So, I have a .jks file that's currently being referred from a protected S3 bucket. How can I store it in AWS secrets manager? Do I need to convert it to any file format so I can add it to the 'Other type of secret' location?
I want it to be used by lambdas instead of using from S3 buckets.
Yes you can do that, maybe need to fiddle a bit around with IAM policy also, finally to make sure the file arrives as it is stored you can use dos2unix.
Then you can use UserData to download the secret on boot via aws cli. So that would be,
aws secretsmanager get-secret-value --secret-id <SecretName> --query SecretString --output text > <PreferableNameOfSecretInInstance>
dos2unix <yoursecret>
Just realized you want to use it in lambda, once you import the secret in SecretsManager AWS spits out code snippets for you to use in your lambda as is depending on the runtime(i.e., Go,Nodejs,Python)
Also add the following to the Secrets Resource Permission you can do this via the console,
{
"Version" : "2012-10-17",
"Statement" : [ {
"Effect" : "Allow",
"Principal" : {
"AWS" : [ "arn:aws:iam::123456789:role/<yourLambdaRole>"]
},
"Action" : "secretsmanager:GetSecretValue",
"Resource" : "*"
} ]
}
