AWS Secrets Manager with boto3 in python
I've heard that it's not a best practice to use aws configure to store secrets in a config file on my machine, which totally makes sense. How do I use AWS Secrets manager to get the keys when connecting to AWS requires keys in the first place? Does my question make sense? Would this code work? https://boto3.amazonaws.com/v1/documentation/api/latest/guide/secrets-manager.html
Good question!
What you may see if you're running things locally is to put the initial credentials into your configuration file locally. However, there is still an authentication need - to authenticate into an IAM entity that has access to AWS, for example an IAM User or IAM role.
If your application is running in AWS, that's where the integration of AWS IAM and Secrets Management is fantastic. For example, if your app is running on an ec2, the ec2 IAM Role will need IAM permissions to access the Secret (also considering Secret Resource policy and KMS as needed) and can retrieve it programatically using CLI or Boto3 like the link you've shared: https://repost.aws/questions/QUAsOpdhR-QAKVZEL0nRGTkw/aws-secrets-manager-with-boto-3-in-python.
It depends how you are executing the code that is retrieving the secrets.
For example if you are executing your python script from an EC2 machine, you assign an IAM role to the machine which gives it access to Secrets Manager. Boto3 will automatically pick up the permissions and you wont need to supply credentials.
I see what you mean. For now, I'm executing this python script on my own PC at home, but I've heard that putting secrets in a config file is not a best practice. What do you think? Is there a way to use secrets manager to get the secrets from my pc? I doubt it, right? Thanks.
Relevant questions
How to securely pass secrets from step to step in step functions
asked 3 months agoHow do I retrieve my secrets from secret manager in a pipeline build?
asked 17 days agoAWS Secrets Manager Integration
asked 2 months agoAWS Batch on Fargate: AccessDenied trying to access secrets manager
asked 9 months agoAccess secrets from secrets manager into the code the running EC2 docker
asked a month agoAccess Control in Secrets Manager for Federated Users
asked 4 months agoAWS Secrets Manager with boto3 in python
Accepted Answerasked 4 months agoDo we need Lambda extensions for accessing AWS Secrets Manager ?
asked 25 days agoBest practice of secrets rotation on multi region database
Accepted AnswerSecrets Manager Error Message
asked 12 days ago
I see. And since the secrets I do have stored have very limited access and no admin access, even if they did get out, the impact would be minor.