SecretsManager / Client / batch_get_secret_value
batch_get_secret_value#
- SecretsManager.Client.batch_get_secret_value(**kwargs)#
Retrieves the contents of the encrypted fields
SecretStringorSecretBinaryfor up to 20 secrets. To retrieve a single secret, call GetSecretValue.To choose which secrets to retrieve, you can specify a list of secrets by name or ARN, or you can use filters. If Secrets Manager encounters errors such as
AccessDeniedExceptionwhile attempting to retrieve any of the secrets, you can see the errors inErrorsin the response.Secrets Manager generates CloudTrail
GetSecretValuelog entries for each secret you request when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.Required permissions:
secretsmanager:BatchGetSecretValue, and you must havesecretsmanager:GetSecretValuefor each secret. If you use filters, you must also havesecretsmanager:ListSecrets. If the secrets are encrypted using customer-managed keys instead of the Amazon Web Services managed keyaws/secretsmanager, then you also needkms:Decryptpermissions for the keys. For more information, see IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager.See also: AWS API Documentation
Request Syntax
response = client.batch_get_secret_value( SecretIdList=[ 'string', ], Filters=[ { 'Key': 'description'|'name'|'tag-key'|'tag-value'|'primary-region'|'owning-service'|'all', 'Values': [ 'string', ] }, ], MaxResults=123, NextToken='string' )
- Parameters:
SecretIdList (list) –
The ARN or names of the secrets to retrieve. You must include
FiltersorSecretIdList, but not both.(string) –
Filters (list) –
The filters to choose which secrets to retrieve. You must include
FiltersorSecretIdList, but not both.(dict) –
Allows you to add filters when you use the search function in Secrets Manager. For more information, see Find secrets in Secrets Manager.
Key (string) –
The following are keys you can use:
description: Prefix match, not case-sensitive.
name: Prefix match, case-sensitive.
tag-key: Prefix match, case-sensitive.
tag-value: Prefix match, case-sensitive.
primary-region: Prefix match, case-sensitive.
owning-service: Prefix match, case-sensitive.
all: Breaks the filter value string into words and then searches all attributes for matches. Not case-sensitive.
Values (list) –
The keyword to filter for.
You can prefix your search value with an exclamation mark (
!) in order to perform negation filters.(string) –
MaxResults (integer) –
The number of results to include in the response.
If there are more results available, in the response, Secrets Manager includes
NextToken. To get the next results, callBatchGetSecretValueagain with the value fromNextToken.NextToken (string) – A token that indicates where the output should continue from, if a previous call did not show all results. To get the next results, call
BatchGetSecretValueagain with this value.
- Return type:
dict
- Returns:
Response Syntax
{ 'SecretValues': [ { 'ARN': 'string', 'Name': 'string', 'VersionId': 'string', 'SecretBinary': b'bytes', 'SecretString': 'string', 'VersionStages': [ 'string', ], 'CreatedDate': datetime(2015, 1, 1) }, ], 'NextToken': 'string', 'Errors': [ { 'SecretId': 'string', 'ErrorCode': 'string', 'Message': 'string' }, ] }
Response Structure
(dict) –
SecretValues (list) –
A list of secret values.
(dict) –
A structure that contains the secret value and other details for a secret.
ARN (string) –
The Amazon Resource Name (ARN) of the secret.
Name (string) –
The friendly name of the secret.
VersionId (string) –
The unique version identifier of this version of the secret.
SecretBinary (bytes) –
The decrypted secret value, if the secret value was originally provided as binary data in the form of a byte array. The parameter represents the binary data as a base64-encoded string.
SecretString (string) –
The decrypted secret value, if the secret value was originally provided as a string or through the Secrets Manager console.
VersionStages (list) –
A list of all of the staging labels currently attached to this version of the secret.
(string) –
CreatedDate (datetime) –
The date the secret was created.
NextToken (string) –
Secrets Manager includes this value if there’s more output available than what is included in the current response. This can occur even when the response includes no values at all, such as when you ask for a filtered view of a long list. To get the next results, call
BatchGetSecretValueagain with this value.Errors (list) –
A list of errors Secrets Manager encountered while attempting to retrieve individual secrets.
(dict) –
The error Secrets Manager encountered while retrieving an individual secret as part of BatchGetSecretValue.
SecretId (string) –
The ARN or name of the secret.
ErrorCode (string) –
The error Secrets Manager encountered while retrieving an individual secret as part of BatchGetSecretValue, for example
ResourceNotFoundException,InvalidParameterException,InvalidRequestException,DecryptionFailure, orAccessDeniedException.Message (string) –
A message describing the error.
Exceptions
SecretsManager.Client.exceptions.ResourceNotFoundExceptionSecretsManager.Client.exceptions.InvalidParameterExceptionSecretsManager.Client.exceptions.InvalidRequestExceptionSecretsManager.Client.exceptions.DecryptionFailureSecretsManager.Client.exceptions.InternalServiceErrorSecretsManager.Client.exceptions.InvalidNextTokenException