Bootstrap FreeKB - Amazon Web Services (AWS) - List Secrets from AWS Secrets Manager using Python boto3
Amazon Web Services (AWS) - List Secrets from AWS Secrets Manager using Python boto3
Updated:   |  Amazon Web Services (AWS) articles

This assumes you are familar with the basic configurations needed to connect to Amazon Web Services (AWS) using Python boto3. If not, check out my article Python (Scripting) - Getting Started with Amazon Web Services (AWS) boto3.

Here is the minimal boilerplate code without any error handling to list your secrets.

#!/usr/bin/python3
import boto3

client = boto3.client('secretsmanager')

secrets_dict = client.list_secrets(
  Filters = [
    { 'Key': 'name', 'Values': ['my-secret'] }
  ]
)

print(f"secrets_dict = {secrets_dict}")

 

Here is a more practical example, with try/except/else error handling.

#!/usr/bin/python3
import boto3
import sys

try:
  client = boto3.client('secretsmanager')
except Exception as exception:
  print(exception)
  sys.exit(1)

try:
  secrets_dict = client.list_secrets(
    Filters = [
      { 'Key': 'name', 'Values': ['my-secret'] }
    ]
  )
except Exception as exception:
  print(exception)
else:
  print(f"secrets_dict = {secrets_dict}")

 

Or, os.environ['AWS_PROFILE'] can be used to specify the profile in /home/john.doe/.aws/config and /home/john.doe/.aws/credentials to use.

#!/usr/bin/python3
import boto3
import os

os.environ['AWS_PROFILE'] = 'johndoe'

client = boto3.client('secretsmanager')

secrets_dict = client.list_secrets(
  Filters = [
    { 'Key': 'name', 'Values': ['my-secret'] }
  ]
)

print(f"secrets_dict = {secrets_dict}")

 

And here is how you can filter the results to only the secret named my-secret that has tag envionment development.

import boto3

client = boto3.client('secretsmanager')

secrets_dict = client.list_secrets(
  Filters = [
    { 'Key': 'name',      'Values': ['my-secret'] },
    { 'Key': 'tag-key',   'Values': ['environment'] },
    { 'Key': 'tag-value', 'Values': ['development'] }
  ]
)

print("secrets_dict= " + str(secrets_dict))

 

Which should return something like this.

secrets_dict = {
  'SecretList': [
    {'ARN': 'arn:aws:secretsmanager:us-east-1:123456789012:secret:my-secret-tpNeXU', 
     'Name': 'my-secret', 
     'Description': 'my secret', 
     'LastChangedDate': datetime.datetime(2023, 9, 29, 6, 58, 4, 492000, tzinfo=tzlocal()), 
     'LastAccessedDate': datetime.datetime(2023, 10, 10, 19, 0, tzinfo=tzlocal()), 
     'Tags': [
        {'Key': 'environment', 
         'Value': 'development'}
     ], 
     'SecretVersionsToStages': {'c0f9a13d-457a-4a66-a850-af29e54c1da5': ['AWSCURRENT']}, 
     'CreatedDate': datetime.datetime(2023, 9, 29, 6, 58, 4, 455000, tzinfo=tzlocal())}], 
     'ResponseMetadata': {
       'RequestId': '681e5f2f-8131-4369-80a7-700316249ae3', 
       'HTTPStatusCode': 200, 
       'HTTPHeaders': {
         'x-amzn-requestid': '681e5f2f-8131-4369-80a7-700316249ae3', 
         'content-type': 'application/x-amz-json-1.1', 
         'content-length': '423', 
         'date': 'Wed, 11 Oct 2023 09:17:09 GMT'}, 
         'RetryAttempts': 0
        }
}

 

Almost always, this is just used to determine if the secret exists, so I typically do something like this.

import boto3

client = boto3.client('secretsmanager')

secrets_dict = client.list_secrets(
  Filters = [
    { 'Key': 'name',      'Values': ['my-secret'] },
    { 'Key': 'tag-key',   'Values': ['environment'] },
    { 'Key': 'tag-value', 'Values': ['development'] }
  ]
)

if len(secrets_dict['SecretList']) == 0:
  print("no results found")
elif len(secrets_dict['SecretList']) >= 2:
  print("two or more results found")
else:
  print("found one matching secret")

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 90acb9 in the box below so that we can be sure you are a human.