Get a Secrets Manager secret value using Go with client-side caching
When you retrieve a secret, you can use the Secrets Manager Go-based caching component to cache it for future use. Retrieving a cached secret is faster than retrieving it from Secrets Manager. Because there is a cost for calling Secrets Manager APIs, using a cache can reduce your costs. For all of the ways you can retrieve secrets, see Get secrets.
The cache policy is Least Recently Used (LRU), so when the cache must discard a secret, it discards the least recently used secret. By default, the cache refreshes secrets every hour. You can configure how often the secret is refreshed in the cache, and you can hook into the secret retrieval to add more functionality.
The cache does not force garbage collection once cache references are freed. The cache implementation does not include cache invalidation. The cache implementation is focused around the cache itself, and is not security hardened or focused. If you require additional security such as encrypting items in the cache, use the interfaces and abstract methods provided.
To use the component, you must have the following:
-
AWS SDK for Go. See AWS SDKs.
To download the source code, see Secrets Manager Go caching
client
To set up a Go development environment, see Golang Getting Started
Required permissions:
secretsmanager:DescribeSecret
secretsmanager:GetSecretValue
For more information, see Permissions reference.
Example Retrieve a secret
The following code example shows a Lambda function that retrieves a secret.
package main import ( "github.com/aws/aws-lambda-go/lambda" "github.com/aws/aws-secretsmanager-caching-go/secretcache" ) var ( secretCache, _ = secretcache.New() ) func HandleRequest(secretId string) string { result, _ := secretCache.GetSecretString(secretId)
// Use the secret, return success
} func main() { lambda. Start( HandleRequest) }