How to use Boto3 to get a list of all secrets in AWS Secret Manager

AWS Secrets Manager is a service that helps you protect secrets needed to access your applications. Using boto3, Python's AWS SDK, you can retrieve a list of all secrets stored in your AWS account programmatically.

Prerequisites

Before running the code, ensure you have −

• AWS credentials configured (via AWS CLI, IAM roles, or environment variables)

• boto3 library installed: pip install boto3

• Appropriate IAM permissions for secretsmanager:ListSecrets

Basic Example

Here's how to get all secrets using the list_secrets() method ?

import boto3
from botocore.exceptions import ClientError

def get_all_secrets():
    session = boto3.session.Session()
    client = session.client('secretsmanager')
    try:
        response = client.list_secrets()
        return response
    except ClientError as e:
        raise Exception("boto3 client error in get_all_secrets: " + str(e))
    except Exception as e:
        raise Exception("Unexpected error in get_all_secrets: " + str(e))

# Get all secrets and print their names
secrets_response = get_all_secrets()
print("All secrets in AWS Secrets Manager:")
for secret in secrets_response['SecretList']:
    print(f"- {secret['Name']}")

All secrets in AWS Secrets Manager:
- database/credentials
- api/keys
- app/config

Extracting Specific Information

You can extract additional metadata from each secret ?

import boto3
from datetime import datetime

def get_secrets_details():
    client = boto3.client('secretsmanager')
    response = client.list_secrets()
    
    secrets_info = []
    for secret in response['SecretList']:
        info = {
            'Name': secret['Name'],
            'ARN': secret['ARN'],
            'Description': secret.get('Description', 'No description'),
            'LastChanged': secret.get('LastChangedDate', 'Unknown')
        }
        secrets_info.append(info)
    
    return secrets_info

# Display detailed information
secrets = get_secrets_details()
for secret in secrets:
    print(f"Name: {secret['Name']}")
    print(f"Description: {secret['Description']}")
    print(f"Last Changed: {secret['LastChanged']}")
    print("-" * 40)

Name: database/credentials
Description: Database connection credentials
Last Changed: 2024-01-15 10:30:45.123000+00:00
----------------------------------------
Name: api/keys
Description: API authentication keys
Last Changed: 2024-01-10 08:15:22.456000+00:00
----------------------------------------

Handling Pagination

For accounts with many secrets, use pagination to retrieve all results ?

import boto3

def get_all_secrets_paginated():
    client = boto3.client('secretsmanager')
    paginator = client.get_paginator('list_secrets')
    
    all_secrets = []
    for page in paginator.paginate():
        all_secrets.extend(page['SecretList'])
    
    return all_secrets

# Get all secrets with pagination
all_secrets = get_all_secrets_paginated()
print(f"Total secrets found: {len(all_secrets)}")

# Display first 5 secret names
for i, secret in enumerate(all_secrets[:5]):
    print(f"{i+1}. {secret['Name']}")

Total secrets found: 15
1. app/database/prod
2. app/database/staging
3. api/external/service1
4. api/external/service2
5. certificates/ssl/domain1

Key Points

• The list_secrets() method returns metadata, not the actual secret values

• Use get_secret_value() to retrieve actual secret content

• Handle pagination for accounts with many secrets (>100)

• Always include proper error handling for AWS API calls

Conclusion

Using boto3's list_secrets() method provides an efficient way to retrieve all secrets metadata from AWS Secrets Manager. Remember to handle pagination for large numbers of secrets and implement proper error handling for production applications.