Upload retrive_secrects.py

retrive_secrects.py

@@ -0,0 +1,227 @@
+# import boto3
+# import json
+# from cryptography.fernet import Fernet
+# from botocore.exceptions import NoCredentialsError, PartialCredentialsError
+
+# def get_secret(secret_name, region_name):
+#     """
+#     Retrieve secret value from AWS Secrets Manager.
+#     Args:
+#     secret_name (str): The name of the secret to retrieve.
+#     region_name (str): AWS region where the secret is stored.
+#     Returns:
+#     dict: Decrypted secret values.
+#     """
+#     # Create a Secrets Manager client
+#     session = boto3.session.Session()
+#     client = session.client('secretsmanager', region_name = region_name)
+#     try:
+#         response = client.get_secret_value(SecretId = secret_name)
+#     except NoCredentialsError:
+#         print("Credentials not available")
+#         return None
+#     except PartialCredentialsError:
+#         print("Incomplete credentials provided")
+#         return None
+#     except Exception as e:
+#         print(f"Error retrieving secret: {e}")
+#         return None
+
+#     # Depending on whether the secret is a string or binary, one of these fields will be populated
+#     if 'SecretString' in response:
+#         secret_dict = json.loads(response['SecretString'])
+#         # print("secret_dict", secret_dict)
+#         fernet_key = secret_dict.get('Fernet_Key', None)
+#         # print("fernet_key", fernet_key)
+#     else:
+#         print("Failed to retrieve secret.")
+#         return None
+
+#     if not fernet_key:
+#         print("Fernet key not found in secret.")
+#         return None
+#     # Create a Fernet cipher object
+#     cipher_suite = Fernet(fernet_key)
+#     CONNECTIONS_HOST = cipher_suite.decrypt(secret_dict["CONNECTIONS_HOST"].encode()).decode()
+#     CONNECTIONS_DB = cipher_suite.decrypt(secret_dict["CONNECTIONS_DB"].encode()).decode()
+#     CONNECTIONS_USER = cipher_suite.decrypt(secret_dict["CONNECTIONS_USER"].encode()).decode()
+#     CONNECTIONS_PASS = cipher_suite.decrypt(secret_dict["CONNECTIONS_PASS"].encode()).decode()
+#     ARANGO_URL = cipher_suite.decrypt(secret_dict["ARANGO_URL"].encode()).decode()
+#     ARANGO_USERNAME = cipher_suite.decrypt(secret_dict["ARANGO_USERNAME"].encode()).decode()
+#     ARANGO_PASSWORD = cipher_suite.decrypt(secret_dict["ARANGO_PASSWORD"].encode()).decode()
+#     ARANGO_DB = cipher_suite.decrypt(secret_dict["ARANGO_DB"].encode()).decode()
+#     JAVA_URL = cipher_suite.decrypt(secret_dict["JAVA_URL"].encode()).decode()
+#     SERVER_PORT = cipher_suite.decrypt(secret_dict["SERVER_PORT"].encode()).decode()
+#     PYTHON_URL = cipher_suite.decrypt(secret_dict["PYTHON_URL"].encode()).decode()
+#     AWS_S3_CREDS_KEY_ID = cipher_suite.decrypt(secret_dict["AWS_S3_CREDS_KEY_ID"].encode()).decode()
+#     AWS_S3_CREDS_SECRET_KEY = cipher_suite.decrypt(secret_dict["AWS_S3_CREDS_SECRET_KEY"].encode()).decode()
+#     NOTIFICATION_ENDPOINT = cipher_suite.decrypt(secret_dict["NOTIFICATION_ENDPOINT"].encode()).decode()
+#     SUPPORT_EMAIL = cipher_suite.decrypt(secret_dict["SUPPORT_EMAIL"].encode()).decode()
+#     SUPPORT_EMAIL_PASS = cipher_suite.decrypt(secret_dict["SUPPORT_EMAIL_PASS"].encode()).decode()
+#     MAIL_SERVER_SMTP = cipher_suite.decrypt(secret_dict["MAIL_SERVER_SMTP"].encode()).decode()
+#     MAIL_SERVER_PORT = cipher_suite.decrypt(secret_dict["MAIL_SERVER_PORT"].encode()).decode()
+#     FOLDER_ETL_S3_BUCKET_NAME = ""
+#     FOLDER_UNSTRUCTURED_STORAGE = ""
+#     BUCKET_ETL_S3_BUCKET_NAME = cipher_suite.decrypt(secret_dict["BUCKET_ETL_S3_BUCKET_NAME"].encode()).decode()
+#     BUCKET_UNSTRUCTURED_STORAGE = cipher_suite.decrypt(secret_dict["BUCKET_UNSTRUCTURED_STORAGE"].encode()).decode()
+#     BUCKET_PERFORMANCE_DRIVERS = ""
+#     APP_URL = cipher_suite.decrypt(secret_dict["APP_URL"].encode()).decode()
+#     ALLOWED_HOSTS = cipher_suite.decrypt(secret_dict["ALLOWED_HOSTS"].encode()).decode() + ',http://192.168.0.110:4521/'
+
+#     return CONNECTIONS_HOST, \
+#            CONNECTIONS_DB, CONNECTIONS_USER, CONNECTIONS_PASS, ARANGO_URL, ARANGO_USERNAME, ARANGO_PASSWORD, \
+#            ARANGO_DB, JAVA_URL, SERVER_PORT, PYTHON_URL, AWS_S3_CREDS_KEY_ID, AWS_S3_CREDS_SECRET_KEY, NOTIFICATION_ENDPOINT, SUPPORT_EMAIL, \
+#            SUPPORT_EMAIL_PASS, MAIL_SERVER_SMTP, MAIL_SERVER_PORT, BUCKET_ETL_S3_BUCKET_NAME, \
+#            BUCKET_UNSTRUCTURED_STORAGE, APP_URL, ALLOWED_HOSTS, FOLDER_ETL_S3_BUCKET_NAME, FOLDER_UNSTRUCTURED_STORAGE, BUCKET_PERFORMANCE_DRIVERS
+
+# secret_name = "Demo/Ingen/skeys"
+# region_name = "us-east-1"
+
+# CONNECTIONS_HOST, CONNECTIONS_DB, CONNECTIONS_USER, CONNECTIONS_PASS, ARANGO_URL, ARANGO_USERNAME, ARANGO_PASSWORD, \
+# ARANGO_DB, JAVA_URL, SERVER_PORT, PYTHON_URL, AWS_S3_CREDS_KEY_ID, AWS_S3_CREDS_SECRET_KEY, NOTIFICATION_ENDPOINT, SUPPORT_EMAIL, \
+# SUPPORT_EMAIL_PASS, MAIL_SERVER_SMTP, MAIL_SERVER_PORT, BUCKET_ETL_S3_BUCKET_NAME, \
+# BUCKET_UNSTRUCTURED_STORAGE, APP_URL, ALLOWED_HOSTS, FOLDER_ETL_S3_BUCKET_NAME, FOLDER_UNSTRUCTURED_STORAGE, \
+# BUCKET_PERFORMANCE_DRIVERS = get_secret(secret_name, region_name)
+
+
+
+
+
+# #  Got it! You have AWS credentials configured locally (via `aws configure`), and you want to make sure your `get_secret` function uses those credentials to fetch the secret from AWS Secrets Manager.
+
+# # The great news is: **boto3 automatically picks up credentials from your AWS CLI configuration (`~/.aws/credentials`)** by default. So if you’ve already run `aws configure` and set your credentials, your existing code will use those credentials without any extra change.
+
+# # ### What you *don’t* need to do:
+
+# # * You don’t need to manually pass credentials in the function unless you want to override.
+# # * You don’t need to add `aws_access_key_id` or `aws_secret_access_key` manually unless you want to hardcode or dynamically pass them.
+
+# # ### How it works currently:
+
+# # ```python
+# # session = boto3.session.Session()
+# # client = session.client('secretsmanager', region_name=region_name)
+# # ```
+
+# # * This uses the default credential provider chain, which looks for credentials in environment variables, AWS CLI config files, EC2 instance roles, etc.
+# # * Since you have credentials configured via `aws configure`, boto3 will find and use those credentials automatically.
+
+# # ---
+
+# # ### Optional: If you want to explicitly use the credentials from your `.env` or environment variables
+
+# # If you want to explicitly use credentials stored in environment variables (e.g., loaded from `.env`), you can modify your function like this:
+
+# # ```python
+# # import os
+
+# # def get_secret(secret_name, region_name):
+# #     session = boto3.session.Session(
+# #         aws_access_key_id=os.getenv("AWS_ACCESS_KEY_ID"),
+# #         aws_secret_access_key=os.getenv("AWS_SECRET_ACCESS_KEY"),
+# #         aws_session_token=os.getenv("AWS_SESSION_TOKEN")  # optional, if using temporary credentials
+# #     )
+# #     client = session.client('secretsmanager', region_name=region_name)
+# #     # rest of your function
+# # ```
+
+# # This assumes you have loaded your `.env` variables (using `python-dotenv` or similar) or have them set in your environment.
+
+# # ---
+
+# # ### Summary:
+
+# # * If you have run `aws configure` and have credentials locally, **no change is needed**. Your current code uses those credentials.
+# # * If you want to use environment variables or `.env` values for AWS keys explicitly, pass them to `Session()` as shown above.
+
+# # ---
+
+# # If you want, I can help you with a quick snippet to load `.env` variables too! Just ask.
+import boto3
+import json
+import os
+from cryptography.fernet import Fernet
+from botocore.exceptions import NoCredentialsError, PartialCredentialsError
+from dotenv import load_dotenv
+
+load_dotenv()
+
+def get_secret(secret_name, region_name):
+    try:
+        session = boto3.session.Session(
+            aws_access_key_id=os.getenv("AWS_ACCESS_KEY_ID"),
+            aws_secret_access_key=os.getenv("AWS_SECRET_ACCESS_KEY"),
+            aws_session_token=os.getenv("AWS_SESSION_TOKEN")
+        )
+
+        client = session.client('secretsmanager', region_name=region_name)
+        response = client.get_secret_value(SecretId=secret_name)
+
+        if 'SecretString' not in response:
+            print("SecretString not found.")
