There are more AWS SDK examples available in the AWS Doc SDK Examples
Use GetSecretValue with an AWS SDK or CLI
The following code examples show how to use GetSecretValue.
- .NET
-
- AWS SDK for .NET
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. using System; using System.IO; using System.Threading.Tasks; using Amazon.SecretsManager; using Amazon.SecretsManager.Model; /// <summary> /// This example uses the Amazon Web Service Secrets Manager to retrieve /// the secret value for the provided secret name. /// </summary> public class GetSecretValue { /// <summary> /// The main method initializes the necessary values and then calls /// the GetSecretAsync and DecodeString methods to get the decoded /// secret value for the secret named in secretName. /// </summary> public static async Task Main() { string secretName = "<<{{MySecretName}}>>"; string secret; IAmazonSecretsManager client = new AmazonSecretsManagerClient(); var response = await GetSecretAsync(client, secretName); if (response is not null) { secret = DecodeString(response); if (!string.IsNullOrEmpty(secret)) { Console.WriteLine($"The decoded secret value is: {secret}."); } else { Console.WriteLine("No secret value was returned."); } } } /// <summary> /// Retrieves the secret value given the name of the secret to /// retrieve. /// </summary> /// <param name="client">The client object used to retrieve the secret /// value for the given secret name.</param> /// <param name="secretName">The name of the secret value to retrieve.</param> /// <returns>The GetSecretValueReponse object returned by /// GetSecretValueAsync.</returns> public static async Task<GetSecretValueResponse> GetSecretAsync( IAmazonSecretsManager client, string secretName) { GetSecretValueRequest request = new GetSecretValueRequest() { SecretId = secretName, VersionStage = "AWSCURRENT", // VersionStage defaults to AWSCURRENT if unspecified. }; GetSecretValueResponse response = null; // For the sake of simplicity, this example handles only the most // general SecretsManager exception. try { response = await client.GetSecretValueAsync(request); } catch (AmazonSecretsManagerException e) { Console.WriteLine($"Error: {e.Message}"); } return response; } /// <summary> /// Decodes the secret returned by the call to GetSecretValueAsync and /// returns it to the calling program. /// </summary> /// <param name="response">A GetSecretValueResponse object containing /// the requested secret value returned by GetSecretValueAsync.</param> /// <returns>A string representing the decoded secret value.</returns> public static string DecodeString(GetSecretValueResponse response) { // Decrypts secret using the associated AWS Key Management Service // Customer Master Key (CMK.) Depending on whether the secret is a // string or binary value, one of these fields will be populated. if (response.SecretString is not null) { var secret = response.SecretString; return secret; } else if (response.SecretBinary is not null) { var memoryStream = response.SecretBinary; StreamReader reader = new StreamReader(memoryStream); string decodedBinarySecret = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(reader.ReadToEnd())); return decodedBinarySecret; } else { return string.Empty; } } }-
For API details, see GetSecretValue in AWS SDK for .NET API Reference.
-
- C++
-
- SDK for C++
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. //! Retrieve an AWS Secrets Manager encrypted secret. /*! \param secretID: The ID for the secret. \return bool: Function succeeded. */ bool AwsDoc::SecretsManager::getSecretValue(const Aws::String &secretID, const Aws::Client::ClientConfiguration &clientConfiguration) { Aws::SecretsManager::SecretsManagerClient secretsManagerClient(clientConfiguration); Aws::SecretsManager::Model::GetSecretValueRequest request; request.SetSecretId(secretID); Aws::SecretsManager::Model::GetSecretValueOutcome getSecretValueOutcome = secretsManagerClient.GetSecretValue( request); if (getSecretValueOutcome.IsSuccess()) { std::cout << "Secret is: " << getSecretValueOutcome.GetResult().GetSecretString() << std::endl; } else { std::cerr << "Failed with Error: " << getSecretValueOutcome.GetError() << std::endl; } return getSecretValueOutcome.IsSuccess(); }-
For API details, see GetSecretValue in AWS SDK for C++ API Reference.
-
- CLI
-
- AWS CLI
-
Example 1: To retrieve the encrypted secret value of a secret
The following
get-secret-valueexample gets the current secret value.aws secretsmanager get-secret-value \ --secret-idMyTestSecretOutput:
{ "ARN": "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestSecret-a1b2c3", "Name": "MyTestSecret", "VersionId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "SecretString": "{\"user\":\"diegor\",\"password\":\"EXAMPLE-PASSWORD\"}", "VersionStages": [ "AWSCURRENT" ], "CreatedDate": 1523477145.713 }For more information, see Retrieve a secret in the Secrets Manager User Guide.
