Bring your towel and join one of the fastest growing data communities. Welcome to our second-generation open source orchestration platform, a completely rethought approach to dataflow automation.

Prefect Community

Hello all! I'm working on getting the secret block up and running. The issue I'm running into is that the secret is saved as a "SecretString" in aws. When I pull it out of the block, the block is looking for `SecretBinary` and reading the block like this:

```from prefect_aws import AwsSecret

def my_flow():
    secrets_manager = AwsSecret.load("aaron-secret")
    print(secrets_manager.read_secret())```
Gives me a
```KeyError: 'SecretBinary'```

If I read the secret directly using the `read_secret` function it works as expected.

```from prefect_aws.secrets_manager import read_secret

def my_flow():
    aws_credentials = AwsCredentials(
        aws_access_key_id=None,
        aws_secret_access_key=None
    )
    secret = read_secret(secret_name="aaron-secret", aws_credentials=aws_credentials)
    print_secret(secret)```

The difference is between how the 2 versions of the `read_secret` functions return the secret.

like 401 of `prefect_aws/secrets_manager.py`
```        client = self.aws_credentials.get_secrets_manager_client()
        if version_id is not None:
            read_kwargs["VersionId"] = version_id
        if version_stage is not None:
            read_kwargs["VersionStage"] = version_stage
        response = await run_sync_in_worker_thread(
            client.get_secret_value, SecretId=self.secret_name, **read_kwargs
        )
        secret = response["SecretBinary"]
        arn = response["ARN"]
        <http://self.logger.info|self.logger.info>(f"The secret {arn!r} data was successfully read.")
        return secret```
Returns the `KeyError`

and line 60:

```    client = aws_credentials.get_boto3_session().client("secretsmanager")

    get_secret_value_kwargs = dict(SecretId=secret_name)
    if version_id is not None:
        get_secret_value_kwargs["VersionId"] = version_id
    if version_stage is not None:
        get_secret_value_kwargs["VersionStage"] = version_stage

    try:
        response = await run_sync_in_worker_thread(
            client.get_secret_value, **get_secret_value_kwargs
        )
    except ClientError:
        logger.exception("Unable to get value for secret %s", secret_name)
        raise
    else:
        return response.get("SecretString") or response.get("SecretBinary")```
Returns the `SecretString`

Is there a reason why we can't use the same workflow in returning the SecretString OR SecretBinary? in the Block version (line 401)

Happy to throw this into a bug ticket, or submit a pull request if someone could point me in the right direction.

There was recently a PR created for this: <https://github.com/PrefectHQ/prefect-aws/pull/274>

That looks like it will fix it. Thanks for the quick response.

you got it! hope that test coverage gets added soon!

Do you have a page on the prefect way to contribute? I may just slam out that test.

Hm I haven't done it myself, but seems like they have a guide:
<https://github.com/PrefectHQ/prefect-aws#contributing>