# AWS Secret Management

## Prerequisite tasks

To set up and run this example, you must first set up the following:

1. Install AWS CLI 2 as described in the **"1.0.AWS_CLI_2_Installation"** notebook.
2. Configure your AWS credentials, as described in [Quickstart](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/quickstart.html) using the AWS CLI or the AWS Console IAM Manager.
3. Run locally the "aws configure" from the console to store locally your credentials to connect to AWS using the CLI.
   - Input your "AWS Access Key ID" and "AWS Secret Access Key" and "Default region name".
   - This will create a directory ".aws" and the files "config" and "credentials" (you must edit later if required).
4. Create a secret with the AWS Secrets Manager, as described in the [AWS Secrets Manager Developer Guide](https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html) and it has been described in the Lab.
5. Install boto3 library in your environment as described in the **"1.1.AWS_Boto3_Installation"** notebook (if it is not already done)
6. Modify the parameters "secret_name" and "region_name" to set your own data in the next cell code for this example.
  
**NOTE**: Boto3 will also search the ~/.aws/config file when looking for configuration values. You can change the location of this file by setting the AWS_CONFIG_FILE environment variable.
**NOTE**: The credential file has your AWS Keys so must not be located in a public source control repository.


### Create a secret directly from command line

In [None]:
!aws secretsmanager create-secret --name MyOneTestSecret --description "One test secret created with the CLI" \
    --secret-string "{\"user\":\"auseridentifier\",\"password\":\"TEST-PASSWORD\"}"

### Create a secret from a json file

Let's assume we have a file named "thetestfileforcred.json" in our directory with the key-values to store in the KMS. (here we will simulate with the writefile magic command).

In [None]:
%%writefile thetestfileforcred.json
{
  "engine": "s3",
  "username": "onejsonexampleuser",
  "password": "EXAMPLE-JSON-PASSWORD",
  "host": "the-s3-machine-address.us-west-2.s3.amazonaws.com",
  "dbname": "s3bucketexample"  
}

In [None]:
!aws secretsmanager create-secret --name MyOneJsonTestSecret --secret-string file://thetestfileforcred.json

### List secrets

In [None]:
!aws secretsmanager list-secrets

and finally, let's deleting some secrets by AWS cli interface

In [None]:
!aws secretsmanager delete-secret --secret-id MyOneTestSecret --recovery-window-in-days 7 

with the recovery window period, it is still possible to restore the secret

In [None]:
!aws secretsmanager restore-secret --secret-id MyOneTestSecret

let's deleting some secrets by AWS cli interface with no recovery-window parameter (default)

In [None]:
!aws secretsmanager delete-secret --secret-id MyOneTestSecret

In [None]:
!aws secretsmanager restore-secret --secret-id MyOneTestSecret