Secrets Manager
You can use pydantic-settings-aws to create your settings with data located in AWS Secrets Manager.
Secrets Manager content
The content of the Secrets Manager must be a valid JSON.
AWSSettingsConfigDict options
There is only one required setting that you must specify: secrets_name.
Settings for boto3 client usage
| Option | Required? | Description |
|---|---|---|
secrets_client |
optional | An existing boto3 client for Secrets Manager if you already have one |
aws_region |
optional | The region your Secrets Manager lives. Used only if you don't inform a client |
aws_profile |
optional | An existing aws configured profile. Used only if you don't inform a client |
aws_access_key_id |
optional | A valid Access Key Id. Used only if you don't inform a client |
aws_secret_access_key |
optional | A valid Secret Access Key Id. Used only if you don't inform a client |
aws_session_token |
optional | A valid Session Token. Used only if you don't inform a client |
Settings for Secrets Manager
| Option | Required? | Description |
|---|---|---|
secrets_name |
required | The name of your Secrets Manager |
secrets_version |
optional | The version of your secret |
secrets_stage |
optional | The stage of your secret |
Single secret per settings class
SecretsManagerBaseSettings supports only one secret per settings class. If you need values from multiple secrets, use separate settings classes or use AWSBaseSettings with per-field Annotated metadata.
Thread Safety
The boto3 client cache is thread-safe. A threading.Lock protects all cache reads and writes, making SecretsManagerBaseSettings safe to instantiate from multiple threads simultaneously — including free-threaded Python builds (3.13t, 3.14t).
Requirements
Requires Python 3.10+.