stackoom
  简体   繁体   中英

How do I list deleted secrets in AWS Secrets Manager?

 原文  2020-11-27 13:31:24       amazon-web-services/ boto3/ aws-cli/ aws-secrets-manager

Question

Looking at the man page for list-secrets , there is no special options to show deleted or not. It does not list deleted secrets. However, the output definition includes a "DeletedDate" timestamp.

The ListSecrets API does not show any option for deleted secrets. But again the response includes a DeletedDate.

The boto3 docs for list_secrets() are the same.

However, in the AWS console I can see deleted secrets. A quick look at the dev tools and I can see my request payload to the Secrets Manager endpoint looks like:

{
  "method": "POST",
  "path": "/",
  "headers": {
    "Content-Type": "application/x-amz-json-1.1",
    "X-Amz-Target": "secretsmanager.ListSecrets",
    "X-Amz-Date": "Fri, 27 Nov 2020 13:19:06 GMT"
  },
  "operation": "ListSecrets",
  "content": {
    "MaxResults": 100,
    "IncludeDeleted": true,
    "SortOrder": "asc"
  },
  "region": "eu-west-2"
}

Is there any way to pass "IncludeDeleted": true to the CLI?

Is this a bug? Where do I report it? (I know there is a cloudformation bug tracker on github, I assume secretsmanager would have something similar somewhere..?)

1 answers

solution1
 0  2021-07-05 11:48:31

Save the following file to ~/.aws/models/secretsmanager/2017-10-17/service-2.sdk-extra.json :

{
  "version": 1.0,
  "merge": {
    "shapes": {
      "ListSecretsRequest": {
        "members": {
          "IncludeDeleted": {
            "shape": "BooleanType",
            "documentation": "<p>If set, includes secrets that are disabled.</p>"
          }
        }
      }
    }
  }
}

Then you can list secrets with the CLI as follows:

aws secretsmanager list-secrets --include-deleted

or with boto3:

import boto3


 def list_secrets(session, **kwargs):
     client = session.client("secretsmanager")

     for page in client.get_paginator("list_secrets").paginate(, **kwargs):
         yield from page["SecretList"]


 if __name__ == "__main__":
     session = boto3.Session()

     for secret in list_secrets(session, IncludeDeleted=True):
         if "DeletedDate" in secret:
             print(secret)

This is using the botocore loader mechanism to augment the service model for Secrets Manager, and tell boto3 that "IncludeDeleted" is a parameter for the ListSecrets API.

If you want more detail, I've just posted a blog post explaining what else I tried and how I got to this solution – and thanks to OP, whose dev tool experiments were a useful clue.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do I grant a rotation Lambda access to AWS Secrets Manager How to store multiple secrets in AWS Secrets Manager? Create secrets in AWS Secrets Manager How to create many secrets in AWS secrets manager using terraform aws - secrets manager - how to secure secrets when I want to access from ec2? AWS Secrets Manager and javascript Aws secrets manager Retrieve secrets from AWS Secrets Manager How to find the cache location for AWS Secrets Manager How to integrate Spring Cloud with AWS Secrets Manager?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM