Below is my jenkins file, one of the purpose of this pipeline is fetching key files from ssm parameter and copies to a variable.
// Run CodeBuild on account
pipeline {
agent any
options {
ansiColor('xterm')
disableConcurrentBuilds()
}
stages {
stage('TEST') {
steps {
script {
// Getting SSM Parameters
withAWSParameterStore(
credentialsId: '1023564897565',
regionName: 'us-east-1',
recursive: true,
naming: 'relative',
path: '/ddc/pvs/ops1/ans-wer-tst/'
) {
SSH_PRIV_US_KEY = "${env.TLS_PRIVATE_KEY}"
}
withAWSParameterStore(
credentialsId: '1023564897565',
regionName: 'eu-west-1',
recursive: true,
naming: 'relative',
path: '/ddc/pvs/ops2/ans-wer-tst/'
) {
SSH_PRIV_EU_KEY = "${env.TLS_PRIVATE_KEY}"
}
}
wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[password: "${SSH_PRIV_US_KEY}", var: 'VALUE'],[password: "${SSH_PRIV_EU_KEY}", var: 'VALUE']]]) {
withAWS(role: "${DDC_CODEBUILD_PVS_ROLE}", roleAccount: "${DDC_PVS_AWS_ACCOUNT_ID}") {
awsCodeBuild(
projectName: "${DDC_CODEBUILD_PVS_OPS1_VPC}",
credentialsType: 'keys',
region: "us-east-1",
sourceControlType: 'jenkins',
buildSpecFile: "buildspec.yml",
imageOverride: "1023564897565.dkr.ecr.us-east-1.amazonaws.com/pvs-ops1-ecr-anr-0e47e200ddff4875:0.1",
privilegedModeOverride: 'True',
envVariables: """[
{ SSH_PRIV_US_KEY, ${SSH_PRIV_US_KEY} },
{ SSH_PRIV_EU_KEY, ${SSH_PRIV_EU_KEY} }
]"""
)
}
}
}
}
}
}
Below bash script copies the key that is stored in a variable(happened from jenkins file) to the file in container.
#!/bin/bash
###
### CodeBuild script
###
set -e
echo "Get SSH_PUB_KEY"
echo "Get SSH_PRIV_KEY"
#export SSH_PRIV_US_KEY SSH_PRIV_EU_KEY
mkdir -p ~/.ssh
touch ~/.ssh/id_rsa_us
touch ~/.ssh/id_rsa_eu
chmod 400 ~/.ssh/id_rsa_us
chmod 400 ~/.ssh/id_rsa_eu
echo ${SSH_PRIV_US_KEY} > ~/.ssh/id_rsa_us
echo ${SSH_PRIV_EU_KEY} > ~/.ssh/id_rsa_eu
Issues:
From jenkins output: Below is the jenkins output.
- The full key is assigned to the variable(SSH_PRIV_US_KEY and SSH_PRIV_EU_KEY)
- when pasting to the file, it doesn't paste the full key, it paste the partial key.
What I am doing wrong here?
