From 3ef147c0dfc0d5eac85b929ba3f8d5603dac8959 Mon Sep 17 00:00:00 2001
From: thomasabishop <tactonbishop@gmail.com>
Date: Mon, 11 Sep 2023 18:20:12 +0100
Subject: [PATCH] aws: add example of querying secrets manager in python

---
 .../Code_examples/Fetch_from_Secrets_Manager.md  | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/DevOps/AWS/AWS_Lambda/Code_examples/Fetch_from_Secrets_Manager.md b/DevOps/AWS/AWS_Lambda/Code_examples/Fetch_from_Secrets_Manager.md
index 2914009..ecafe83 100644
--- a/DevOps/AWS/AWS_Lambda/Code_examples/Fetch_from_Secrets_Manager.md
+++ b/DevOps/AWS/AWS_Lambda/Code_examples/Fetch_from_Secrets_Manager.md
@@ -32,8 +32,18 @@ type SomeCredentials = {
 };
 ```
 
-// TODO: Add example of deferring to local env var
-
 ## Python
 
-// TODO: Add Python example
+```py
+import json
+import boto3
+
+def get_secret():
+    python_env = os.environ.get("PYTHON_ENV", "local")
+    """In production, source creds from SecretsManager"""
+    if python_env == "production":
+        secrets_manager = boto3.client("secretsmanager")
+        response = secrets_manager.get_secret_value(SecretId=os.environ["SECRET_ARN"])
+        secret_values = json.loads(response["SecretString"])
+        return secret_values["GOOGLE_CREDS"]
+```