Define and use AWS Secret Manager in Pulumi

Question

Pulumi · Accepted Answer

AWS Secrets Manager is a secrets management service that helps you protect access to your applications, services, and IT resources. This service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.

Here we'll create a secret using Pulumi with the resource `aws.secretsmanager.Secret`.

It's common to use secrets like database credentials, tokens, or API keys that your program needs to interact with other services or restricted parts of your application.

AWS Secrets Manager helps in providing a centralized service to manage secrets. These secrets are encrypted with AWS KMS for additional security.

Here's a simple usage of AWS Secrets Manager with Pulumi:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.secretsmanager.Secret("example", {});
```

In the above program, we are creating a Secret in AWS Secrets Manager. By default, this will use AWS Key Management Service (KMS) to encrypt it.

If you want to retrieve the value of an AWS Secret Manager secret, you can do it this way:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Assuming you already have a secret named `example`
const exampleSecret = aws.secretsmanager.getSecret({name: "example"});
```

In the above program `aws.secretsmanager.getSecret` is used to retrieve the secret named `example`. `getSecret` returns a `Promise` which will resolve with the value of the secret.