Open in app

Sign in

Write

Sign in

Can You Keep a Secret? — Using AWS Secrets Manager with Golang

Büşra Nur Güner
Delivery Hero Tech Hub
Published in
6 min readNov 24, 2021

In this post, we’ll take a look at what AWS Secrets Manager is and how we can get a secret back with Golang code. For this, we need to prepare our Golang project for Aws Secrets Manager. I used aws-sdk-go for this. You can find detailed information on this subject in the following sections of the article.
People who will read the article probably already know what Secrets Manager is and why it is necessary for solid cloud security, or they are here to learn. To give a short definition for those who are new to this subject;

AWS Secrets Manager

AWS Secrets Manager is an AWS service that makes it easy for you to manage the secrets you use to access your applications and services, such as database credentials, passwords, API keys. Users and applications retrieve secrets with a call to Secrets Manager APIs, eliminating the need to hardcode sensitive information in plain text. You can rotate secrets on a schedule or demand by using the Secrets Manager console, AWS SDK or AWS CLI. Let’s take a closer look at the benefits of AWS Secret Manager and follow the steps to create a secret and retrieve it programmatically.

Benefits of AWS Secrets Manager:

  • Rotate secrets safely: Helps you meet your security and compliance requirements by enabling you to rotate secrets safely without the need for code deployments.
  • Manage access with fine-grained policies: You can create a policy that enables developers to retrieve certain secrets only when they are used for the development environment.
  • Secure and audit secrets centrally: It gives an audit trail of how many are used from which account.
  • Pay as you go: You pay for the number of secrets managed in Secrets Manager and the number of Secrets Manager API calls made.
  • Easily replicate secrets to multiple regions: This allows you to easily replicate secrets across multiple AWS regions to support your multi-region applications and disaster recovery scenarios.

Requirements to Access AWS Secrets Manager

  • AWS Credentials (Access key and Secret key )
  • AWS SDK

CREATE AND RETRIEVE A SECRET

It creates a secret and you can store it in AWS Secrets Manager. Then you can easily retrieve the secret using the AWS Management Console or the AWS CLI.

1. Create and store your secret in AWS Secrets Manager

It is easy to get started with Secrets Manager using the console or the CLI.

1.1 AWS Secrets Manager Console

· Sign in to the AWS Secrets Manager console at https://console.aws.amazon.com/secretsmanager/.

· On either the service introduction page or the Secrets list page, choose Store a new secret.

· On the store a new secret page, choose other types of secret. You choose this type of secret because your secret doesn’t apply to a database. Under specify key/value pairs to be stored in the secret, in the first field, type MyFirstSecret. To configure a password, add a value in the text field. For Select the encryption key, choose DefaultEncryptionKey. This is the AWS managed key (aws/secretsmanager), and there is no cost for using it.

· Choose Next.

· Under Secret name, type a name for the secret in the text field. You must use only alphanumeric characters and the characters /_+=.@-. For example, you can use a secret name such as tutorials/MyFirstSecret. This stores your secret in the virtual folder tutorials with the value MyFirstSecret. We recommend naming secrets in a hierarchical manner which makes managing your secrets easier. In the Description field, type a description of the secret. For Description, type, for example, Create Secret

· Choose Next.

· In this tutorial, choose Disable automatic rotation and then choose Next

· You can check your hidden settings on the Review page. In addition, you can read the secret by selecting the code you want from the Sample code section, which contains the cut and paste-enabled code that you can add to your applications.

· To save your changes, choose Store. Secrets Manager Console, your new secret is now listed and you can see it in the list of secrets in your account.

1.2 AWS Secrets Manager CLI

· Open a command prompt to run the AWS CLI.

· Creating your secret. Type the following command and parameters:

$ aws secretsmanager create-secret — name tutorials/MyFirstSecret — description “Basic Create Secret” — secret-string S3@tt13R0cks

· The output of the command displays the following information:

{
“ARN”: “arn:aws:secretsmanager:us-east-2:111122223333:secret:tutorials/MyFirstSecret-rzM8Ja”,
“Name”: “MyFirstSecret”,
“VersionId”: “35e07aa2–684d-42fd-b076–3b3f6a19c6dc”
}

2. Retrieve your secret from AWS Secrets Manager

In this step, we will look at how we can retrieve the secret using the Secrets Manager console and the AWS CLI.

2.1 AWS Secrets Manager console

· Log in to the console and select the name of the new secret you created on the Secrets list page. Secrets Manager displays the Secrets details page for your secret.

· In the Secret value section, choose to Retrieve secret value.

· You can view your secret as either key-value pairs or as a JSON text structure.

2.2 AWS Secrets Manager CLI

· Open a command prompt to run the AWS CLI

· Using credentials with permissions to access your secret, type the following command and parameters.

$ aws secretsmanager describe-secret — secret-id tutorials/MyFirstSecret
{
“ARN”:”arn:aws::secretsmanager:us-east-2:111122223333:secret:tutorials/MyFirstSecret-jiObOV”,
“Name”: “tutorials/MyFirstSecret”,
“Description”: “Basic Create Secret”,
“LastChangedDate”: 1522680794.8,
“LastAccessedDate”: 1522627200.0,
“VersionIdsToStages”: {
“EXAMPLE1–90ab-cdef-fedc-ba987EXAMPLE”: [
“AWSCURRENT”
]
}
}

2.3 Golang Code

You can also go to the secret using the Golang code. First of all, create a directory on your local machine called secrets-manager for your project from the terminal.

$ mkdir secrets-manager

You can open the folder by running the following command with Visual Studio Code.

$ cd secrets-manager
$ code .

To get started create main.go file and initialize your local project by running the following Go command.

$ go mod init secrets-manager

We are ready to write Go code for AWS Secrets Manager. In Aws Secrets Manager we use “aws-sdk-go” to get the secret. The first thing we have to do is use the go get command to get the SDK and required dependencies. These dependencies will be recorded in the go.mod file which was created by the previous command.

$ go get github.com/aws/aws-sdk-go/aws$ go get github.com/aws/aws-sdk-go/aws/session$ go get github.com/aws/aws-sdk-go/service/secretsmanager

After installing the SDK, we can retrieve our secrets via AWS Secrets Manager using the Golang code below.

When you run the code in the Visual Studio Code environment, you will get an output like the one below.

$ go run main.go
{"secretname":"secretvalue"}

Conclusion

As a result, we looked at how easily you can create a simple secret and retrieve the secret value when you need it. You can safely store all secrets in one place, easily share and access them. If you want to learn more about AWS Secrets Manager don’t forget to check out their page.

Thank you for reading.

--

--

Büşra Nur Güner
Delivery Hero Tech Hub

Written by Büşra Nur Güner

34 Followers
Writer for

Software Engineer

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams