There are more AWS SDK examples available in the AWS Doc SDK Examples
Use GetSecretValue with an AWS SDK or CLI
The following code examples show how to use GetSecretValue.
Action examples are code excerpts from larger programs and must be run in context. You can see this action in context in the following code examples:
- .NET
-
- SDK for .NET
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. using System; using System.IO; using System.Threading.Tasks; using Amazon.SecretsManager; using Amazon.SecretsManager.Model; /// <summary> /// This example uses the Amazon Web Service Secrets Manager to retrieve /// the secret value for the provided secret name. /// </summary> public class GetSecretValue { /// <summary> /// The main method initializes the necessary values and then calls /// the GetSecretAsync and DecodeString methods to get the decoded /// secret value for the secret named in secretName. /// </summary> public static async Task Main() { string secretName = "<<{{MySecretName}}>>"; string secret; IAmazonSecretsManager client = new AmazonSecretsManagerClient(); var response = await GetSecretAsync(client, secretName); if (response is not null) { secret = DecodeString(response); if (!string.IsNullOrEmpty(secret)) { Console.WriteLine($"The decoded secret value is: {secret}."); } else { Console.WriteLine("No secret value was returned."); } } } /// <summary> /// Retrieves the secret value given the name of the secret to /// retrieve. /// </summary> /// <param name="client">The client object used to retrieve the secret /// value for the given secret name.</param> /// <param name="secretName">The name of the secret value to retrieve.</param> /// <returns>The GetSecretValueReponse object returned by /// GetSecretValueAsync.</returns> public static async Task<GetSecretValueResponse> GetSecretAsync( IAmazonSecretsManager client, string secretName) { GetSecretValueRequest request = new GetSecretValueRequest() { SecretId = secretName, VersionStage = "AWSCURRENT", // VersionStage defaults to AWSCURRENT if unspecified. }; GetSecretValueResponse response = null; // For the sake of simplicity, this example handles only the most // general SecretsManager exception. try { response = await client.GetSecretValueAsync(request); } catch (AmazonSecretsManagerException e) { Console.WriteLine($"Error: {e.Message}"); } return response; } /// <summary> /// Decodes the secret returned by the call to GetSecretValueAsync and /// returns it to the calling program. /// </summary> /// <param name="response">A GetSecretValueResponse object containing /// the requested secret value returned by GetSecretValueAsync.</param> /// <returns>A string representing the decoded secret value.</returns> public static string DecodeString(GetSecretValueResponse response) { // Decrypts secret using the associated AWS Key Management Service // Customer Master Key (CMK.) Depending on whether the secret is a // string or binary value, one of these fields will be populated. if (response.SecretString is not null) { var secret = response.SecretString; return secret; } else if (response.SecretBinary is not null) { var memoryStream = response.SecretBinary; StreamReader reader = new StreamReader(memoryStream); string decodedBinarySecret = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(reader.ReadToEnd())); return decodedBinarySecret; } else { return string.Empty; } } }-
For API details, see GetSecretValue in AWS SDK for .NET API Reference.
-
- C++
-
- SDK for C++
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. //! Retrieve an AWS Secrets Manager encrypted secret. /*! \param secretID: The ID for the secret. \return bool: Function succeeded. */ bool AwsDoc::SecretsManager::getSecretValue(const Aws::String &secretID, const Aws::Client::ClientConfiguration &clientConfiguration) { Aws::SecretsManager::SecretsManagerClient secretsManagerClient(clientConfiguration); Aws::SecretsManager::Model::GetSecretValueRequest request; request.SetSecretId(secretID); Aws::SecretsManager::Model::GetSecretValueOutcome getSecretValueOutcome = secretsManagerClient.GetSecretValue( request); if (getSecretValueOutcome.IsSuccess()) { std::cout << "Secret is: " << getSecretValueOutcome.GetResult().GetSecretString() << std::endl; } else { std::cerr << "Failed with Error: " << getSecretValueOutcome.GetError() << std::endl; } return getSecretValueOutcome.IsSuccess(); }-
For API details, see GetSecretValue in AWS SDK for C++ API Reference.
-
- CLI
-
- AWS CLI
-
Example 1: To retrieve the encrypted secret value of a secret
The following
get-secret-valueexample gets the current secret value.aws secretsmanager get-secret-value \ --secret-idMyTestSecretOutput:
{ "ARN": "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestSecret-a1b2c3", "Name": "MyTestSecret", "VersionId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "SecretString": "{\"user\":\"diegor\",\"password\":\"EXAMPLE-PASSWORD\"}", "VersionStages": [ "AWSCURRENT" ], "CreatedDate": 1523477145.713 }For more information, see Retrieve a secret in the Secrets Manager User Guide.
Example 2: To retrieve the previous secret value
The following
get-secret-valueexample gets the previous secret value.:aws secretsmanager get-secret-value \ --secret-idMyTestSecret--version-stageAWSPREVIOUSOutput:
{ "ARN": "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestSecret-a1b2c3", "Name": "MyTestSecret", "VersionId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", "SecretString": "{\"user\":\"diegor\",\"password\":\"PREVIOUS-EXAMPLE-PASSWORD\"}", "VersionStages": [ "AWSPREVIOUS" ], "CreatedDate": 1523477145.713 }For more information, see Retrieve a secret in the Secrets Manager User Guide.
-
For API details, see GetSecretValue
in AWS CLI Command Reference.
-
- Java
-
- SDK for Java 2.x
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient; import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest; import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse; import software.amazon.awssdk.services.secretsmanager.model.SecretsManagerException; /** * Before running this Java V2 code example, set up your development * environment, including your credentials. * * For more information, see the following documentation topic: * * https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html * * We recommend that you cache your secret values by using client-side caching. * * Caching secrets improves speed and reduces your costs. For more information, * see the following documentation topic: * * https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html */ public class GetSecretValue { public static void main(String[] args) { final String usage = """ Usage: <secretName>\s Where: secretName - The name of the secret (for example, tutorials/MyFirstSecret).\s """; if (args.length != 1) { System.out.println(usage); System.exit(1); } String secretName = args[0]; Region region = Region.US_EAST_1; SecretsManagerClient secretsClient = SecretsManagerClient.builder() .region(region) .build(); getValue(secretsClient, secretName); secretsClient.close(); } public static void getValue(SecretsManagerClient secretsClient, String secretName) { try { GetSecretValueRequest valueRequest = GetSecretValueRequest.builder() .secretId(secretName) .build(); GetSecretValueResponse valueResponse = secretsClient.getSecretValue(valueRequest); String secret = valueResponse.secretString(); System.out.println(secret); } catch (SecretsManagerException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } } }-
For API details, see GetSecretValue in AWS SDK for Java 2.x API Reference.
-
- JavaScript
-
- SDK for JavaScript (v3)
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. import { GetSecretValueCommand, SecretsManagerClient, } from "@aws-sdk/client-secrets-manager"; export const getSecretValue = async (secretName = "SECRET_NAME") => { const client = new SecretsManagerClient(); const response = await client.send( new GetSecretValueCommand({ SecretId: secretName, }), ); console.log(response); // { // '$metadata': { // httpStatusCode: 200, // requestId: '584eb612-f8b0-48c9-855e-6d246461b604', // extendedRequestId: undefined, // cfId: undefined, // attempts: 1, // totalRetryDelay: 0 // }, // ARN: 'arn:aws:secretsmanager:us-east-1:xxxxxxxxxxxx:secret:binary-secret-3873048-xxxxxx', // CreatedDate: 2023-08-08T19:29:51.294Z, // Name: 'binary-secret-3873048', // SecretBinary: Uint8Array(11) [ // 98, 105, 110, 97, 114, // 121, 32, 100, 97, 116, // 97 // ], // VersionId: '712083f4-0d26-415e-8044-16735142cd6a', // VersionStages: [ 'AWSCURRENT' ] // } if (response.SecretString) { return response.SecretString; } if (response.SecretBinary) { return response.SecretBinary; } };-
For API details, see GetSecretValue in AWS SDK for JavaScript API Reference.
-
- Kotlin
-
- SDK for Kotlin
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. suspend fun getValue(secretName: String?) { val valueRequest = GetSecretValueRequest { secretId = secretName } SecretsManagerClient.fromEnvironment { region = "us-east-1" }.use { secretsClient -> val response = secretsClient.getSecretValue(valueRequest) val secret = response.secretString println("The secret value is $secret") } }-
For API details, see GetSecretValue
in AWS SDK for Kotlin API reference.
-
- Python
-
- SDK for Python (Boto3)
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. class GetSecretWrapper: def __init__(self, secretsmanager_client): self.client = secretsmanager_client def get_secret(self, secret_name): """ Retrieve individual secrets from AWS Secrets Manager using the get_secret_value API. This function assumes the stack mentioned in the source code README has been successfully deployed. This stack includes 7 secrets, all of which have names beginning with "mySecret". :param secret_name: The name of the secret fetched. :type secret_name: str """ try: get_secret_value_response = self.client.get_secret_value( SecretId=secret_name ) logging.info("Secret retrieved successfully.") return get_secret_value_response["SecretString"] except self.client.exceptions.ResourceNotFoundException: msg = f"The requested secret {secret_name} was not found." logger.info(msg) return msg except Exception as e: logger.error(f"An unknown error occurred: {str(e)}.") raise-
For API details, see GetSecretValue in AWS SDK for Python (Boto3) API Reference.
-
- Rust
-
- SDK for Rust
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. async fn show_secret(client: &Client, name: &str) -> Result<(), Error> { let resp = client.get_secret_value().secret_id(name).send().await?; println!("Value: {}", resp.secret_string().unwrap_or("No value!")); Ok(()) }-
For API details, see GetSecretValue
in AWS SDK for Rust API reference.
-
- SAP ABAP
-
- SDK for SAP ABAP
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. TRY. " iv_secret_name = 'MySecretName' DATA(lo_result) = lo_smr->getsecretvalue( iv_secretid = iv_secret_name ). ov_secret_value = lo_result->get_secretstring( ). MESSAGE 'Secret value retrieved successfully.' TYPE 'I'. CATCH /aws1/cx_smrresourcenotfoundex. MESSAGE 'The requested secret was not found.' TYPE 'E'. CATCH /aws1/cx_smrdecryptionfailure. MESSAGE 'Failed to decrypt the secret.' TYPE 'E'. CATCH /aws1/cx_smrinvalidparameterex. MESSAGE 'Invalid parameter provided.' TYPE 'E'. CATCH /aws1/cx_smrinvalidrequestex. MESSAGE 'Invalid request.' TYPE 'E'. ENDTRY.-
For API details, see GetSecretValue in AWS SDK for SAP ABAP API reference.
-
