Skip to content

Secrets Manager

Botree Secrets Manager utilities.

Classes

botree.secrets_manager.SecretsManager(session: Session, client_kwargs: dict = dict())

AWS Secrets Manager wrapper.

Source code in botree/secrets_manager.py 
18
19
20
21
22
23
24
25
26
def __init__(
    self,
    session: Session,
    client_kwargs: dict = dict(),
):
    self.session = session
    self.client = self.session.client(
        service_name="secretsmanager", **client_kwargs
    )

Functions

create_secret(name: str, secret: Dict[str, Any], description: str, *args: str, **kwargs: str) -> Dict[str, Union[str, Dict[str, str], List[str], int, datetime]]

Create a new secret.

Parameters:

  • name (str) –

    Secret name.

  • secret (Dict[str, Any]) –

    Secret content.

  • description (str) –

    Secret AWS description.

Returns:

  • Dict[str, Union[str, Dict[str, str], List[str], int, datetime]]

    Chosen secret.

Source code in botree/secrets_manager.py 
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
def create_secret(
    self, name: str, secret: Dict[str, Any], description: str, *args, **kwargs
) -> Dict[str, Union[str, Dict[str, str], List[str], int, datetime]]:
    """
    Create a new secret.

    Parameters
    ----------
    name : str
        Secret name.
    secret : Dict[str, Any]
        Secret content.
    description : str
        Secret AWS description.

    Returns
    -------
    Dict[str, Union[str, Dict[str, str], List[str], int, datetime]]
        Chosen secret.
    """
    request_token = str(uuid.uuid4())
    self.client.create_secret(
        Name=name,
        ClientRequestToken=request_token,
        Description=description,
        SecretString=json.dumps(secret),
        *args,
        **kwargs,
    )

    return self.get_secret(name)
delete_secret(name: str, recovery_window: int = 30, force_delete: bool = False) -> dict

Delete an existing secret.

Parameters:

  • name (str) –

    Secret name.

  • recovery_window (int) –

    The number of days that Secrets Manager waits before permanently deleting the secret, by default 30.

  • force_delete (bool) –

    Specifies whether to delete the secret without any recovery window. You can't use both this parameter and RecoveryWindowInDays in the same call. If you don't use either, then Secrets Manager defaults to a 30 day recovery window, by default False.

Returns:

  • Dict[str, Union[str, datetime, models.ResponseMetadata]]

    Metadata.

Source code in botree/secrets_manager.py 
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
def delete_secret(
    self, name: str, recovery_window: int = 30, force_delete: bool = False
) -> dict:
    """
    Delete an existing secret.

    Parameters
    ----------
    name : str
        Secret name.
    recovery_window : int, optional
        The number of days that Secrets Manager waits before permanently
        deleting the secret, by default 30.
    force_delete : bool, optional
        Specifies whether to delete the secret without any recovery window.
        You can't use both this parameter and RecoveryWindowInDays in the same
        call. If you don't use either, then Secrets Manager defaults to a 30
        day recovery window, by default False.

    Returns
    -------
    Dict[str, Union[str, datetime, models.ResponseMetadata]]
        Metadata.
    """
    kwargs: Dict[str, Union[int, bool]] = dict()
    if force_delete:
        kwargs.update({"ForceDeleteWithoutRecovery": force_delete})
    else:
        kwargs.update({"RecoveryWindowInDays": recovery_window})

    response = self.client.delete_secret(SecretId=name, **kwargs)

    return response
generate_password(length: int = 32, exclude_characters: str = '', exclude_numbers: bool = False, exclude_punctuation: bool = False, exclude_uppercase: bool = False, exclude_lowercase: bool = False, exclude_space: bool = True, include_each_type: bool = True) -> dict

Generates a strong random password.

Parameters:

  • length (int) –

    The length of the password. If you don't include this parameter, by default 32

  • exclude_characters (str) –

    A string of the characters that you don't want in the password, by default ""

  • exclude_numbers (bool) –

    Specifies whether to exclude numbers from the password, by default False. If false, numbers will be included.

  • exclude_punctuation (bool) –

    Specifies whether to exclude the following punctuation characters from the password: ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ . If False, the password can contain punctuation.

  • exclude_uppercase (bool) –

    Specifies whether to exclude uppercase letters from the password, by default False. If False, the password can contain uppercase letters.

