{"id":19,"date":"2016-04-05T12:58:48","date_gmt":"2016-04-05T11:58:48","guid":{"rendered":"https:\/\/www.philroche.net\/?p=19"},"modified":"2016-04-05T12:58:48","modified_gmt":"2016-04-05T11:58:48","slug":"deploying-keys-and-certs-to-a-nodejs-app-on-aws-opsworks","status":"publish","type":"post","link":"http:\/\/wp.philroche.net\/2016\/04\/05\/deploying-keys-and-certs-to-a-nodejs-app-on-aws-opsworks\/","title":{"rendered":"Deploying Keys and Certs to a NodeJS app on AWS Opsworks"},"content":{"rendered":"<p>I have a nodejs app running on AWS deployed using AWS Opsworks. The app relies on an AWS IoT certificate and AWS IoT private key being present and I don&#8217;t want to add the key and certificate to my git repo.<\/p>\n<p>The solution I ended with was to use the AWS Opsworks App environment variables to pass in the certificate and key as environment variables and read these from the nodejs app.<\/p>\n<p><img loading=\"lazy\" src=\"http:\/\/wp.philroche.net\/wp-content\/uploads\/2016\/04\/Selection_024-768x86.png\" alt=\"App  Environment Variables\" width=\"660\" height=\"74\" class=\"alignnone size-medium_large wp-image-20\" srcset=\"http:\/\/wp.philroche.net\/wp-content\/uploads\/2016\/04\/Selection_024-768x86.png 768w, http:\/\/wp.philroche.net\/wp-content\/uploads\/2016\/04\/Selection_024-300x34.png 300w, http:\/\/wp.philroche.net\/wp-content\/uploads\/2016\/04\/Selection_024.png 1005w\" sizes=\"(max-width: 660px) 100vw, 660px\" \/><\/p>\n<p>Opsworks replaces all new line characters with spaces so in our app we have to reverse this:<\/p>\n<pre class=\"brush: jscript; title: ; notranslate\" title=\"\">\nvar iotcert = process.env.IOTCERT;\nvar iotkey = process.env.IOTKEY;\niotcert = iotcert.split(&quot; &quot;).join(&quot;\\n&quot;).replace(&quot;BEGIN\\nCERTIFICATE&quot;, &quot;BEGIN CERTIFICATE&quot;).replace(&quot;END\\nCERTIFICATE&quot;, &quot;END CERTIFICATE&quot;);\niotkey = iotkey.split(&quot; &quot;).join(&quot;\\n&quot;).replace(&quot;BEGIN\\nRSA\\nPRIVATE\\nKEY&quot;, &quot;BEGIN RSA PRIVATE KEY&quot;).replace(&quot;END\\nRSA\\nPRIVATE\\nKEY&quot;, &quot;END RSA PRIVATE KEY&quot;);\n<\/pre>\n<p>&#8230;. Problem solved \ud83d\ude42<\/p>\n<p>I suppose it is a little less secure than the certificate and key being on the file system and with read only access to the nodejs process but it&#8217;s a lot more secure than the certificate and key being hosted on github. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>I have a nodejs app running on AWS deployed using AWS Opsworks. The app relies on an AWS IoT certificate and AWS IoT private key being present and I don&#8217;t want to add the key and certificate to my git repo. The solution I ended with was to use the AWS Opsworks App environment variables [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4,9,10],"tags":[],"_links":{"self":[{"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/posts\/19"}],"collection":[{"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/comments?post=19"}],"version-history":[{"count":0,"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/posts\/19\/revisions"}],"wp:attachment":[{"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/media?parent=19"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/categories?post=19"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/tags?post=19"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}