refactor: migrate Secrets Manager secrets to SSM Parameter Store (free tier)

2026-05-13 12:55:16 -05:00
parent 3a34e61479
commit 74f74ef877
10 changed files with 81 additions and 81 deletions
--- a/agentclaw/agentcore/agentcore.json
+++ b/agentclaw/agentcore/agentcore.json
@@ -20,8 +20,8 @@
        "OAUTH_START_URL": "https://sptejrymri.execute-api.us-east-1.amazonaws.com/oauth/start",
        "USERS_TABLE_NAME": "agent-claw-users",
        "WORKSPACE_BUCKET_NAME": "agent-claw-workspace-495395224548",
-        "TELEGRAM_BOT_TOKEN_SECRET_ARN": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/telegram-bot-token-Oq3in3",
-        "BRAVE_API_KEY_SECRET_ARN": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/brave-api-key-uUSgzi",
+        "TELEGRAM_BOT_TOKEN_SSM_PARAM": "/agent-claw/telegram-bot-token",
+        "BRAVE_API_KEY_SSM_PARAM": "/agent-claw/brave-api-key",
        "SCHEDULER_LAMBDA_ARN": "arn:aws:lambda:us-east-1:495395224548:function:agent-claw-scheduler"
      }
    }
--- a/agentclaw/app/agent_claw_main/channels/telegram.py
+++ b/agentclaw/app/agent_claw_main/channels/telegram.py
@@ -19,14 +19,14 @@ class TelegramAdapter:
        if self._token is None:
            with self._lock:
                if self._token is None:
-                    secret_arn = self._secret_arn or os.environ.get(
-                        'TELEGRAM_BOT_TOKEN_SECRET_ARN',
-                        'arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/telegram-bot-token-Oq3in3'
+                    param_name = self._secret_arn or os.environ.get(
+                        'TELEGRAM_BOT_TOKEN_SSM_PARAM',
+                        '/agent-claw/telegram-bot-token'
                    )
-                    sm = boto3.client('secretsmanager')
-                    self._token = sm.get_secret_value(
-                        SecretId=secret_arn
-                    )['SecretString']
+                    ssm = boto3.client('ssm')
+                    self._token = ssm.get_parameter(
+                        Name=param_name, WithDecryption=True
+                    )['Parameter']['Value']
        return self._token

    def _api(self, method: str, data: dict) -> dict:
--- a/agentclaw/app/agent_claw_main/tools/web.py
+++ b/agentclaw/app/agent_claw_main/tools/web.py
@@ -15,12 +15,12 @@ def _get_brave_key() -> str:
    if _brave_key is None:
        with _brave_lock:
            if _brave_key is None:
-                secret_arn = os.environ.get(
-                    'BRAVE_API_KEY_SECRET_ARN',
-                    'arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/brave-api-key-uUSgzi'
+                param_name = os.environ.get(
+                    'BRAVE_API_KEY_SSM_PARAM',
+                    '/agent-claw/brave-api-key'
                )
-                sm = boto3.client('secretsmanager')
-                _brave_key = sm.get_secret_value(SecretId=secret_arn)['SecretString']
+                ssm = boto3.client('ssm')
+                _brave_key = ssm.get_parameter(Name=param_name, WithDecryption=True)['Parameter']['Value']
    return _brave_key