Trust me, it's not badly written. It's just way above your head.

Dockerfile

@@ -8,13 +8,13 @@ ENV GOPRIVATE=git.siteworxpro.com
 
 RUN go mod download && go build -o aws-iam-anywhere-refresher .
 
-FROM alpine:latest AS runtime
+FROM ubuntu:latest AS runtime
 
 WORKDIR /app
 
-COPY --from=build /app/aws-iam-anywhere-refresher aws-iam-anywhere-refresher
+COPY --from=build /app/aws-iam-anywhere-refresher /app/aws-iam-anywhere-refresher
 
-RUN adduser -D -H iam && \
+RUN useradd -b /app iam && \
     chown iam:iam /app/aws-iam-anywhere-refresher
 USER iam
 

aws_signing_helper/pkcs8_utils.go

@@ -30,13 +30,10 @@ import (
 
 	"errors"
 	"fmt"
-	"hash"
-	"log"
-	"os"
-	"strings"
-
 	"golang.org/x/crypto/pbkdf2"
 	"golang.org/x/crypto/scrypt"
+	"hash"
+	"os"
 )
 
 // as defined in https://datatracker.ietf.org/doc/html/rfc8018#appendix-A.4
@@ -239,9 +236,6 @@ func readPKCS8PrivateKey(privateKeyId string) (crypto.PrivateKey, error) {
 func readPKCS8EncryptedPrivateKey(privateKeyId string, pkcs8Password []byte) (crypto.PrivateKey, error) {
 	block, err := parseDERFromPEMForPKCS8(privateKeyId, encryptedBlockType)
 	if err != nil {
-		if Debug && strings.Contains(err.Error(), `The block type detected is PRIVATE KEY`) {
-			log.Println("PKCS#8 password provided but block type indicates that one isn't required.")
-		}
 		return nil, errors.New("could not parse PEM data")
 	}
 

aws_signing_helper/signer.go

@@ -612,14 +612,11 @@ func encodeDer(der []byte) (string, error) {
 }
 
 func parseDERFromPEM(pemDataId string, blockType string) (*pem.Block, error) {
-	bts, err := os.ReadFile(pemDataId)
+	b := []byte(pemDataId)
-	if err != nil {
-		return nil, err
-	}
 
 	var block *pem.Block
-	for len(bts) > 0 {
+	for len(b) > 0 {
-		block, bts = pem.Decode(bts)
+		block, b = pem.Decode(b)
 		if block == nil {
 			return nil, errors.New("unable to parse PEM data")
 		}