Locksmith Module

Fetch credentials from AWS Secrets Manager.

Usage:

>>> import boto3
>>> import alyeska.locksmith as ls
>>> session = boto3.Session()  # fetch creds from .aws/credentials
>>> secret_name = "my-super-secret-secret"
>>> secret = ls.get_secret(session, secret_name)

alyeska.locksmith.get_secret(session: boto3.session.Session, secret_name: str, region_name: str = 'us-east-1') → dict

Get secret from secretsmanager using an established session.

See boto3.amazonaws.com/v1/documentation/api/latest/guide/secrets-manager.html

Parameters:

• session (boto3.Session) – [description]
• secret_name (str) – [description]
• region_name (str, optional) – [description]. Defaults to “us-east-1”.

Returns:

Secret as dict

Return type:

dict

alyeska.locksmith.mfa_from_str(json_str: str, *, include_expiration=False) → dict

Create credentials dict from credentials as a json string.

This function is a thin wrapper around json.loads

Parameters:

• json_str (str) –

  String containing a json object. e.g. ‘’’ {

  ”Credentials”: {

  “AccessKeyId”: “FAKEACCESSKEY”, “SecretAccessKey”: “Fake+Secret9Access-Key”, “SessionToken”: “f4k3-SE5510N_t0k3n”, “Expiration”: “2019-07-30T00:14:27Z”

  }

• include_expiration (bool, optional) – Whether to include expiration in returned json. Defaults to False.

Returns:

with types as

{

“aws_access_key_id”: str, “aws_secret_access_key”: str, “aws_session_token”: str, “expiration”: datetime,

}

Return type:

dict

Example

>>> import dynatrace_locksmith as ls
>>> creds = ls.mfa_from_str(json_str)
>>> creds
{
    "Credentials": {
        "AccessKeyId": "1234567890",
        "SecretAccessKey": "qwertyuiop",
        "SessionToken": "asdfghjklzxcvbnm",
        "Expiration": "2018-11-02T05:15:21Z"
    }
}

>>> session = boto3.Session(**creds)