Load Pydantic v2 settings from AWS Secrets Manager and SSM Parameter Store
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
Pydantic Settings AWS
pydantic-settings-aws extends Pydantic Settings to load configuration from AWS Secrets Manager and SSM Parameter Store directly into type-safe Pydantic models, eliminating the need for manual boto3 parsing or environment variable mapping.
✨ Why pydantic-settings-aws?
- Define your configuration once using Pydantic models
- Load secrets and parameters from AWS without manual boto3 code
- Built-in validation, parsing, and type safety
- Works with any AWS authentication method — profiles, SSO, IAM roles, access keys
- Thread-safe and compatible with free-threaded Python
⚡ Quick Start
Add your secret to AWS Secrets Manager as a JSON object:
{
"username": "admin",
"password": "s3cr3t"
}
Then create your settings class:
from pydantic_settings_aws import AWSSettingsConfigDict, SecretsManagerBaseSettings
class MySettings(SecretsManagerBaseSettings):
model_config = AWSSettingsConfigDict(
secrets_name="my/secret"
)
username: str
password: str
settings = MySettings()
print(settings.username) # "admin"
That’s it, boto3 will resolve your AWS credentials automatically using its standard configuration chain.
✅ Features
- Load settings from AWS Secrets Manager, SSM Parameter Store, or both simultaneously
- Type-safe configuration with full IDE autocomplete via
AWSSettingsConfigDict - Typed field descriptors
SecretsandSSMas ergonomic alternatives to raw dict metadata - Structured exception hierarchy (
SecretNotFoundError,ParameterNotFoundError, etc.) for precise error handling - Multi-region and multi-account support via per-field boto3 clients
- Thread-safe client cache, compatible with free-threaded Python (3.13t, 3.14t)
- Falls back to environment variables, dotenv, and secret files automatically
🔧 Requirements
| Python | Pydantic | boto3 |
|---|---|---|
| 3.10+ | v2 | v1 |
💽 Installation
pip install pydantic-settings-aws
Or with uv:
uv add pydantic-settings-aws
📦 Usage
You can provide your own boto3 client or let pydantic-settings-aws create one for you. To learn how boto3 resolves credentials, see Configuring credentials.
🔐 Secrets Manager — with boto3 client
import boto3
from pydantic_settings_aws import AWSSettingsConfigDict, SecretsManagerBaseSettings
client = boto3.client("secretsmanager")
class MySettings(SecretsManagerBaseSettings):
model_config = AWSSettingsConfigDict(
secrets_name="my/secret",
secrets_client=client
)
username: str
password: str
name: str | None = None
settings = MySettings()
Your secret content must be valid JSON with keys matching the field names:
{
"username": "admin",
"password": "admin",
"name": "John"
}
📦 SSM Parameter Store
from typing import Annotated
from pydantic_settings_aws import AWSSettingsConfigDict, ParameterStoreBaseSettings, SSM
class MySettings(ParameterStoreBaseSettings):
model_config = AWSSettingsConfigDict(aws_region="us-east-1")
# pydantic-settings-aws looks for a parameter named "db_host"
db_host: str
# explicit parameter name via SSM descriptor
db_port: Annotated[str, SSM(name="/myapp/prod/db/port")]
🙋🏾♂️ Secrets Manager — with AWS profile
from pydantic_settings_aws import AWSSettingsConfigDict, SecretsManagerBaseSettings
class MySettings(SecretsManagerBaseSettings):
model_config = AWSSettingsConfigDict(
secrets_name="my/secret",
aws_region="us-east-1",
aws_profile="dev"
)
username: str
password: str
🔑 Secrets Manager — with access key
from pydantic_settings_aws import AWSSettingsConfigDict, SecretsManagerBaseSettings
class MySettings(SecretsManagerBaseSettings):
model_config = AWSSettingsConfigDict(
secrets_name="my/secret",
aws_region="us-east-1",
aws_access_key_id="aws_access_key_id",
aws_secret_access_key="aws_secret_access_key",
aws_session_token="aws_session_token"
)
username: str
password: str
🔒 Secrets Manager — with AWS IAM Identity Center (SSO)
aws sso login --profile my-profile
from pydantic_settings_aws import AWSSettingsConfigDict, SecretsManagerBaseSettings
class MySettings(SecretsManagerBaseSettings):
model_config = AWSSettingsConfigDict(
secrets_name="my/secret"
)
username: str
password: str
👩🏼⚖️ License
This project is licensed under the terms of the MIT license.
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pydantic_settings_aws-1.2.0b1.tar.gz.
File metadata
- Download URL: pydantic_settings_aws-1.2.0b1.tar.gz
- Upload date:
- Size: 478.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ec49475b3089a36c9286001fefd7b5a631dda90fa33e8949ee1ba73151719f7b
|
|
| MD5 |
2ed477cd6a4a331cbb9993d54759e1bd
|
|
| BLAKE2b-256 |
3e1a60ebce80095e9fb187d40c00a94b6c49d20c58ab8825cc19dc02fdfbc481
|
Provenance
The following attestation bundles were made for pydantic_settings_aws-1.2.0b1.tar.gz:
Publisher:
ci.yml on ceb10n/pydantic-settings-aws
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
pydantic_settings_aws-1.2.0b1.tar.gz -
Subject digest:
ec49475b3089a36c9286001fefd7b5a631dda90fa33e8949ee1ba73151719f7b - Sigstore transparency entry: 1243373273
- Sigstore integration time:
-
Permalink:
ceb10n/pydantic-settings-aws@b1532b9a513a5d854645b8ffe5f5a393c0f942b0 -
Branch / Tag:
refs/tags/1.2.0b1 - Owner: https://github.com/ceb10n
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
ci.yml@b1532b9a513a5d854645b8ffe5f5a393c0f942b0 -
Trigger Event:
push
-
Statement type:
File details
Details for the file pydantic_settings_aws-1.2.0b1-py3-none-any.whl.
File metadata
- Download URL: pydantic_settings_aws-1.2.0b1-py3-none-any.whl
- Upload date:
- Size: 15.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3a09f618077a9391bdbcd923819c9f2df56bd2952dd2fa2500090c5e459a7d8a
|
|
| MD5 |
c4ddedfcea304b1b2d147677d3199de8
|
|
| BLAKE2b-256 |
9e94678acbed939877e7ae6e75e9311a51a94d8d7d07e2432de805a2e50b3810
|
Provenance
The following attestation bundles were made for pydantic_settings_aws-1.2.0b1-py3-none-any.whl:
Publisher:
ci.yml on ceb10n/pydantic-settings-aws
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
pydantic_settings_aws-1.2.0b1-py3-none-any.whl -
Subject digest:
3a09f618077a9391bdbcd923819c9f2df56bd2952dd2fa2500090c5e459a7d8a - Sigstore transparency entry: 1243373275
- Sigstore integration time:
-
Permalink:
ceb10n/pydantic-settings-aws@b1532b9a513a5d854645b8ffe5f5a393c0f942b0 -
Branch / Tag:
refs/tags/1.2.0b1 - Owner: https://github.com/ceb10n
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
ci.yml@b1532b9a513a5d854645b8ffe5f5a393c0f942b0 -
Trigger Event:
push
-
Statement type:
