future-nail-59564
11/30/2020, 5:26 PMkeybase
to encrypt/decrypt user passwords with aws.iam.UserLoginProfile
? The encryptedPassword
output returns a simple string in the form wcFMA433DHhZWgKpARAAXYd0q2oRc83hFcLJXQMV9yC…
but keybase seems to expect something of the form BEGIN KEYBASE SALTPACK ENCRYPTED MESSAGE. keDIDMQWYvVR58B FTfTeDQNHx1585M … 1UfUcHnbYM8vtOw OsZfpid. END KEYBASE SALTPACK ENCRYPTED MESSAGE.
for decryption… 🤔broad-dog-22463
11/30/2020, 5:35 PMfuture-nail-59564
11/30/2020, 5:52 PMbase64 -d
only outputs binary/garbage! 😕broad-dog-22463
11/30/2020, 5:54 PMfuture-nail-59564
11/30/2020, 6:05 PMconst loginProfile = new aws.iam.UserLoginProfile(
user.username,
{
user: iamUser.name,
pgpKey: `keybase:${user.keybaseUser}`,
},
{ parent: this }
);
and later in a dynamic provider that will send encrypted password by email, where encryptedPassword
is the resolved value of `loginProfile.encryptedPassword`:
console.log(
`Encrypted password: ${encryptedPassword}`
);
I can share a more complete code excerpt if needed, but it’s a bit more involved, with the dynamic provider.little-cartoon-10569
11/30/2020, 7:11 PMoutput "passwords" {
value =<<ARMOURED
%{for login_profile in aws_iam_user_login_profile.support }
PGP-encrypted password for ${login_profile.user}
-----BEGIN PGP MESSAGE-----
${login_profile.encrypted_password}
-----END PGP MESSAGE-----
%{endfor}
ARMOURED
}
future-nail-59564
11/30/2020, 7:52 PMBEGIN KEYBASE SALTPACK ENCRYPTED MESSAGE. keDIDMQWYvVR58B FTfTeDQNHx1585M wWbrASgxlB4AxUD GDs2vnNJvt5UodK mH0F6pHuD4vc3Vm lAlAPrh7ZKv2OTY HnLXoNcUySLmP3p 63H2m1IHrfmMttC RLfExoP8zM8ZQ6R b1AWj2suk3W6s2G r5LriMri8wq94Hs X4hS0THSXY4AK8r nWrWvYlT3LBcuza 5AL24aH3H1eNVPe Mev3P0esF4z3O4w 9g9EQGy9IGN4ft7 5TKjYlptRSsGYAB RlGQlkRFFHQomtD es0YdccwPYXC5aa YbWyCA7jVOSEvCQ dcUbmILBnJLgvnf CJA6cpucUDsUeoP bKhMOzGg72JFSQ1 OXRp5VNwlo4ox8E 1UfUcHnbYM8vtOw OsZfpid. END KEYBASE SALTPACK ENCRYPTED MESSAGE.