Aller au contenu

Secrets Manager

get_secret

Python
get_secret(secret_name, region_name)

Récupère un secret depuis AWS Secrets Manager.

Parameters:

Name Type Description Default
secret_name str

Nom du secret.

 required
region_name str

Région AWS où est stocké le secret.

 required

Returns:

Name Type Description
str

Contenu du secret (SecretString).

Raises:

Type Description
ClientError

En cas d'erreur côté AWS (réémise après traitement par cas).
Source code in cmpparis/sm_utils.py
Python
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
def get_secret(secret_name, region_name):
    """Récupère un secret depuis AWS Secrets Manager.

    Args:
        secret_name (str): Nom du secret.
        region_name (str): Région AWS où est stocké le secret.

    Returns:
        str: Contenu du secret (SecretString).

    Raises:
        ClientError: En cas d'erreur côté AWS (réémise après traitement par cas).
    """

    # Create a Secrets Manager client
    session = boto3.session.Session()
    client = session.client(
        service_name='secretsmanager',
        region_name=region_name
    )

    # In this sample we only handle the specific exceptions for the 'GetSecretValue' API.
    # See XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    # We rethrow the exception by default.

    try:
        get_secret_value_response = client.get_secret_value(
            SecretId=secret_name
        )
    except ClientError as e:
        if e.response['Error']['Code'] == 'DecryptionFailureException':
            # Secrets Manager can't decrypt the protected secret text using the provided KMS key.
            # Deal with the exception here, and/or rethrow at your discretion.
            raise e
        elif e.response['Error']['Code'] == 'InternalServiceErrorException':
            # An error occurred on the server side.
            # Deal with the exception here, and/or rethrow at your discretion.
            raise e
        elif e.response['Error']['Code'] == 'InvalidParameterException':
            # You provided an invalid value for a parameter.
            # Deal with the exception here, and/or rethrow at your discretion.
            raise e
        elif e.response['Error']['Code'] == 'InvalidRequestException':
            # You provided a parameter value that is not valid for the current state of the resource.
            # Deal with the exception here, and/or rethrow at your discretion.
            raise e
        elif e.response['Error']['Code'] == 'ResourceNotFoundException':
            # We can't find the resource that you asked for.
            raise e

    secret = get_secret_value_response['SecretString']

    return secret