AWS Classic

Pulumi Official
Package maintained by Pulumi
v5.10.0 published on Monday, Jul 11, 2022 by Pulumi

Secret

Provides a resource to manage AWS Secrets Manager secret metadata. To manage secret rotation, see the aws.secretsmanager.SecretRotation resource. To manage a secret value, see the aws.secretsmanager.SecretVersion resource.

Example Usage

Basic

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var example = new Aws.SecretsManager.Secret("example", new Aws.SecretsManager.SecretArgs
        {
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/secretsmanager"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.NewSecret(ctx, "example", nil)
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Secret("example");

    }
}
import pulumi
import pulumi_aws as aws

example = aws.secretsmanager.Secret("example")
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.secretsmanager.Secret("example", {});
resources:
  example:
    type: aws:secretsmanager:Secret

Rotation Configuration

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var rotation_example = new Aws.SecretsManager.Secret("rotation-example", new Aws.SecretsManager.SecretArgs
        {
            RotationLambdaArn = aws_lambda_function.Example.Arn,
            RotationRules = new Aws.SecretsManager.Inputs.SecretRotationRulesArgs
            {
                AutomaticallyAfterDays = 7,
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/secretsmanager"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.NewSecret(ctx, "rotation-example", &secretsmanager.SecretArgs{
			RotationLambdaArn: pulumi.Any(aws_lambda_function.Example.Arn),
			RotationRules: &secretsmanager.SecretRotationRulesArgs{
				AutomaticallyAfterDays: pulumi.Int(7),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var rotation_example = new Secret("rotation-example", SecretArgs.builder()        
            .rotationLambdaArn(aws_lambda_function.example().arn())
            .rotationRules(SecretRotationRulesArgs.builder()
                .automaticallyAfterDays(7)
                .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

rotation_example = aws.secretsmanager.Secret("rotation-example",
    rotation_lambda_arn=aws_lambda_function["example"]["arn"],
    rotation_rules=aws.secretsmanager.SecretRotationRulesArgs(
        automatically_after_days=7,
    ))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const rotation_example = new aws.secretsmanager.Secret("rotation-example", {
    rotationLambdaArn: aws_lambda_function.example.arn,
    rotationRules: {
        automaticallyAfterDays: 7,
    },
});
resources:
  rotation-example:
    type: aws:secretsmanager:Secret
    properties:
      rotationLambdaArn: ${aws_lambda_function.example.arn}
      rotationRules:
        automaticallyAfterDays: 7

Create a Secret Resource

new Secret(name: string, args?: SecretArgs, opts?: CustomResourceOptions);
@overload
def Secret(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           description: Optional[str] = None,
           force_overwrite_replica_secret: Optional[bool] = None,
           kms_key_id: Optional[str] = None,
           name: Optional[str] = None,
           name_prefix: Optional[str] = None,
           policy: Optional[str] = None,
           recovery_window_in_days: Optional[int] = None,
           replicas: Optional[Sequence[SecretReplicaArgs]] = None,
           rotation_lambda_arn: Optional[str] = None,
           rotation_rules: Optional[SecretRotationRulesArgs] = None,
           tags: Optional[Mapping[str, str]] = None)
@overload
def Secret(resource_name: str,
           args: Optional[SecretArgs] = None,
           opts: Optional[ResourceOptions] = None)
func NewSecret(ctx *Context, name string, args *SecretArgs, opts ...ResourceOption) (*Secret, error)
public Secret(string name, SecretArgs? args = null, CustomResourceOptions? opts = null)
public Secret(String name, SecretArgs args)
public Secret(String name, SecretArgs args, CustomResourceOptions options)
type: aws:secretsmanager:Secret
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args SecretArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args SecretArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args SecretArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args SecretArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args SecretArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Secret Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Secret resource accepts the following input properties:

Description string

Description of the secret.

ForceOverwriteReplicaSecret bool

Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.

KmsKeyId string

ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (aws/secretsmanager) in the region or creates one for use if non-existent.

Name string

Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.

NamePrefix string

Creates a unique name beginning with the specified prefix. Conflicts with name.

