AWS Credentials not working from SHELL Environment Variable

jei · November 9, 2019, 12:56am

Hi there,

Not sure which section of the community my problem resides in, but I am having issues with authenticating aws-cli.

I am decrypting my AWS credentials from a repo and exporting it to the SHELL environment variables using the following command:

export $(grep -v '^#' /codefresh/volume/production) - production are my AWS creds.

However, when I run aws s3 ls, I am getting the following error:

An HTTP Client raised and unhandled exception: Invalid header value b'AWS4-HMAC-SHA256 Credential=xxx\r/20191108/us-east-1/s3/aws4_request, Sign
edHeaders=host;x-amz-content-sha256;x-amz-date, Signature=xxx'

I did some Googling around, some users are saying it could be related to whitespace issue, and some are saying you can’t have issue. I checked my files, none of them have newlines or whitespaces at the end of the file.

Please advise.

Thank you.

Kostis · November 12, 2019, 12:21pm

It is hard to diagnose this without looking at the build with more detail. Could you please open an issue with us ?

Just click on your profile (top right) > Support > Submit a request.

Please also include the build URL of the pipeline that has the issue.

jei · November 13, 2019, 1:50am

I can create a Support Ticket, however, my build URL contains sensitive information.

Please advise how I should proceed.

Thank you.

Kostis · November 13, 2019, 11:17am

Your builds are not accessible outside of your account. Only support stuff have access to them (with your explicit permission)

Here is for example one my builds Codefresh | console

jei · November 13, 2019, 1:40pm

It’s not accessible from the outside, but support staff have access to my sensitive information?

I just don’t want anything to happen to my credentials that I have written to the output log in the build. I did this for debugging purposes.

Kostis · November 13, 2019, 5:24pm

Support stuff will only access your build logs after your explicit permission. Once you submit an issue you can also give extra instructions to our support team.

todaywasawesome · November 13, 2019, 5:33pm

@jei I would recommend just sharing the whole thing with support and planning on changing the keys once you’ve identified the issue. I’m assuming the keys are single use here.

Or you could create a duplicate pipeline with dummy keys. My guess would be you have a parsing issue after the secret is decrypted. So work backwards, first in the step just try to echo the variables. If they come back correctly then you know it’s something else. If they don’t then work backwards to when you import the keys.

jei · November 14, 2019, 1:49am

@todaywasawesome No problem. I have created a Support Ticket: Codefresh

Hopefully we can find the root cause of the issue and rectify it.

Thank you again @Kostis for the assistance on this matter. I really appreciate it

Have a great day guys!