ListSecrets API 不显示任何已删除机密的选项。但响应再次包含删除日期。
的boto3 文档是相同的。 但是,在AWS控制台中我可以看到已删除的秘密。快速浏览一下开发工具,我可以看到我对 Secrets Manager 端点的请求负载如下所示:
{
"method": "POST",
"path": "/",
"headers": {
"Content-Type": "application/x-amz-json-1.1",
"X-Amz-Target": "secretsmanager.ListSecrets",
"X-Amz-Date": "Fri, 27 Nov 2020 13:19:06 GMT"
},
"operation": "ListSecrets",
"content": {
"MaxResults": 100,
"IncludeDeleted": true,
"SortOrder": "asc"
},
"region": "eu-west-2"
}
有什么方法可以将 "IncludeDeleted": true
传递到 CLI 吗?这是一个错误吗?我该去哪里举报? (我知道 github 上有一个 cloudformation 错误跟踪器,我想 Secretsmanager 会有类似的东西..?)
~/.aws/models/secretsmanager/2017-10-17/service-2.sdk-extras.json
:
{
"version": 1.0,
"merge": {
"shapes": {
"ListSecretsRequest": {
"members": {
"IncludeDeleted": {
"shape": "BooleanType",
"documentation": "<p>If set, includes secrets that are disabled.</p>"
}
}
}
}
}
}
然后您可以使用 CLI 列出机密,如下所示:
aws secretsmanager list-secrets --include-deleted
或与 boto3:
import boto3
def list_secrets(session, **kwargs):
client = session.client("secretsmanager")
for page in client.get_paginator("list_secrets").paginate(, **kwargs):
yield from page["SecretList"]
if __name__ == "__main__":
session = boto3.Session()
for secret in list_secrets(session, IncludeDeleted=True):
if "DeletedDate" in secret:
print(secret)
这是使用 botocore 加载器机制 来增强 Secrets Manager 的服务模型,并告诉 boto3 “IncludeDeleted”是 ListSecrets API 的参数。
如果您想了解更多详细信息,我刚刚发布了需要:AWS CLI 和 jq
aws secretsmanager list-secrets --include-planned-deletion --profile YOUR_PROFILE --output json | jq -r '.SecretList[] | select(.DeletedDate!=null) | .Name'