Skip to content

Add support for AWS Secrets Manager #532

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Mar 19, 2025

Conversation

mavwolverine
Copy link
Contributor

Working on the unit tests

@mavwolverine mavwolverine force-pushed the aws_secrets_manager branch 2 times, most recently from 12534c7 to 6b927c3 Compare February 7, 2025 15:15
@mavwolverine
Copy link
Contributor Author

Not sure why the lint is failing for ruff. Locally it says everything is fine.

@mavwolverine
Copy link
Contributor Author

boto3 dependency on urllib3 conflicts with requests on Python < 3.10.
So this feature will have to be available only python >=3.10

@mavwolverine mavwolverine marked this pull request as ready for review February 11, 2025 06:04
@mavwolverine
Copy link
Contributor Author

The tests failing are not related to the change

@hramezani
Copy link
Member

Thanks @mavwolverine for this PR.

I think the test failures are related to this PR's package update.

Also, you need to document this new settings source and provide an example of how to use it.

@mavwolverine mavwolverine force-pushed the aws_secrets_manager branch from 2742887 to eefb492 Compare March 7, 2025 00:33
@mavwolverine
Copy link
Contributor Author

Will work on the docs and sample over the weekend

@mavwolverine mavwolverine force-pushed the aws_secrets_manager branch from 4436bba to dd3965d Compare March 7, 2025 19:40
@mavwolverine
Copy link
Contributor Author

@hramezani Hopefully this is the last time I have to rework the PR. Had to refactor it due to dependency changes in upstream and then UV changes.
I believe the PR is ready

@hramezani
Copy link
Member

hramezani commented Mar 10, 2025

Thanks @mavwolverine for the update.

I have a refactoring PR on my list to review. I will then return to this PR. You will probably need to rebase it later, and I will let you know.

I also can help you if you don't have time to work

Copy link
Contributor

hyperlint-ai bot commented Mar 11, 2025

PR Change Summary

Added support for AWS Secrets Manager in the documentation, including usage instructions and example code.

  • Introduced a new section for AWS Secrets Manager in the documentation
  • Provided usage instructions for setting parameters and naming conventions
  • Included example code for integrating AWS Secrets Manager with Pydantic settings

Modified Files

  • docs/index.md

How can I customize these reviews?

Check out the Hyperlint AI Reviewer docs for more information on how to customize the review.

If you just want to ignore it on this PR, you can add the hyperlint-ignore label to the PR. Future changes won't trigger a Hyperlint review.

Note specifically for link checks, we only check the first 30 links in a file and we cache the results for several hours (for instance, if you just added a page, you might experience this). Our recommendation is to add hyperlint-ignore to the PR to ignore the link check for this PR.

What is Hyperlint?

Hyperlint is an AI agent that helps you write, edit, and maintain your documentation.

Learn more about the Hyperlint AI reviewer and the checks that we can run on your documentation.

@mavwolverine
Copy link
Contributor Author

Finally!

@hramezani please check. Thanks

@hramezani
Copy link
Member

Thanks @mavwolverine for the update!

This is the first PR on my list for review/merge. I will get back to it later.

Comment on lines +38 to +39
if not yaml:
pytest.skip('PyYAML is not installed', allow_module_level=True)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need pyyaml to be installed for this test?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. Moto the mocking library for boto3 has a dependency on responses which imports yaml. The second tests run in ci was failing and tests won't even start.

Hence the import moto is inside try catch after trying to import yaml.

And the skip module is because it fails for the @mock_aws decorator.

@hramezani
Copy link
Member

hramezani commented Mar 17, 2025

@mavwolverine I am not familiar with AWS Secret Manager. is secret_id equal to the secret name we define in AWS Secret Manager? it seems the value of secret has to be a json dump(plain text). please mention this in the doc. probably plain-text is the only type of secrets that this settings source can handle. if so, please update the doc

Can you explain how I can test your PR?

class AWSSecretsManagerSettings(BaseSettings):
"""AWSSecretsManager settings."""

SqlServerUser: str
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we need this field? because the alias of the next field is SqlServerUser

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we don't need SqlServerUser: str and we can remove it

@mavwolverine
Copy link
Contributor Author

mavwolverine commented Mar 17, 2025

@mavwolverine I am not familiar with AWS Secret Manager. is secret_id equal to the secret name we define in AWS Secret Manager? it seems the value of secret has to be a json dump(plain text). please mention this in the doc. probably plain-text is the only type of secrets that this settings source can handle. if so, please update the doc

Can you explain how I can test your PR?

Secret id is the secret name identifier in AWS.
The PR support Key Value pairs in Secrets Manager.

Screenshot 2025-03-17 at 7 55 36 AM

The key value when retrieved is returned as a json string.

To test in real AWS account, login to AWS account, go to AWS Secrets Manager, add new secret.
Select secret type as "Other type of secret".
Add key value pairs with similar naming as the variables in code.
Configure AWS env variables for credentials (on EC2 instances this is done using Instance role and is automatic).

@hramezani
Copy link
Member

Thanks @mavwolverine for explaining how to test it.

Please address two small comment on tests and then we can merge the PR

@hramezani
Copy link
Member

Thanks @mavwolverine

@hramezani hramezani merged commit c8a0df4 into pydantic:main Mar 19, 2025
19 checks passed
@mavwolverine
Copy link
Contributor Author

@hramezani Thanks for taking care of the changes. Got busy with work and was planning on looking into the changes over the weekend.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants