AWS CLI Secrets Manager 创建密钥
[英]AWS CLI Secrets Manager Create Secret
问题描述
I want to create a new secret in Secrets Manager.
我想在 Secrets Manager 中创建一个新密钥。 The secret needs to be a key/value pair.秘密需要是键/值对。 When I create the secret using the CLI it is stored as plaintext instead of as a key/value pair:当我使用 CLI 创建密钥时,它存储为纯文本而不是键/值对:
aws secretsmanager create-secret --name github/oauthtoken \
--description "GitHub OAuth Token" \
--secret-string file:///tmp/github_oauth.json
github_oauth.json github_oauth.json
[
{
"Key": "oauth_token",
"Value": "MYOAUTHTOKEN"
}
]
When I attempt to resolve the secret in CloudFormation I'm getting an error:当我尝试解析 CloudFormation 中的密钥时,出现错误:
Secrets Manager can?t find the specified secret.
When I access the secret in the Secrets Manager UI the secret is in plaintext with an error under Secret key/value:当我在 Secrets Manager UI 中访问秘密时,秘密是明文,在秘密键/值下有错误:
The secret value can't be converted to key name and value pairs
How can I create a secret in Secrets Manager stored as a key/value pair?如何在 Secrets Manager 中创建存储为键/值对的密钥?
2 个解决方案
解决方案1
6 2020-09-29 05:58:22
I have tried in this way:我试过这种方式:
aws secretsmanager create-secret --name github/oauthtoken aws secretsmanager create-secret --name github/oauthtoken
--description "GitHub OAuth Token" --description "GitHub OAuth 令牌"
--secret-string '{"oauth_token":"MYOAUTHTOKEN"}' --region us-east-1 --secret-string '{"oauth_token":"MYOAUTHTOKEN"}' --region us-east-1
解决方案2
3 2019-05-01 17:40:21
The SecretsManager console and the SecretsManager-CloudFormation integration default to treating the SecretString as a JSON object, as you correctly discovered.正如您正确发现的那样,SecretsManager 控制台和 SecretsManager-CloudFormation 集成默认将 SecretsString 视为 JSON 对象。
The console parses this JSON and shows you key/value pairs.控制台解析此 JSON 并向您显示键/值对。 In CloudFormation, you can use dynamic reference to fetch individual JSON values when the SecretString is a JSON object.在 CloudFormation 中,当 SecretString 是 JSON 对象时,您可以使用动态引用来获取单个 JSON 值。
This, of course, does not force you to use key/value pairs in your SecretString.当然,这并不强制您在 SecretString 中使用键/值对。 You can have any freetext in there and view it in the console under the "Plaintext" tab.你可以在那里有任何自由文本,并在“纯文本”选项卡下的控制台中查看它。 In CloudFormation, you can use dynamic references to reference the entire SecretString and avoid parsing it as JSON.在 CloudFormation 中,您可以使用动态引用来引用整个 SecretString 并避免将其解析为 JSON。
You can also create secrets through CloudFormation that are key/value pairs or free text, along with setting up resource policies, rotation, etc.您还可以通过 CloudFormation 创建密钥/值对或自由文本密钥,以及设置资源策略、轮换等。
Refs -参考 -
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html#dynamic-references-secretsmanager https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html#dynamic-references-secretsmanager
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secret.html https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secret.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.