AWS Native v0.102.0, Apr 16 24

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.102.0 published on Tuesday, Apr 16, 2024 by Pulumi

pulumi/pulumi-aws-native

aws-native.secretsmanager.getSecret

Explore with Pulumi AI

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.102.0 published on Tuesday, Apr 16, 2024 by Pulumi

pulumi/pulumi-aws-native

Creates a new secret. A secret can be a password, a set of credentials such as a user name and password, an OAuth token, or other secret information that you store in an encrypted form in Secrets Manager. For RDS master user credentials, see AWS::RDS::DBCluster MasterUserSecret. To retrieve a secret in a CFNshort template, use a dynamic reference. For more information, see Retrieve a secret in an resource. A common scenario is to first create a secret with GenerateSecretString, which generates a password, and then use a dynamic reference to retrieve the username and password from the secret to use as credentials for a new database. See the example Creating a Redshift cluster and a secret for the admin credentials. For information about creating a secret in the console, see Create a secret. For information about creating a secret using the CLI or SDK, see CreateSecret. For information about retrieving a secret in code, see Retrieve secrets from Secrets Manager.

Using getSecret

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getSecret(args: GetSecretArgs, opts?: InvokeOptions): Promise<GetSecretResult>
function getSecretOutput(args: GetSecretOutputArgs, opts?: InvokeOptions): Output<GetSecretResult>

def get_secret(id: Optional[str] = None,
               opts: Optional[InvokeOptions] = None) -> GetSecretResult
def get_secret_output(id: Optional[pulumi.Input[str]] = None,
               opts: Optional[InvokeOptions] = None) -> Output[GetSecretResult]

func LookupSecret(ctx *Context, args *LookupSecretArgs, opts ...InvokeOption) (*LookupSecretResult, error)
func LookupSecretOutput(ctx *Context, args *LookupSecretOutputArgs, opts ...InvokeOption) LookupSecretResultOutput

> Note: This function is named LookupSecret in the Go SDK.

public static class GetSecret 
{
    public static Task<GetSecretResult> InvokeAsync(GetSecretArgs args, InvokeOptions? opts = null)
    public static Output<GetSecretResult> Invoke(GetSecretInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetSecretResult> getSecret(GetSecretArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

fn::invoke:
  function: aws-native:secretsmanager:getSecret
  arguments:
    # arguments dictionary

The following arguments are supported:

Id string

Id string

id String

id string

id str

id String

getSecret Result

The following output properties are available:

Description string

The description of the secret.

Id string

KmsKeyId string

The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt the secret value in the secret. An alias is always prefixed by alias/, for example alias/aws/secretsmanager. For more information, see About aliases. To use a KMS key in a different account, use the key ARN or the alias ARN. If you don't specify this value, then Secrets Manager uses the key aws/secretsmanager. If that key doesn't yet exist, then Secrets Manager creates it for you automatically the first time it encrypts the secret value. If the secret is in a different AWS account from the credentials calling the API, then you can't use aws/secretsmanager to encrypt the secret, and you must create and use a customer managed KMS key.

ReplicaRegions List<Pulumi.AwsNative.SecretsManager.Outputs.SecretReplicaRegion>

A custom type that specifies a Region and the KmsKeyId for a replica secret.

Tags List<Pulumi.AwsNative.Outputs.Tag>

A list of tags to attach to the secret. Each tag is a key and value pair of strings in a JSON text string, for example: [{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}] Secrets Manager tag key names are case sensitive. A tag with the key "ABC" is a different tag from one with key "abc". Stack-level tags, tags you apply to the CloudFormation stack, are also attached to the secret. If you check tags in permissions policies as part of your security strategy, then adding or removing a tag can change permissions. If the completion of this operation would result in you losing your permissions for this secret, then Secrets Manager blocks the operation and returns an Access Denied error. For more information, see Control access to secrets using tags and Limit access to identities with tags that match secrets' tags. For information about how to format a JSON parameter for the various command line tool environments, see Using JSON for Parameters. If your command-line tool or SDK requires quotation marks around the parameter, you should use single quotes to avoid confusion with the double quotes required in the JSON text. The following restrictions apply to tags:

Maximum number of tags per secret: 50
Maximum key length: 127 Unicode characters in UTF-8
Maximum value length: 255 Unicode characters in UTF-8
Tag keys and values are case sensitive.
Do not use the aws: prefix in your tag names or values because AWS reserves it for AWS use. You can't edit or delete tag names or values with this prefix. Tags with this prefix do not count against your tags per secret limit.
If you use your tagging schema across multiple services and resources, other services might have restrictions on allowed characters. Generally allowed characters: letters, spaces, and numbers representable in UTF-8, plus the following special characters: + - = . _ : / @.

Description string

The description of the secret.

Id string

KmsKeyId string

ReplicaRegions []SecretReplicaRegion

A custom type that specifies a Region and the KmsKeyId for a replica secret.

