tom-butler · January 14, 2019 12:48
diff --git a/chamber-add-key.sh b/chamber-add-key.sh
 # Run this manually on your machine
 # This will create a key and store it in ssm paramater store

 # generate a key
 ssh-keygen -t rsa -C "[email protected]"

 # convert it to base64 and store it
 chamber write service ssh_key `base64 < id_rsa`

 # backup your known host Required if you are running SSH commands to avoid 'Do you trust this host' message
 mv ~/.ssh/known_hosts ~/.ssh/known_hosts.bac
 touch ~/.ssh/known_hosts

 # You will need to add the public key to your server now or the next step will fail

 # generate known hosts entry
 ssh -i id_rsa [email protected]

 # store it in a local var
 export HOST=`cat ~/.ssh/known_keys`

 #upload it to ssm param store using chamber
 chamber write service ssh_host "HOST"
diff --git a/chamber-read-key.sh b/chamber-read-key.sh
 #!/bin/bash

 # This should be run in a script executed with `chamber exec`
 echo $HOST >> ~/.ssh/known_hosts

 (umask  077 ; echo $SSH_KEY | base64 --decode > ~/.ssh/id_rsa)
diff --git a/Install-Chamber.sh b/Install-Chamber.sh
 #--------------------------------------------------------------
 # Install Chamber
 #--------------------------------------------------------------

 # Chamber is used to access secrets which are stored encrypted
 # in aws ssm paramater store

 # Get the latest version of Chamber
 curl -s https://api.github.com/repos/segmentio/chamber/releases/latest \
 | grep "browser_download_url.*linux-amd64" \
 | cut -d : -f 2,3 \
 | tr -d \" \
 | wget -qi -

 # Make it runnable
 sudo mv -f chamber-* /usr/local/bin/chamber
 sudo chmod +x /usr/local/bin/chamber
diff --git a/userdata.sh b/userdata.sh
 # Run on your server to pass the keys to a script

 chamber exec service -- /opt/chamber-read-key.sh
	# Run this manually on your machine
	# This will create a key and store it in ssm paramater store

	# generate a key
	ssh-keygen -t rsa -C "[email protected]"

	# convert it to base64 and store it
	chamber write service ssh_key `base64 < id_rsa`

	# backup your known host Required if you are running SSH commands to avoid 'Do you trust this host' message
	mv ~/.ssh/known_hosts ~/.ssh/known_hosts.bac
	touch ~/.ssh/known_hosts

	# You will need to add the public key to your server now or the next step will fail

	# generate known hosts entry
	ssh -i id_rsa [email protected]

	# store it in a local var
	export HOST=`cat ~/.ssh/known_keys`

	#upload it to ssm param store using chamber
	chamber write service ssh_host "HOST"
	#!/bin/bash

	# This should be run in a script executed with `chamber exec`
	echo $HOST >> ~/.ssh/known_hosts

	(umask 077 ; echo $SSH_KEY \| base64 --decode > ~/.ssh/id_rsa)
	#--------------------------------------------------------------
	# Install Chamber
	#--------------------------------------------------------------

	# Chamber is used to access secrets which are stored encrypted
	# in aws ssm paramater store

	# Get the latest version of Chamber
	curl -s https://api.github.com/repos/segmentio/chamber/releases/latest \
	\| grep "browser_download_url.*linux-amd64" \
	\| cut -d : -f 2,3 \
	\| tr -d \" \
	\| wget -qi -

	# Make it runnable
	sudo mv -f chamber-* /usr/local/bin/chamber
	sudo chmod +x /usr/local/bin/chamber
	# Run on your server to pass the keys to a script

	chamber exec service -- /opt/chamber-read-key.sh