+            return None
+
+        secret_dict = json.loads(response['SecretString'])
+        fernet_key = secret_dict.get('Fernet_Key')
+        if not fernet_key:
+            print("Fernet key missing.")
+            return None
+
+        cipher_suite = Fernet(fernet_key.encode())
+        def decrypt(key): return cipher_suite.decrypt(secret_dict[key].encode()).decode()
+
+        CONNECTIONS_HOST = decrypt("CONNECTIONS_HOST")
+        CONNECTIONS_DB = decrypt("CONNECTIONS_DB")
+        CONNECTIONS_USER = decrypt("CONNECTIONS_USER")
+        CONNECTIONS_PASS = decrypt("CONNECTIONS_PASS")
+        ARANGO_URL = decrypt("ARANGO_URL")
+        ARANGO_USERNAME = decrypt("ARANGO_USERNAME")
+        ARANGO_PASSWORD = decrypt("ARANGO_PASSWORD")
+        ARANGO_DB = decrypt("ARANGO_DB")
+        JAVA_URL = decrypt("JAVA_URL")
+        SERVER_PORT = decrypt("SERVER_PORT")
+        PYTHON_URL = decrypt("PYTHON_URL")
+        AWS_S3_CREDS_KEY_ID = decrypt("AWS_S3_CREDS_KEY_ID")
+        AWS_S3_CREDS_SECRET_KEY = decrypt("AWS_S3_CREDS_SECRET_KEY")
+        NOTIFICATION_ENDPOINT = decrypt("NOTIFICATION_ENDPOINT")
+        SUPPORT_EMAIL = decrypt("SUPPORT_EMAIL")
+        SUPPORT_EMAIL_PASS = decrypt("SUPPORT_EMAIL_PASS")
+        MAIL_SERVER_SMTP = decrypt("MAIL_SERVER_SMTP")
+        MAIL_SERVER_PORT = decrypt("MAIL_SERVER_PORT")
+        BUCKET_ETL_S3_BUCKET_NAME = decrypt("BUCKET_ETL_S3_BUCKET_NAME")
+        BUCKET_UNSTRUCTURED_STORAGE = decrypt("BUCKET_UNSTRUCTURED_STORAGE")
+        APP_URL = decrypt("APP_URL")
+        ALLOWED_HOSTS = decrypt("ALLOWED_HOSTS") + ',http://192.168.0.110:4521/'
+
+        # Static/empty strings
+        FOLDER_ETL_S3_BUCKET_NAME = ""
+        FOLDER_UNSTRUCTURED_STORAGE = ""
+        BUCKET_PERFORMANCE_DRIVERS = ""
+
+        return CONNECTIONS_HOST, CONNECTIONS_DB, CONNECTIONS_USER, CONNECTIONS_PASS, ARANGO_URL, ARANGO_USERNAME, \
+            ARANGO_PASSWORD, ARANGO_DB, JAVA_URL, SERVER_PORT, PYTHON_URL, AWS_S3_CREDS_KEY_ID, AWS_S3_CREDS_SECRET_KEY, \
+            NOTIFICATION_ENDPOINT, SUPPORT_EMAIL, SUPPORT_EMAIL_PASS, MAIL_SERVER_SMTP, MAIL_SERVER_PORT, \
+            BUCKET_ETL_S3_BUCKET_NAME, BUCKET_UNSTRUCTURED_STORAGE, APP_URL, ALLOWED_HOSTS, \
+            FOLDER_ETL_S3_BUCKET_NAME, FOLDER_UNSTRUCTURED_STORAGE, BUCKET_PERFORMANCE_DRIVERS
+
+    except Exception as e:
+        print(f"Error retrieving secrets: {e}")
+        return None
+
+# 👇 Move this outside __main__ so it runs on import
+secret_name = "Demo/Ingen/skeys"
+region_name = "us-east-1"
+
+secrets = get_secret(secret_name, region_name)
+
+if secrets:
+    (
+        CONNECTIONS_HOST, CONNECTIONS_DB, CONNECTIONS_USER, CONNECTIONS_PASS, ARANGO_URL, ARANGO_USERNAME,
+        ARANGO_PASSWORD, ARANGO_DB, JAVA_URL, SERVER_PORT, PYTHON_URL, AWS_S3_CREDS_KEY_ID, AWS_S3_CREDS_SECRET_KEY,
+        NOTIFICATION_ENDPOINT, SUPPORT_EMAIL, SUPPORT_EMAIL_PASS, MAIL_SERVER_SMTP, MAIL_SERVER_PORT,
+        BUCKET_ETL_S3_BUCKET_NAME, BUCKET_UNSTRUCTURED_STORAGE, APP_URL, ALLOWED_HOSTS,
+        FOLDER_ETL_S3_BUCKET_NAME, FOLDER_UNSTRUCTURED_STORAGE, BUCKET_PERFORMANCE_DRIVERS
+    ) = secrets
+    print("Secrets successfully loaded and decrypted.")
+else:
+    raise Exception("❌ Failed to load secrets. Check AWS credentials or secret structure.")