Policy string

Valid JSON document representing a resource policy. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.secretsmanager.SecretPolicy. To delete the policy, set it to "{}" (an empty JSON document).

RecoveryWindowInDays int

Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.

Replicas List<SecretReplicaArgs>

Configuration block to support secret replication. See details below.

RotationLambdaArn string

ARN of the Lambda function that can rotate the secret. Use the aws.secretsmanager.SecretRotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

RotationRules SecretRotationRulesArgs

Configuration block for the rotation configuration of this secret. Defined below. Use the aws.secretsmanager.SecretRotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

Tags Dictionary<string, string>

Key-value map of user-defined tags that are attached to the secret. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Description string

Description of the secret.

ForceOverwriteReplicaSecret bool

Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.

KmsKeyId string

ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (aws/secretsmanager) in the region or creates one for use if non-existent.

Name string

Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.

NamePrefix string

Creates a unique name beginning with the specified prefix. Conflicts with name.

Policy string

Valid JSON document representing a resource policy. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.secretsmanager.SecretPolicy. To delete the policy, set it to "{}" (an empty JSON document).

RecoveryWindowInDays int

Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.

Replicas []SecretReplicaArgs

Configuration block to support secret replication. See details below.

RotationLambdaArn string

ARN of the Lambda function that can rotate the secret. Use the aws.secretsmanager.SecretRotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

RotationRules SecretRotationRulesArgs

Configuration block for the rotation configuration of this secret. Defined below. Use the aws.secretsmanager.SecretRotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

Tags map[string]string

Key-value map of user-defined tags that are attached to the secret. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

description String

Description of the secret.

forceOverwriteReplicaSecret Boolean

Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.

kmsKeyId String

ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (aws/secretsmanager) in the region or creates one for use if non-existent.

name String

Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.

namePrefix String

Creates a unique name beginning with the specified prefix. Conflicts with name.

policy String

Valid JSON document representing a resource policy. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.secretsmanager.SecretPolicy. To delete the policy, set it to "{}" (an empty JSON document).

recoveryWindowInDays Integer

Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.

replicas List<SecretReplicaArgs>

Configuration block to support secret replication. See details below.

rotationLambdaArn String

ARN of the Lambda function that can rotate the secret. Use the aws.secretsmanager.SecretRotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

rotationRules SecretRotationRulesArgs

Configuration block for the rotation configuration of this secret. Defined below. Use the aws.secretsmanager.SecretRotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

tags Map<String,String>

Key-value map of user-defined tags that are attached to the secret. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

description string

Description of the secret.

forceOverwriteReplicaSecret boolean

Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.

kmsKeyId string

ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (aws/secretsmanager) in the region or creates one for use if non-existent.

name string

Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.

namePrefix string

Creates a unique name beginning with the specified prefix. Conflicts with name.

policy string

Valid JSON document representing a resource policy. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.secretsmanager.SecretPolicy. To delete the policy, set it to "{}" (an empty JSON document).

recoveryWindowInDays number

Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.

replicas SecretReplicaArgs[]

Configuration block to support secret replication. See details below.

rotationLambdaArn string

ARN of the Lambda function that can rotate the secret. Use the aws.secretsmanager.SecretRotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

rotationRules SecretRotationRulesArgs

Configuration block for the rotation configuration of this secret. Defined below. Use the aws.secretsmanager.SecretRotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

tags {[key: string]: string}

Key-value map of user-defined tags that are attached to the secret. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

description str

Description of the secret.

force_overwrite_replica_secret bool

Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.

kms_key_id str

ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (aws/secretsmanager) in the region or creates one for use if non-existent.

name str

Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.

name_prefix str

Creates a unique name beginning with the specified prefix. Conflicts with name.

policy str

Valid JSON document representing a resource policy. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.secretsmanager.SecretPolicy. To delete the policy, set it to "{}" (an empty JSON document).

recovery_window_in_days int

Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.

replicas Sequence[SecretReplicaArgs]

Configuration block to support secret replication. See details below.

rotation_lambda_arn str

ARN of the Lambda function that can rotate the secret. Use the aws.secretsmanager.SecretRotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

rotation_rules SecretRotationRulesArgs

Configuration block for the rotation configuration of this secret. Defined below. Use the aws.secretsmanager.SecretRotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

tags Mapping[str, str]

