How can I use AWS CLI to retrieve secrets for an application?

187    Asked by debbieJha in AWS , Asked on Jun 4, 2024

I am a DevOps engineer and I am responsible for managing the AWS infrastructure for my particular company. Recently, my team has started using the AWS secret manager to store sensitive and critical information. One of my tasks was to retrieve a specific secret for an application that needed to connect to a third-party service. The secret, named “third-party-api-key” is stored in the AWS secret manager. How can I retrieve the secret value for “third-party-api-key” by using the AWS CLI? 

Answered by Daniel BAKER

 In the context of AWS, you can easily retrieve the secret value for “third party API key” by using the AWS CLI by using the following command:-


Aws secrets manager get-secret-value –secret-id third-party-api-key –query ‘SecretString’ –output text

Explanation

The “aws secrets manager get secret value” command would help in retrieving a secret from the AWS secret manager.

“Secret ID third party API key” would specify the identifier of the secret that you want to be retrieved.

“query secret string” would help in filtering the output to only include the value of the secret.

“output text” will format the output as plain text l, which would prove very useful for directly using the secret value in scripts or even applications.

Here is an example given of how you can use this command in a shell script to set environment variables with the secret value:-

#!/bin/bash
# Retrieve the secret value and store it in a variable
SECRET_VALUE=$(aws secretsmanager get-secret-value –secret-id third-party-api-key –query ‘SecretString’ –output text)
# Export the secret value as an environment variable
Export THIRD_PARTY_API_KEY=$SECRET_VALUE
# Use the secret value in your application or script
Echo “The API key is: $THIRD_PARTY_API_KEY”

Here is the example given in Java programming language. However, you should first ensure that you should have the AWS SDK dependencies in your pom.xml file:-


   

        software.amazon.awssdk

        secretsmanager

        2.20.0

   

   

        software.amazon.awssdk

        regions

        2.20.0

   


Java code:-

Import software.amazon.awssdk.regions.Region;
Import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
Import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
Import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse;
Import software.amazon.awssdk.services.secretsmanager.model.SecretsManagerException;
Public class RetrieveSecret {
    Public static void main(String[] args) {
        // Specify the secret name
        String secretName = “third-party-api-key”;
        // Specify the AWS region
        Region region = Region.US_EAST_1;
        // Create a Secrets Manager client
        SecretsManagerClient secretsClient = SecretsManagerClient.builder()
                .region(region)
                .build();
        Try {
            // Create a request to get the secret value
            GetSecretValueRequest getSecretValueRequest = GetSecretValueRequest.builder()
                    .secretId(secretName)
                    .build();
            // Retrieve the secret value
            GetSecretValueResponse getSecretValueResponse = secretsClient.getSecretValue(getSecretValueRequest);
            String secretValue = getSecretValueResponse.secretString();
            // Print the secret value
            System.out.println(“The secret value is: “ + secretValue);
            // Use the secret value as needed
            // For example, set it as a system property or environment variable
            System.setProperty(“third.party.api.key”, secretValue);
            System.out.println(“Secret value set as system property.”);
        } catch (SecretsManagerException e) {
            // Handle any exceptions that occur
            System.err.println(e.awsErrorDetails().errorMessage());
        } finally {
            // Close the Secrets Manager client
            secretsClient.close();
        }
    }
}

This Java program would help you securely retrieve and use the secrets stored in the AWS secret manager by using the SDK for Java.



Your Answer

Interviews

Parent Categories