AWS Secrets Manager with boto3 in python
I've heard that it's not a best practice to use aws configure to store secrets in a config file on my machine, which totally makes sense. How do I use AWS Secrets manager to get the keys when connecting to AWS requires keys in the first place? Does my question make sense? Would this code work? https://boto3.amazonaws.com/v1/documentation/api/latest/guide/secrets-manager.html
What you may see if you're running things locally is to put the initial credentials into your configuration file locally. However, there is still an authentication need - to authenticate into an IAM entity that has access to AWS, for example an IAM User or IAM role.
If your application is running in AWS, that's where the integration of AWS IAM and Secrets Management is fantastic. For example, if your app is running on an ec2, the ec2 IAM Role will need IAM permissions to access the Secret (also considering Secret Resource policy and KMS as needed) and can retrieve it programatically using CLI or Boto3 like the link you've shared: https://repost.aws/questions/QUAsOpdhR-QAKVZEL0nRGTkw/aws-secrets-manager-with-boto-3-in-python.
I see. And since the secrets I do have stored have very limited access and no admin access, even if they did get out, the impact would be minor.
It depends how you are executing the code that is retrieving the secrets.
For example if you are executing your python script from an EC2 machine, you assign an IAM role to the machine which gives it access to Secrets Manager. Boto3 will automatically pick up the permissions and you wont need to supply credentials.
I see what you mean. For now, I'm executing this python script on my own PC at home, but I've heard that putting secrets in a config file is not a best practice. What do you think? Is there a way to use secrets manager to get the secrets from my pc? I doubt it, right? Thanks.
How to securely pass secrets from step to step in step functionsasked 3 months ago
How do I retrieve my secrets from secret manager in a pipeline build?asked 17 days ago
AWS Secrets Manager Integrationasked 2 months ago
AWS Batch on Fargate: AccessDenied trying to access secrets managerasked 9 months ago
Access secrets from secrets manager into the code the running EC2 dockerasked a month ago
Access Control in Secrets Manager for Federated Usersasked 4 months ago
AWS Secrets Manager with boto3 in pythonAccepted Answerasked 4 months ago
Do we need Lambda extensions for accessing AWS Secrets Manager ?asked 25 days ago
Best practice of secrets rotation on multi region databaseAccepted AnswerMODERATORasked a year ago
Secrets Manager Error Messageasked 12 days ago