-
Notifications
You must be signed in to change notification settings - Fork 0
/
get_secrets.py
64 lines (57 loc) · 2.9 KB
/
get_secrets.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
import boto3
import base64
from botocore.exceptions import ClientError
import json
import logging
logger = logging.getLogger()
logger.setLevel(logging.INFO)
logging.getLogger('boto3').setLevel(logging.WARNING)
logging.getLogger('botocore').setLevel(logging.WARNING)
# Use this code snippet in your app.
# If you need more information about configurations or implementing the sample code, visit the AWS docs:
# https://aws.amazon.com/developers/getting-started/python/
def get_secret(secret_name, region_name):
# Create a Secrets Manager client
session = boto3.session.Session()
client = session.client(
service_name='secretsmanager',
region_name=region_name
)
#https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets_cache-python.html
#See https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
try:
get_secret_value_response = client.get_secret_value(
SecretId=secret_name
)
except ClientError as e:
secret = None
if e.response['Error']['Code'] == 'DecryptionFailureException':
# Secrets Manager can't decrypt the protected secret text using the provided KMS key.
# Deal with the exception here, and/or rethrow at your discretion.
logger.exception(e)
elif e.response['Error']['Code'] == 'InternalServiceErrorException':
# An error occurred on the server side.
# Deal with the exception here, and/or rethrow at your discretion.
logger.exception(e)
elif e.response['Error']['Code'] == 'InvalidParameterException':
# You provided an invalid value for a parameter.
# Deal with the exception here, and/or rethrow at your discretion.
logger.exception(e)
elif e.response['Error']['Code'] == 'InvalidRequestException':
# You provided a parameter value that is not valid for the current state of the resource.
# Deal with the exception here, and/or rethrow at your discretion.
logger.exception(e)
elif e.response['Error']['Code'] == 'ResourceNotFoundException':
# We can't find the resource that you asked for.
# Deal with the exception here, and/or rethrow at your discretion.
logger.exception(e)
else:
# Decrypts secret using the associated KMS key.
# Depending on whether the secret is a string or binary, one of these fields will be populated.
if 'SecretString' in get_secret_value_response:
#secret = json.loads(get_secret_value_response['SecretString'])
secret = json.loads(get_secret_value_response['SecretString'])
else:
#secret = json.loads(base64.b64decode(get_secret_value_response['SecretBinary']))
secret = json.loads(base64.b64decode(get_secret_value_response['SecretBinary']))
return secret