
This assumes you are familar with the basic configurations needed to connect to Amazon Web Services (AWS) using Python boto3. If not, check out my article Python (Scripting) - Getting Started with Amazon Web Services (AWS) boto3.
Here is the minimal boilerplate code without any error handling to list all of your secrets.
#!/usr/bin/python3
import boto3
client = boto3.client('secretsmanager')
secrets_dict = client.list_secrets()
print(f"secrets_dict = {secrets_dict}")
In this example, only secrets containing name "foo" will be returned. It's important to recognize that if you have both foo and foo2, both secrets will be included in the response.
#!/usr/bin/python3
import boto3
client = boto3.client('secretsmanager')
secrets_dict = client.list_secrets(
Filters = [
{ 'Key': 'name', 'Values': ['my-secret'] }
]
)
print(f"secrets_dict = {secrets_dict}")
Here is a more practical example, with try/except/else error handling.
#!/usr/bin/python3
import boto3
import sys
try:
client = boto3.client('secretsmanager')
except Exception as exception:
print(exception)
sys.exit(1)
try:
secrets_dict = client.list_secrets(
Filters = [
{ 'Key': 'name', 'Values': ['my-secret'] }
]
)
except Exception as exception:
print(exception)
else:
print(f"secrets_dict = {secrets_dict}")
And here is how you can filter the results to only the secret named my-secret that has tag environment development.
import boto3
client = boto3.client('secretsmanager')
secrets_dict = client.list_secrets(
Filters = [
{ 'Key': 'name', 'Values': ['my-secret'] },
{ 'Key': 'tag-key', 'Values': ['environment'] },
{ 'Key': 'tag-value', 'Values': ['development'] }
]
)
print("secrets_dict= " + str(secrets_dict))
Which should return something like this.
secrets_dict = {
'SecretList': [
{'ARN': 'arn:aws:secretsmanager:us-east-1:123456789012:secret:my-secret-tpNeXU',
'Name': 'my-secret',
'Description': 'my secret',
'LastChangedDate': datetime.datetime(2023, 9, 29, 6, 58, 4, 492000, tzinfo=tzlocal()),
'LastAccessedDate': datetime.datetime(2023, 10, 10, 19, 0, tzinfo=tzlocal()),
'Tags': [
{'Key': 'environment',
'Value': 'development'}
],
'SecretVersionsToStages': {'c0f9a13d-457a-4a66-a850-af29e54c1da5': ['AWSCURRENT']},
'CreatedDate': datetime.datetime(2023, 9, 29, 6, 58, 4, 455000, tzinfo=tzlocal())}],
'ResponseMetadata': {
'RequestId': '681e5f2f-8131-4369-80a7-700316249ae3',
'HTTPStatusCode': 200,
'HTTPHeaders': {
'x-amzn-requestid': '681e5f2f-8131-4369-80a7-700316249ae3',
'content-type': 'application/x-amz-json-1.1',
'content-length': '423',
'date': 'Wed, 11 Oct 2023 09:17:09 GMT'},
'RetryAttempts': 0
}
}
Almost always, this is just used to determine if the secret exists, so I typically do something like this.
import boto3
client = boto3.client('secretsmanager')
secrets_dict = client.list_secrets(
Filters = [
{ 'Key': 'name', 'Values': ['my-secret'] },
{ 'Key': 'tag-key', 'Values': ['environment'] },
{ 'Key': 'tag-value', 'Values': ['development'] }
]
)
if len(secrets_dict['SecretList']) == 0:
print("no results found")
elif len(secrets_dict['SecretList']) >= 2:
print("two or more results found")
else:
print("found one matching secret")
Did you find this article helpful?
If so, consider buying me a coffee over at