Amazon web services - Secret can't be converted into key names and value pairs

user3561229
June 6, 2023
270 views
0 votes
2 Answers

While creating a secret using python embedding in bash, I am getting ‘AWS Secret can’t be converted into key names and value pairs’. Firstly wrote all in bash using aws cli command where I was also getting this error then read in one of the articles to use json.dumps function of python which also doesn’t work. Any ideas. Please see code and image below.

Note:

It work with short string "hello: world", but with a long string (key and /or csr) it gives aforementioned error.

Moreover, key values are there in a plain text but not in Key/value section is what an issue is.

cat << EOF > pyscript.py
#!/usr/bin/python3 -tt
import json
import boto3    

client = boto3.client('secretsmanager')
key_info = json.dumps([{"csr":"""$csr"""},{"config":"""$config"""},{"PrivateKey":"""$prvpem"""}])
response = client.create_secret(
    Name='marw',
    KmsKeyId='alias/SecretsMgr',
    SecretString=key_info
)
print(response)
EOF

chmod 770 pyscript.py
./pyscript.py

printf "This is BASH againn"

Tried AWS cli as given below with the same issue. Key pairs are entered in plaintext but not in key/value section

export prvpem=`cat ${keyfile}`
export csr=`cat ${csrfile}`
export config=`cat ${key_algorithm}-$line.cfn`
# echo  -e "${BLU}${prvpem}${WHT}"
aws secretsmanager create-secret --name marwahas51 
    --description "Values for this environments wildcard certifcate in ACM" 
    --secret-string "{"Privatekey":"$prvpem","csr":"$csr","config":"$config"}" 
    --kms-key-id "alias/SecretsMgr" 
   --tags "Key=Environment,Value=Dev"

Edit:
Scenario 1
When string is –secret-string ‘{"Privatekey": "$prvpem"}’
Output is:

Scenario 2

When string is

--secret-string "{"Privatekey":"$prvpem"}"

Output is:

Answers

Chosen as BEST ANSWER
- user3561229
- June 6, 2023 at 5:11 am
- 0 votes
0
Thankyou @johnRotenstein and @kichik.

I tried to play around strings and escape characters, but nothing worked. When @kichik mentioned "You can't have new lines in the middle of a JSON string", then I thought of encoding key, csr and config file to base 64 which will be all alphanumeric characters, which finally worked. When I read any of the files back, I will decode a string.
```
# Encode private key, csr and confile file to base64 to save string as json in to ASM

base64_private_key=$(cat ${keyfile} |base64 -w0)
base64_csr=$(cat ${csrfile} |base64 -w0)
base64_config=$(echo ''${config1}'' |base64 -w0)

# echo "Command below on how to decode base64"
# echo ''${base64_private_key}'' |base64 --decode



# Create ASM and load base64 encoded private key, csr and confile file
aws secretsmanager create-secret --name <<name of a secret>> 
  --description "Values for this environments wildcard certifcate in ACM" 
  --secret-string "{"EncBase64Privatekey":"$base64_private_key","EncBase64CSR":"$base64_csr","EncBase64Config":"$base64_config"}" 
  --kms-key-id "alias/SecretsMgr" 
  --tags "Key=Environment,Value=Dev"

 
```

(Edit)

- JohnRotenstein
- June 4, 2023 at 1:35 am
- 0 votes
0
The boto3 documentation shows an example of how to provide the key/value pairs:
```
SecretString='{"username":"david","password":"EXAMPLE-PASSWORD"}',
```
Note that it is a single dictionary of values, not a list of dictionaries.

For the AWS CLI, try wrapping in single quotes with escape characters:
```
--secret-string '{"key": "value"}'
```
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

Amazon web services – Secret can't be converted into key names and value pairs

Answers