GitLocker: The Coding Marketplace

Description:

getawssecret 0.2.0b3

Get AWS Secret
Simplify retrieval of secrets from AWS SecretsManager. Optionally auto-memoize secrets in environment variables to improve performance and reduce costs.

We built this library in Hackt to support local development of internal projects and public apps in our catalog. Learn more about other open-source libraries on lib.hackt.app.

Runtime support

This is the Python runtime library, compatible with Python3.6+. Currently there isn't support for other runtimes. A Javascript/nodejs version is planned, but unscheduled.

Installation and Usage
Install with pip: pip install get-aws-secret
from get_aws_secret import get_secret

secret_val = get_secret('MY_SECRET_DATA')

The get_secret method also accepts a secret ARN:
secret_val = get_secret('arn:aws:secretsmanager:us-east-1:123456789012:secret:MY_SECRET_DATA')

Auto-load JSON strings
Secrets with JSON-like strings can be automatically loaded by setting load_json argument to True. The default behavior is False (i.e. always returns a string, without attempting to load any JSON).
from get_aws_secret import get_secret

# MY_SECRET_JSON_DATA = '{"data": "foobar"}' (str)

secret_val = get_secret('MY_SECRET_JSON_DATA', load_json=True)

# Returns a dict, instead of str: {'data': 'foobar'}

If load_json=True and the secret value isn't a JSON-compatible string, it returns the string without raising exceptions:
from get_aws_secret import get_secret

# MY_SECRET_PLAIN_DATA = 'just plain text' (str)

secret_val = get_secret('MY_SECRET_PLAIN_DATA', load_json=True)

# Returns a string: 'just plain text'

Memoization
The library can automatically set the secret as environment variable and retrieve from there in subsequent requests.
from get_aws_secret import get_secret

secret_val = get_secret('MY_SECRET_DATA', memoize=True)

In the first run, setting memoize=True is equivalent to running os.environ['MY_SECRET_DATA'] = secret_val after retrieving the secret.
In subsequent calls with memoize=True, the function will find MY_SECRET_DATA in os.environ and retrieve it locally . In other words, it won't hit the AWS endpoints (saves a few milliseconds and cents).
It's possible to set the behavior of memoize=True (in fact, any other get_value argument) as the default for all requests without explicit argument:
from get_aws_secret import get_secret_fix_args

get_secret = get_secret_fix_args(memoize=True)

secret_val = get_secret('MY_SECRET_DATA')

Custom boto3.client
Optionally, set a custom boto3.client with:
import boto3
from get_aws_secret import get_secret_fix_args

client = boto3.client('secretsmanager', region_name='my-region-1')

get_secret = get_secret_fix_args(client=client)

secret_val = get_secret('MY_SECRET_DATA')

License
This library is licensed under Apache 2.0.

Contributor guide
Please check out guidelines in the repository wiki.

Acknowledgements
Published & supported by Hackt App
Logos provided by Clearbit