, wich is the Private Key like :
“KeyMaterial”: “-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAoWVCG…”
No pb with the other values, they are correctly insert in the Secret; here the code :
const KeyPair = new CustomResource.AwsCustomResource(...)
new secretsmanager.Secret(... , { ...
generateSecretString: { ...
secretStringTemplate: JSON.stringify({
KeyMaterial: KeyPair.getResponseField('KeyMaterial'),
KeyName: KeyPair.getResponseField('KeyName'),
KeyPairId: KeyPair.getResponseField('KeyPairId'),
KeyFingerprint: KeyPair.getResponseField('KeyFingerprint')
}),
When I put (or not) the key in plaintext string in KeyMaterial: , it’s working.
Any ideas ?
Environment
- CDK CLI Version: CDK Version: 1.35.0 (build e0810c8)
- OS: all
- Language: TypeScript
Other information
Issue Analytics
- State:
- Created 3 years ago
- Comments:15 (7 by maintainers)
Top Results From Across the Web
Create an AWS Secrets Manager secret with AWS ...
This example creates a secret named CloudFormationCreatedSecret- a1b2c3d4e5f6 . The secret value is the following JSON, with a 32-character password that is ...
Read more >Best Practices Of Storing Encryption Keys in AWS Secrets ...
Normally, creation and retrieval of sensitive values from Secrets Manager is pretty straightforward. AWS has done a really good job in creating multiple...
Read more >How to add a key into an existing AWS::SecretsManager::Secret
First I create a AWS::SecretsManager::Secret and save there values that I will use as MasterUserPassword MasterUsername and DBName in AWS::RDS:: ...
Read more >AWS::SecretsManager::Secret - Amazon CloudFormation
The text to encrypt and store in the secret. We recommend you use a JSON structure of key/value pairs for your secret value....
Read more >AWS Secrets Manager - Working with Secrets - YouTube
AWS Secrets Manager allows you to protect secrets such as passwords, access keys, database connection strings, and licenses.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Ah, now I see. You’re calling the “callback” versions of the SDK functions, which aren’t guaranteed to return prior to you returning from the function. Try this:
Also, make sure your Lambda role has appropriate IAM policies to allow it to create key pairs.
Perfect, it’s working now 😃 Thanks again for your help @njlynch !
I’ve created a similar mecanism few years ago with Sceptre but in Python; now using CDK with TypeScript, let’s say it’s quite different ^^ I was at 2 fingers to reuse the Python code 😉