AWS Secret Manager provides sample code. It is very good to use for quick start.
But, I see often, they provide sample code with old version of SDK.
In this time, I program with Golang. and the aws-sdk-go is old version sdk.
As soon as I pushe the code, I know, it will be alerted by source scanning software.
I had to modify the sample code. as below
package aws
// Use this code snippet in your app.
// If you need more information about configurations or implementing the sample code, visit the AWS docs:
// https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/setting-up.html
import (
"context"
"encoding/base64"
"errors"
"fmt"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
"github.com/aws/smithy-go"
)
func getSecret() {
secretName := "arn:aws:secretsmanager:eu-central-1:.... put your secretmanager ARN"
region := "eu-central-1"
cfg, err := config.LoadDefaultConfig(context.TODO(),
config.WithRegion(region),
)
if err != nil {
// handle error
}
//Create a Secrets Manager client
svc := secretsmanager.NewFromConfig(cfg)
input := &secretsmanager.GetSecretValueInput{
SecretId: aws.String(secretName),
VersionStage: aws.String("AWSCURRENT"), // VersionStage defaults to AWSCURRENT if unspecified
}
// In this sample we only handle the specific exceptions for the 'GetSecretValue' API.
// See https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
result, err := svc.GetSecretValue(context.TODO(), input)
if err != nil {
var apiErr smithy.APIError
if errors.As(err, &apiErr) {
code := apiErr.ErrorCode()
message := apiErr.ErrorMessage()
// handle error code
fmt.Println("error code: " + code + " message : " + message)
return
} else {
// Print the error, cast err to awserr.Error to get the Code and
// Message from an error.
fmt.Println(err.Error())
}
return
}
// Decrypts secret using the associated KMS CMK.
// Depending on whether the secret is a string or binary, one of these fields will be populated.
var secretString, decodedBinarySecret string
if result.SecretString != nil {
secretString = *result.SecretString
} else {
decodedBinarySecretBytes := make([]byte, base64.StdEncoding.DecodedLen(len(result.SecretBinary)))
len, err := base64.StdEncoding.Decode(decodedBinarySecretBytes, result.SecretBinary)
if err != nil {
fmt.Println("Base64 Decode Error:", err)
return
}
decodedBinarySecret = string(decodedBinarySecretBytes[:len])
}
// Your code goes here.
fmt.Println(secretString)
fmt.Println(decodedBinarySecret)
}
