Hello Readers!! In this blog, we will see how to create, get and delete secrets in the AWS parameter store using CLI. In my previous blog, we have seen what is AWS Parameter store and how we can create parameters using the AWS console. Follow the below blog for more information:
https://blog.knoldus.com/getting-started-with-aws-parameter-store/
Prerequisites:
- Install AWS CLI on your system. Follow the following blog for steps for installation:
https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
- Configure AWS CLI.
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html
Now, let’s get started with AWS CLI!!
Create parameter in Parameter store:
Use put-parameter to create and store a parameter in the AWS Parameter store. Below is the format for reference:
$ aws ssm put-parameter --name <name_of_parameter> --value <parameter_value> --type <type_of_parameter>
$ aws ssm put-parameter --name LINUX-AMI --value abcd12345 --type String
For verifying that everything is stored in the file use get-parameter. So, for pulling the parameter use the following format:
$ aws ssm get-parameter --name <name_of_parameter>
$ aws ssm get-parameter --name LINUX-AMI
We can now see the value. As this parameter is of type string. So, it is not encrypted.
What if we want to store a password or an API key which I do not want to reveal. So, for this use type as SecureString.
$ aws ssm put-parameter --name <name_of_parameter> --value <parameter_value> --type SecureString
$ aws ssm put-parameter --name Password --value mySecretPasswordhere --type SecureString
Now, if I want to get this parameter then it will not give me the actual value. It will provide parameter store value in encrypted format because it is of type SecureString. Use the following command for getting the value:
$ aws ssm get-parameter --name <name_of_parameter>
$ aws ssm get-parameter --name Password
If we want to get this value in decrypted format. Use the following command:
$ aws ssm get-parameter --name <name_of_parameter> –with-decryption
$ aws ssm get-parameter --name Password –with-decryption
Create Nested Parameter store:
Now, we will see how we can create a hierarchical parameter store or we can say nested parameter store. For this use the below command:
$ aws ssm put-parameter --name <nested_path_for_parameter> --value <parameter_value> --type SecureString
$ aws ssm put-parameter --name /myDb/MySQL/Db_password --value myDBSecretPasswordhere --type SecureString
We can see in the AWS console also:
It is created.
For getting parameters use the command:
$ aws ssm get-parameter --name /myDb/MySQL/Db_password
As its type is SecureString it is in an encrypted format.
Update the parameter value:
If I want to update the existing parameter value use –overwrite flag. It will create a new version of that parameter store. Use the below command for updating the value:
$ aws ssm put-parameter --name <name_of_parameter> --overwrite --value <parameter_new_value> --type String
$ aws ssm put-parameter --name LINUX-AMI --overwrite --value new_password --type String
Create a parameter in other tiers:
By default, any parameter is created in the standard tier. But If you want to create in the Advanced tier use:
$ aws ssm put-parameter --name <name_of_parameter> --value <parameter_value> --type <type> --tier Advanced
$ aws ssm put-parameter --name my_Password --value mySecretPasswordhere --type SecureString --tier Advanced
As you can see below advanced tier parameter in the AWS console:
Delete a parameter from the parameter store:
For deleting a parameter from the parameter store use the following command:
$ aws ssm delete-parameter --name my_Password
$ aws ssm delete-parameter --name my_Password
If I will try to get this parameter it will show ParameterNotFound.
We are all done now!!
Conclusion:
Thank you for sticking to the end. In this blog, we have learned how to create, get and delete secrets in the AWS parameter stores using CLI. This is really very quick and simple. I hope this blog helped you somewhere. If you like this blog, please share my blog and show your appreciation by giving thumbs-ups, and don’t forget to give me suggestions on how I can improve my future blogs that can suit your needs.
HAPPY LEARNING!