Skip to main content

Dagster & AWS Secrets Manager

This integration allows you to manage, retrieve, and rotate credentials, API keys, and other secrets using AWS Secrets Manager.

Installation

pip install dagster-aws

Examples

from dagster_aws.secretsmanager import (
SecretsManagerResource,
SecretsManagerSecretsResource,
)

import dagster as dg


@dg.asset
def my_asset(secretsmanager: SecretsManagerResource):
secret_value = secretsmanager.get_client().get_secret_value(
SecretId="arn:aws:secretsmanager:region:aws_account_id:secret:appauthexample-AbCdEf"
)
return secret_value


@dg.asset
def my_other_asset(secrets: SecretsManagerSecretsResource):
secret_value = secrets.fetch_secrets().get("my-secret-name")
return secret_value


defs = dg.Definitions(
assets=[my_asset, my_other_asset],
resources={
"secretsmanager": SecretsManagerResource(region_name="us-west-1"),
"secrets": SecretsManagerSecretsResource(
region_name="us-west-1",
secrets_tag="dagster",
),
},
)

About AWS Secrets Manager

AWS Secrets Manager helps you protect access to your applications, services, and IT resources without the upfront cost and complexity of managing your own hardware security module infrastructure. With Secrets Manager, you can rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. Users and applications retrieve secrets with a call to Secrets Manager APIs, eliminating the need to hardcode sensitive information in plain text.