使用 Python Amazon SDK 获取一批 Secrets Manager 密钥值 - Amazon Secrets Manager
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

使用 Python Amazon SDK 获取一批 Secrets Manager 密钥值

以下代码示例演示了如何获取批量 Secrets Manager 密钥值。

所需权限:

  • secretsmanager:BatchGetSecretValue

  • 对要检索的每个密钥拥有 secretsmanager:GetSecretValue 权限。

  • 如果您使用筛选器,则还必须拥有 secretsmanager:ListSecrets

有关权限策略的示例,请参阅 示例:批量检索一组密钥值的权限

重要

如果您的 VPCE 策略拒绝在您正在检索的群组中检索单个秘密的权限,则 BatchGetSecretValue 不会返回任何秘密值,并且会返回错误。

class BatchGetSecretsWrapper:
    def __init__(self, secretsmanager_client):
        self.client = secretsmanager_client


    def batch_get_secrets(self, filter_name):
        """
        Retrieve multiple secrets from AWS Secrets Manager using the batch_get_secret_value API.
        This function assumes the stack mentioned in the source code README has been successfully deployed.
        This stack includes 7 secrets, all of which have names beginning with "mySecret".

        :param filter_name: The full or partial name of secrets to be fetched.
        :type filter_name: str
        """
        try:
            secrets = []
            response = self.client.batch_get_secret_value(
                Filters=[{"Key": "name", "Values": [f"{filter_name}"]}]
            )
            for secret in response["SecretValues"]:
                secrets.append(json.loads(secret["SecretString"]))
            if secrets:
                logger.info("Secrets retrieved successfully.")
            else:
                logger.info("Zero secrets returned without error.")
            return secrets
        except self.client.exceptions.ResourceNotFoundException:
            msg = f"One or more requested secrets were not found with filter: {filter_name}"
            logger.info(msg)
            return msg
        except Exception as e:
            logger.error(f"An unknown error occurred:\n{str(e)}.")
            raise