How to use aws Secrets Manager with Python
2 min readMay 22, 2021
String api key SECURELY is a big headache for many, but not to worry, AWS has a great service for that
AWS Secret store
This is a really simple yet safe solution to the permission problem
Create Secret
- go to secrets manager console
2. click “store a new secret”
3. fill in the secret (can change later)
4. leave the rotation blank for now
5. done, record the secret ARN
Create IAM policy for caller
go to iamConsole>Policies>createPolicy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret"
],
"Resource": <arn from secretsManager>
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "secretsmanager:ListSecrets",
"Resource": "*"
}
]
}
put in your secret arn from the secret manager console
Get the secret value
using nicHelper (boto3 backend)
from nicHelper.secrets import getSecret
getSecret('superSecret', region='us-east-1')
{'apikey': 'supersecretkey'}
colab
using Boto3
session = boto3.session.Session()
client = session.client(
service_name='secretsmanager',
region_name=region
)
get_secret_value_response = client.get_secret_value(
SecretId=name
)
json.loads(get_secret_value_response['SecretString'])