Srinimf

How to Read Secret Manager Data in AWS Glue

·

Tags:
How to Read Secret Manager Data in AWS Glue

To read a secret from AWS Secrets Manager in AWS Glue, you can use the boto3 library (AWS SDK for Python). Below is a sample code snippet demonstrating how to get a secret in AWS Glue.

How to Read Secret Manager Data in AWS Glue

Read Data From Secret Manager

Secret Manager 
import boto3
import json
def get_secret(secret_name, region_name):
    # Create a Secrets Manager client
    session = boto3.session.Session()
    client = session.client(
        service_name='secretsmanager',
        region_name=region_name
    )
    
    try:
        # Retrieve the secret
        get_secret_value_response = client.get_secret_value(SecretId=secret_name)
    except Exception as e:
        raise e
    
    # Decrypts secret using the associated KMS key.
    secret = get_secret_value_response['SecretString']
    
    # Return the secret as a dictionary
    return json.loads(secret)
# Example usage
secret_name = "your_secret_name"
region_name = "your_region_name"
secret = get_secret(secret_name, region_name)
# Print or use the secret
print(secret)
# If the secret contains credentials, you can extract them like this:
# username = secret['username']
# password = secret['password']

Explanation

  1. boto3.session.Session(): This creates a session that allows you to specify the region and credentials.
  2. client.get_secret_value(SecretId=secret_name): Retrieves the secret from AWS Secrets Manager.
  3. json.loads(secret): Converts the secret from a JSON string to a Python dictionary.
  4. Parameters:
    • secret_name: The name or ARN of the secret you want to retrieve.
    • region_name: The AWS region where your secret is stored.

Important Notes:

  • Ensure the AWS Glue job has the necessary IAM permissions to access Secrets Manager.
  • Make sure boto3 is available in your AWS Glue environment. If not, you’ll need to add it as an external library.

How SecretString Stored

Example

If you stored a secret like this:

{
  "username": "admin",
  "password": "password123"
}

The get_secret_value response will look something like this:

{
  "ARN": "arn:aws:secretsmanager:region:account-id:secret:secret-name",
  "Name": "secret-name",
  "VersionId": "version-id",
  "SecretString": "{\"username\":\"admin\",\"password\":\"password123\"}",
  "VersionStages": ["AWSCURRENT"],
  "CreatedDate": "timestamp"
}

Here, SecretString contains the actual secret data as a JSON string. You can then parse this string into a dictionary to access the key-value pairs.

Srini's avatar

Srini

Data Engineer with deep AI and Generative AI expertise, crafting high-performance data pipelines in PySpark, Databricks, and SQL. Skilled in Python, AWS, and Linux—building scalable, cloud-native solutions for smart applications.

Latest Posts

Jooble.org jobs