# AWS Secret Management
## DevOpsLab Example

### Prerequisite tasks
To set up and run this example, you must first set up the following:
- Install AWS CLI 2 as described in the **"1.0.AWS_CLI_2_Installation"** notebook.
- Configure your AWS credentials, as described in [Quickstart](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/quickstart.html) using the AWS CLI or the AWS Console IAM Manager.
   - Run "aws-configure" from the console. 
   - Input your "AWS Access Key ID" and "AWS Secret Access Key" and "Default region name".
       - This will create a directory ".aws" and the files "config" and "credentials" (you must edit later if required). 
       - Boto3 will also search the ~/.aws/config file when looking for configuration values. You can change the location of this file by setting the AWS_CONFIG_FILE environment variable.
   - **NOTE**: The credential file has your AWS Keys so must not be located in a public repository.
- Create a secret with the AWS Secrets Manager, as described in the [AWS Secrets Manager Developer Guide](https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html) and it has been described in the Lab.
- Install boto3 library in your environment using *pip install boto3* as described in the **"1.1.AWS_Boto3_Installation"** notebook if it is not already done
- Modify the parameters "secret_name" and "region_name" to set your own data in the next code for the example

### Retrieve the list of secret values

The following example shows how to:
Retrieve a list of secret values using [list_secrets](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager.html#SecretsManager.Client.list_secrets) funtion

In [None]:
import boto3
from botocore.exceptions import ClientError

In [None]:
def list_secrets():
    region_name = "eu-west-2"
    
    session = boto3.session.Session()
    client = session.client(
        service_name='secretsmanager',
        region_name=region_name,
    )

    try:
        response = client.list_secrets(
        )         
    except ClientError as e:
        if e.response['Error']['Code'] == 'InvalidParameterException':
            print("The request had invalid params: ",e)
        elif e.response['Error']['Code'] == 'InvalidNextTokenException':
            print("The request was invalid due to:", e)
        elif e.response['Error']['Code'] == 'InternalServiceError':
            print("Unexpected internal error found", e)
    else:
        # Secrets Manager decrypts the secrets
        # Your code goes here.
        print ("The retrieved Secrets are: ", response)

In [None]:
list_secrets()