format of pvenode data file

[ericpardee]

Trying to use a dns ACME Plugin:

pvenode acme account register default <email>
pvenode acme plugin add dns aws-dns-validation --api aws --data creds.txt
pvenode config set --acmedomain0 zeusprox01.esp.zone,plugin=aws-dns-validation
pvenode acme cert order
systemctl restart pveproxy

The issue I run into is how this --data creds.txt should be formatted. I'm using AWS.

Here's what I have that's not working

ACCESS_KEY_ID=AKIAXE7ONotReALQRAZZ
SECRET_ACCESS_KEY=tt83/YrTszktnverWOuldpostmre5lkey+X7qpv8d8/df

This page says to export environment variables but I can't in this context.

Here says one key-value per line, which is what I have
--data File with one key-value pair per line, will be base64url encode for storage in plugin config.

What should creds.txt in my example look like?

Thanks!

 

[ericpardee]

Figured it out thanks to my buddy

The creds.txt for AWS should be:

AWS_ACCESS_KEY_ID=AKIAXE7ONotReALQRAZZ
AWS_SECRET_ACCESS_KEY=tt83/YrTszktnverWOuldpostmre5lkey+X7qpv8d8/df

I was missing the preceding AWS_, and no, those aren't real keys

 

[ericpardee]

Also, here's a sample AWS IAM Policy for the Proxmox VE node acme plugin to add dns verification:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "route53:ChangeResourceRecordSets",
                "route53:ListResourceRecordSets"
            ],
            "Resource": "arn:aws:route53:::hostedzone/{host-zone-id}"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "route53:ListHostedZones",
            "Resource": "*"
        }
    ]
}