Skip to content

Calling AWS secrets manager with PowerShell PoSH #105

New issue
New issue
Open
Open
Calling AWS secrets manager with PowerShell PoSH#105
Milestone
Cloud Engineer
@asktechsupport

Description

@asktechsupport
asktechsupport
opened on Aug 21, 2024

To pull credentials from AWS Secrets Manager using PowerShell, you can use the AWS Tools for PowerShell, which provides cmdlets to interact with AWS services. Below is a step-by-step guide on how to retrieve credentials stored in AWS Secrets Manager.

Prerequisites

  1. AWS Tools for PowerShell: Ensure that the AWS Tools for PowerShell are installed. You can install them using the following command:
Install-Module -Name AWSPowerShell.NetCore -Force -AllowClobber
  1. AWS Credentials: Make sure you have configured your AWS credentials. You can do this using the AWS CLI or directly within the PowerShell session.

Steps to Retrieve Credentials from AWS Secrets Manager

  1. Import the AWS PowerShell Module
Import-Module AWSPowerShell.NetCore
  1. Retrieve a Secret from AWS Secrets Manager
    Use the Get-SECSecretValue cmdlet to retrieve the secret. Replace "your-secret-name" with the name of your secret.
# Retrieve the secret
$secretValue = Get-SECSecretValue -SecretId "your-secret-name"
# Parse the secret if it's stored as a JSON object
$secretObject = $secretValue.SecretString | ConvertFrom-Json
# Display the secret object or specific credentials
$secretObject
  1. Access Specific Credentials
    If your secret is stored as a JSON object with keys like username and password, you can access these values directly:
# Access specific credentials
$username = $secretObject.username
$password = $secretObject.password
# Output the credentials
Write-Host "Username: $username"
Write-Host "Password: $password"

Example Workflow

Assume you have a secret in AWS Secrets Manager named MyDatabaseCredentials that stores a JSON object like this:

{
   "username": "myDBUser",
   "password": "myDBPassword"
}

Your PowerShell script to retrieve and use these credentials would look like this:

# Import AWS PowerShell module
Import-Module AWSPowerShell.NetCore
# Retrieve the secret from AWS Secrets Manager
$secretValue = Get-SECSecretValue -SecretId "MyDatabaseCredentials"
# Parse the JSON string into a PowerShell object
$secretObject = $secretValue.SecretString | ConvertFrom-Json
# Extract the credentials
$username = $secretObject.username
$password = $secretObject.password
# Output the credentials (for demonstration purposes only)
Write-Host "Username: $username"
Write-Host "Password: $password"
# Use the credentials for further processing
# For example, connecting to a database, etc.

Important Notes

  • Security: Be mindful of where and how you output the credentials, especially in production environments. Avoid writing them to the console or logs unless necessary.
  • IAM Permissions: Ensure that the IAM role or user running this script has the necessary permissions to access the secret in AWS Secrets Manager.
    This script provides a straightforward way to securely retrieve and use credentials stored in AWS Secrets Manager using PowerShell.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    posh-iaac

    Status

    No status

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions