Created
May 6, 2024 16:10
-
-
Save Manzanit0/aee8a7f9dc7eaa984757fb12c9330ab2 to your computer and use it in GitHub Desktop.
Using secrets manager
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "context" | |
| "log" | |
| "strings" | |
| "github.com/aws/aws-sdk-go-v2/aws" | |
| "github.com/aws/aws-sdk-go-v2/config" | |
| "github.com/aws/aws-sdk-go-v2/service/secretsmanager" | |
| "github.com/aws/aws-sdk-go-v2/service/secretsmanager/types" | |
| ) | |
| /* | |
| $ go run . | |
| 2024/05/06 15:46:21 Creating secret | |
| 2024/05/06 15:46:22 Secret already exists. Updating secret | |
| 2024/05/06 15:46:22 Secret updated! Version= 911a25df-c0eb-4e36-9162-6905e439864a | |
| 2024/05/06 15:46:22 Getting all secrets filtering by invalid tags | |
| 2024/05/06 15:46:22 Got 0 secrets | |
| 2024/05/06 15:46:22 Getting all secrets filtering by tags | |
| 2024/05/06 15:46:23 Got 1 secrets | |
| 2024/05/06 15:46:23 manzanit0-testing-delete-me-when-you-have-a-chance=newspeak-2 | |
| 2024/05/06 15:46:23 Getting single secret by name | |
| 2024/05/06 15:46:23 Secret retrieved! Value= newspeak-2 | |
| */ | |
| func main() { | |
| secretName := "manzanit0-testing-delete-me-when-you-have-a-chance" | |
| region := "us-east-1" | |
| ctx := context.Background() | |
| config, err := config.LoadDefaultConfig(ctx, config.WithRegion(region)) | |
| if err != nil { | |
| log.Fatal(err) | |
| } | |
| svc := secretsmanager.NewFromConfig(config) | |
| log.Println("Creating secret") | |
| out, err := svc.CreateSecret(ctx, &secretsmanager.CreateSecretInput{ | |
| Name: &secretName, | |
| Description: aws.String("It's just a secret created when testing stuff locally"), | |
| ForceOverwriteReplicaSecret: true, | |
| SecretString: aws.String("newspeak"), | |
| Tags: []types.Tag{ | |
| {Key: aws.String("team"), Value: aws.String("cloud-platform")}, | |
| {Key: aws.String("app"), Value: aws.String("scratch-go")}, | |
| }, | |
| }) | |
| if err != nil && strings.Contains(err.Error(), "ResourceExistsException") { | |
| log.Println("Secret already exists. Updating secret") | |
| out2, err := svc.PutSecretValue(ctx, &secretsmanager.PutSecretValueInput{ | |
| SecretId: aws.String(secretName), | |
| SecretString: aws.String("newspeak-2"), | |
| }) | |
| if err != nil { | |
| log.Fatal(err.Error()) | |
| } | |
| log.Println("Secret updated! Version=", *out2.VersionId) | |
| } else if err != nil { | |
| log.Fatal(err.Error()) | |
| } else { | |
| log.Println("Secret created! Version=", *out.VersionId) | |
| } | |
| log.Println("Getting all secrets filtering by invalid tags") | |
| secrets, err := svc.BatchGetSecretValue(ctx, &secretsmanager.BatchGetSecretValueInput{ | |
| Filters: []types.Filter{ | |
| {Key: "tag-key", Values: []string{"app"}}, | |
| {Key: "tag-value", Values: []string{"inexistent-service"}}, | |
| }, | |
| }) | |
| if err != nil { | |
| log.Fatal(err.Error()) | |
| } | |
| log.Printf("Got %d secrets", len(secrets.SecretValues)) | |
| log.Println("Getting all secrets filtering by tags") | |
| secrets, err = svc.BatchGetSecretValue(ctx, &secretsmanager.BatchGetSecretValueInput{ | |
| Filters: []types.Filter{ | |
| {Key: "tag-key", Values: []string{"app"}}, | |
| {Key: "tag-value", Values: []string{"scratch-go"}}, | |
| }, | |
| }) | |
| if err != nil { | |
| log.Fatal(err.Error()) | |
| } | |
| log.Printf("Got %d secrets", len(secrets.SecretValues)) | |
| for _, secret := range secrets.SecretValues { | |
| log.Printf("%s=%s\n", *secret.Name, *secret.SecretString) | |
| } | |
| log.Println("Getting single secret by name") | |
| result, err := svc.GetSecretValue(ctx, &secretsmanager.GetSecretValueInput{ | |
| SecretId: aws.String(secretName), | |
| VersionStage: aws.String("AWSCURRENT"), | |
| }) | |
| if err != nil { | |
| log.Fatal(err.Error()) | |
| } | |
| log.Println("Secret retrieved! Value=", *result.SecretString) | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment