teller icon indicating copy to clipboard operation
teller copied to clipboard

Published 20 hours ago verified publisher icon tellerops

AWS Secrets Manager: error invalid character 'a' looking for beginning of value

Open spg opened this issue 2 years ago • 1 comments

Expected Behavior

When I run tlr show, my secret from AWS Secrets Manager should be displayed

Current Behavior

Error is raised:

➜  spg-test git:(spg-test) ✗ AWS_ACCESS_KEY_ID=AKIAXXXXXXXXX AWS_SECRET_ACCESS_KEY=XXXXXXXXXXX AWS_DEFAULT_REGION=us-east-1 tlr show
FATA[0000] could not load all variables from the given existing providers  error="invalid character 'a' looking for beginning of value"

Possible Solution

N/A

Steps to Reproduce

  1. Create config file:
project: myproject

providers:
  aws_secretsmanager:
    env:
      FOO:
        path: /myapp/mysecret
  1. run the command shown previously

Context

I triple-checked that

  • my AWS credentials are OK
  • the secret exists in the specified AWS region and account (see screenshot below)

Screen Shot 2022-09-02 at 11 01 53 AM

Specifications

  • Version:
Teller 1.5.4
Revision 604abece2a4a4ca1e32c6d812f5f0aa0e256548c, date: 2022-08-25T06:19:45Z
  • Platform: Mac OS 12.4

spg avatar Sep 02 '22 15:09 spg

Hey @spg, thanks for reporting this issue You can please provide:

  1. it is happening on all the secret name paths? or only on a specific one
  2. Can you please run with --log-level to provide us with more details (which function, which key, etc.) Thanks

kaplanelad avatar Sep 11 '22 10:09 kaplanelad

Not sure if this is the same as original poster's problem, but I ran into this when trying to use a non-json value in Secrets Manager (I actually came here trying to figure out if this was supported or not).

That is, instead of using key/value pairs that secrets manager stores as a json map, I just wanted to store a "raw" string (in my case, it was a private key which was sort of gross to nest inside the json):

# works fine
{
  "key1": "value1",
  "key2": "value2"
}

# could not figure out if even supported; various attempts resulted in posted error
value1

All attempts to retrieve the value gave error invalid character 'a' looking for beginning of value (with 'a' replaced by whatever the first character of my secret value is).

awesometown avatar Jan 16 '23 20:01 awesometown

Hey @spg, this bug was resolved. fell free to open this issue if you still having problem

kaplanelad avatar May 04 '23 07:05 kaplanelad

Happens for me as well now, needs to be reopened.

Works fine with JSON secrets but any plain values return: FATA[0001] could not load all variables from the given existing providers error="invalid character 'a' looking for beginning of value" with different characters depending on the secret.

AdamNowotny avatar Jul 20 '23 18:07 AdamNowotny

@kaplanelad Same here! Secrets from secret manager in AWS are plaintext for some of our secrets I get the same error message

MarkusSagen avatar Feb 05 '24 16:02 MarkusSagen