-
Notifications
You must be signed in to change notification settings - Fork 11
/
aws-upload-keys.sh
executable file
·77 lines (64 loc) · 2.07 KB
/
aws-upload-keys.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
#!/bin/bash
#
# Copyright (c) 2021 AlertAvert.com. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# Author: Marco Massenzio (marco@alertavert.com)
set -eu
function usage {
echo "Usage: $(basename $0) KEY SECRET
KEY the path to the key pair to upload, WITHOUT extension
SECRET the name of the secret to create in AWS Secrets Manager
This script uploads a key pair named 'KEY.pem' and 'KEY.pub' to AWS Secrets Manager,
using the \$AWS_PROFILE env var to obtain the credentials and the region to upload to.
Use \$AWS_ENDPOINT to specify a custom endpoint for the Secrets Manager service, if not using
the default AWS endpoint (eg, when testing against a localstack container, you can use
http://localhost:4566).
The pair can be generated using the keygen.sh script.
Requires the aws binary CLI (https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)
"
}
KEY=${1:-}
SECRET=${2:-}
ENDPOINT_URL=""
if [[ -z ${KEY} || -z ${SECRET} || ${1:-} == "-h" ]]; then
usage
exit 1
fi
if [[ -z $(which aws) ]]
then
usage
echo "ERROR: This script requires the aws CLI to upload the keys to Secrets Manager"
exit 1
fi
if [[ -n ${AWS_ENDPOINT:-} ]]; then
ENDPOINT_URL="--endpoint-url ${AWS_ENDPOINT}"
fi
PRIV=${KEY}.pem
PUB=${KEY}.pub
if [[ ! -f ${PRIV} || ! -f ${PUB} ]]; then
usage
echo "ERROR: Cannot find ${PRIV} and/or ${PUB} keys"
exit 1
fi
out=$(mktemp /tmp/secret-XXXXXXXX.tmp)
cat <<EOF >$out
{
"priv": "$(while read -r line; do if [[ ! ${line} =~ ^----- ]]; \
then echo -n ${line}; fi; done < ${PRIV})",
"pub": "$(while read -r line; do [[ ${line} =~ ^----- ]] || echo -n ${line}; \
done < ${PUB})"
}
EOF
set +e
res=$(aws ${ENDPOINT_URL} secretsmanager create-secret --name ${SECRET} --output json \
--description "Elliptic Cryptography Keypair generated by the $(basename $0) script" \
--secret-string file://${out})
if [[ $? != 0 ]]
then
echo "[ERROR] Failed to upload ${SECRET}: keys have kept behind in ${out}"
exit 1
fi
arn=$(echo ${res} | jq -r '.ARN')
rm $out
echo "${arn}"