Example 2: To retrieve the previous secret value
The following
get-secret-valueexample gets the previous secret value.:aws secretsmanager get-secret-value \ --secret-idMyTestSecret--version-stageAWSPREVIOUSOutput:
{ "ARN": "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestSecret-a1b2c3", "Name": "MyTestSecret", "VersionId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", "SecretString": "{\"user\":\"diegor\",\"password\":\"PREVIOUS-EXAMPLE-PASSWORD\"}", "VersionStages": [ "AWSPREVIOUS" ], "CreatedDate": 1523477145.713 }For more information, see Retrieve a secret in the Secrets Manager User Guide.
-
For API details, see GetSecretValue
in AWS CLI Command Reference.
-
- Java
-
- SDK for Java 2.x
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient; import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest; import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse; import software.amazon.awssdk.services.secretsmanager.model.SecretsManagerException; /** * Before running this Java V2 code example, set up your development * environment, including your credentials. * * For more information, see the following documentation topic: * * https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html * * We recommend that you cache your secret values by using client-side caching. * * Caching secrets improves speed and reduces your costs. For more information, * see the following documentation topic: * * https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html */ public class GetSecretValue { public static void main(String[] args) { final String usage = """ Usage: <secretName>\s Where: secretName - The name of the secret (for example, tutorials/MyFirstSecret).\s """; if (args.length != 1) { System.out.println(usage); System.exit(1); } String secretName = args[0]; Region region = Region.US_EAST_1; SecretsManagerClient secretsClient = SecretsManagerClient.builder() .region(region) .build(); getValue(secretsClient, secretName); secretsClient.close(); } public static void getValue(SecretsManagerClient secretsClient, String secretName) { try { GetSecretValueRequest valueRequest = GetSecretValueRequest.builder() .secretId(secretName) .build(); GetSecretValueResponse valueResponse = secretsClient.getSecretValue(valueRequest); String secret = valueResponse.secretString(); System.out.println(secret); } catch (SecretsManagerException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } } }-
For API details, see GetSecretValue in AWS SDK for Java 2.x API Reference.
-
- JavaScript
-
- SDK for JavaScript (v3)
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. import { GetSecretValueCommand, SecretsManagerClient, } from "@aws-sdk/client-secrets-manager"; export const getSecretValue = async (secretName = "SECRET_NAME") => { const client = new SecretsManagerClient(); const response = await client.send( new GetSecretValueCommand({ SecretId: secretName, }), ); console.log(response); // { // '$metadata': { // httpStatusCode: 200, // requestId: '584eb612-f8b0-48c9-855e-6d246461b604', // extendedRequestId: undefined, // cfId: undefined, // attempts: 1, // totalRetryDelay: 0 // }, // ARN: 'arn:aws:secretsmanager:us-east-1:xxxxxxxxxxxx:secret:binary-secret-3873048-xxxxxx', // CreatedDate: 2023-08-08T19:29:51.294Z, // Name: 'binary-secret-3873048', // SecretBinary: Uint8Array(11) [ // 98, 105, 110, 97, 114, // 121, 32, 100, 97, 116, // 97 // ], // VersionId: '712083f4-0d26-415e-8044-16735142cd6a', // VersionStages: [ 'AWSCURRENT' ] // } if (response.SecretString) { return response.SecretString; } if (response.SecretBinary) { return response.SecretBinary; } };-
For API details, see GetSecretValue in AWS SDK for JavaScript API Reference.
-
- Kotlin
-
- SDK for Kotlin
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. suspend fun getValue(secretName: String?) { val valueRequest = GetSecretValueRequest { secretId = secretName } SecretsManagerClient { region = "us-east-1" }.use { secretsClient -> val response = secretsClient.getSecretValue(valueRequest) val secret = response.secretString println("The secret value is $secret") } }-
For API details, see GetSecretValue
in AWS SDK for Kotlin API reference.
-
- Python
-
- SDK for Python (Boto3)
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. class GetSecretWrapper: def __init__(self, secretsmanager_client): self.client = secretsmanager_client def get_secret(self, secret_name): """ Retrieve individual secrets from AWS Secrets Manager using the get_secret_value API. This function assumes the stack mentioned in the source code README has been successfully deployed. This stack includes 7 secrets, all of which have names beginning with "mySecret". :param secret_name: The name of the secret fetched. :type secret_name: str """ try: get_secret_value_response = self.client.get_secret_value( SecretId=secret_name ) logging.info("Secret retrieved successfully.") return get_secret_value_response["SecretString"] except self.client.exceptions.ResourceNotFoundException: msg = f"The requested secret {secret_name} was not found." logger.info(msg) return msg except Exception as e: logger.error(f"An unknown error occurred: {str(e)}.") raise-
For API details, see GetSecretValue in AWS SDK for Python (Boto3) API Reference.
-
- Rust
-
- SDK for Rust
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. async fn show_secret(client: &Client, name: &str) -> Result<(), Error> { let resp = client.get_secret_value().secret_id(name).send().await?; println!("Value: {}", resp.secret_string().unwrap_or("No value!")); Ok(()) }-
For API details, see GetSecretValue
in AWS SDK for Rust API reference.
-
