Simple Python wrapper for getting values from AWS Systems Manager Parameter Store

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for c.tippett from gravatar.com c.tippett

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers
Report project as malware

Project description

SSM Parameter Store

PyPI version Build status Coverage Python versions Github license

Description

This is a simple Python wrapper for getting values from AWS Systems Manager Parameter Store.

The module supports getting a single parameter, multiple parameters or all parameters matching a particular path.

All parameters are returned as a Python dict.

Installation

Install with pip:

pip install ssm-parameter-store

Usage

Import the module and create a new instance of EC2ParameterStore.

from ssm_parameter_store import EC2ParameterStore

store = EC2ParameterStore()

AWS Credentials

ssm-parameter-store uses boto3 under the hood and therefore inherits the same mechanism for looking up AWS credentials. See configuring credentials in the Boto 3 documentation for more information.

EC2ParameterStore accepts all boto3 client parameters as keyword arguments.

For example:

from ssm_parameter_store import EC2ParameterStore

store = EC2ParameterStore(
    aws_access_key_id=ACCESS_KEY,
    aws_secret_access_key=SECRET_KEY,
    aws_session_token=SESSION_TOKEN,  # optional
    region_name='us-west-2'
)

Examples

Given the following parameters:

# set default AWS region
AWS_DEFAULT_REGION=us-west-2

# add parameters
aws ssm put-parameter --name "param1" --value "value1" --type SecureString
aws ssm put-parameter --name "param2" --value "value2" --type SecureString

# add parameters organised by hierarchy
aws ssm put-parameter --name "/dev/app/secret" --value "dev_secret" --type SecureString
aws ssm put-parameter --name "/dev/db/postgres_username" --value "dev_username" --type SecureString
aws ssm put-parameter --name "/dev/db/postgres_password" --value "dev_password" --type SecureString
aws ssm put-parameter --name "/prod/app/secret" --value "prod_secret" --type SecureString
aws ssm put-parameter --name "/prod/db/postgres_username" --value "prod_username" --type SecureString
aws ssm put-parameter --name "/prod/db/postgres_password" --value "prod_password" --type SecureString

Get a single parameter

parameter = store.get_parameter('param1', decrypt=True)

assert parameter == {
   'param1': 'value1'
}

Get multiple parameters

parameters = store.get_parameters(['param1', 'param2'])

assert parameters == {
   'param1': 'value1',
   'param2': 'value2',
}

Get parameters by path

parameters = store.get_parameters_by_path('/dev/', recursive=True)

assert parameters == {
    'secret': 'dev_secret',
    'postgres_username': 'dev_username',
    'postgres_password': 'dev_password',
}

By default get_parameters_by_path strips the path from each parameter name. To return a parameter's full name, set strip_path to False.

parameters = store.get_parameters_by_path('/dev/', strip_path=False, recursive=True)

assert parameters == {
    '/dev/app/secret': 'dev_secret',
    '/dev/db/postgres_username': 'dev_username',
    '/dev/db/postgres_password': 'dev_password'
}

Get parameters with original hierarchy

You can also get parameters by path, but in a nested structure that models the path hierarchy.

parameters = store.get_parameters_with_hierarchy('/dev/')

assert parameters == {
    'app': {
        'secret': 'dev_secret',
    },
    'db': {
        'postgres_username': 'dev_username',
        'postgres_password': 'dev_password',
    },
}

By default get_parameters_with_hierarchy strips the leading path component. To return the selected parameters with the full hierarchy, set strip_path to False.

parameters = store.get_parameters_with_hierarchy('/dev/', strip_path=False)

assert parameters == {
    'dev': {
        'app': {
            'secret': 'dev_secret',
        },
        'db': {
            'postgres_username': 'dev_username',
            'postgres_password': 'dev_password',
        },
    },
}

Populating Environment Variables

The module includes a static method on EC2ParameterStore to help populate environment variables. This can be helpful when integrating with a library like django-environ.

Example

Given the following parameters:

aws ssm put-parameter --name "/prod/django/SECRET_KEY" --value "-$y_^@69bm69+z!fawbdf=h_10+zjzfwr8_c=$$&j@-%p$%ct^" --type SecureString
aws ssm put-parameter --name "/prod/django/DATABASE_URL" --value "psql://user:pass@db-prod.xyz123.us-west-2.rds.amazonaws.com:5432/db" --type SecureString
aws ssm put-parameter --name "/prod/django/REDIS_URL" --value "redis://redis-prod.edc1ba.0001.usw2.cache.amazonaws.com:6379" --type SecureString

import environ
from ssm_parameter_store import EC2ParameterStore

env = environ.Env(
    DEBUG=(bool, False)
)

# Get parameters and populate os.environ (region not required if AWS_DEFAULT_REGION environment variable set)
parameter_store = EC2ParameterStore(region_name='us-west-2')
django_parameters = parameter_store.get_parameters_by_path('/prod/django/', strip_path=True)
EC2ParameterStore.set_env(django_parameters)

# False if not in os.environ
DEBUG = env('DEBUG')

# Raises django's ImproperlyConfigured exception if SECRET_KEY not in os.environ
SECRET_KEY = env('SECRET_KEY')

DATABASES = {
    # read os.environ['DATABASE_URL'] and raises ImproperlyConfigured exception if not found
    'default': env.db(),
}

CACHES = {
    'default': env.cache('REDIS_URL'),
}

Related Projects

  • param-store – Python module to store secrets in secret stores
  • ssm-cache – AWS System Manager Parameter Store caching client for Python

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for c.tippett from gravatar.com c.tippett

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Release history Release notifications | RSS feed

This version

19.11.0

19.5.0

18.7.7

18.7.6

18.7.5

18.7.4

18.7.3

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ssm-parameter-store-19.11.0.tar.gz (8.4 kB view details)

Uploaded Source

Built Distribution

ssm_parameter_store-19.11.0-py2.py3-none-any.whl (5.9 kB view details)

Uploaded Python 2Python 3

File details

Details for the file ssm-parameter-store-19.11.0.tar.gz.

File metadata

  • Download URL: ssm-parameter-store-19.11.0.tar.gz
  • Upload date:
  • Size: 8.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.15.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.6.0 requests-toolbelt/0.9.1 tqdm/4.37.0 CPython/2.7.15

File hashes

Hashes for ssm-parameter-store-19.11.0.tar.gz
Algorithm Hash digest
SHA256 29988d1e9ed95f3b2790a20d14950519a05cf3b44cea0c31586cd648f86474cc
MD5 04bdc4d789233c419ab2731ad7abd24c
BLAKE2b-256 fc9d7e065fc277de94124923b5dcce5586874fb37bb7fcf4e5119244cd0ccebd

See more details on using hashes here.

File details

Details for the file ssm_parameter_store-19.11.0-py2.py3-none-any.whl.

File metadata

  • Download URL: ssm_parameter_store-19.11.0-py2.py3-none-any.whl
  • Upload date:
  • Size: 5.9 kB
  • Tags: Python 2, Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.15.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.6.0 requests-toolbelt/0.9.1 tqdm/4.37.0 CPython/2.7.15

File hashes

Hashes for ssm_parameter_store-19.11.0-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 a4ca3d31594ce8e9e7914d44b6f4607e45bebd79a44bb9c1ffe25d06db9ccb9f
MD5 f2d54f3bc18a453a14bf9444a0fcd664
BLAKE2b-256 96cad91d9363cc6032d9c034657073eb5033e2d6fe586e43659cc7c0f6c492b5

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page