转义字符传递JSON给AWS Secrets Manager时。

huangapple go评论179阅读模式
英文:

escaping characters when passing JSON to aws secretsmanager

问题

你的脚本似乎在引号的转义方面存在问题。为了修复这个问题,你可以尝试修改以下部分:

将这一行:

NEW_SECRET=`echo $EXISTING_SECRET $SECRET_STRING | jq  -s ''add tostring'`

更改为:

NEW_SECRET=$(echo "$EXISTING_SECRET $SECRET_STRING" | jq -s 'add' | jq -c .)

这应该能够正确地合并 JSON 字符串并确保正确的引号转义。希望这有助于解决你的问题。

英文:

I have tried to write a script that updates AWS secrets. Yes, the update-secret command already does this, but that will overwrite existing secrets instead of merging them w/ the new content.

For example, suppose my-environment/my-application/secrets has the following content:

{ "db_1_pwd": "secret"}

If I run my script, like this:

>> update_secret my-environment/my-application/secrets '{"db_2_pwd": "secreter"}'

I would expect the new content to be:

{ "db_1_pwd": "secret", "db_2_pwd": "secreter"}

Instead, the new content winds up being this (unescaped) string:

"{\"db_1_pwd\":\"secret\",\"db_2_pwd\":\"secreter\"}"

Here is my script:

#!/bin/sh

SECRET_ID=$1
SECRET_STRING=$2

EXISTING_SECRET=`aws secretsmanager get-secret-value --secret-id $SECRET_ID | jq '.SecretString | fromjson'`
NEW_SECRET=`echo $EXISTING_SECRET $SECRET_STRING | jq  -s 'add tostring'`

echo $NEW_SECRET  # this is printed out for debug purposes

aws secretsmanager put-secret-value --secret-id $SECRET_ID --secret-string $NEW_SECRET

Note that it does print out "{\"db_1_pwd\":\"secret\",\"db_2_pwd\":\"secreter\"}" in the echo statement and if I type this on the command line:

>> aws secretsmanager put-secret-value --secret-id my-environment/my-application/secrets --secret-string "{\"db_1_pwd\":\"secret\",\"db_2_pwd\":\"secreter\"}"

it works.

Clearly the script is having issues w/ escaping the quotation marks. Any suggestions on how to fix this?

(It's probably something to do w/ bash as opposed to AWS)

答案1

得分: 3

以下脚本对我有用:

#!/bin/sh

SECRET_ID=$1
SECRET_STRING=$2
EXISTING_SECRET=`aws secretsmanager get-secret-value --secret-id $SECRET_ID | jq '.SecretString | fromjson'`
NEW_SECRET=`echo "$EXISTING_SECRET $SECRET_STRING" | jq  -s add`
aws secretsmanager put-secret-value --secret-id $SECRET_ID --secret-string "$NEW_SECRET"
英文:

Following script worked for me :

#!/bin/sh

SECRET_ID=$1
SECRET_STRING=$2
EXISTING_SECRET=`aws secretsmanager get-secret-value --secret-id $SECRET_ID | jq '.SecretString | fromjson'`
NEW_SECRET=`echo "$EXISTING_SECRET $SECRET_STRING" | jq  -s add`
aws secretsmanager put-secret-value --secret-id $SECRET_ID --secret-string "$NEW_SECRET"

huangapple
  • 本文由 发表于 2020年1月7日 00:27:44
  • 转载请务必保留本文链接:https://go.coder-hub.com/59615607.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定