Key-value map of user-defined tags that are attached to the secret. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

description String

Description of the secret.

forceOverwriteReplicaSecret Boolean

Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.

kmsKeyId String

ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (aws/secretsmanager) in the region or creates one for use if non-existent.

name String

Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.

namePrefix String

Creates a unique name beginning with the specified prefix. Conflicts with name.

policy String

Valid JSON document representing a resource policy. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.secretsmanager.SecretPolicy. To delete the policy, set it to "{}" (an empty JSON document).

recoveryWindowInDays Number

Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.

replicas List<Property Map>

Configuration block to support secret replication. See details below.

rotationLambdaArn String

ARN of the Lambda function that can rotate the secret. Use the aws.secretsmanager.SecretRotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

rotationRules Property Map

Configuration block for the rotation configuration of this secret. Defined below. Use the aws.secretsmanager.SecretRotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

tags Map<String>

Key-value map of user-defined tags that are attached to the secret. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Outputs

All input properties are implicitly available as output properties. Additionally, the Secret resource produces the following output properties:

Arn string

ARN of the secret.

Id string

The provider-assigned unique ID for this managed resource.

RotationEnabled bool

Whether automatic rotation is enabled for this secret.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

TagsAll Dictionary<string, string>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Arn string

ARN of the secret.

Id string

The provider-assigned unique ID for this managed resource.

RotationEnabled bool

Whether automatic rotation is enabled for this secret.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

TagsAll map[string]string

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn String

ARN of the secret.

id String

The provider-assigned unique ID for this managed resource.

rotationEnabled Boolean

Whether automatic rotation is enabled for this secret.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

tagsAll Map<String,String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn string

ARN of the secret.

id string

The provider-assigned unique ID for this managed resource.

rotationEnabled boolean

Whether automatic rotation is enabled for this secret.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

tagsAll {[key: string]: string}

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn str

ARN of the secret.

id str

The provider-assigned unique ID for this managed resource.

rotation_enabled bool

Whether automatic rotation is enabled for this secret.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

tags_all Mapping[str, str]

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn String

ARN of the secret.

id String

The provider-assigned unique ID for this managed resource.

rotationEnabled Boolean

Whether automatic rotation is enabled for this secret.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

tagsAll Map<String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Look up an Existing Secret Resource

Get an existing Secret resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecretState, opts?: CustomResourceOptions): Secret
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        description: Optional[str] = None,
        force_overwrite_replica_secret: Optional[bool] = None,
        kms_key_id: Optional[str] = None,
        name: Optional[str] = None,
        name_prefix: Optional[str] = None,
        policy: Optional[str] = None,
        recovery_window_in_days: Optional[int] = None,
        replicas: Optional[Sequence[SecretReplicaArgs]] = None,
        rotation_enabled: Optional[bool] = None,
        rotation_lambda_arn: Optional[str] = None,
        rotation_rules: Optional[SecretRotationRulesArgs] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None) -> Secret
func GetSecret(ctx *Context, name string, id IDInput, state *SecretState, opts ...ResourceOption) (*Secret, error)
public static Secret Get(string name, Input<string> id, SecretState? state, CustomResourceOptions? opts = null)
public static Secret get(String name, Output<String> id, SecretState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Arn string

ARN of the secret.

Description string

Description of the secret.

ForceOverwriteReplicaSecret bool

Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.

KmsKeyId string

ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (aws/secretsmanager) in the region or creates one for use if non-existent.

Name string

Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.

NamePrefix string

Creates a unique name beginning with the specified prefix. Conflicts with name.

Policy string

Valid JSON document representing a resource policy. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.secretsmanager.SecretPolicy. To delete the policy, set it to "{}" (an empty JSON document).

RecoveryWindowInDays int

Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.

Replicas List<SecretReplicaArgs>

Configuration block to support secret replication. See details below.

RotationEnabled bool

Whether automatic rotation is enabled for this secret.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

RotationLambdaArn string

ARN of the Lambda function that can rotate the secret. Use the aws.secretsmanager.SecretRotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

RotationRules SecretRotationRulesArgs

Configuration block for the rotation configuration of this secret. Defined below. Use the aws.secretsmanager.SecretRotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

Tags Dictionary<string, string>

Key-value map of user-defined tags that are attached to the secret. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll Dictionary<string, string>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Arn string

ARN of the secret.

Description string

Description of the secret.

ForceOverwriteReplicaSecret bool

Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.

KmsKeyId string

ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (aws/secretsmanager) in the region or creates one for use if non-existent.

Name string

Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.

NamePrefix string

Creates a unique name beginning with the specified prefix. Conflicts with name.

Policy string

Valid JSON document representing a resource policy. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.secretsmanager.SecretPolicy. To delete the policy, set it to "{}" (an empty JSON document).

RecoveryWindowInDays int

Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.

Replicas []SecretReplicaArgs

Configuration block to support secret replication. See details below.

RotationEnabled bool

Whether automatic rotation is enabled for this secret.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

RotationLambdaArn string

ARN of the Lambda function that can rotate the secret. Use the aws.secretsmanager.SecretRotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

RotationRules SecretRotationRulesArgs

Configuration block for the rotation configuration of this secret. Defined below. Use the aws.secretsmanager.SecretRotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

Tags map[string]string

Key-value map of user-defined tags that are attached to the secret. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll map[string]string

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn String

ARN of the secret.

description String

Description of the secret.

forceOverwriteReplicaSecret Boolean

Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.

kmsKeyId String

ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (aws/secretsmanager) in the region or creates one for use if non-existent.

name String

Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.

namePrefix String

Creates a unique name beginning with the specified prefix. Conflicts with name.

policy String

Valid JSON document representing a resource policy. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.secretsmanager.SecretPolicy. To delete the policy, set it to "{}" (an empty JSON document).

recoveryWindowInDays Integer

Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.

replicas List<SecretReplicaArgs>

Configuration block to support secret replication. See details below.

rotationEnabled Boolean

Whether automatic rotation is enabled for this secret.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

rotationLambdaArn String

ARN of the Lambda function that can rotate the secret. Use the aws.secretsmanager.SecretRotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

rotationRules SecretRotationRulesArgs

Configuration block for the rotation configuration of this secret. Defined below. Use the aws.secretsmanager.SecretRotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

tags Map<String,String>

Key-value map of user-defined tags that are attached to the secret. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String,String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn string

ARN of the secret.

description string

Description of the secret.

forceOverwriteReplicaSecret boolean

Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.

kmsKeyId string

ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (aws/secretsmanager) in the region or creates one for use if non-existent.

name string

Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.

namePrefix string

Creates a unique name beginning with the specified prefix. Conflicts with name.

policy string

Valid JSON document representing a resource policy. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.secretsmanager.SecretPolicy. To delete the policy, set it to "{}" (an empty JSON document).

recoveryWindowInDays number

Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.

replicas SecretReplicaArgs[]

Configuration block to support secret replication. See details below.

rotationEnabled boolean

Whether automatic rotation is enabled for this secret.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

rotationLambdaArn string

ARN of the Lambda function that can rotate the secret. Use the aws.secretsmanager.SecretRotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

rotationRules SecretRotationRulesArgs

Configuration block for the rotation configuration of this secret. Defined below. Use the aws.secretsmanager.SecretRotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

tags {[key: string]: string}

Key-value map of user-defined tags that are attached to the secret. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll {[key: string]: string}

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn str

ARN of the secret.

description str

Description of the secret.

force_overwrite_replica_secret bool

Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.

kms_key_id str

ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (aws/secretsmanager) in the region or creates one for use if non-existent.

name str

Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.

name_prefix str

Creates a unique name beginning with the specified prefix. Conflicts with name.

policy str

Valid JSON document representing a resource policy. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.secretsmanager.SecretPolicy. To delete the policy, set it to "{}" (an empty JSON document).

recovery_window_in_days int

Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.

replicas Sequence[SecretReplicaArgs]

Configuration block to support secret replication. See details below.

rotation_enabled bool

Whether automatic rotation is enabled for this secret.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

rotation_lambda_arn str

ARN of the Lambda function that can rotate the secret. Use the aws.secretsmanager.SecretRotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

rotation_rules SecretRotationRulesArgs

Configuration block for the rotation configuration of this secret. Defined below. Use the aws.secretsmanager.SecretRotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

tags Mapping[str, str]

