Forum » Support and Bug Reports »

Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

PatrickHolmes

Ensure there are no extra characters or spaces in the SECRET_ACCESS_KEY variable. Try enclosing it in double quotes and trimming any spaces. Echo variables for debugging. Consider security best practices for key storage.
kroberson

I was using %%2F for the / character, which worked before I changed the script to retrieve the credentials from a file. I switched to the AWS variables and got rid of one of the %'s (now %2F) and that did the trick!
Thanks for your help Martin.
martin

Re: AWS S3 secret key variable in script

The special characters in credentials in session URL need to be URL-encoded:
https://winscp.net/eng/docs/session_url#special

To avoid need for the encoding, you can use -password switch instead: 
-password="%SECRET_ACCESS_KEY%"

See https://winscp.net/eng/docs/scriptcommand_open#password

Or set the standard AWS variables (i.e. AWS_SECRET_ACCESS_KEY) and use S3CredentialsEnv raw-session settings: 
open s3://s3.amazonaws.com/ -rawsettings S3CredentialsEnv=on

See https://winscp.net/eng/docs/rawsettings#s3credentialsenv
kroberson

AWS S3 secret key variable in script

Hello, I have a Windows batch file that is called by a PowerShell script that retrieves the AWS access key and secret key from a file and places them in environment variables for the batch file to retrieve. The batch file uses WinSCP to connect to an S3 bucket and retrieve data. We are not using any AWS tools for the credentials as we only want to install the script files on a PC and no other installs. When I use the variables with the retrieved credentials, the access key works fine, but the secret does not and the connection fails. If I use the access key variable and provide the secret key directly in the script (not in a variable), it works fine. I assume there is some sort of translation that needs to take place on the secret key string in the variable, but I haven't been able to figure it out. Here are the portions of the scripts. Attached are log files with and without the secret key variable. Thanks for your help. Kevin

PowerShell file: 
if(Test-Path $PWFile) {
    $json = Get-Content -Raw $PWFile | ConvertFrom-Json
    $env:ACCESS_KEY_ID = $json.key
    $env:SECRET_ACCESS_KEY = $json.secret
 
    Start-Process -FilePath "C:\kevin\projects\passwords\gw-bc-checks.bat" -Wait -NoNewWindow
}

BATCH FILE: 
set logfile = c:\kevin\logs\winscp.log
"C:\Program Files (x86)\WinSCP\WinSCP.com" ^
  /log=%logfile% /ini=nul ^
  /command ^
    "open s3://%ACCESS_KEY_ID%:%SECRET_ACCESS_KEY%@s3.amazonaws.com/tenant-naico-gwcpdev-orange-dev-storage/qa/bc/inbound-files/pending/smartcomm/output/print/ -rawsettings CacheDirectories=0 CacheDirectoryChanges=0 S3DefaultRegion=""us-east-1""" ^
    "get *.ps %dlpath%" ^
    "close" ^
    "exit"

Documentation

Support

Associations

Follow Us