This article was the closest to helping solve this issue for me, but the external access integration from Amito did not work because it was missing allowed_network_rules. I also didn't know what type of network rule to use. This code finally worked for me, though you'll need to update the network rule value_list to meet your needs.

CREATE SECRET IF NOT EXISTS test_secret
TYPE = GENERIC_STRING
SECRET_STRING = 'test_secret_value'
COMMENT = 'test secret for python func development';

CREATE OR REPLACE NETWORK RULE allow_all_rule
MODE = 'EGRESS'
TYPE = 'HOST_PORT'
VALUE_LIST = ('0.0.0.0:443','0.0.0.0:80')
COMMENT = 'Network rule for external access integration';

CREATE OR REPLACE EXTERNAL ACCESS INTEGRATION test_ext_acc_integration
ALLOWED_NETWORK_RULES = ('ALLOW_ALL_RULE')
ALLOWED_AUTHENTICATION_SECRETS = ('TEST_SECRET')
ENABLED = true;

CREATE OR REPLACE FUNCTION udf_python_secret_test()
    RETURNS STRING
    LANGUAGE PYTHON
    RUNTIME_VERSION = 3.11
    HANDLER = 'get_secret'
    PACKAGES = ('snowflake-snowpark-python')
    EXTERNAL_ACCESS_INTEGRATIONS = (test_ext_acc_integration)
    SECRETS = ('cred' =  test_secret)
AS
$$
import _snowflake

def get_secret():
  secret_value = _snowflake.get_generic_secret_string('cred')
  return secret_value
$$;