Retrieve AWS Secrets Manager secrets in Python applications - AWS Secrets Manager

Retrieve AWS Secrets Manager secrets in Python applications

When you retrieve a secret, you can use the Secrets Manager Python-based caching component to cache it for future use. Retrieving a cached secret is faster than retrieving it from Secrets Manager. Because there is a cost for calling Secrets Manager APIs, using a cache can reduce your costs.

The cache policy is Least Recently Used (LRU), so when the cache must discard a secret, it discards the least recently used secret. By default, the cache refreshes secrets every hour. You can configure how often the secret is refreshed in the cache, and you can hook into the secret retrieval to add more functionality.

The cache does not force garbage collection once cache references are freed. The cache implementation is focused around the cache itself, and is not security hardened or focused. If you require additional security such as encrypting items in the cache, use the interfaces and abstract methods provided.

To use the component, you must have the following:

To download the source code, see Secrets Manager Python-based caching client component on GitHub.

To install the component, use the following command.

$ pip install aws-secretsmanager-caching

Example: Retrieve a secret

The following example shows how to get the secret value for a secret named mysecret.

import botocore import botocore.session from aws_secretsmanager_caching import SecretCache, SecretCacheConfig client = botocore.session.get_session().create_client('secretsmanager') cache_config = SecretCacheConfig() cache = SecretCache( config = cache_config, client = client) secret = cache.get_secret_string('mysecret')