stackoom
  简体   繁体   中英

get all secrets from AWS secret manager

 原文  2018-08-20 11:12:49       amazon-web-services

Question

AWS has secret manager which stores secrets. It has the API to get individual secret. I want to fetch all the secrets related to an account at once. Any way we can achieve this?

3 answers

solution1
 3  2018-08-20 12:21:55

You can use the method ListSecrets to list all secret metadata excluding SecretString or SecretBinary.

solution2
 0  2019-04-03 03:21:53

'The encrypted fields SecretString and SecretBinary are not included in the output' in ListSecrets.

If you're trying to fetch all secret values then options might include:

1) Scripting list-secrets and get-secret-value to fetch all secret values. This example will be slow since it's using serial requests.

#!/usr/bin/env python3

import json
import subprocess

secrets = json.loads(subprocess.getoutput("aws secretsmanager list-secrets"))
for secret in secrets.values():
    for s in secret:
        name = s.get('Name')
        data = json.loads(subprocess.getoutput("aws secretsmanager get-secret-value --secret-id {}".format(name)))
        value = data.get('SecretString')
        print("{}: {}".format(name, value))

2) Use a 3rd party tools such as Summon with its AWS Provider which accepts secrets.yml file and makes async calls to inject secrets into the environment of whatever command you're calling.

solution3
 0  2021-06-25 15:38:53

I tried to list secrets names in my secrets manager using boto3 python: using list.secrets()

    secrets = secret_client.list_secrets()
    secrets_manager = (secrets['SecretList'])
    for secret in secrets_manager: 
        print ("{0}".format(secret['Name']))

The complete list was around 20, but the output was only around 5 secrets.

Updated the code to below, it worked:

secrets = secret_client.list_secrets()
secrets_manager = (secrets['SecretList'])
while "NextToken" in secrets:
    secrets = secret_client.list_secrets(NextToken=secrets["NextToken"])
    secrets_manager.extend(secrets['SecretList'])
for secret in secrets_manager: 
    print ("{0}".format(secret['Name']))

So basically, AWS secrets manager list.secrets() call paginates your output, so it is better to use 'NextToken' as mentioned in https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager.html#SecretsManager.Client.list_secrets

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to get all secrets from a different AWS accounts secret manager with Boto3? Get secrets from AWS Secret manager without passing access key and secret key from config Access AWS Secrets Manager secret from AWS Lambda with JS spring boot + load secret manager secrets from different AWS account How to get only one secret value from one secret key using the AWS plug in “AWS Secrets Manager- Get Secret” in Azure DevOps/Pipeline/Release AWS Secret Manager Lambda function to rotate secrets AWS Secrets Manager maximum number of versions for a secret Retrieve secrets from AWS Secrets Manager Get a secret from AWS secret manager using DefaultAWSCredentialsProviderChain AWS: How to get PHP on an EC2 instance to read a Secrets Manager secret?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM