Home Whiteboard Practice Code Graphing Calculator Online Compilers Articles Tools
Tutorials Courses Jobs

How to use Boto3 to store a new secret in a specific location in AWS Secret Manager

AWS Boto3 Python Server Side Programming Programming

AWS Secrets Manager is a service for securely storing and managing sensitive information like API keys, database credentials, and other secrets. Using the boto3 library in Python, you can programmatically store new secrets in specific locations within AWS Secrets Manager.

Prerequisites

Before storing secrets, ensure you have ?

  • AWS credentials configured (via AWS CLI, IAM roles, or environment variables)
  • Appropriate IAM permissions for Secrets Manager operations
  • The boto3 library installed: pip install boto3

Algorithm to Store a New Secret

  • Step 1: Import boto3 and botocore exceptions to handle errors properly.

  • Step 2: Define the secret location (SecretId) and secret value as a JSON string.

  • Step 3: Create an AWS session using boto3. Ensure the region is specified in your AWS configuration.

  • Step 4: Create a Secrets Manager client using the session.

  • Step 5: Call put_secret_value() with the SecretId and SecretString parameters.

  • Step 6: Handle exceptions for robust error management.

Example Implementation

Here's how to store a new secret in AWS Secrets Manager ?

import boto3
from botocore.exceptions import ClientError

def store_new_secret_details(secret_stored_location, secret_key_pair):
    session = boto3.session.Session()
    secrets_client = session.client('secretsmanager')
    try:
        response = secrets_client.put_secret_value(
            SecretId=secret_stored_location,
            SecretString=secret_key_pair
        )
        return response
    except ClientError as e:
        raise Exception("boto3 client error in store_new_secret_details: " + str(e))
    except Exception as e:
        raise Exception("Unexpected error in store_new_secret_details: " + str(e))

# Store a new secret
result = store_new_secret_details('/secrets/aws', '{"user_test2":"test2"}')
print(result)

Output

The function returns metadata about the stored secret ?

{
    'ARN': 'arn:aws:secretsmanager:us-east-1:***************:secret:/secrets/aws-wr1Aj6',
    'Name': '/secrets/aws',
    'VersionId': 'f5308bed-7c23-4d47-a32b-8f2a5f044e53',
    'VersionStages': ['AWSCURRENT'],
    'ResponseMetadata': {
        'RequestId': 'b32fe48d**************ab',
        'HTTPStatusCode': 200,
        'HTTPHeaders': {
            'date': 'Sat, 03 Apr 2021 09:40:48 GMT',
            'content-type': 'application/x-amz-json-1.1',
            'content-length': '197'
        },
        'RetryAttempts': 0
    }
}

Key Parameters

Parameter Description Required
SecretId The name or ARN of the secret Yes
SecretString The secret value as a JSON string Yes
VersionStage Version stage (defaults to AWSCURRENT) No

Best Practices

  • Always store secrets as JSON strings for better structure
  • Use meaningful secret names with proper namespacing (e.g., /app/database/credentials)
  • Implement proper error handling for network and permission issues
  • Consider using IAM roles instead of hardcoded credentials

Conclusion

Using boto3.put_secret_value(), you can programmatically store secrets in AWS Secrets Manager with proper error handling. This approach provides a secure way to manage sensitive information in your AWS infrastructure.

Updated on: 2026-03-25T19:03:47+05:30

312 Views

Kickstart Your Career

Get certified by completing the course

Get Started
Advertisements