{"id":19,"date":"2016-04-05T12:58:48","date_gmt":"2016-04-05T11:58:48","guid":{"rendered":"https:\/\/www.philroche.net\/?p=19"},"modified":"2016-04-05T12:58:48","modified_gmt":"2016-04-05T11:58:48","slug":"deploying-keys-and-certs-to-a-nodejs-app-on-aws-opsworks","status":"publish","type":"post","link":"http:\/\/wp.philroche.net\/2016\/04\/05\/deploying-keys-and-certs-to-a-nodejs-app-on-aws-opsworks\/","title":{"rendered":"Deploying Keys and Certs to a NodeJS app on AWS Opsworks"},"content":{"rendered":"

I have a nodejs app running on AWS deployed using AWS Opsworks. The app relies on an AWS IoT certificate and AWS IoT private key being present and I don’t want to add the key and certificate to my git repo.<\/p>\n

The solution I ended with was to use the AWS Opsworks App environment variables to pass in the certificate and key as environment variables and read these from the nodejs app.<\/p>\n

\"App<\/p>\n

Opsworks replaces all new line characters with spaces so in our app we have to reverse this:<\/p>\n

\nvar iotcert = process.env.IOTCERT;\nvar iotkey = process.env.IOTKEY;\niotcert = iotcert.split(" ").join("\\n").replace("BEGIN\\nCERTIFICATE", "BEGIN CERTIFICATE").replace("END\\nCERTIFICATE", "END CERTIFICATE");\niotkey = iotkey.split(" ").join("\\n").replace("BEGIN\\nRSA\\nPRIVATE\\nKEY", "BEGIN RSA PRIVATE KEY").replace("END\\nRSA\\nPRIVATE\\nKEY", "END RSA PRIVATE KEY");\n<\/pre>\n

…. Problem solved \ud83d\ude42<\/p>\n

I suppose it is a little less secure than the certificate and key being on the file system and with read only access to the nodejs process but it’s a lot more secure than the certificate and key being hosted on github. <\/p>\n","protected":false},"excerpt":{"rendered":"

I have a nodejs app running on AWS deployed using AWS Opsworks. The app relies on an AWS IoT certificate and AWS IoT private key being present and I don’t want to add the key and certificate to my git repo. The solution I ended with was to use the AWS Opsworks App environment variables […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4,9,10],"tags":[],"_links":{"self":[{"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/posts\/19"}],"collection":[{"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/comments?post=19"}],"version-history":[{"count":0,"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/posts\/19\/revisions"}],"wp:attachment":[{"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/media?parent=19"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/categories?post=19"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/tags?post=19"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}