How to set a binary secret value from the CLI for AWS Secrets Manager

Question

How do I set a binary value on a secret in AWS Secrets Manager using the CLI?

--secret-binary (blob)

(Optional) Specifies binary data that you want to encrypt and store in the new version of the secret. To use this parameter in the command-line tools, we recommend that you store your binary data in a file and then use the appropriate technique for your tool to pass the contents of the file as a parameter.

I have tried the following:

$ V=$(cat mykeystore.jks)
$ aws secretsmanager put-secret-value --secret-id xxx --secret-binary "$V"
'utf8' codec can't decode byte 0xfe in position 0: invalid start byte

score 15 · Accepted Answer · answered Apr 28 '20 at 11:06

15

Found it:

aws secretsmanager put-secret-value --secret-id xxx --secret-binary fileb://mykeystore.jks

answered Apr 28 '20 at 11:06

Rich

704
14
30

thank you for your answer. – Andre Leon Rangel Oct 08 '20 at 01:18
the `fileb://` part is gold. – harmanjd Sep 09 '22 at 23:37

score 7 · Answer 2 · answered Dec 13 '21 at 16:57

The self-authored answer from OP covers how to set the value of an existing secret to a file binary. I wanted to add the way to use a file binary when creating an entirely new secret:

aws secretsmanager create-secret --name xxx --secret-binary fileb://mykeystore.jks

How to set a binary secret value from the CLI for AWS Secrets Manager

2 Answers2