golang-saas-starter-kit/internal/platform/devops/secrets_manager.go

package devops

import (
	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/secretsmanager"
	"github.com/pkg/errors"
)

var ErrSecreteNotFound = errors.New("secret not found")

// SecretManagerGetString loads a key from AWS Secrets Manager.
// when UnrecognizedClientException its likely the AWS IAM permissions are not correct.
func SecretManagerGetString(awsSession *session.Session, secretID string) (string, error) {

	svc := secretsmanager.New(awsSession)

	// Load the secret by ID from Secrets Manager.
	res, err := svc.GetSecretValue(&secretsmanager.GetSecretValueInput{
		SecretId: aws.String(secretID),
	})
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok && (aerr.Code() == secretsmanager.ErrCodeResourceNotFoundException || aerr.Code() == secretsmanager.ErrCodeInvalidRequestException) {
			return "", ErrSecreteNotFound
		}

		return "", errors.Wrapf(err, "failed to get value for secret id %s", secretID)
	}

	return *res.SecretString, nil
}

// SecretManagerPutString saves a value to AWS Secrets Manager.
// If the secret ID does not exist, it will create it.
// If the secret ID was deleted, it will restore it and then update the value.
func SecretManagerPutString(awsSession *session.Session, secretID, value string) error {

	svc := secretsmanager.New(awsSession)

	// Create the new entry in AWS Secret Manager for the file.
	_, err := svc.CreateSecret(&secretsmanager.CreateSecretInput{
		Name:         aws.String(secretID),
		SecretString: aws.String(value),
	})
	if err != nil {
		aerr, ok := err.(awserr.Error)

		if ok && aerr.Code() == secretsmanager.ErrCodeInvalidRequestException {
			// InvalidRequestException: You can't create this secret because a secret with this
			// 							 name is already scheduled for deletion.

			// Restore secret after it was already previously deleted.
			_, err = svc.RestoreSecret(&secretsmanager.RestoreSecretInput{
				SecretId: aws.String(secretID),
			})
			if err != nil {
				return errors.Wrapf(err, "failed to restore secret %s", secretID)
			}

		} else if !ok || aerr.Code() != secretsmanager.ErrCodeResourceExistsException {
			return errors.Wrapf(err, "failed to create secret %s", secretID)
		}

		// If where was a resource exists error for create, then need to update the secret instead.
		_, err = svc.UpdateSecret(&secretsmanager.UpdateSecretInput{
			SecretId:     aws.String(secretID),
			SecretString: aws.String(value),
		})
		if err != nil {
			return errors.Wrapf(err, "failed to update secret %s", secretID)
		}
	}

	return nil
}
Completed user login with session authentication 2019-07-31 18:34:27 -08:00			`package devops`

			`import (`
			`"github.com/aws/aws-sdk-go/aws"`
			`"github.com/aws/aws-sdk-go/aws/awserr"`
			`"github.com/aws/aws-sdk-go/aws/session"`
			`"github.com/aws/aws-sdk-go/service/secretsmanager"`
			`"github.com/pkg/errors"`
			`)`

			`var ErrSecreteNotFound = errors.New("secret not found")`

			`// SecretManagerGetString loads a key from AWS Secrets Manager.`
			`// when UnrecognizedClientException its likely the AWS IAM permissions are not correct.`
			`func SecretManagerGetString(awsSession *session.Session, secretID string) (string, error) {`

			`svc := secretsmanager.New(awsSession)`

			`// Load the secret by ID from Secrets Manager.`
			`res, err := svc.GetSecretValue(&secretsmanager.GetSecretValueInput{`
			`SecretId: aws.String(secretID),`
			`})`
			`if err != nil {`
			`if aerr, ok := err.(awserr.Error); ok && (aerr.Code() == secretsmanager.ErrCodeResourceNotFoundException \|\| aerr.Code() == secretsmanager.ErrCodeInvalidRequestException) {`
			`return "", ErrSecreteNotFound`
			`}`

			`return "", errors.Wrapf(err, "failed to get value for secret id %s", secretID)`
			`}`

			`return *res.SecretString, nil`
			`}`

			`// SecretManagerPutString saves a value to AWS Secrets Manager.`
			`// If the secret ID does not exist, it will create it.`
			`// If the secret ID was deleted, it will restore it and then update the value.`
			`func SecretManagerPutString(awsSession *session.Session, secretID, value string) error {`

			`svc := secretsmanager.New(awsSession)`

			`// Create the new entry in AWS Secret Manager for the file.`
			`_, err := svc.CreateSecret(&secretsmanager.CreateSecretInput{`
			`Name: aws.String(secretID),`
			`SecretString: aws.String(value),`
			`})`
			`if err != nil {`
			`aerr, ok := err.(awserr.Error)`

			`if ok && aerr.Code() == secretsmanager.ErrCodeInvalidRequestException {`
			`// InvalidRequestException: You can't create this secret because a secret with this`
			`// name is already scheduled for deletion.`

			`// Restore secret after it was already previously deleted.`
			`_, err = svc.RestoreSecret(&secretsmanager.RestoreSecretInput{`
			`SecretId: aws.String(secretID),`
			`})`
			`if err != nil {`
			`return errors.Wrapf(err, "failed to restore secret %s", secretID)`
			`}`

			`} else if !ok \|\| aerr.Code() != secretsmanager.ErrCodeResourceExistsException {`
			`return errors.Wrapf(err, "failed to create secret %s", secretID)`
			`}`

			`// If where was a resource exists error for create, then need to update the secret instead.`
			`_, err = svc.UpdateSecret(&secretsmanager.UpdateSecretInput{`
			`SecretId: aws.String(secretID),`
			`SecretString: aws.String(value),`
			`})`
			`if err != nil {`
			`return errors.Wrapf(err, "failed to update secret %s", secretID)`
			`}`
			`}`

			`return nil`
			`}`