Skip to main content

Data common code for AWS Secrets Manager by Equinox

Project description

PyPI Version Documentation Status Code Quality Grade Coverage Code of Conduct

datacoco-secretsmanager provides basic interaction with the Amazon Web Service (AWS) Secrets Manager service.


datacoco-secretsmanager requires Python 3.6+

python3 -m venv venv
source venv/bin/activate
python -m pip install datacoco_secretsmanager


datacoco-secretsmanager utilizes the boto3 library to interact with the AWS Secrets Manager service, requiring AWS credentials configuration. Lookup of credentials by boto3 is documented here.

Based on how you store your AWS credentials, you can use datacoco-secretsmanager in the following ways.

If you have AWS credentials stored in the default ~/.aws/credentials, instantiate a SecretsManager class using:

from datacoco_secretsmanager import SecretsManager

sm = SecretsManager()

You can also pass in AWS authentication keys directly:

from datacoco_secretsmanager import SecretsManager

sm = SecretsManager(



    aws_role_arn, # only required if you are using role based access


Otherwise, if you are running on an Amazon EC2 instance, and credentials are not passed in either way above, you can have boto3 load credentials from the instance metadata service. datacoco-secretsmanager will then assume the same IAM role as you specified when you launched your EC2 instance.

One Secret

Store a secret in AWS Secrets manager:

AWS Secret name

| Key        | Value        |
| ---------- | -------------|
| <db-name>  | <db-name>    |
| <user>     | <user-name>  |
| <host>     | <host>       |
| <port>     | <port-value> |
| ...        | ...          |

To fetch a single secret, use:


Many Secrets

For a project, you may have more than one secret or credentials for more than one system.

You can handle by storing key/value mapping for all required credentials in an AWS secret for the project, then further store credentials in a separate AWS secret for each credential name indicated in a key’s value.

For example, storing a single AWS secret to map or provide lookup to all required system/db connections is known as the cfg_store name in our module:

AWS Secret name


Note: If using environment, environment variable named ENVIRONMENT should be stored and assigned with the same environment name indicated in your AWS secret name.

Additionally, if working in organization with multiple teams using AWS Secrets Manager, you can further denote secrets per team, by using naming convention:


Store key/values for your cfg_store with the following:

| Key                   | Value                               |
| --------------------- | ----------------------------------- |
| <db-connection1-name> | <AWS-secret-name-for-db-connection1>|
| <db-connection2-name> | <AWS-secret-name-for-db-connection2>|

For each Secret value in your cfg_store, store the full credentials in an additional AWS Secret, ie:

AWS Secret name

| Key        | Value        |
| ---------- | -------------|
| <db-name1> | <db-name1>   |
| <user>     | <user-name>  |
| <host>     | <host>       |
| <port>     | <port-value> |
| ...        | ...          |

AWS Secret name

| Key        | Value        |
| ---------- | -------------|
| <db-name2> | <db-name2>   |
| <user>     | <user-name>  |
| <host>     | <host>       |
| <port>     | <port-value> |
| ...        | ...          |

To fetch secrets for a full project/cfg store, use:



    team_name='your-team-name',     # include only if you want to save as part of your cfg_store name



Getting Started

It is recommended to use the steps below to set up a virtual environment for development:

python3 -m venv <virtual env name>
source <virtual env name>/bin/activate
pip install -r requirements.txt


pip install -r requirements-dev.txt

To run the testing suite, simply run the command: tox or python -m unittest discover tests


Contributions to datacoco_secretsmanager are welcome!

Please reference guidelines to help with setting up your development environment here.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

datacoco-secretsmanager-0.1.4.tar.gz (5.7 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page