This is a simple Golang example where we are fetching bunch of secrets from AWS Secrets Manager.


Files


config.go


package xaws

import (
"context"

"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
)

type Config struct {
config aws.Config

Endpoint string
}

func NewConfig(ctx context.Context) (*Config, error) {
cfg, err := config.LoadDefaultConfig(ctx)
if err != nil {
return nil, err
}

return &Config{
config: cfg,
}, nil
}

secret_manager.go


package xaws

import (
"context"

"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
)

type SecretsManager struct {
client *secretsmanager.Client
}

func NewSecretsManager(config *Config) SecretsManager {
return SecretsManager{
client: secretsmanager.NewFromConfig(config.config, func(o *secretsmanager.Options) {
if config.Endpoint != "" {
o.BaseEndpoint = aws.String(config.Endpoint)
}
}),
}
}

func (s SecretsManager) ValuesByPaths(ctx context.Context, paths []string) (map[string]any, error) {
if len(paths) == 0 {
return nil, nil
}

res, err := s.client.BatchGetSecretValue(ctx, &secretsmanager.BatchGetSecretValueInput{
SecretIdList: paths,
})
if err != nil {
return nil, err
}

found := make(map[string]any, len(res.SecretValues))

for _, v := range res.SecretValues {
found[*v.Name] = *v.SecretString
}

return found, nil
}

main.go


awsConfig, err := xaws.NewConfig(ctx)
if err != nil {
slog.ErrorContext(ctx, "Get AWS config", "error", err)

return
}

// if application.RunningLocally() {
// awsConfig.Endpoint = "http://localhost:4566"
// }

awsSecrMan := xaws.NewSecretsManager(awsConfig)

CLI create secret as JSON object


aws --endpoint-url http://localhost:4566 secretsmanager create-secret \
--name /dev/soa/root \
--description "SOA DEV application secrets" \
--secret-string '{"Postgres":{"Host":"https://www.aws.rds","User":"user","Password":"pass"}}'