Bug: Cannot fetch binary secrets

[mangoes-git]

Expected Behaviour

parameters.get_secret should fetch the secret and return it as a base64 decoded string.

Current Behaviour

Throws GetParameterError. It seems it is trying to get the "SecretString" key instead of "SecretBinary" when passing transform="binary"

Traceback (most recent call last):
  File "/home/mang/dev/Automation-Delivery/.venv/wb-env/lib/python3.8/site-packages/aws_lambda_powertools/utilities/parameters/base.py", line 128, in get
    value = self._get(name, **sdk_options)
  File "/home/mang/dev/Automation-Delivery/.venv/wb-env/lib/python3.8/site-packages/aws_lambda_powertools/utilities/parameters/secrets.py", line 99, in _get
    return self.client.get_secret_value(**sdk_options)["SecretString"]
KeyError: 'SecretString'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "lambda_secrets.py", line 27, in <module>
    print(get("TestBinary"))
  File "lambda_secrets.py", line 22, in get
    secret = parameters.get_secret(name, transform=secret_type)
  File "/home/mang/dev/Automation-Delivery/.venv/wb-env/lib/python3.8/site-packages/aws_lambda_powertools/utilities/parameters/secrets.py", line 164, in get_secret
    return DEFAULT_PROVIDERS["secrets"].get(
  File "/home/mang/dev/Automation-Delivery/.venv/wb-env/lib/python3.8/site-packages/aws_lambda_powertools/utilities/parameters/base.py", line 131, in get
    raise GetParameterError(str(exc))
aws_lambda_powertools.utilities.parameters.exceptions.GetParameterError: 'SecretString'

Code snippet

Check that secret exists.

$ aws secretsmanager get-secret-value --secret-id TestBinary
{
    "ARN": "arn:aws:secretsmanager:us-east-1:031105607515:secret:TestBinary-lTpJMU",
    "Name": "TestBinary",
    "VersionId": "7fc877c7-08af-4feb-adc9-abe3cbbf1103",
    "SecretBinary": "YmluYXJ5IHRlc3Q=",
    "VersionStages": [
        "AWSCURRENT"
    ],
    "CreatedDate": "2022-11-14T14:18:25.723000-05:00"
}

Try to fetch the secret in Python

parameters.get_secret("TestBinary", transform="binary")

Possible Solution

No response

Steps to Reproduce

see the code snippet above.

AWS Lambda Powertools for Python version

latest

AWS Lambda function runtime

3.9

Packaging format used

PyPi

Debugging logs

No response

[boring-cyborg]

Thanks for opening your first issue here! We'll come back to you as soon as we can.
In the meantime, check out the #python channel on our AWS Lambda Powertools Discord: Invite link

[heitorlessa]

Thank you so much for flagging this @mangoes-git - our fault here for only accounting for String secrets, not Binary, as the response is different.

What "transform='binary'" does is taking the value and decoding from base64 to bytes.

If you'd like to contribute a bugfix, I can review and make any necessary amendments tomorrow morning (Amsterdam time).

Otherwise I can read the docs tomorrow and make sure it's ready for our release this week.

Thank you!!

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

This issue is now closed. Please be mindful that future comments are hard for our team to see.

If you need more assistance, please either tag a team member or open a new issue that references this one.

If you wish to keep having a conversation with other community members under this issue feel free to do so.