secret_manager - pysecret 2.2.4 documentation

class pysecret.aws.secret_manager.Secret(ARN: str, Name: str, VersionId: Optional[str] = None, CreatedDate: Optional[datetime.datetime] = None, SecretBinary: Optional[bytes] = None, SecretString: Optional[str] = None, VersionStages: List[str] = <factory>)[source]¶

AWS Secret Manager secret object.

The camel case attributes are raw value from AWS API.
The snake case attributes are user-friendly accessor to the data.
only one of SecretBinary or SecretString could exist.
if you know what data type to expect in the secret, please use
Secret.binary(), Secret.string(), Secret.json_dict(), Secret.json_list() to access the data.

property fingerprint: bytes¶: The fingerprint of the content. Can be used for comparison.

classmethod load(sm_client, name_or_arn: str, version_id: Optional[str] = None, version_stage: Optional[str] = None) → Optional[pysecret.aws.secret_manager.Secret][source]¶

Load secret data.

Ref:

property binary: bytes¶: The binary user data.

property string: str¶: The string user data.

property json_dict: dict¶: The python dict user data.

property json_list: list¶: The python list user data.

property aws_account_id: str¶: The aws account id of this secret.

property aws_region: str¶: The aws region of this secret.

pysecret.aws.secret_manager.deploy_secret(sm_client, name_or_arn: str, data: Union[bytes, str, list, dict, Any], description: Optional[str] = None, kms_key_id: Optional[str] = None, tags: Optional[Dict[str, str]] = None, add_replica_regions: Optional[List[Dict[str, str]]] = None, force_overwrite_replica_secret: Optional[bool] = None, client_request_token: Optional[str] = None, skip_if_duplicated: bool = True) → Optional[pysecret.aws.secret_manager.Secret][source]¶

Create or Update an AWS Secret.

Note:

secret manager can only add tag in creation, update_secret doesn’t support tagging, this function will automatically call tag_resource API when needed.

Parameters

sm_client – the boto3 secretmanager client.
name_or_arn – name or the ARN of this secret.
data – secret data you want to store, currently it supports bytes, string, json serializable dict or list.
description – description of this secret.
kms_key_id – the KMS key id you want to use for encryption, by default it uses the AWS managed KMS key.
tags – the key value pair of the AWS resource tags.
add_replica_regions – see official document.
force_overwrite_replica_secret – see official document.
client_request_token – see official document.
skip_if_duplicated – default True, if True, will compare the secret data to the existing one before deployment. If they are the same, then no deployment happens.

Returns

None or an Secret object, None means that the deployment doesn’t happen.

pysecret.aws.secret_manager.delete_secret(sm_client, name_or_arn: str, recovery_window_in_days: Optional[int] = None, force_delete_without_recovery: Optional[bool] = None) → bool[source]¶

Delete a Secret.

Ref:

delete_secret: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager.html#SecretsManager.Client.delete_secret

Parameters

sm_client – the boto3 secretmanager client.
name_or_arn – name or the ARN of this secret.
recovery_window_in_days – see official document.
force_delete_without_recovery – see official document.

Returns

a boolean value to indicate whether a deletion happened.

secret_manager¶