  • exclude_lowercase (bool) –

    Specifies whether to exclude lowercase letters from the password, by default False. If False, the password can contain lowercase letters.

  • exclude_space (bool) –

    Specifies whether to include the space character, by default True. If False, the password can contain space characters.

  • include_each_type (bool) –

    Specifies whether to include at least one upper and lowercase letter, one number, and one punctuation, by default True. If True, the password contains at least one of every character type.

Returns:

  • Mapping[Dict[str, str], Dict[str, models.ResponseMetadata]]

    Random password and, optionally, metadata.

Source code in botree/secrets_manager.py 
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
def generate_password(
    self,
    length: int = 32,
    exclude_characters: str = "",
    exclude_numbers: bool = False,
    exclude_punctuation: bool = False,
    exclude_uppercase: bool = False,
    exclude_lowercase: bool = False,
    exclude_space: bool = True,
    include_each_type: bool = True,
) -> dict:
    r"""
    Generates a strong random password.

    Parameters
    ----------
    length : int, optional
        The length of the password. If you don't include this parameter,
        by default 32
    exclude_characters : str, optional
        A string of the characters that you don't want in the password,
        by default ""
    exclude_numbers : bool, optional
        Specifies whether to exclude numbers from the password, by default False.
        If false, numbers will be included.
    exclude_punctuation : bool, optional
        Specifies whether to exclude the following punctuation characters from the
        password: ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ .
        If False, the password can contain punctuation.
    exclude_uppercase : bool, optional
        Specifies whether to exclude uppercase letters from the password, by default
        False. If False, the password can contain uppercase letters.
    exclude_lowercase : bool, optional
        Specifies whether to exclude lowercase letters from the password,
        by default False. If False, the password can contain lowercase letters.
    exclude_space : bool, optional
        Specifies whether to include the space character, by default True.
        If False, the password can contain space characters.
    include_each_type : bool, optional
        Specifies whether to include at least one upper and lowercase letter,
        one number, and one punctuation, by default True. If True,
        the password contains at least one of every character type.

    Returns
    -------
    Mapping[Dict[str, str], Dict[str, models.ResponseMetadata]]
        Random password and, optionally, metadata.
    """
    random_password = self.client.get_random_password(
        PasswordLength=length,
        ExcludeCharacters=exclude_characters,
        ExcludeNumbers=exclude_numbers,
        ExcludePunctuation=exclude_punctuation,
        ExcludeUppercase=exclude_uppercase,
        ExcludeLowercase=exclude_lowercase,
        IncludeSpace=exclude_space,
        RequireEachIncludedType=include_each_type,
    )

    return random_password
get_secret(name: str, *args: str, **kwargs: str) -> Dict[str, Union[str, Dict[str, str], List[str], int, datetime]]

Get a secret from AWS Secrets Manager by name.

Parameters:

  • name (str) –

    Secret name as in AWS Secrets Manager.

Returns:

  • Dict[str, Union[str, Dict[str, str], List[str], int, datetime]]

    Chosen secret.

Source code in botree/secrets_manager.py 
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
def get_secret(
    self, name: str, *args, **kwargs
) -> Dict[str, Union[str, Dict[str, str], List[str], int, datetime]]:
    """
    Get a secret from AWS Secrets Manager by name.

    Parameters
    ----------
    name : str
        Secret name as in AWS Secrets Manager.

    Returns
    -------
    Dict[str, Union[str, Dict[str, str], List[str], int, datetime]]
        Chosen secret.
    """
    secret = self.client.get_secret_value(SecretId=name, *args, **kwargs)

    return secret
list_secrets(*args, **kwargs) -> dict

Returns a list of all stored secrets.

Actually, this returns a list of all secrets within the Boto3 limit of 100.

Returns:

  • dict

    List of secrets and, optionally, metadata.

Source code in botree/secrets_manager.py 
28
29
30
31
32
33
34
35
36
37
38
39
40
41
def list_secrets(self, *args, **kwargs) -> dict:
    """
    Returns a list of all stored secrets.

    Actually, this returns a list of all secrets within the Boto3 limit of 100.

    Returns
    -------
    dict
        List of secrets and, optionally, metadata.
    """
    secrets = self.client.list_secrets(*args, **kwargs)

    return secrets