From c79b719f99fb2583e337a4f1af3dc913d5f2949c Mon Sep 17 00:00:00 2001
From: Rico Huijbers <huijbers@amazon.com>
Date: Thu, 31 May 2018 14:56:19 +0200
Subject: [PATCH] Remove region, use NodeJS instead of Python to pick apart the
 JSON

---
 sign.sh | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/sign.sh b/sign.sh
index f7498117650a4..d409663abe09f 100755
--- a/sign.sh
+++ b/sign.sh
@@ -8,7 +8,6 @@ if [[ "${2:-}" == "" ]]; then
     exit 1
 fi
 
-
 tmpdir=$(mktemp -d)
 trap "shred $tmpdir/* && rm -rf $tmpdir" EXIT
 
@@ -16,11 +15,16 @@ SECRET=CDK/$1/SigningKey
 
 # Use secrets manager to obtain the key and passphrase into a JSON file
 echo "Retrieving key $SECRET..." >&2
-aws --region us-east-1 secretsmanager get-secret-value --secret-id "$SECRET" --output text --query SecretString > $tmpdir/secret.txt
-passphrase=$(python -c "import json; print(json.load(file('$tmpdir/secret.txt'))['Passphrase'])")
+aws secretsmanager get-secret-value --secret-id "$SECRET" --output text --query SecretString > $tmpdir/secret.txt
+
+value-from-secret() {
+    node -e "console.log(JSON.parse(require('fs').readFileSync('$tmpdir/secret.txt', { encoding: 'utf-8' })).$1)"
+}
+
+passphrase=$(value-from-secret Passphrase)
 
 echo "Importing key..." >&2
-gpg --homedir $tmpdir --import <(python -c "import json; print(json.load(file('$tmpdir/secret.txt'))['PrivateKey'])")
+gpg --homedir $tmpdir --import <(value-from-secret PrivateKey)
 
 while [[ "${2:-}" != "" ]]; do
     echo "Signing $2..." >&2