Secrets Manager allows key-value pair payloads. This is a great way to store a private SSH key and passphrase. I ran into an issue with formatting. The line breaks in the SSH key would show as \n and not allow the key to save. I tried many permutations but either the key had superfluous formatting or Secrets Manager didn’t consider it valid key-value syntax. I solved this with base64 encoding. This may sound hard but it’s very easy to do on a Mac, there is nothing to install.
Encode your private key in base64
Put your private key into a file. This will be the infile. On you Mac:
$ openssl base64 -in <infile> -out <outfile>
The outfile now contains the value you need.
Put the encoded value into Secrets Manager
In my case, the key was named private_key. I put the outfile value into the payload and saved it. Since it was base64 there were no spaces or carriage returns so AWS was happy.
Update the receiver to decode the payload
The code that consumes the secret must decode from base64 to plaintext. Luckily all modern programming languages have this built in for you.