我如何调用aws secretsmanager list-secrets
命令并通过其标签过滤机密?我在这里看不到此示例:https://docs.aws.amazon.com/cli/latest/reference/secretsmanager/list-secrets.html
[此外,亚马逊文档很臭。它在该页面上显示--max-items,但实际上应该是--max-results。也没有提及如何在该Wiki页面上进行过滤]
例如,您可以使用jq:
aws secretsmanager list-secrets \
| jq '.SecretList[] | select((.Tags[]|select(.Key=="Name")|.Value) | test("^Production$|^Staging$"))'
您还可以使用awscli的内置查询选项,例如:
aws secretsmanager list-secrets \
--query "SecretList[?Tags[?Key=='Name' && Value=='Production']]"
您可以将布尔测试与awscli的内置查询选项一起使用,例如:
aws secretsmanager list-secrets \
--query "SecretList[?Tags[?Key=='Name' && (Value=='Production' || Value='Staging')]]"
这里是使用Python和boto3的解决方案的概述:
from functools import partial
import boto3
def filter_tags(key, values, secret):
for tag in secret['Tags']:
if tag['Key'] == key and tag['Value'] in values:
return True
return False
sm = boto3.client('secretsmanager')
paginator = sm.get_paginator('list_secrets')
secrets_list_iterator = paginator.paginate()
filter_production = partial(filter_tags, 'Name', ['Production', 'Staging'])
for secrets in secrets_list_iterator:
for s in filter(filter_production, secrets['SecretList']):
print(s['Name'], s['Tags'])