
This assumes you are familar with the basic configurations needed to connect to Amazon Web Services (AWS) using Python boto3. If not, check out my article Python (Scripting) - Getting Started with Amazon Web Services (AWS) boto3.
Here is the minimal boilerplate code without any error handling to get a secret.
#!/usr/bin/python3
import boto3
client = boto3.client('secretsmanager')
secret_dict = client.get_secret_value(
SecretId='postgres'
)
print(f"secret_dict= {secret_dict}")
Here is a more practical example, with try/except/else error handling.
#!/usr/bin/python3
import boto3
import sys
try:
client = boto3.client('secretsmanager')
except Exception as exception:
print(exception)
sys.exit(1)
try:
secret_dict = client.get_secret_value(
SecretId='postgres'
)
except Exception as exception:
print(exception)
else:
print(f"secret_dict= {secret_dict}")
Or, os.environ['AWS_PROFILE'] can be used to specify the profile in /home/john.doe/.aws/config and /home/john.doe/.aws/credentials to use.
import boto3
import os
os.environ['AWS_PROFILE'] = 'johndoe'
client = boto3.client('secretsmanager')
secret_dict = client.get_secret_value(
SecretId='postgres'
)
print(f"secret_dict= {secret_dict}")
The "default" profile in your .aws/credentials file will be used. Session can be used to use some other profile.
#!/usr/bin/python3
import boto3
session = boto3.Session(profile_name='johndoe')
client = session.client('secretsmanager')
secret_dict = client.get_secret_value(
SecretId='postgres'
)
print(f"secret_dict= {secret_dict}")
Or, os.environ['AWS_PROFILE'] can be used to specify the profile in /home/john.doe/.aws/config and /home/john.doe/.aws/credentials to use.
import boto3
import os
os.environ['AWS_PROFILE'] = 'johndoe'
client = boto3.client('secretsmanager')
secret_dict = client.get_secret_value(
SecretId='postgres'
)
print(f"secret_dict= {secret_dict}")
Which should return something like this. Notice that SecretString contains the secret key/value pairs.
secret_dict = {
'ARN': 'arn:aws:secretsmanager:us-east-1:123456789012:secret:postgres-tD1U2U',
'Name': 'postgres',
'VersionId': '0a8aa38f-b95e-42ab-acc9-7745aa710f23',
'SecretString': '{
"username":"john.doe",
"password":"itsasecret"
}',
'VersionStages': ['AWSCURRENT'],
'CreatedDate': datetime.datetime(2023, 8, 23, 17, 23, 54, 737000, tzinfo=tzlocal()),
'ResponseMetadata': {
'RequestId': '20f6bfec-58f0-4124-aa29-77ea72a5c5b0',
'HTTPStatusCode': 200,
'HTTPHeaders': {
'x-amzn-requestid': '20f6bfec-58f0-4124-aa29-77ea72a5c5b0',
'content-type': 'application/x-amz-json-1.1',
'content-length': '299',
'date': 'Sat, 26 Aug 2023 00:13:32 GMT'},
'RetryAttempts': 0
}
}
Since SecretString contains the secret key/value pairs, we can do the following.
postgres_secret = json.loads(secret_dict['SecretString'])
print(f"postgres_secret = {postgres_secret}")
print(f"postgres username = {postgres_secret['username']}")
print(f"postgres username = {postgres_secret['password']}")
Which should return something like this.
postgres_secret = {"username":"john.doe","password":"itsasecret"}
postgres_username = john.doe
posgres_password = itsasecret
Did you find this article helpful?
If so, consider buying me a coffee over at