right way to implement secrets caching in aws secrets manager
Question
Hi I have implemented secrets caching as per this repo . Essentially added the following piece of code:
session = boto3.session.Session()
client = session.client(
service_name='secretsmanager',
region_name=region_name
)
try:
# create a cache
cache_config = SecretCacheConfig(secret_refresh_interval=14400) # refresh cache every 4 hours
cache = SecretCache(config=cache_config, client=client)
# get secret string from the cache
get_secret_value_response = cache.get_secret_string(secret_name)
except ClientError as e:
raise e
But I am unsure if it is working, as the time taken by api call on subsequent requests has not decreased. It still stays the same (roughly) to what it was before caching.
Is there a way to verify to if caching is working or is it the right way to implement it?
--- Edit Before caching I was fetching secrets as follows:
secret_value_response = client.get_secret_value(
SecretId=secret_name
)
Basically I removed the above piece of code and added caching code instead of it.
2 answers
solution1
1 2022-04-12 16:28:00
You must not recreate the cache anytime. You create it once and reuse it later either with the method call or with the decorator: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets_cache-decor-string.html
solution2
0 2022-04-18 00:37:59
You can use the environment variable to load the variables at the time of the initialization and use that variable in the project repo. This will help you organize your code as well as help you save costs in AWS by minimizing the number of requests to the secret manager. This can be configured using Github Action in CI/ CD pipeline.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.