AWS Secrets Manager password issue in python3 and pystfp

0
votes

Currently trying to connect sftp server using user credential from AWS secret manager, and password contains double quote special character, which causing the issue. Below is sample code,

    import sys
    import boto3
    import base64
    from botocore.exceptions import ClientError
    import hashlib
    import pysftp


    secret_name = "SFTP_TEST"
    region_name = "eu-central-1"
    _SFTP_DETAILS = {}

    pass1= "E?%/?s\"N1sS#OnXN"
    cnopts = pysftp.CnOpts()
    cnopts.hostkeys = None
    cnopts.log = True
    basepath ='/test/'

    def get_connect(secret_name,region_name):
        session = boto3.session.Session()
        client = session.client(service_name='secretsmanager', region_name=region_name.strip())
        if secret_name.strip() not in _SFTP_DETAILS:
            try:
                get_secret_value_response = client.get_secret_value(SecretId=secret_name.strip())
            except Exception as e:
                raise e
            else:
                if 'SecretString' in get_secret_value_response:
                    secret = get_secret_value_response['SecretString']
                    print("Secret value Original ==>",secret)
                    secretValue = json.loads(secret)
                    awsValue = secretValue.get(secret_name.strip())
                    sftpStrValue = awsValue.replace("“","\"").replace("”","\"")
                    print("Secrete Value After JSON loader ==>",sftpStrValue)
                    sftpValues = json.loads(sftpStrValue)
                    _HOST_NAME = sftpValues.get("url")
                    _USER_NAME = sftpValues.get("username")
                    _PASSWORD = sftpValues.get("password")
                    print("Secrete Password:::" + _PASSWORD) 
                    _PORT = sftpValues.get("port")
                    with pysftp.Connection(_HOST_NAME, username=_USER_NAME, password=_PASSWORD, port=int('22'), cnopts=cnopts) as sftp:
                        print("I am in SFTP SERVER")
                        for attr in sftp.listdir_attr(basepath):
                            print("listdir is",attr)    
                    _SFTP_DETAILS[secret_name] = [_HOST_NAME.strip(),_USER_NAME.strip(),_PASSWORD.strip(),_PORT.strip()]
        return _SFTP_DETAILS[secret_name.strip()] 
get_connect()

Here we are fetching password (_PASSWORD) from AWS secret manager and passing to pysftp.Connection function, but unable to connect.

Here if I am hard coded password i.e. pass1 in above code then its working fine and able connect. Unable to get the issue is from python or AWS Secrets Manager.

Could you please let me know why password from AWS secret manager is not working while hard coded is working correctly. Here requirement to keep password in AWS Secrets Manager.

Any help on this appreciated.

1
python-3.xamazon-web-servicesaws-secrets-manager
To help us reproduce the situation, can you provide a smaller snippet of code? For example, which part of the code you show is causing the specific problem?John Rotenstein
with pysftp.Connection(_HOST_NAME, username=_USER_NAME, password=_PASSWORD, port=int('22'), cnopts=cnopts) as sftp: print("I am in SFTP SERVER") - This code is causing issue when putting password from AWS secrets manager.Ajay Kharade
Check if the attribute value in Secret Manger is exact as it is in your python. You can find the sample code here Thanks TechBloggerE.Manju

1 Answers

0
votes

I have this as my secret in AWS Secret Manager Console:

Secret Key  |  Secret Value

TEST_KEY |  afgvbq3tg"afsvgqag"af.qw/asffq3gvd13

If I get the secret_value by:

secret = client.get_secret_value(SecretId="test_secret_ron")

and print the secret["SecretString"], the result will look like:

'{"TEST_KEY":"afgvbq3tg\\"afsvgqag\\"af.qw/asffq3gvd13"}'

once you turn this string to dictionary by:

json.loads(secret["SecretString"])

the expected dictionary will reflect the correct format of the string:

{'TEST_KEY': 'afgvbq3tg"afsvgqag"af.qw/asffq3gvd13'}

enter image description here