Skip to content

Instantly share code, notes, and snippets.

@manzanit0

manzanit0/main.go

Created May 6, 2024 16:10
Show Gist options
  • Save manzanit0/aee8a7f9dc7eaa984757fb12c9330ab2 to your computer and use it in GitHub Desktop.
Save manzanit0/aee8a7f9dc7eaa984757fb12c9330ab2 to your computer and use it in GitHub Desktop.
Download ZIP
Using secrets manager
Raw
main.go
package main
import (
"context"
"log"
"strings"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
"github.com/aws/aws-sdk-go-v2/service/secretsmanager/types"
)
/*
$ go run .
2024/05/06 15:46:21 Creating secret
2024/05/06 15:46:22 Secret already exists. Updating secret
2024/05/06 15:46:22 Secret updated! Version= 911a25df-c0eb-4e36-9162-6905e439864a
2024/05/06 15:46:22 Getting all secrets filtering by invalid tags
2024/05/06 15:46:22 Got 0 secrets
2024/05/06 15:46:22 Getting all secrets filtering by tags
2024/05/06 15:46:23 Got 1 secrets
2024/05/06 15:46:23 manzanit0-testing-delete-me-when-you-have-a-chance=newspeak-2
2024/05/06 15:46:23 Getting single secret by name
2024/05/06 15:46:23 Secret retrieved! Value= newspeak-2
*/
func main() {
secretName := "manzanit0-testing-delete-me-when-you-have-a-chance"
region := "us-east-1"
ctx := context.Background()
config, err := config.LoadDefaultConfig(ctx, config.WithRegion(region))
if err != nil {
log.Fatal(err)
}
svc := secretsmanager.NewFromConfig(config)
log.Println("Creating secret")
out, err := svc.CreateSecret(ctx, &secretsmanager.CreateSecretInput{
Name: &secretName,
Description: aws.String("It's just a secret created when testing stuff locally"),
ForceOverwriteReplicaSecret: true,
SecretString: aws.String("newspeak"),
Tags: []types.Tag{
{Key: aws.String("team"), Value: aws.String("cloud-platform")},
{Key: aws.String("app"), Value: aws.String("scratch-go")},
},
})
if err != nil && strings.Contains(err.Error(), "ResourceExistsException") {
log.Println("Secret already exists. Updating secret")
out2, err := svc.PutSecretValue(ctx, &secretsmanager.PutSecretValueInput{
SecretId: aws.String(secretName),
SecretString: aws.String("newspeak-2"),
})
if err != nil {
log.Fatal(err.Error())
}
log.Println("Secret updated! Version=", *out2.VersionId)
} else if err != nil {
log.Fatal(err.Error())
} else {
log.Println("Secret created! Version=", *out.VersionId)
}
log.Println("Getting all secrets filtering by invalid tags")
secrets, err := svc.BatchGetSecretValue(ctx, &secretsmanager.BatchGetSecretValueInput{
Filters: []types.Filter{
{Key: "tag-key", Values: []string{"app"}},
{Key: "tag-value", Values: []string{"inexistent-service"}},
},
})
if err != nil {
log.Fatal(err.Error())
}
log.Printf("Got %d secrets", len(secrets.SecretValues))
log.Println("Getting all secrets filtering by tags")
secrets, err = svc.BatchGetSecretValue(ctx, &secretsmanager.BatchGetSecretValueInput{
Filters: []types.Filter{
{Key: "tag-key", Values: []string{"app"}},
{Key: "tag-value", Values: []string{"scratch-go"}},
},
})
if err != nil {
log.Fatal(err.Error())
}
log.Printf("Got %d secrets", len(secrets.SecretValues))
for _, secret := range secrets.SecretValues {
log.Printf("%s=%s\n", *secret.Name, *secret.SecretString)
}
log.Println("Getting single secret by name")
result, err := svc.GetSecretValue(ctx, &secretsmanager.GetSecretValueInput{
SecretId: aws.String(secretName),
VersionStage: aws.String("AWSCURRENT"),
})
if err != nil {
log.Fatal(err.Error())
}
log.Println("Secret retrieved! Value=", *result.SecretString)
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment