1. Answers
  2. Building AWS Secrets Manager Secrets

How do I build an AWS secrets manager secret?

To create an AWS Secrets Manager secret, we will define a secret using the aws_secretsmanager_secret and aws_secretsmanager_secret_version resources. The secret resource will define the metadata of the secret, and the secret version resource will handle the actual secret value.

Here’s how you can do it:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.secretsmanager.Secret("example", {
    name: "example-secret",
    description: "An example secret created with Pulumi",
});
const exampleSecretVersion = new aws.secretsmanager.SecretVersion("example", {
    secretId: example.id,
    secretString: JSON.stringify({
        username: "example_user",
        password: "example_password",
    }),
});
export const secretArn = example.arn;

The aws_secretsmanager_secret resource creates the metadata for the secret, and the aws_secretsmanager_secret_version resource contains the actual secret data in JSON format. The jsonencode function is used to encode the secret data as a JSON string.

Finally, we output the ARN (Amazon Resource Name) of the secret for easy reference.

In summary, we’ve created an AWS Secrets Manager secret along with its version, which holds the actual sensitive data. The output provides the ARN of the created secret.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up