Key-value map of user-defined tags that are attached to the secret. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tags_all Mapping[str, str]

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn String

ARN of the secret.

description String

Description of the secret.

forceOverwriteReplicaSecret Boolean

Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.

kmsKeyId String

ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (aws/secretsmanager) in the region or creates one for use if non-existent.

name String

Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.

namePrefix String

Creates a unique name beginning with the specified prefix. Conflicts with name.

policy String

Valid JSON document representing a resource policy. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.secretsmanager.SecretPolicy. To delete the policy, set it to "{}" (an empty JSON document).

recoveryWindowInDays Number

Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.

replicas List<Property Map>

Configuration block to support secret replication. See details below.

rotationEnabled Boolean

Whether automatic rotation is enabled for this secret.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

rotationLambdaArn String

ARN of the Lambda function that can rotate the secret. Use the aws.secretsmanager.SecretRotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

rotationRules Property Map

Configuration block for the rotation configuration of this secret. Defined below. Use the aws.secretsmanager.SecretRotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.

Deprecated:

Use the aws_secretsmanager_secret_rotation resource instead

tags Map<String>

Key-value map of user-defined tags that are attached to the secret. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Supporting Types

SecretReplica

Region string

Region for replicating the secret.

KmsKeyId string

ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (aws/secretsmanager) in the region or creates one for use if non-existent.

LastAccessedDate string

Date that you last accessed the secret in the Region.

Status string

Status can be InProgress, Failed, or InSync.

StatusMessage string

Message such as Replication succeeded or Secret with this name already exists in this region.

Region string

Region for replicating the secret.

KmsKeyId string

ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (aws/secretsmanager) in the region or creates one for use if non-existent.

LastAccessedDate string

Date that you last accessed the secret in the Region.

Status string

Status can be InProgress, Failed, or InSync.

StatusMessage string

Message such as Replication succeeded or Secret with this name already exists in this region.

region String

Region for replicating the secret.

kmsKeyId String

ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (aws/secretsmanager) in the region or creates one for use if non-existent.

lastAccessedDate String

Date that you last accessed the secret in the Region.

status String

Status can be InProgress, Failed, or InSync.

statusMessage String

Message such as Replication succeeded or Secret with this name already exists in this region.

region string

Region for replicating the secret.

kmsKeyId string

ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (aws/secretsmanager) in the region or creates one for use if non-existent.

lastAccessedDate string

Date that you last accessed the secret in the Region.

status string

Status can be InProgress, Failed, or InSync.

statusMessage string

Message such as Replication succeeded or Secret with this name already exists in this region.

region str

Region for replicating the secret.

kms_key_id str

ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (aws/secretsmanager) in the region or creates one for use if non-existent.

last_accessed_date str

Date that you last accessed the secret in the Region.

status str

Status can be InProgress, Failed, or InSync.

status_message str

Message such as Replication succeeded or Secret with this name already exists in this region.

region String

Region for replicating the secret.

kmsKeyId String

ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (aws/secretsmanager) in the region or creates one for use if non-existent.

lastAccessedDate String

Date that you last accessed the secret in the Region.

status String

Status can be InProgress, Failed, or InSync.

statusMessage String

Message such as Replication succeeded or Secret with this name already exists in this region.

SecretRotationRules

AutomaticallyAfterDays int

Specifies the number of days between automatic scheduled rotations of the secret.

AutomaticallyAfterDays int

Specifies the number of days between automatic scheduled rotations of the secret.

automaticallyAfterDays Integer

Specifies the number of days between automatic scheduled rotations of the secret.

automaticallyAfterDays number

Specifies the number of days between automatic scheduled rotations of the secret.

automatically_after_days int

Specifies the number of days between automatic scheduled rotations of the secret.

automaticallyAfterDays Number

Specifies the number of days between automatic scheduled rotations of the secret.

Import

aws_secretsmanager_secret can be imported by using the secret Amazon Resource Name (ARN), e.g.,

 $ pulumi import aws:secretsmanager/secret:Secret example arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.