How Do You Retrieve an Application-Level Secret from AWS?

Problem scenario
You want to obtain a non-database secret from AWS and you know the name of the secret (in Secrets Manager) and the region it is in. What should you do?

You have installed and configured the AWS CLI. If you need assistance with this, click on this posting if you can use pip or this posting if you cannot use pip.

Modify the program so "foobar" is the name of the secret and "us-west-2" is the name of the region of the secret. Then run the Python 3.x program below:

import boto3
import base64
from botocore.exceptions import ClientError

secret_name = "foobar"
region_name = "us-west-2"
session = boto3.session.Session()
client = session.client(


# If you want to confirm it worked in the web console, go to AWS Secrets Manager -> Secrets.
# There is a column called "Last retrieved" that corresponds to each Secret.  
# The date you see will be the last time it was retrieved.

Leave a comment

Your email address will not be published. Required fields are marked *