Simple Python wrapper for getting values from AWS Systems Manager Parameter Store
Project description
SSM Parameter Store
Description
This is a simple Python wrapper for getting values from AWS Systems Manager Parameter Store.
The module supports getting a single parameter, multiple parameters or all parameters matching a particular path.
All parameters are returned as a Python dict
.
Installation
Install with pip
:
pip install ssm-parameter-store
Usage
Import the module and create a new instance of EC2ParameterStore
.
from ssm_parameter_store import EC2ParameterStore
store = EC2ParameterStore()
AWS Credentials
ssm-parameter-store
uses boto3
under the hood and therefore inherits
the same mechanism for looking up AWS credentials. See configuring
credentials
in the Boto 3 documentation for more information.
EC2ParameterStore
accepts all boto3
client parameters as keyword arguments.
For example:
from ssm_parameter_store import EC2ParameterStore
store = EC2ParameterStore(
aws_access_key_id=ACCESS_KEY,
aws_secret_access_key=SECRET_KEY,
aws_session_token=SESSION_TOKEN, # optional
region_name='us-west-2'
)
Examples
Given the following parameters:
# set default AWS region
AWS_DEFAULT_REGION=us-west-2
# add parameters
aws ssm put-parameter --name "param1" --value "value1" --type SecureString
aws ssm put-parameter --name "param2" --value "value2" --type SecureString
# add parameters organised by hierarchy
aws ssm put-parameter --name "/dev/app/secret" --value "dev_secret" --type SecureString
aws ssm put-parameter --name "/dev/db/postgres_username" --value "dev_username" --type SecureString
aws ssm put-parameter --name "/dev/db/postgres_password" --value "dev_password" --type SecureString
aws ssm put-parameter --name "/prod/app/secret" --value "prod_secret" --type SecureString
aws ssm put-parameter --name "/prod/db/postgres_username" --value "prod_username" --type SecureString
aws ssm put-parameter --name "/prod/db/postgres_password" --value "prod_password" --type SecureString
Get a single parameter
parameter = store.get_parameter('param1', decrypt=True)
assert parameter == {
'param1': 'value1'
}
Get multiple parameters
parameters = store.get_parameters(['param1', 'param2'])
assert parameters == {
'param1': 'value1',
'param2': 'value2',
}
Get parameters by path
parameters = store.get_parameters_by_path('/dev/', recursive=True)
assert parameters == {
'secret': 'dev_secret',
'postgres_username': 'dev_username',
'postgres_password': 'dev_password',
}
By default get_parameters_by_path
strips the path from each parameter name. To return a parameter's full name, set strip_path
to False
.
parameters = store.get_parameters_by_path('/dev/', strip_path=False, recursive=True)
assert parameters == {
'/dev/app/secret': 'dev_secret',
'/dev/db/postgres_username': 'dev_username',
'/dev/db/postgres_password': 'dev_password'
}
Get parameters with original hierarchy
You can also get parameters by path, but in a nested structure that models the path hierarchy.
parameters = store.get_parameters_with_hierarchy('/dev/')
assert parameters == {
'app': {
'secret': 'dev_secret',
},
'db': {
'postgres_username': 'dev_username',
'postgres_password': 'dev_password',
},
}
By default get_parameters_with_hierarchy
strips the leading path component. To return the selected parameters
with the full hierarchy, set strip_path
to False
.
parameters = store.get_parameters_with_hierarchy('/dev/', strip_path=False)
assert parameters == {
'dev': {
'app': {
'secret': 'dev_secret',
},
'db': {
'postgres_username': 'dev_username',
'postgres_password': 'dev_password',
},
},
}
Populating Environment Variables
The module includes a static method on EC2ParameterStore
to help populate environment variables. This can be helpful when integrating with a library like django-environ
.
Example
Given the following parameters:
aws ssm put-parameter --name "/prod/django/SECRET_KEY" --value "-$y_^@69bm69+z!fawbdf=h_10+zjzfwr8_c=$$&j@-%p$%ct^" --type SecureString
aws ssm put-parameter --name "/prod/django/DATABASE_URL" --value "psql://user:pass@db-prod.xyz123.us-west-2.rds.amazonaws.com:5432/db" --type SecureString
aws ssm put-parameter --name "/prod/django/REDIS_URL" --value "redis://redis-prod.edc1ba.0001.usw2.cache.amazonaws.com:6379" --type SecureString
import environ
from ssm_parameter_store import EC2ParameterStore
env = environ.Env(
DEBUG=(bool, False)
)
# Get parameters and populate os.environ (region not required if AWS_DEFAULT_REGION environment variable set)
parameter_store = EC2ParameterStore(region_name='us-west-2')
django_parameters = parameter_store.get_parameters_by_path('/prod/django/', strip_path=True)
EC2ParameterStore.set_env(django_parameters)
# False if not in os.environ
DEBUG = env('DEBUG')
# Raises django's ImproperlyConfigured exception if SECRET_KEY not in os.environ
SECRET_KEY = env('SECRET_KEY')
DATABASES = {
# read os.environ['DATABASE_URL'] and raises ImproperlyConfigured exception if not found
'default': env.db(),
}
CACHES = {
'default': env.cache('REDIS_URL'),
}
Related Projects
- param-store – Python module to store secrets in secret stores
- ssm-cache – AWS System Manager Parameter Store caching client for Python
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for ssm-parameter-store-19.11.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 29988d1e9ed95f3b2790a20d14950519a05cf3b44cea0c31586cd648f86474cc |
|
MD5 | 04bdc4d789233c419ab2731ad7abd24c |
|
BLAKE2b-256 | fc9d7e065fc277de94124923b5dcce5586874fb37bb7fcf4e5119244cd0ccebd |
Hashes for ssm_parameter_store-19.11.0-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a4ca3d31594ce8e9e7914d44b6f4607e45bebd79a44bb9c1ffe25d06db9ccb9f |
|
MD5 | f2d54f3bc18a453a14bf9444a0fcd664 |
|
BLAKE2b-256 | 96cad91d9363cc6032d9c034657073eb5033e2d6fe586e43659cc7c0f6c492b5 |