secret_manager¶
AWS Secret Manager support.
- class pysecret.aws.secret_manager.Secret(ARN: str, Name: str, VersionId: Optional[str] = None, CreatedDate: Optional[datetime.datetime] = None, SecretBinary: Optional[bytes] = None, SecretString: Optional[str] = None, VersionStages: List[str] = <factory>)[source]¶
AWS Secret Manager secret object.
The camel case attributes are raw value from AWS API.
The snake case attributes are user-friendly accessor to the data.
only one of
SecretBinary
orSecretString
could exist.- if you know what data type to expect in the secret, please use
Secret.binary()
,Secret.string()
,Secret.json_dict()
,Secret.json_list()
to access the data.
- classmethod load(sm_client, name_or_arn: str, version_id: Optional[str] = None, version_stage: Optional[str] = None) Optional[pysecret.aws.secret_manager.Secret] [source]¶
Load secret data.
Ref:
describe_secret: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager.html#SecretsManager.Client.describe_secret
get_secret_value: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager.html#SecretsManager.Client.get_secret_value
list_secret_version_ids: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager.html#SecretsManager.Client.list_secret_version_ids
- pysecret.aws.secret_manager.deploy_secret(sm_client, name_or_arn: str, data: Union[bytes, str, list, dict, Any], description: Optional[str] = None, kms_key_id: Optional[str] = None, tags: Optional[Dict[str, str]] = None, add_replica_regions: Optional[List[Dict[str, str]]] = None, force_overwrite_replica_secret: Optional[bool] = None, client_request_token: Optional[str] = None, skip_if_duplicated: bool = True) Optional[pysecret.aws.secret_manager.Secret] [source]¶
Create or Update an AWS Secret.
create_secret: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager.html#SecretsManager.Client.create_secret
update_secret: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager.html#SecretsManager.Client.update_secret
untag_resource: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager.html#SecretsManager.Client.untag_resource
Note:
secret manager can only add tag in creation, update_secret doesn’t support tagging, this function will automatically call
tag_resource
API when needed.- Parameters
sm_client – the boto3 secretmanager client.
name_or_arn – name or the ARN of this secret.
data – secret data you want to store, currently it supports bytes, string, json serializable dict or list.
description – description of this secret.
kms_key_id – the KMS key id you want to use for encryption, by default it uses the AWS managed KMS key.
tags – the key value pair of the AWS resource tags.
add_replica_regions – see official document.
force_overwrite_replica_secret – see official document.
client_request_token – see official document.
skip_if_duplicated – default True, if True, will compare the secret data to the existing one before deployment. If they are the same, then no deployment happens.
- Returns
None or an
Secret
object, None means that the deployment doesn’t happen.
- pysecret.aws.secret_manager.delete_secret(sm_client, name_or_arn: str, recovery_window_in_days: Optional[int] = None, force_delete_without_recovery: Optional[bool] = None) bool [source]¶
Delete a Secret.
Ref:
delete_secret: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager.html#SecretsManager.Client.delete_secret
- Parameters
sm_client – the boto3 secretmanager client.
name_or_arn – name or the ARN of this secret.
recovery_window_in_days – see official document.
force_delete_without_recovery – see official document.
- Returns
a boolean value to indicate whether a deletion happened.