carlogtt_python_library.aws_boto3.secrets_manager module

This module …

class carlogtt_python_library.aws_boto3.secrets_manager.SecretsManager(aws_region_name: str, *, aws_profile_name: str | None = None, aws_access_key_id: str | None = None, aws_secret_access_key: str | None = None, aws_session_token: str | None = None, caching: bool = False, client_parameters: dict[str, Any] | None = None)[source]

Bases: AwsServiceBase[SecretsManagerClient]

The SecretsManager class provides a simplified interface for interacting with Amazon SecretsManager services within a Python application.

It includes an option to cache the client session to minimize the number of AWS API call.

Parameters:

  • aws_region_name – The name of the AWS region where the service is to be used. This parameter is required to configure the AWS client.

  • aws_profile_name – The name of the AWS profile to use for credentials. This is useful if you have multiple profiles configured in your AWS credentials file. Default is None, which means the default profile or environment variables will be used if not provided.

  • aws_access_key_id – The AWS access key ID for programmatically accessing AWS services. This parameter is optional and only needed if not using a profile from the AWS credentials file.

  • aws_secret_access_key – The AWS secret access key corresponding to the provided access key ID. Like the access key ID, this parameter is optional and only needed if not using a profile.

  • aws_session_token – The AWS temporary session token corresponding to the provided access key ID. Like the access key ID, this parameter is optional and only needed if not using a profile.

  • caching – Determines whether to enable caching for the client session. If set to True, the client session will be cached to improve performance and reduce the number of API calls. Default is False.

  • client_parameters – A key-value pair object of parameters that will be passed to the low-level service client.

delete_secret(secret_id: str, recovery_days: int = 30, force_delete: bool = False) DeleteSecretResponseTypeDef[source]

Deletes a secret from AWS Secrets Manager. This method supports both immediate deletion and scheduled deletion.

Parameters:

  • secret_id – The ARN (Amazon Resource Name) or name of the secret to delete. For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.

  • recovery_days – The number of days that Secrets Manager waits before permanently deleting the secret. This parameter is ignored if force_delete is set to True. Default is 30 days.

  • force_delete – If set to True, the secret is immediately deleted without any recovery window. Default is False.

Returns:

A dictionary with the deletion response. The structure of the response is defined by the DeleteSecretResponseTypeDef.

Raises:

SecretsManagerError – If operation fails.

get_all_secrets() list[SecretListEntryTypeDef][source]

Retrieves a list of all secrets stored in AWS Secrets Manager.

This method paginates through the secrets if the number of secrets exceeds the max results per request, ensuring all secrets are retrieved.

Returns:

A list of dictionaries, where each dictionary represents a secret stored in AWS Secrets Manager. The structure of each dictionary is defined by the SecretListEntryTypeDef.

Raises:

SecretsManagerError – If operation fails.

get_secret(secret_id: str, **kwargs) dict[str, str] | None[source]

Get secret from AWS Secrets Manager. Retrieves the contents of the encrypted fields from the specified secret_id.

Parameters:

  • secret_id – The ARN (Amazon Resource Name) or name of the secret to retrieve. For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.

  • kwargs – Any other param passed to the underlying boto3.

Returns:

A dictionary containing the secret’s contents. In cases where the secret is not found, an empty dictionary is returned.

Raises:

SecretsManagerError – If operation fails.

get_secret_password(secret_id: str, **kwargs) str[source]

Get secret from AWS Secrets Manager. Return ONLY the value of the ‘password’ field!

Parameters:

  • secret_id – The ARN (Amazon Resource Name) or name of the secret to retrieve. For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.

  • kwargs – Any other param passed to the underlying boto3.

Returns:

ONLY the value of the ‘password’ field!

Raises:

SecretsManagerError – If operation fails.