Reputation: 19862
How to set multiline RSA private key environment variable for AWS Elastic Beans
I am deploying a Ruby on Rails application to AWS using Elastic Beanstalk and have to set a private key as an environment variable
E.g
-----BEGIN RSA PRIVATE KEY-----
SpvpksXQIBA65ICOgQxV2TvMIICAiMeV9prhdJSKjjsk2
tYdz8lhn/ibROQW71utuHLAyHGMBxz3kIaaIq1kjdkkk
tYdz8lhn/ibROQW71utuHLAyHGMBxz3kIaaIq1kjdkkk
tYdz8lhn/ibROQW71utuHLAyHGMBxz3kIaaIq1kjdkkk
tYdz8lhn/ibROQW71utuHLAyHGMBxz3kIaaIq1kjdkkk
-----END RSA PRIVATE KEY-----
However this doesn't seem to work when deploying the app as it always fails with a
OpenSSL::PKey::RSAError: Neither PUB key nor PRIV key: nested asn1 error
I think it's because the RSA Key is malformed.
However unlike in Heroku, AWS EB does not accept multiline input (see below) so I have to use \n to create new lines.
I tried with few different styles but none of them seem to interpolate the \n properly and I always keep getting the same error.
I've tried with \n and the end of each line, then \\n and also tried tried double quotes \" to wrap the key but I still keep getting the same error.
How do I properly set a multiline environment variable in AWS Elastic Beanstalk ?
Upvotes: 20
Views: 14798
Answers (4)
Reputation: 917
You can transform your private key in a base64, then you store that base64 as environment variable. When needed you decode this variable.
in unix:
$ base64 path/to/your/private_key_file
in your application:
def private_key
Base64.decode64(ENV['PRIVATE_KEY'])
end
Upvotes: 13
Reputation: 71
In I had the same problem with Golang and the elastic beanstalk, I did this went to AWS console and set the value like this:
-----BEGIN RSA PRIVATE KEY-----\nSpvpksXQIBA65ICOgQxV2TvMIICAiMeV9prhdJSKjjsk2\ntYdz8lhn/ibROQW71utuHLAyHGMBxz3kIaaIq1kjdkkk\ntYdz8lhn/ibROQW71utuHLAyHGMBxz3kIaaIq1kjdkkk\ntYdz8lhn/ibROQW71utuHLAyHGMBxz3kIaaIq1kjdkkk\ntYdz8lhn/ibROQW71utuHLAyHGMBxz3kIaaIq1kjdkkk\n-----END RSA PRIVATE KEY-----
inside my code
key := os.Getenv("PUSH_AUTH_KEY")
key = strings.Replace(key, `\n`, "\n", 5)
Upvotes: 4
Reputation: 880
You need to 'export' your multiline string, e.g., your private or public key into the environment correctly.
Enclose in your shell export statement $'.....' where ...... is your multiline string, e.g., your private or public key.
Example:
export KEY = $'-----BEGIN RSA PRIVATE KEY-----\nSpvpksXQIBA65ICOgQxV2TvMIICAiMeV9prhdJSKjjsk2tYdz8lhn/ibROQW71utuHLAyHGMBxz3kIaaIq1kjdkkktYdz8lhn/ibROQW71utuHLAyHGMBxz3kIaaIq1kjdkkktYdz8lhn/ibROQW71utuHLAyHGMBxz3kIaaIq1kjdkkktYdz8lhn/ibROQW71utuHLAyHGMBxz3kIaaIq1kjdkk\n-----END RSA PRIVATE KEY-----'
Upvotes: 1
Reputation: 5481
You could set it in EB using \n and then convert the '\n' to newlines before you pass it to config.key - something like this (note the single and double quotes in the call to gsub):
single_line_key = ENV.fetch('CLOUDFRONT_KEY')
multi_line_key = single_line_key.gsub('\n', "\n")
config.key = multi_line_key
Upvotes: 7
Related Questions
- How to Export a Multi-line Environment Variable in Bash/Terminal e.g: RSA Private Key
- How do I set different private keys for different environments for Elastic Beanstalk?
- AWS elastic beanstalk is not getting the environment variables
- How to generate a missing secret_key_base on AWS
- Elastic Beanstalk custom AMI can't see environment variables
- Unable to pass private key as an environment variable in AWS EB
- Generating Public/Backend Key for AWS ELB
- How to add multiple keys for elastic beanstalk instance?
- Elastic Beanstalk environment variables while SSH'd into instance
- Amazon ElasticBeanstalk: configure environment variable with newlines