Question 197669 in Amazon Web Sevices Question posted in
The official Amazon Web Services documentation can be found here.

Amazon web services – AWS Secret Manager `ParamValidationError`: `"SecretID", must be one of: SecretId, VersionId, VersionStage`

I am having a problem with accessing a secret from Secret Manager in a lambda function.

Here is the relevant code:

import boto3

session = boto3.session.Session()
secretsmanager = session.client(service_name="secretsmanager")

get_secret_value_response = secretsmanager.get_secret_value(
    SecretID="arn:aws:secretsmanager:SECRETNAME"
)
secret = get_secret_value_response["SecretString"]

The error message, however, is confusing. Neither I found mentions of it elsewhere.

[ERROR] ParamValidationError: Parameter validation failed:
Missing required parameter in input: "SecretId"
Unknown parameter in input: "SecretID", must be one of: SecretId, VersionId, VersionStage
Traceback (most recent call last):
  File "/var/task/notification_parser.py", line 14, in handler
    get_secret_value_response = secretsmanager.get_secret_value(
  File "/var/runtime/botocore/client.py", line 530, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/var/runtime/botocore/client.py", line 919, in _make_api_call
    request_dict = self._convert_to_request_dict(
  File "/var/runtime/botocore/client.py", line 990, in _convert_to_request_dict
    request_dict = self._serializer.serialize_to_request(
  File "/var/runtime/botocore/validate.py", line 381, in serialize_to_request
    raise ParamValidationError(report=report.generate_report())

The documentation shows a string value, so I am confused.

Any ideas where I could go wrong?

Tags:

2

Answers


  1. 0

    You error is clear which is the name of the SecretID and SecretId. You named it incorrectly.

    Just change the variable name to SecretId instead of SecretID the last letter should be lowercase.

    But if you want here is the example how to use it

    import boto3


SECRET_ARN = "YOUR_SECRET_ARN"
secret_manager = boto3.client('secretsmanager')

response = secret_manager.get_secret_value(
    SecretId=SECRET_ARN
)

# this might be a json string so you might need to parse it
# to parse it you can use json.loads(response['SecretString'])
print('Secret: ' + response['SecretString'])
    Login or Signup to reply.
  2. 0

    Here is working code to get a secret using Python.

    # snippet-start:[python.example_code.secrets-manager.GetSecretValue]
    def get_value(self, stage=None):
        """
        Gets the value of a secret.

        :param stage: The stage of the secret to retrieve. If this is None, the
                      current stage is retrieved.
        :return: The value of the secret. When the secret is a string, the value is
                 contained in the `SecretString` field. When the secret is bytes,
                 it is contained in the `SecretBinary` field.
        """
        if self.name is None:
            raise ValueError

        try:
            kwargs = {'SecretId': self.name}
            if stage is not None:
                kwargs['VersionStage'] = stage
            response = self.secretsmanager_client.get_secret_value(**kwargs)
            logger.info("Got value for secret %s.", self.name)
        except ClientError:
            logger.exception("Couldn't get value for secret %s.", self.name)
            raise
        else:
            return response
# snippet-end:[python.example_code.secrets-manager.GetSecretValue]
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search