How to use aws Secrets Manager with Python

Nic Wanavit
2 min readMay 22, 2021

--

String api key SECURELY is a big headache for many, but not to worry, AWS has a great service for that

AWS Secret store

This is a really simple yet safe solution to the permission problem

Create Secret

  1. go to secrets manager console
secrets manager console

2. click “store a new secret”

store a new secret

3. fill in the secret (can change later)

4. leave the rotation blank for now

5. done, record the secret ARN

Create IAM policy for caller

go to iamConsole>Policies>createPolicy

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret"
],
"Resource": <arn from secretsManager>
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "secretsmanager:ListSecrets",
"Resource": "*"
}
]
}

put in your secret arn from the secret manager console

Get the secret value

using nicHelper (boto3 backend)

from nicHelper.secrets import getSecret
getSecret('superSecret', region='us-east-1')

{'apikey': 'supersecretkey'}

colab

using Boto3

session = boto3.session.Session()
client = session.client(
service_name='secretsmanager',
region_name=region
)

get_secret_value_response = client.get_secret_value(
SecretId=name
)

json.loads(get_secret_value_response['SecretString'])

--

--