Created
August 30, 2019 05:29
-
-
Save TimothyJones/633c63b0a332692d85c518928ca20e5c to your computer and use it in GitHub Desktop.
Example script for putting KMS-encrypted parameters into SSM as plain strings
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -eu | |
| # (C) Timothy Jones | |
| # This function prints the usage | |
| function usage { | |
| { | |
| echo "Usage:" | |
| echo " ${BASH_SOURCE[0]} <NAME> <VALUE> <KEY_ID>" | |
| echo " NAME - the name of the SSM variable" | |
| echo " VALUE - the unencrypted secret" | |
| echo " KEY_ID - the key-id for the KMS CMK" | |
| } >&2 | |
| } | |
| # Confirm that there are at least two arguments | |
| if [ "$#" -lt 3 ]; then | |
| usage | |
| exit 1 | |
| fi | |
| # Confirm that we have the AWS cli | |
| if ! [ -x "$(command -v "aws")" ]; then | |
| echo "Error: The aws-cli is not on the path. Perhaps it is not installed?" | |
| exit 1 | |
| fi | |
| NAME=$1 | |
| VALUE=$2 | |
| KEY_ID=$3 | |
| aws ssm put-parameter \ | |
| --type String \ | |
| --name "$NAME" \ | |
| --value $(aws kms encrypt --output text --query CiphertextBlob --key-id "$KEY_ID" --plaintext "$VALUE") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment