This message was deleted.
# awss
sparse-intern-71089
04/19/2021, 11:22 AMThis message was deleted.
b
broad-dog-22463
04/19/2021, 11:24 AMHi @agreeable-ram-97887 what did you pass into it to create it? PGP or keybase?
broad-dog-22463
04/19/2021, 11:25 AMyou should be able to do something like:
Copy code
pulumi stack output myPropertyName | base64 --decode | keybase pgp decrypta
agreeable-ram-97887
04/19/2021, 11:26 AMAt the moment, keybase (although Im not stuck on it). For the moment I manually created an asymmetric key on AWS and just plugged it in to pulumi, and it seemed to work 🤷 (but tbh, im a bit out of my depth)
agreeable-ram-97887
04/19/2021, 11:26 AMi’ll try your suggestion, and get back. Thank you 🙂
agreeable-ram-97887
04/19/2021, 11:30 AMI guess I have to make an account with keybase? This seems a bit weird, since I made the asynmmetrric key on aws and I would assume that I should be able to access the functionality I need through the aws cli (e.g.
aws kms decrypt ...agreeable-ram-97887
04/19/2021, 11:31 AMbut maybe Im missing something?
agreeable-ram-97887
04/19/2021, 11:49 AMor maybe, to turn the question around. All I am looking for is the ability to give certain users login access to the aws console by setting an initial password in my pulumi stack. What would be the suggested way to do this?
b
broad-dog-22463
04/19/2021, 11:53 AMyou don't need to use keybae
broad-dog-22463
04/19/2021, 11:53 AMyou can use a gpg key
broad-dog-22463
04/19/2021, 11:53 AMbut you need to provider one or the other
broad-dog-22463
04/19/2021, 11:53 AMthe resource under the hood uses it
a
agreeable-ram-97887
04/19/2021, 12:15 PMI’ve tried grabbing the public key from the AWS console and pasting it in “pgp_key” (see below), but then I see errors such as:
Error encrypting Password: error parsing given PGP key: openpgp: invalid data: tag byte does not have MSB setagreeable-ram-97887
04/19/2021, 12:16 PMThis is with both pasting the key directly, as well as base64 encoding it first (like the docs suggest):
echo "RAW-KEY" | base64agreeable-ram-97887
04/19/2021, 12:16 PMbut I guess I’m still doing something wrong 🤔
agreeable-ram-97887
04/19/2021, 12:21 PMbtw, I’v assumed that I should use AWS KMS to generate an asymmetric key to do this encryption but, tbh, that was a total guess on my end 🤷. At the moment I’ve done this manually, but my ultimate goal is to have all components provisioned within the pulumi script.
Should I instead be using something else? for example ec2.KeyPair?
b
broad-dog-22463
04/19/2021, 12:26 PMwait, you are trying to create an SSH Key? This resource is for a user's login to the AWS console
a
agreeable-ram-97887
04/19/2021, 12:27 PMwait, you are trying to create an SSH Key?Not necessarily, all I would like to do is create the LoginProfile resource, and be able to pass the default password on to the user
b
broad-dog-22463
04/19/2021, 12:28 PMok, so if you want to do that then the provider requires you to use a PGP Key to encrypt the password
a
agreeable-ram-97887
04/19/2021, 12:29 PMwhich I can generate as an asymetric key using AWS KMS?
agreeable-ram-97887
04/19/2021, 12:29 PMOr do I need to use some other service to get a PGP key?
b
broad-dog-22463
04/19/2021, 12:58 PMI've not tried it using an AWS KMS key tbh
a
agreeable-ram-97887
04/19/2021, 1:11 PMI see 😕 . Maybe you could suggest to me how you would do it? Or maybe you know a good tutorial to go off of?
44 Views