-
Notifications
You must be signed in to change notification settings - Fork 0
AWS Secret Manger
Changxing Cao edited this page May 9, 2018
·
8 revisions
https://aws.amazon.com/secrets-manager/
We can use this AWS service to store important credential. Currently, we store the credential of MongoDB there.
The code snippet of retrieving credential in python:
import boto3
from botocore.exceptions import ClientError
def get_secret():
secret_name = "mongodb_credential"
endpoint_url = "https://secretsmanager.us-east-1.amazonaws.com"
region_name = "us-east-1"
session = boto3.session.Session()
client = session.client(
service_name='secretsmanager',
region_name=region_name,
endpoint_url=endpoint_url
)
try:
get_secret_value_response = client.get_secret_value(
SecretId=secret_name
)
except ClientError as e:
if e.response['Error']['Code'] == 'ResourceNotFoundException':
print("The requested secret " + secret_name + " was not found")
elif e.response['Error']['Code'] == 'InvalidRequestException':
print("The request was invalid due to:", e)
elif e.response['Error']['Code'] == 'InvalidParameterException':
print("The request had invalid params:", e)
else:
# Decrypted secret using the associated KMS CMK
# Depending on whether the secret was a string or binary, one of these fields will be populated
if 'SecretString' in get_secret_value_response:
secret = get_secret_value_response['SecretString']
else:
binary_secret_data = get_secret_value_response['SecretBinary']
# Your code goes here. The code snippet of retrieving credential in Javascript:
// Load the AWS SDK
var AWS = require('aws-sdk'),
endpoint = "https://secretsmanager.us-east-1.amazonaws.com",
region = "us-east-1",
secretName = "mongodb_credential",
secret,
binarySecretData;
// Create a Secrets Manager client
var client = new AWS.SecretsManager({
endpoint: endpoint,
region: region
});
client.getSecretValue({SecretId: secretName}, function(err, data) {
if(err) {
if(err.code === 'ResourceNotFoundException')
console.log("The requested secret " + secretName + " was not found");
else if(err.code === 'InvalidRequestException')
console.log("The request was invalid due to: " + err.message);
else if(err.code === 'InvalidParameterException')
console.log("The request had invalid params: " + err.message);
}
else {
// Decrypted secret using the associated KMS CMK
// Depending on whether the secret was a string or binary, one of these fields will be populated
if(data.SecretString !== "") {
secret = data.SecretString;
} else {
binarySecretData = data.SecretBinary;
}
}
// Your code goes here.
});