You can store secrets in AWS Secret Manager and reference their ARN in AWS Systems Secret Manager.

The below snippet allows you to specify the associated parameter to get the secret value.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

import boto3

ssm = boto3.client('ssm')
secretsmanager = boto3.client('secretsmanager')

parameter = ssm.get_parameter(Name="/your/parameter/name", WithDecryption=True)
secret = secretsmanager.get_secret_value(SecretId=parameter['Parameter']['Value'])
secret = json.loads(secret['SecretString'])

print(secret)