How to decrypt JSON encoded values in AWS Parameter Store

To get the password you must have the AWS cli configured (https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html)

Sometimes you store multiple values in th AWS Parameter Store and you json encode your parameter to store multiple values at once.

To demonstrate how it works I created a secret called addamsfamily in the eu-west-1 region. In the secret I have stored a list of memebers of the Addams Family (Gomez, Morticia, Wednesday and Pugsley).

Once my secret is stored (either with type String or SecureString), I would have to connect to the console to read its value, or I can ead it from Powershell or from my terminal with the following commands:

With Powershell

aws ssm get-parameter --name addamsfamily --with-decryption --output json --region eu-west-1 | ConvertFrom-Json | ForEach-Object {$_.Parameter.value | ConvertFrom-Json}

The output should be something like:

names
-----
{gomez addams, morticia addams, wednesday addams, pugsley addams}

On Unix systems

You need to have jq installed.

aws ssm get-parameter --name nameofyourawesomesecret --with-decryption --region eu-west-1 --output json | jq '.Parameter | .Value' | jq '.|fromjson'

The output should be something like:

{
  "names": [
    "gomez addams",
    "morticia addams",
    "wednesday addams",
    "pugsley addams"
  ]
}

Et voila 👏 you have retrieved your secret 😀