How to use aws Secrets Manager with Python
2 min readMay 22, 2021
String api key SECURELY is a big headache for many, but not to worry, AWS has a great service for that
AWS Secret store
This is a really simple yet safe solution to the permission problem
Create Secret
- go to secrets manager console
Press enter or click to view image in full size![]()
2. click “store a new secret”
Press enter or click to view image in full size![]()
3. fill in the secret (can change later)
Press enter or click to view image in full size![]()
4. leave the rotation blank for now
Press enter or click to view image in full size![]()
5. done, record the secret ARN
Press enter or click to view image in full size![]()
Create IAM policy for caller
go to iamConsole>Policies>createPolicy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret"
],
"Resource": <arn from secretsManager>
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "secretsmanager:ListSecrets",
"Resource": "*"
}
]
}put in your secret arn from the secret manager console
Get the secret value
using nicHelper (boto3 backend)
from nicHelper.secrets import getSecret
getSecret('superSecret', region='us-east-1'){'apikey': 'supersecretkey'}
colab
using Boto3
session = boto3.session.Session()
client = session.client(
service_name='secretsmanager',
region_name=region
)
get_secret_value_response = client.get_secret_value(
SecretId=name
)
json.loads(get_secret_value_response['SecretString'])
