Created
July 9, 2020 07:11
-
-
Save vinodjayachandran/05c4ec0d782147c4b527cb5d76f1669e to your computer and use it in GitHub Desktop.
Fetch secrets from AWS Secret Manager
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| from botocore.exceptions import ClientError | |
| def get_secret(): | |
| secret_name = "mysql/lowes-matching-prod/demo" | |
| region_name = "us-west-2" | |
| session = boto3.session.Session() | |
| client = session.client( | |
| service_name='secretsmanager', | |
| region_name=region_name, | |
| ) | |
| try: | |
| get_secret_value_response = client.get_secret_value( | |
| SecretId=secret_name | |
| ) | |
| except ClientError as e: | |
| if e.response['Error']['Code'] == 'ResourceNotFoundException': | |
| print("The requested secret " + secret_name + " was not found") | |
| elif e.response['Error']['Code'] == 'InvalidRequestException': | |
| print("The request was invalid due to:", e) | |
| elif e.response['Error']['Code'] == 'InvalidParameterException': | |
| print("The request had invalid params:", e) | |
| else: | |
| # Secrets Manager decrypts the secret value using the associated KMS CMK | |
| # Depending on whether the secret was a string or binary, only one of these fields will be populated | |
| if 'SecretString' in get_secret_value_response: | |
| text_secret_data = get_secret_value_response['SecretString'] | |
| return json.loads(text_secret_data) | |
| else: | |
| raise Exception("Invalid response") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment