[英]How to generate SSH private key using AWS secret manager rotation for custom lambda function
我已经集成了 AWS 密钥管理器 (ASM),用于轮换 SSH 私钥。 一切正常。 我可以使用get-secret-value命令检索到的密钥值在我的 Linux 实例上 SSH 。
另外,我在 ruby 中创建了一个自定义 lambda function,用于旋转我的秘密(SSK 密钥),如下所示。
require 'json'
require 'aws-sdk-secretsmanager'
require 'base64'
def lambda_handler(event:, context:)
event['SecretId'] = "my-secret-id"
region = 'my-region'
arn = event['SecretId']
token = event['ClientRequestToken']
step = event['Step']
client = Aws::SecretsManager::Client.new(region: region)
metadata = client.describe_secret(secret_id: arn)
versions = metadata[:version_ids_to_stages]
if metadata[:rotation_enabled] == false
puts "Secret %s is not enabled for rotation" % arn
end
if step == "createSecret"
create_secret(client, arn, token)
elsif step == "setSecret"
set_secret(client, arn, token)
elsif step == "testSecret"
test_secret(client, arn, token)
elsif step == "finishSecret"
finish_secret(client, arn, token)
else
puts "Invalid step parameter"
create_secret(client, arn, token)
return
end
{ statusCode: 200, body: JSON.generate('Hello from Lambda!') }
end
def create_secret(client, arn, token)
client.get_secret_value(secret_id: arn, version_stage: "AWSCURRENT")
begin
client.get_secret_value(secret_id: arn, version_id: token, version_stage: "AWSPENDING")
puts "createSecret: Successfully retrieved secret for %s." % arn
rescue
puts "Not found secret with label AWSPENDING"
# Here I want to generate a new SSH key and encode it,
# For Database passwords rotation `client.get_random_password(password_length: "desired length", exclude_characters: "ExcludeCharactersType")` option is available, but for SSH I'm unable to find the generate method
end
end
如果有人知道如何在create_secret
方法中生成new ssh private key
,请指导我。 提前致谢。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.