Store user secrets

Now you will store some of the private key material for each consortium member’s user identities in AWS Secrets Manager. The lambda function will retrieve these secrets so that it can query and invoke chaincode on behalf of authenticated users.

Each consortium member should execute the following commands in their Cloud9 terminal.

cd

# delete previously created secrets if they exist
secrets=$(aws secretsmanager list-secrets | jq -r ".SecretList | .[] | select(.Name | contains(\"supplychain\")) | .ARN")
for ARN in $secrets; do
  deleted_a_secret=true
  aws secretsmanager delete-secret --secret-id $ARN --force-delete-without-recovery
done

# wait for deletion to finish
if [ "$deleted_a_secret" = true ] ; then
  sleep 60
fi

# create new secrets
aws secretsmanager create-secret --name "amb/supplychain/$WORKER1_NAME/pk" --secret-string "`cat $WORKER1_NAME-msp/keystore/*`"
aws secretsmanager create-secret --name "amb/supplychain/$WORKER1_NAME/signcert" --secret-string "`cat $WORKER1_NAME-msp/signcerts/*`"
aws secretsmanager create-secret --name "amb/supplychain/$WORKER2_NAME/pk" --secret-string "`cat $WORKER2_NAME-msp/keystore/*`"
aws secretsmanager create-secret --name "amb/supplychain/$WORKER2_NAME/signcert" --secret-string "`cat $WORKER2_NAME-msp/signcerts/*`"