AWS SECRET MANAGER
AWS Secrets Manager is a privacy management service that helps you secure access to your IT applications, services, and services. This service allows you to customize, manage, and easily access website information, API keys, and other secrets throughout their life cycle.
AWS SECRET MANAGER DEMO :
With AWS Secrets Manager, you can easily rotate secrets, such as database credentials, using built-in integration for Amazon RDS for MySQL, PostgreSQL, and Amazon Aurora.
hey guys welcome back in this article I will demonstrate usage of secrets manager in AWS.
the example we're gonna take his Python code connecting to my database which is in AWS Python code requires username password and the host name of relational database.
now the question is where I have to store these details sensor informations like password ,there are several different options to handle this but in this demo let's see how to use secrets manager to securely store our credentials
Step 1: for the purpose of this demo I have created relational database service with my sequel engine in AWS
Step 2:
let's go and find its details for connecting , so we need to have its endpoint port number username and password
I'm using my secret workbench for interacting with my database
Here you can provide details oh Hostname(endpoint) , Username , port & password .
Then Click Test Connetion.
initially I want to have a table so that my application written in Python will interact to this database server and insults data into it.
I am going to create a table with name employees it has ID and name.
that got created employees table
Step 3:
I have written a small piece of Python code using mysql connected driver
Recommended : Python3 , MySQL Connector (pip install mysql-connector-python) , boto3(pip install boto3) & aws cli configure.
Code:
import mysql.connector
mydb = mysql.connector.connect(
host = "Enter your endpoint url",
user="Username",
passwd="Password",
database="databsename"
)
mycursor=mydb.cursor()
sql = "insert into employess (id, name) values (%s,%s);"
val = (1,"kashvi")
mycursor.execute(sql, val)
mydb.commit()
print(mycursor.rowcount, "record inserted.")
After run this program 1 record is inserted in the table.
Step 4: Create secret manager.
Search secret manager
Click on Store a new secret
Then provide secret type in this demo we use (Credentials for Amazon RDS database)
Provide username and password of your RDS database
Select your database and then click next
Here you can provide the name of your secret
Then click next
Turn on automatic rotation option
Set Time unit
Create lambda rotation function then click next
Rotation is the process of updating a secret from time to time. When you go around privacy, you update information on both the privacy and the website or service. In the Privacy Manager, you can set an automatic rotation of your secrets.
Now review your configuration and then click the store button
You successfully created secret manager.
Now click on secret name
Click Retrieve secret value
Step 5: Now we write a python code that access value from secret manager and start connecting to our database
So for that we use boto3 that we already install earlier.
Code:-
import mysql.connector
import boto3
import json
client = boto3.client('secretsmanager')
response = client.get_secret_value(
SecretId='Provide your secret name'
)
secretDict = json.loads(response['SecretString'])
mydb = mysql.connector.connect(
host = secretDict['host'],
user=secretDict['username'],
passwd=secretDict['password'],
database=secretDict['dbname']
)
mycursor=mydb.cursor()
sql = "insert into employess (id, name) values (%s,%s);"
val = (2,"hari")
mycursor.execute(sql, val)
mydb.commit()
print(mycursor.rowcount, "record inserted.")
After execute this code you successfully inserted one more record.
So I Hope this was very helpful and if you have any doubts or any questions you can write them down in the comment section below and I will try to answer you as soon as I can.
No comments:
Post a Comment