Read AWS Secrets with 'SecretString' (#274)

Co-authored-by: ntorba <[email protected]> Co-authored-by: Alexander Streed <[email protected]> Co-authored-by: Alexander Streed <[email protected]>
PrefectHQ · Nov 13, 2023 · 679fad1 · 679fad1
1 parent f8a26eb
commit 679fad1
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 
 ### Changed
+- Added 'SecretBrinary' suport to `AwsSecret` block - [#274](https://github.com/PrefectHQ/prefect-aws/pull/274)
 
 ### Fixed
 

diff --git a/prefect_aws/secrets_manager.py b/prefect_aws/secrets_manager.py
@@ -411,7 +411,10 @@ async def read_secret(
         response = await run_sync_in_worker_thread(
             client.get_secret_value, SecretId=self.secret_name, **read_kwargs
         )
-        secret = response["SecretBinary"]
+        if "SecretBinary" in response:
+            secret = response["SecretBinary"]
+        elif "SecretString" in response:
+            secret = response["SecretString"]
         arn = response["ARN"]
         self.logger.info(f"The secret {arn!r} data was successfully read.")
         return secret

diff --git a/tests/test_secrets_manager.py b/tests/test_secrets_manager.py
@@ -199,3 +199,10 @@ def test_delete_secret_recovery_window(self, aws_secret: AwsSecret):
             ValueError, match="Recovery window must be between 7 and 30 days"
         ):
             aws_secret.delete_secret(recovery_window_in_days=42)
+
+    async def test_read_secret(self, secret_under_test, aws_credentials):
+        secret = AwsSecret(
+            aws_credentials=aws_credentials,
+            secret_name=secret_under_test["secret_name"],
+        )
+        assert await secret.read_secret() == secret_under_test["expected_value"]