Tags Tag

Maximum number of tags per secret: 50
Maximum key length: 127 Unicode characters in UTF-8
Maximum value length: 255 Unicode characters in UTF-8
Tag keys and values are case sensitive.
Do not use the aws: prefix in your tag names or values because AWS reserves it for AWS use. You can't edit or delete tag names or values with this prefix. Tags with this prefix do not count against your tags per secret limit.
If you use your tagging schema across multiple services and resources, other services might have restrictions on allowed characters. Generally allowed characters: letters, spaces, and numbers representable in UTF-8, plus the following special characters: + - = . _ : / @.

description String

The description of the secret.

id String

kmsKeyId String

replicaRegions List<SecretReplicaRegion>

A custom type that specifies a Region and the KmsKeyId for a replica secret.

tags List<Tag>

Maximum number of tags per secret: 50
Maximum key length: 127 Unicode characters in UTF-8
Maximum value length: 255 Unicode characters in UTF-8
Tag keys and values are case sensitive.
Do not use the aws: prefix in your tag names or values because AWS reserves it for AWS use. You can't edit or delete tag names or values with this prefix. Tags with this prefix do not count against your tags per secret limit.
If you use your tagging schema across multiple services and resources, other services might have restrictions on allowed characters. Generally allowed characters: letters, spaces, and numbers representable in UTF-8, plus the following special characters: + - = . _ : / @.

description string

The description of the secret.

id string

kmsKeyId string

replicaRegions SecretReplicaRegion[]

A custom type that specifies a Region and the KmsKeyId for a replica secret.

tags Tag[]

Maximum number of tags per secret: 50
Maximum key length: 127 Unicode characters in UTF-8
Maximum value length: 255 Unicode characters in UTF-8
Tag keys and values are case sensitive.
Do not use the aws: prefix in your tag names or values because AWS reserves it for AWS use. You can't edit or delete tag names or values with this prefix. Tags with this prefix do not count against your tags per secret limit.
If you use your tagging schema across multiple services and resources, other services might have restrictions on allowed characters. Generally allowed characters: letters, spaces, and numbers representable in UTF-8, plus the following special characters: + - = . _ : / @.

description str

The description of the secret.

id str

kms_key_id str

replica_regions Sequence[SecretReplicaRegion]

A custom type that specifies a Region and the KmsKeyId for a replica secret.

tags Sequence[root_Tag]

Maximum number of tags per secret: 50
Maximum key length: 127 Unicode characters in UTF-8
Maximum value length: 255 Unicode characters in UTF-8
Tag keys and values are case sensitive.
Do not use the aws: prefix in your tag names or values because AWS reserves it for AWS use. You can't edit or delete tag names or values with this prefix. Tags with this prefix do not count against your tags per secret limit.
If you use your tagging schema across multiple services and resources, other services might have restrictions on allowed characters. Generally allowed characters: letters, spaces, and numbers representable in UTF-8, plus the following special characters: + - = . _ : / @.

description String

The description of the secret.

id String

kmsKeyId String

replicaRegions List<Property Map>

A custom type that specifies a Region and the KmsKeyId for a replica secret.

tags List<Property Map>

Maximum number of tags per secret: 50
Maximum key length: 127 Unicode characters in UTF-8
Maximum value length: 255 Unicode characters in UTF-8
Tag keys and values are case sensitive.
Do not use the aws: prefix in your tag names or values because AWS reserves it for AWS use. You can't edit or delete tag names or values with this prefix. Tags with this prefix do not count against your tags per secret limit.
If you use your tagging schema across multiple services and resources, other services might have restrictions on allowed characters. Generally allowed characters: letters, spaces, and numbers representable in UTF-8, plus the following special characters: + - = . _ : / @.

Supporting Types

SecretReplicaRegion

Region string: A string that represents a Region, for example "us-east-1".
KmsKeyId string: The ARN, key ID, or alias of the KMS key to encrypt the secret. If you don't include this field, Secrets Manager uses aws/secretsmanager.

Region string: A string that represents a Region, for example "us-east-1".
KmsKeyId string: The ARN, key ID, or alias of the KMS key to encrypt the secret. If you don't include this field, Secrets Manager uses aws/secretsmanager.

region String: A string that represents a Region, for example "us-east-1".
kmsKeyId String: The ARN, key ID, or alias of the KMS key to encrypt the secret. If you don't include this field, Secrets Manager uses aws/secretsmanager.

region string: A string that represents a Region, for example "us-east-1".
kmsKeyId string: The ARN, key ID, or alias of the KMS key to encrypt the secret. If you don't include this field, Secrets Manager uses aws/secretsmanager.

region str: A string that represents a Region, for example "us-east-1".
kms_key_id str: The ARN, key ID, or alias of the KMS key to encrypt the secret. If you don't include this field, Secrets Manager uses aws/secretsmanager.

region String: A string that represents a Region, for example "us-east-1".
kmsKeyId String: The ARN, key ID, or alias of the KMS key to encrypt the secret. If you don't include this field, Secrets Manager uses aws/secretsmanager.

Package Details

Repository: AWS Native pulumi/pulumi-aws-native
License: Apache-2.0

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.102.0 published on Tuesday, Apr 16, 2024 by Pulumi

pulumi/pulumi-aws-native

aws-native.secretsmanager.getSecret

On this page

On this page

Using getSecret

getSecret Result

Supporting Types

SecretReplicaRegion

Tag

Package Details

On this page

On this page