我正试图在AWS Secrets Manager中上传一个秘密。文件的格式为
{
"privateKeyPassword": "testpassword",
"certificate": "-----BEGIN CERTIFICATE-----
MIIE5DCCAsygAwIBAgIRAPJdwaFaNRrytHBto0j5BA0wDQYJKoZIhvcNAQELBQAw
...
j0Lh4/+1HfgyE2KlmII36dg4IMzNjAFEBZiCRoPimO40s1cRqtFHXoal0QQbIlxk
cmUuiAii9R0=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFgjCCA2qgAwIBAgIQdjNZd6uFf9hbNC5RdfmHrzANBgkqhkiG9w0BAQsFADBb
...
rQoiowbbk5wXCheYSANQIfTZ6weQTgiCHCCbuuMKNVS95FkXm0vqVD/YpXKwA/no
c8PH3PSoAaRwMMgOSA2ALJvbRz8mpg==
-----END CERTIFICATE-----",
"privateKey": "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFKzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUiAFcK5hT/X7Kjmgp
...
QrSekqF+kWzmB6nAfSzgO9IaoAaytLvNgGTckWeUkWn/V0Ck+LdGUXzAC4RxZnoQ
zp2mwJn2NYB7AZ7+imp0azDZb+8YG2aUCiyqb6PnnA==
-----END ENCRYPTED PRIVATE KEY-----"
}
这与这里的文档完全匹配。但当我运行lambda函数时,我在配置中遇到了一个错误:
Last processing result: PROBLEM: Certificate and/or private key must be in PEM format.
我认为加密的密钥是问题所在,我需要在密钥中添加私钥密码。我不知道该怎么做,或者这是否是问题所在?我该如何纠正?
正确的格式是格式良好的JSON,PEM值中的每条换行符都应替换为n
字符,如下所示:
{
"privateKeyPassword": "testpassword",
"certificate": "-----BEGIN CERTIFICATE-----nMIIE5DCCAsygAwIBAgIRAPJdwaFaNRrytHBto0j5BA0wDQYJKoZIhvcNAQELBQAwn...nj0Lh4/+1HfgyE2KlmII36dg4IMzNjAFEBZiCRoPimO40s1cRqtFHXoal0QQbIlxkncmUuiAii9R0=n-----END CERTIFICATE-----",
"privateKey": "-----BEGIN ENCRYPTED PRIVATE KEY-----nMIIFKzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUiAFcK5hT/X7Kjmgpn...nQrSekqF+kWzmB6nAfSzgO9IaoAaytLvNgGTckWeUkWn/V0Ck+LdGUXzAC4RxZnoQnzp2mwJn2NYB7AZ7+imp0azDZb+8YG2aUCiyqb6PnnA==n-----END ENCRYPTED PRIVATE KEY-----"
}
请参阅https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-ranger-tls-certificates.html
只需在AWS Secret Manger的Plaintext选项卡中粘贴密钥即可。要检索它,这将起作用:
aws secretsmanager获取secret值--secret id secretName--查询"SecretString"--输出文本