如何使用python从AWS中存储在Secrets manager中的私钥生成OpenSSH RSA密钥?
我有以下代码,生成putty生成并存储在AWS secret manager中的密钥的公共和私有行的json:如何使用python从AWS中存储在Secrets manager中的私钥生成OpenSSH RSA密钥?,python,rsa,openssh,aws-secrets-manager,Python,Rsa,Openssh,Aws Secrets Manager,我有以下代码,生成putty生成并存储在AWS secret manager中的密钥的公共和私有行的json: import boto3 import base64 from botocore.exceptions import ClientError def get_secret(): secret_name = "Server/Name" region_name = "us-west-1" # Create a Secrets
import boto3
import base64
from botocore.exceptions import ClientError
def get_secret():
secret_name = "Server/Name"
region_name = "us-west-1"
# Create a Secrets Manager client
session = boto3.session.Session()
client = session.client(
service_name='secretsmanager',
region_name=region_name
)
# In this sample we only handle the specific exceptions for the 'GetSecretValue' API.
# See https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
# We rethrow the exception by default.
try:
get_secret_value_response = client.get_secret_value(
SecretId=secret_name
)
except ClientError as e:
if e.response['Error']['Code'] == 'DecryptionFailureException':
# Secrets Manager can't decrypt the protected secret text using the provided KMS key.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
elif e.response['Error']['Code'] == 'InternalServiceErrorException':
# An error occurred on the server side.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
elif e.response['Error']['Code'] == 'InvalidParameterException':
# You provided an invalid value for a parameter.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
elif e.response['Error']['Code'] == 'InvalidRequestException':
# You provided a parameter value that is not valid for the current state of the resource.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
elif e.response['Error']['Code'] == 'ResourceNotFoundException':
# We can't find the resource that you asked for.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
else:
# Decrypts secret using the associated KMS CMK.
# Depending on whether the secret is a string or binary, one of these fields will be populated.
if 'SecretString' in get_secret_value_response:
secret = get_secret_value_response['SecretString']
else:
decoded_binary_secret = base64.b64decode(get_secret_value_response['SecretBinary'])
return json.loads(secret)
key = get_secret()
print(key)
{'Key': 'PuTTY-User-Key-File-2: ssh-rsa Encryption: none Comment: rsa-key-20200608 Public-Lines: 6 AAAAB3NzaC1yc2EAAAABJQAAAQEA9CfhCMQOh0OCjzQsgpceJwklTtKJYOZLpl02 ********publicLines*********
Private-Lines: 14 r1ePzc1522MZrfWYn3t7sBhLWA26jqMTWeqSkflnW1MMGay8fpkiTpVZPnX7Oe5L +hgkHZSJDgyzHpkA22XqQgi6uAfK7lugTCkYfq3n4xVU3U+ CzNr+kuMxNRoJBOyU ********privateLines*********'}
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQCtCnvOu+3qxh+mGvejBMsAVDVA/c8C4su1M6q0xPFISwHOQsmP
k3AE2pjwKHOsa0IqxPG39EKrdYhBHB5geMQv3httLIoXzj0oxMEIEhqZ2AgA378D
Qtky91WcZE67KpmWDOXG95FCBZj7PX7XbdwR+Uk4kLhE2Z6vkWDe7st8rQIDAQAB
AoGAakmZOKfogJ/HiuDfoQttobsXpt7/i7dBBwFAZp7d0dj4t/gAFKesU97tt/4w
5wRO9TRZgPORC/46fjvGUN19KyHs3JRhiYrsKVnJNBBpAG1+9pBi+avPR9sxBKG7
HWiSXKRRCddwWpDuyMrzyre+k+mAtulbF6kecBIrSfEBg6ECQQC+Hht9S93CMmiy
YKUiBwMhvbMoYukGGIhB3WSZK28PvYadV2uVAHYCxGq2U1ULJwHWac5OMDzR+J4y
MuxlJT5I0Y4fr4qgkQJARWfPg+l7jPj1csj56r2e1cxhYqamU6rNP3PHjKdzJ5zK
eS87SRFybqd578kFEdfaR+CesRKzXswfDTKoM77wnQ==
-----END RSA PRIVATE KEY-----
您可以将已经编码的密钥存储为字符串,而不使用JSON包装它们。请参阅存储私钥的示例。您可以将已编码的密钥存储为字符串,而不将其包装为JSON。请参见存储私钥的示例