Bootstrap FreeKB - Amazon Web Services (AWS) - List Secrets from AWS Secrets Manager using Python boto3
Amazon Web Services (AWS) - List Secrets from AWS Secrets Manager using Python boto3

Updated:   |  Amazon Web Services (AWS) articles

This assumes you are familar with the basic configurations needed to connect to Amazon Web Services (AWS) using Python boto3. If not, check out my article Python (Scripting) - Getting Started with Amazon Web Services (AWS) boto3.

Here is the minimal boilerplate code without any error handling to list all of your secrets.

#!/usr/bin/python3
import boto3

client = boto3.client('secretsmanager')

secrets_dict = client.list_secrets()

print(f"secrets_dict = {secrets_dict}")

 

In this example, only secrets containing name "foo" will be returned. It's important to recognize that if you have both foo and foo2, both secrets will be included in the response.

#!/usr/bin/python3
import boto3

client = boto3.client('secretsmanager')

secrets_dict = client.list_secrets(
  Filters = [
    { 'Key': 'name', 'Values': ['my-secret'] }
  ]
)

print(f"secrets_dict = {secrets_dict}")

 

Here is a more practical example, with try/except/else error handling.

#!/usr/bin/python3
import boto3
import sys

try:
  client = boto3.client('secretsmanager')
except Exception as exception:
  print(exception)
  sys.exit(1)

try:
  secrets_dict = client.list_secrets(
    Filters = [
      { 'Key': 'name', 'Values': ['my-secret'] }
    ]
  )
except Exception as exception:
  print(exception)
else:
  print(f"secrets_dict = {secrets_dict}")

 

And here is how you can filter the results to only the secret named my-secret that has tag environment development.

import boto3

client = boto3.client('secretsmanager')

secrets_dict = client.list_secrets(
  Filters = [
    { 'Key': 'name',      'Values': ['my-secret'] },
    { 'Key': 'tag-key',   'Values': ['environment'] },
    { 'Key': 'tag-value', 'Values': ['development'] }
  ]
)

print("secrets_dict= " + str(secrets_dict))

 

Which should return something like this.

secrets_dict = {
  'SecretList': [
    {'ARN': 'arn:aws:secretsmanager:us-east-1:123456789012:secret:my-secret-tpNeXU', 
     'Name': 'my-secret', 
     'Description': 'my secret', 
     'LastChangedDate': datetime.datetime(2023, 9, 29, 6, 58, 4, 492000, tzinfo=tzlocal()), 
     'LastAccessedDate': datetime.datetime(2023, 10, 10, 19, 0, tzinfo=tzlocal()), 
     'Tags': [
        {'Key': 'environment', 
         'Value': 'development'}
     ], 
     'SecretVersionsToStages': {'c0f9a13d-457a-4a66-a850-af29e54c1da5': ['AWSCURRENT']}, 
     'CreatedDate': datetime.datetime(2023, 9, 29, 6, 58, 4, 455000, tzinfo=tzlocal())}], 
     'ResponseMetadata': {
       'RequestId': '681e5f2f-8131-4369-80a7-700316249ae3', 
       'HTTPStatusCode': 200, 
       'HTTPHeaders': {
         'x-amzn-requestid': '681e5f2f-8131-4369-80a7-700316249ae3', 
         'content-type': 'application/x-amz-json-1.1', 
         'content-length': '423', 
         'date': 'Wed, 11 Oct 2023 09:17:09 GMT'}, 
         'RetryAttempts': 0
        }
}

 

Almost always, this is just used to determine if the secret exists, so I typically do something like this.

import boto3

client = boto3.client('secretsmanager')

secrets_dict = client.list_secrets(
  Filters = [
    { 'Key': 'name',      'Values': ['my-secret'] },
    { 'Key': 'tag-key',   'Values': ['environment'] },
    { 'Key': 'tag-value', 'Values': ['development'] }
  ]
)

if len(secrets_dict['SecretList']) == 0:
  print("no results found")
elif len(secrets_dict['SecretList']) >= 2:
  print("two or more results found")
else:
  print("found one matching secret")

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter 7bfd59 in the box below so that we can be sure you are a human.