secret_refresh_interval=1 is not working
Closed this issue · 4 comments
Using this code from the docs
client = botocore.session.get_session().create_client('secretsmanager', region_name=region_name)
cache_config = SecretCacheConfig(secret_refresh_interval=1)
cache = SecretCache(config=cache_config, client=client)
db_secret = json.loads(cache.get_secret_string(secret_name))
adding only secret_refresh_interval=1
it doesn't work, as it takes the secret, but doesn't take the most recent one after rotate !
Thank you for reporting this issue. While we are investigating, could you please share more information on what "as it takes the secret" means. It would help us with our investigation if you could share reproduction steps.
Thanks for the reply
"as it takes the secret" - I mean that the secret data does arrive
About steps :
I have an aws ec2 machine running Django 3.2.19
with the code in one of the views to bring Postgresql connection information
Put this db secret credentials in the Django db info
and any view you have will connect to the DB since Django is doing it
then rotate the db credentials through aws (using default created lambda by aws)
so the view that worked and connected to DB will stop working, will give incorrect credentials, since only after you will reboot the server it will be updated
but I would expect that on every of the code given in the top, the newest db creds will be retrieved and will not be brought from cache
@tramitws : We were unable to reproduce the reported issue with the steps shared above. We verified that when secret_refresh_interval = 1, Secrets Manager updates the cache after secret rotates and retrieves the new credentials every 1s with getSecretValue call. Please check your environment setup or reach out to AWS Customer Support to debug it further.