- Newest
- Most votes
- Most comments
The best way is to use the multiline strings, """, around the outside of the parameter overrides. So for example:
parameter_overrides = [
"""Certificate="-----BEGIN CERTIFICATE-----
My-cert-content
-----END CERTIFICATE-----"""",
"""CertificatePrivateKey="-----BEGIN PRIVATE KEY-----
My-key-content
-----END PRIVATE KEY-----""""
]
Note you still need to escape newlines to prevent them being inserted into the multiline string if they cause problems.
Thanks a lot @skinsman. Will test and confirm soon.
To provide multi-line strings in the TOML file i would expect (not tested) that you just need to use \n
and escape them correctly in the strings within your TOML.
However, whilst this might allow you to solve what you are trying to do i would suggest it might be worth considering a different approach in this case as the string you are trying to pass is a certificate and therefore could be considered "sensitive data" so providing it in "clear text" in the TOML might not be a good idea.
May i suggest an alternative?
Create a new Secret within AWS Secrets Manager and store the certificate in there. Then in your template you can refer to the Secret instead of using a mutliline string like this.
Thanks a lot for the quick response. However, let me provide some more details. I already tried with "\n" to handle the new line of the certificate in the toml, but it didn't work. It will be great if you could please try it once and provide the sample.
I agree that it is sensitive. But we put the SOPS encrypted (using KMS) certificate content in a yaml file and read it from there and want to import it into ACM using an automated mechanism like GitHub workflow. The person may not have access to Secret Manager to update it every time in case of a change. Hope it clarifies.
Multiline strings in TOML are similar to in Python: open with a triple double-quote """
and close with another; newlines inside will be kept. The initial new-line after the opening """
will be trimmed, or you can start the content immediately after it.
See the TOML spec for an example at https://toml.io/en/v1.0.0#string
Thank you James. But I tried this and got an error. Can you please help me with the below samconfig.toml format?
parameter_overrides = [
"Certificate="""-----BEGIN CERTIFICATE----- My-cert-content -----END CERTIFICATE-----"""",
"CertificatePrivateKey="""-----BEGIN PRIVATE KEY----- My-key-content -----END PRIVATE KEY-----"""" ]
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 6 months ago
I also just wanted to check that the private key you had included in that repo that you have linked to is not a valid private key? Or if it is i suggest you revoke it ASAP since it is now essentially in the public domain.