How do I build an AWS secrets manager secret?
To create an AWS Secrets Manager secret, we will define a secret using the aws_secretsmanager_secret
and aws_secretsmanager_secret_version
resources. The secret resource will define the metadata of the secret, and the secret version resource will handle the actual secret value.
Here’s how you can do it:
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.secretsmanager.Secret("example", {
name: "example-secret",
description: "An example secret created with Pulumi",
});
const exampleSecretVersion = new aws.secretsmanager.SecretVersion("example", {
secretId: example.id,
secretString: JSON.stringify({
username: "example_user",
password: "example_password",
}),
});
export const secretArn = example.arn;
The aws_secretsmanager_secret
resource creates the metadata for the secret, and the aws_secretsmanager_secret_version
resource contains the actual secret data in JSON format. The jsonencode
function is used to encode the secret data as a JSON string.
Finally, we output the ARN (Amazon Resource Name) of the secret for easy reference.
In summary, we’ve created an AWS Secrets Manager secret along with its version, which holds the actual sensitive data. The output provides the ARN of the created secret.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.