> environment variables: [
{ SSH_PRIV_US_KEY, -----BEGIN RSA PRIVATE KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END RSA PRIVATE KEY-----
},
{ SSH_PRIV_EU_KEY, -----BEGIN RSA PRIVATE KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END RSA PRIVATE KEY-----
}
]
> image: 1023564897565.dkr.ecr.us-east-1.amazonaws.com/pvs-ops1-ecr-anr-0e47e200ddff4875:0.1
> privileged mode override: True
> build spec:
buildspec.yml
[AWS CodeBuild Plugin]
[AWS CodeBuild Plugin] 2021/01/29 06:12:14 Phase is DOWNLOAD_SOURCE
[AWS CodeBuild Plugin] 2021/01/29 06:12:14 CODEBUILD_SRC_DIR=/codebuild/output/src301168615/src
[AWS CodeBuild Plugin] 2021/01/29 06:12:14 YAML location is /codebuild/output/src301168615/src/buildspec.yml
[AWS CodeBuild Plugin] 2021/01/29 06:12:14 Processing environment variables
[AWS CodeBuild Plugin] 2021/01/29 06:12:14 Moving to directory /codebuild/output/src301168615/src
[AWS CodeBuild Plugin] 2021/01/29 06:12:14 Registering with agent
[AWS CodeBuild Plugin] 2021/01/29 06:12:14 Phases found in YAML: 1
[AWS CodeBuild Plugin] 2021/01/29 06:12:14 BUILD: 7 commands
[AWS CodeBuild Plugin] 2021/01/29 06:12:14 Phase complete: DOWNLOAD_SOURCE State: SUCCEEDED
[AWS CodeBuild Plugin] 2021/01/29 06:12:14 Phase context status code: Message:
[AWS CodeBuild Plugin] 2021/01/29 06:12:14 Entering phase INSTALL
[AWS CodeBuild Plugin] 2021/01/29 06:12:14 Phase complete: INSTALL State: SUCCEEDED
[AWS CodeBuild Plugin] 2021/01/29 06:12:14 Phase context status code: Message:
[AWS CodeBuild Plugin] 2021/01/29 06:12:15 Entering phase PRE_BUILD
[AWS CodeBuild Plugin] 2021/01/29 06:12:15 Phase complete: PRE_BUILD State: SUCCEEDED
[AWS CodeBuild Plugin] 2021/01/29 06:12:15 Phase context status code: Message:
[AWS CodeBuild Plugin] 2021/01/29 06:12:15 Entering phase BUILD
[AWS CodeBuild Plugin] 2021/01/29 06:12:15 Running command bash codebuild.sh
[AWS CodeBuild Plugin] Get SSH_PUB_KEY
[AWS CodeBuild Plugin] Get SSH_PRIV_KEY
[AWS CodeBuild Plugin] id_rsa_eu
[AWS CodeBuild Plugin] id_rsa_us
[AWS CodeBuild Plugin] -----BEGIN RSA PRIVATE KEY-----WRZSuRtEVVexWa02QRweK+PHxwx9QJJUzSTF5P5xKNC7eOM1Xku+253pt3SR/c+343+b2Vvx5b0T2A8EZiZsSb+pgebrHfe5xeoKGtdTyW1uTYXL6oNSnXMJh3UQkctfszBxXVNZychGrPa/ldyvPM+QvAbr6TUBY4XiWimtXEzBATcuLtUmDMZlPX4OBPclhE+4lo/ykYiBVZvKY/aIB2b8pmeCmx6adyHpmMd728P4IA8uFAS1rrpFqhqXFIjHoRFZq8eGkm5BZOEOzgjMD3xvET6rAHAhdnXG4gWocTUYi29E9lVQHrnVEjXyddtkhj7mLB3R3qyvz3Jv+M+3a9BrJWR+KuywhRSLEu6Ica1CUMPw3Ci3tfNLpqfW9OyaUy0BnjyorLkNKLI2CL+9Ruemh1Gc1q91Wcei1PhivJ4PxD9+l/Y89owkMqvT6sgtsaxDuboXQTsRSMVi9hQxoWawRIEiRDHncgEUfRw4HjHwyXc83HmeKov42MhiDxXFn4ECUqfdtF/uXjTKdSNZkZgmn9xu58zeq4NQz7rZVe4PQxJsqRqiJw+ah27Qt4W7wQT3gcVMfNKObb8XVtWZtNhjM9hYlXiqIknr8BC+JKrtMd+KlFIf0GSNgukCAwEAAQKCAgEAjVuHYfXp93z/0jSqw8B3xIqWVB/uTNIxhJj7QAX5H1XA373HxVsI+JJUqGAR/ghSLLsoCaLHhCrMbIb+3kMpP71tKKQ+OJnGUyoMPJFZQsd3yDfhiBbEEBs7fLLOHrVY1msbcaORxBZXaVotTxpJjkDXFzUyzEnJ/xVwYumGOBNvMCePDg/TZrMNli88O552z42RNWsap+o1ylTMkJPUI45Ubb20uGwuQZRPSpneOXvhTpemfVFZccM4tocPmaAASNeb5jfxnvk9+Ncf71IB36dxOZE7Xldfur98Q9wd+yeAMETAV2D6mEkHcKSY9gWxrwlYUZsjSLDp0edNSpGVNlpDMnCuGOZ8aMekImNJXjiL96z9iIwlXkD/I53k4aWbA+Zt7+yxGoDzG25F27A95Y0C9YFUsaK6qMQFu67EIfQHt+lx1pkWU6mA25Q5oMBNz4Y5HG8k/tgGYwN6/8uyakIiIdnelrGnCjjLf6aVUzEpaXHbSwzSUUP/JFAGDM48QNMCOrhKV9hvR6Aw8MnHpHYqwyEHl0Ty7ExL9QHC340Fz9v8t8p7rhiMMKkZ+fpCiqo9CCzGQQCxlifERXwnM7dkIGic2gGzm0W9peAWrhZ9MlE232aqJBI6Xv7XIV7l9Audt0F4eA/+4nPEzZ3XTb6Gpv4674U1JT1UzEg7rRECggEBAMpyusk4LO4tWYTOvlvhEN0zMkooIfwsYIRzLCdELAb30Jhv0J2HYVG2hZOb+4s5mDmZzqdaOld3mMKeKHKWnFntAtrHIXaLup/mxoo9pFPumxxiLZbAR7nl//d7xgaJIhAQ9gibfHocqBQT3jCr92gIWMUptxUMAFR/oeP2iEG7zk3lsYoFFBJQaaT3ZRWlS+KOjgmQdcYBWIy8IuvkO6rgmclohLyrR7M+PAkpQTjRuM01fpGCyy8Ve7CfC8Rh0C5zGNlJs+6OuN325nk2ROO/+rcwgm6jhqUSxnmQJyYgEG0bZio/Qh/Cb2JkC35FZooC4tgl+m04QfAaSq+uadUCggEBAPQSX5AzgH4b67W1oVWLEsWvruAm1zwg4zsKu0NL3OHTQj3qaMFENqwXxYNmvWv5gyPIzWcgqtSrrgaegw/msAEnSdQzfOxUuGp2qBv0esCFrE76rGE9Tfja5OVwY3GNjpfM4dVgOQcJPSR5uiX3wABOGnCxcN04V6qY2lRouHAE+ArOqqTrv0Zmij6NFZq3uTleKNRnjsqzIHee87SgXsEsMz3tf...
[AWS CodeBuild Plugin] -----BEGIN RSA PRIVATE KEY-----RExicIXwDrEg25xt/HUn3LBSM7R98lrDPfGQmsBdXIfxKim5pNWhglteA0H9Eok9Tnoae5lkeEHbOC43qCZ7281Um5Q50QBkeO0AzEmJTPf8RLAx0XlJvYxTYwCJRFhnyOt2XcqQUQYn0n5kp85qUZNjRo/xuoDjwBfLcW6iBlL5XcQUwpXQN+v1TgIZCC8+iXQy4Z38/ggR7sMSsienAY69oc8fRSkK/lpbXp5N6q/KJN2LARAmWnODSOKLTMfhOkGK9OkKnOJ61gfIye+jH8hUMlsSlxJpWzorXlaMhr8d+seO6VmQdovSncYBCsY5lGomO04DEfZZcPf9GfbNrpZOIpWGPF+k1qbqku4hNEW+3x6LXmukhAZR+9AnA4Pb1HjG7FnvCPYiPfDZ3J/o1sVViIw5Amw1FRoLZVeGws3MCHVAiJzLwzzgmSnYfUgeijOUZTR32wt0eMfMyITxHndc557Ta3MBWG2fg4szxdSWyklyyqcqY5aVfIjNbcWqCQkSaoWP4lc/3p9VNZBaOcGYuCLweC4Uf9LMcDvZR/7/MHG4uEYxdIciUpogLp1nvwqm+Y/RJluMNYmvAt4gR4TRxlyIsHk9Lx1OXsz1oh4GMZW1pOuQpWXxD1QEZndVV/AsCAwEAAQKCAgB3XlACwZYn7YtZcoSCx2FuUfJNW/CCG3sfedG0f+ovcU8i66i3TUUmW906yzlSkeQVmUqGfanGCGUG71Y16r++p31sNvHJ0RKAmOIdfP/RNq5q6LMOEJ8g9BG7e3LWGAIHW1XQrScirrZ+QjDmdcuZFN8m2YS8+N0cj78VhTSDO45fNTdNQ8mbrsJ/JAdppAYK4YHszhAOXES0TGNJRdK0vcbIW91JQSCpgYG3q/1GKoru0gfjZj8Xz9YNpXL+tiwtE1tV+RCL620HmwnZMO8oDev8seWXnMBxQS8g648VWVXpil6zdYODVegw5LAr8BuFSEqdjZXpxj8WRhUaC3n3NIi0SvZRVAYcBQwTamWg4K3j/UtvCOPz897yXahnyDpWo368SPrpS/vouCtxG6KAFak1YaR/PSR6FGgrl8dnZz5x3LgQi/ZBc5XGEIuqwi5DZvh1Z1IAg0iVosMOg9SaFkoJiYsLUl/i0GRcWBiQUeHb3SkEAg31SOk7b0/BUovrbiPnO2+t+6ZmgzeK1gCDybHv8o4vl5h8tTfZZ6Bx6+DcIVHKIcHuBCkknyVKGYqwkB3/TDUFYIHOBETvNU8Dv6YqCu6kxll0TaZ/e6+juMfBuZFxHBGJJ9acVIWccWXqDI6recQIOosoFIsjaScMeDjVq00ZmdI/g94knA9dQQKCAQEA5XCK9EXgZS6Fzh5r65SoNTjbWYmZh0u4Dpl5r32aM0+LfOOFknONKSHU9voXEPaEa+X7RzJ0ghqvJRdIxtkBqonb9xOoucvNuz/CYwwHDBmmV1/1A7mmNNyse9AloD+HtXLMvAfasZ5kIW0q5pjZIm/nSjId95G997mHBM8vPhbogqeh6rXHFSt0jg4qHvKQAjNCwZV0M6Cz6JGdESMWS1vwG2Ya7xez53I1M55ju3MJ+VZz8fgLSg+iV/Axkhcm+28qOfCvdhrflwKSb9vulanpP76DBf2Y2Mo19JscKUd0Mikc0xxo68nBKu1f5KDvEMReNk3FpTpN/ziQ6BhqqwKCAQEA402K2qftDOZFWIexaPgCqeNyp83Kn79dyf2ontBjkcEZNuD/lal2tqK6fQDrFVbmiTTXbp0uPk5GXgY5tD1eji4HKJW4XCKmUOBBOP5gq1BUafJ3MzHo3hUii7tHoDh7W+YsUK4w4ZLihb15bIKHlB102MFnMO7+sWIHAOkcjTjZixh30Tob+BGKXhLHNMejFoIIDez+/tOKpY4/NAHPgCLcHwU9n...
buildspec.yml
version: 0.2
phases:
build:
commands:
- bash codebuild.sh
- /bin/bash setup.sh
echo "Get SSH_PRIV_US_KEY"
aws --profile "DEC" --region ${REGION} ssm get-parameter --with-decryption --name /xxx/xxx/tls_private_key --query "Parameter.Value" --output text > ~/.ssh/id_rsa_us
echo "Get SSH_PRIV_EU_KEY"
aws --profile "DEC" --region ${EU_REGION} ssm get-parameter --with-decryption --name /xxx/xxx/private_key --query "Parameter.Value" --output text > ~/.ssh/id_rsa_eu
question from:
https://stackoverflow.com/questions/65949946/copy-the-filecontent-fetching-from-aws-ssm-parameter-to-the-container-using-code 
