How can I use AWS CLI to retrieve secrets for an application?
I am a DevOps engineer and I am responsible for managing the AWS infrastructure for my particular company. Recently, my team has started using the AWS secret manager to store sensitive and critical information. One of my tasks was to retrieve a specific secret for an application that needed to connect to a third-party service. The secret, named “third-party-api-key” is stored in the AWS secret manager. How can I retrieve the secret value for “third-party-api-key” by using the AWS CLI?
In the context of AWS, you can easily retrieve the secret value for “third party API key” by using the AWS CLI by using the following command:-
Aws secrets manager get-secret-value –secret-id third-party-api-key –query ‘SecretString’ –output text
Explanation
The “aws secrets manager get secret value” command would help in retrieving a secret from the AWS secret manager.
“Secret ID third party API key” would specify the identifier of the secret that you want to be retrieved.
“query secret string” would help in filtering the output to only include the value of the secret.
“output text” will format the output as plain text l, which would prove very useful for directly using the secret value in scripts or even applications.
Here is an example given of how you can use this command in a shell script to set environment variables with the secret value:-
#!/bin/bash
# Retrieve the secret value and store it in a variable
SECRET_VALUE=$(aws secretsmanager get-secret-value –secret-id third-party-api-key –query ‘SecretString’ –output text)
# Export the secret value as an environment variable
Export THIRD_PARTY_API_KEY=$SECRET_VALUE
# Use the secret value in your application or script
Echo “The API key is: $THIRD_PARTY_API_KEY”Here is the example given in Java programming language. However, you should first ensure that you should have the AWS SDK dependencies in your pom.xml file:-
software.amazon.awssdk
secretsmanager
2.20.0
software.amazon.awssdk
regions
2.20.0
Java code:-
Import software.amazon.awssdk.regions.Region;
Import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
Import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
Import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse;
Import software.amazon.awssdk.services.secretsmanager.model.SecretsManagerException;Public class RetrieveSecret {
Public static void main(String[] args) {
// Specify the secret name
String secretName = “third-party-api-key”;
// Specify the AWS region
Region region = Region.US_EAST_1;
// Create a Secrets Manager client
SecretsManagerClient secretsClient = SecretsManagerClient.builder()
.region(region)
.build();
Try {
// Create a request to get the secret value
GetSecretValueRequest getSecretValueRequest = GetSecretValueRequest.builder()
.secretId(secretName)
.build();
// Retrieve the secret value
GetSecretValueResponse getSecretValueResponse = secretsClient.getSecretValue(getSecretValueRequest);
String secretValue = getSecretValueResponse.secretString();
// Print the secret value
System.out.println(“The secret value is: “ + secretValue);
// Use the secret value as needed
// For example, set it as a system property or environment variable
System.setProperty(“third.party.api.key”, secretValue);
System.out.println(“Secret value set as system property.”);
} catch (SecretsManagerException e) {
// Handle any exceptions that occur
System.err.println(e.awsErrorDetails().errorMessage());
} finally {
// Close the Secrets Manager client
secretsClient.close();
}
}
}This Java program would help you securely retrieve and use the secrets stored in the AWS secret manager by using the SDK for Java.