Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Remove region, use NodeJS instead of Python to pick apart the JSON
- Loading branch information
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -8,19 +8,23 @@ if [[ "${2:-}" == "" ]]; then | |
| exit 1 | ||
| fi | ||
|
|
||
| tmpdir=$(mktemp -d) | ||
| trap "shred $tmpdir/* && rm -rf $tmpdir" EXIT | ||
|
|
||
| SECRET=CDK/$1/SigningKey | ||
This comment has been minimized.
Sorry, something went wrong. |
||
|
|
||
| # Use secrets manager to obtain the key and passphrase into a JSON file | ||
| echo "Retrieving key $SECRET..." >&2 | ||
| aws secretsmanager get-secret-value --secret-id "$SECRET" --output text --query SecretString > $tmpdir/secret.txt | ||
|
|
||
| value-from-secret() { | ||
| node -e "console.log(JSON.parse(require('fs').readFileSync('$tmpdir/secret.txt', { encoding: 'utf-8' })).$1)" | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong. 
eladb
Contributor
|
||
| } | ||
|
|
||
| passphrase=$(value-from-secret Passphrase) | ||
|
|
||
| echo "Importing key..." >&2 | ||
| gpg --homedir $tmpdir --import <(value-from-secret PrivateKey) | ||
|
|
||
| while [[ "${2:-}" != "" ]]; do | ||
| echo "Signing $2..." >&2 | ||
|
|
||
1 comment
on commit c79b719
There was a problem hiding this comment.
Do we want to get Stephen to take a quick look?
Assign "$1" to a variable to improve readability