Cache secrets locally from AWS Secrets Manager and other secret stores.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for rkvetch from gravatar.com rkvetch
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Tags aws , secrets , ssm , cache , lambda
  • Requires: Python >=3.10
  • Provides-Extra: cli , local , lambda , test
Classifiers
Report project as malware

Project description

Secrets Cache

PyPI version PyPI license PyPI Python versions GitHub Actions Documentation Status

Cache secrets locally from AWS Secrets Manager and other secret stores, with optional local caching for development or Lambda-friendly usage.

Installation

Install the base package (minimal, Lambda-friendly):

pip install secrets-cache[lambda]

For local development or testing (with local TOML caching, AWS SDK):

pip install secrets-cache[local]

Optional CLI tools:

pip install secrets-cache[cli]

Usage

Fetch a secret from AWS Secrets Manager

from secrets_cache import get_secret

# Returns JSON-decoded dict if possible
db_creds = get_secret("prod/AppBeta/MySQL")

# Returns raw string
raw_value = get_secret("prod/AppBeta/MySQL", raw=True)

# Force refresh from AWS, ignoring cache
fresh_value = get_secret("prod/AppBeta/MySQL", force_refresh=True)

Fetch a parameter from AWS SSM Parameter Store

from secrets_cache import get_param

api_url = get_param("prod/AppBeta/API_URL")

Notes:

  • Secrets and parameters are cached in-memory and optionally in a local TOML file (~/.secrets_cache.toml) for repeated calls.
  • Default cache TTL is 1 week (configurable via SECRETS_CACHE_TTL environment variable).
  • AWS region defaults to AWS_REGION environment variable or us-east-1.
  • Module-level caches persist across warm AWS Lambda invocations, so repeated calls in the same container are very fast.

Features

  • Fetch secrets and parameters from AWS Secrets Manager / SSM.
  • Module-level caching for in-process efficiency.
  • Optional TOML caching for development.
  • Lambda-friendly usage without extra dependencies.
  • Easy to extend to other secret stores in the future.

Getting Started: AWS Lambda

When running in AWS Lambda, you usually don’t want file-based caching. Use the lambda extra:

pip install secrets-cache[lambda]

Example Lambda handler

import json
from secrets_cache import get_secret, get_param

def lambda_handler(event, context):
    # Get a secret from AWS Secrets Manager
    db_password = get_secret("my-db-password", region="us-east-1")

    # Get a parameter from AWS SSM Parameter Store
    api_key = get_param("/my/api/key", region="us-east-1")

    # Do something with your secrets
    return {
        "statusCode": 200,
        "body": json.dumps({
            "db_password_length": len(db_password),
            "api_key_length": len(api_key)
        })
    }

Notes for Lambda

  • Module-level caching ensures repeated calls in the same container are very fast.
  • No TOML or local file access is required — perfect for ephemeral Lambda environments.
  • Secrets are cached in memory only, and each new container start fetches them from AWS.
  • If you want local development caching, install the local extra:
pip install secrets-cache[local]

This enables optional ~/.secrets_cache.toml caching for local testing.

Credits

Created with Cookiecutter and the rnag/cookiecutter-pypackage template.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for rkvetch from gravatar.com rkvetch
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Tags aws , secrets , ssm , cache , lambda
  • Requires: Python >=3.10
  • Provides-Extra: cli , local , lambda , test
Classifiers

Release history Release notifications | RSS feed

0.3.2

0.3.1

This version

0.3.0

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

secrets_cache-0.3.0.tar.gz (11.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

secrets_cache-0.3.0-py3-none-any.whl (7.5 kB view details)

Uploaded Python 3

File details

Details for the file secrets_cache-0.3.0.tar.gz.

File metadata

  • Download URL: secrets_cache-0.3.0.tar.gz
  • Upload date:
  • Size: 11.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for secrets_cache-0.3.0.tar.gz
Algorithm Hash digest
SHA256 12b34ba9704fba3db42cf0c5d84029b94e17a181b1801a30076f1a154c97b162
MD5 8ee9065dea6c42e3a98f687b792f137f
BLAKE2b-256 d8abcd3254339be0dbc52e3f48f80cac7b8e8198804ad2a674b16a4582186401

See more details on using hashes here.

File details

Details for the file secrets_cache-0.3.0-py3-none-any.whl.

File metadata

  • Download URL: secrets_cache-0.3.0-py3-none-any.whl
  • Upload date:
  • Size: 7.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for secrets_cache-0.3.0-py3-none-any.whl
Algorithm Hash digest
SHA256 00d23c13e01eda926ec94e5d546b524479b72b37437318762fe070843ee61bc1
MD5 63f5e2642e9625e745ff389e771c2871
BLAKE2b-256 cb99a283bf5be0b9f9a84be34455de8ce9f4c38afd925633eb398c94193f5924

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page