- Trending Categories
- Data Structure
- Networking
- RDBMS
- Operating System
- Java
- MS Excel
- iOS
- HTML
- CSS
- Android
- Python
- C Programming
- C++
- C#
- MongoDB
- MySQL
- Javascript
- PHP
- Physics
- Chemistry
- Biology
- Mathematics
- English
- Economics
- Psychology
- Social Studies
- Fashion Studies
- Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
How to use Boto3 to get the secret keys saved as plain text from AWS Secret Manager
Problem Statement: Use boto3 library in Python to get secret keys from AWS Secret Manager
Approach/Algorithm to solve this problem
Step 1: Import boto3 and botocore exceptions to handle exceptions.
Step 2: secret_stored_location is the required parameter. It is a place where secrets are saved.
Step 3: Create an AWS session using boto3 lib. Make sure region_name is mentioned in the default profile. If it is not mentioned, then explicitly pass the region_name while creating the session.
Step 4: Create an AWS client for secretmanager.
Step 5: Call get_secret_value and pass the secret_stored_location as SecretId.
Step 6: It returns all the secrets that are present without encryption in the given location.
Step 7: Handle the generic exception if something went wrong while retrieving values.
Example Code
Use the following code to get the plain text secret from AWS Secret Manager −
import boto3 from botocore.exceptions import ClientError def get_secret_details(secret_stored_location): session = boto3.session.Session() s3_client = session.client('secretmanager') try: response = s3_client.get_secret_value(SecretId=secret_stored_location) return response except ClientError as e: raise Exception("boto3 client error in get_secret_details: " + e.__str__()) except Exception as e: raise Exception("Unexpected error in get_secret_details: " + e.__str__()) a = get_secret_details('/secrets/aws') print(a['SecretString'])
Output
{"aws.user":"SERVICE_USER","aws.accesskey":"I**************"}