AWS Classic v6.3.0, Sep 28 23

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.3.0 published on Thursday, Sep 28, 2023 by Pulumi

pulumi/pulumi-aws

aws.secretsmanager.Secret

Explore with Pulumi AI

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.3.0 published on Thursday, Sep 28, 2023 by Pulumi

pulumi/pulumi-aws

Example Usage

Basic

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.SecretsManager.Secret("example");

});

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/secretsmanager"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.NewSecret(ctx, "example", nil)
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.secretsmanager.Secret;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Secret("example");

    }
}

import pulumi
import pulumi_aws as aws

example = aws.secretsmanager.Secret("example")

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.secretsmanager.Secret("example", {});

resources:
  example:
    type: aws:secretsmanager:Secret

Create Secret Resource

new Secret(name: string, args?: SecretArgs, opts?: CustomResourceOptions);

@overload
def Secret(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           description: Optional[str] = None,
           force_overwrite_replica_secret: Optional[bool] = None,
           kms_key_id: Optional[str] = None,
           name: Optional[str] = None,
           name_prefix: Optional[str] = None,
           policy: Optional[str] = None,
           recovery_window_in_days: Optional[int] = None,
           replicas: Optional[Sequence[SecretReplicaArgs]] = None,
           tags: Optional[Mapping[str, str]] = None)
@overload
def Secret(resource_name: str,
           args: Optional[SecretArgs] = None,
           opts: Optional[ResourceOptions] = None)

func NewSecret(ctx *Context, name string, args *SecretArgs, opts ...ResourceOption) (*Secret, error)

public Secret(string name, SecretArgs? args = null, CustomResourceOptions? opts = null)

public Secret(String name, SecretArgs args)
public Secret(String name, SecretArgs args, CustomResourceOptions options)

type: aws:secretsmanager:Secret
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Secret Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Secret resource accepts the following input properties:

Description string: Description of the secret.
ForceOverwriteReplicaSecret bool: Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.
KmsKeyId string: ARN or Id of the AWS KMS key to be used to encrypt the secret values in the versions stored in this secret. If you need to reference a CMK in a different account, you can use only the key ARN. If you don't specify this value, then Secrets Manager defaults to using the AWS account's default KMS key (the one named aws/secretsmanager). If the default KMS key with that name doesn't yet exist, then AWS Secrets Manager creates it for you automatically the first time.
Name string: Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.
NamePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
Policy string: Valid JSON document representing a resource policy. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.secretsmanager.SecretPolicy. To delete the policy, set it to "{}" (an empty JSON document).
RecoveryWindowInDays int: Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.
Replicas List<SecretReplica>: Configuration block to support secret replication. See details below.
Tags Dictionary<string, string>: Key-value map of user-defined tags that are attached to the secret. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Description string: Description of the secret.
ForceOverwriteReplicaSecret bool: Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.
KmsKeyId string: ARN or Id of the AWS KMS key to be used to encrypt the secret values in the versions stored in this secret. If you need to reference a CMK in a different account, you can use only the key ARN. If you don't specify this value, then Secrets Manager defaults to using the AWS account's default KMS key (the one named aws/secretsmanager). If the default KMS key with that name doesn't yet exist, then AWS Secrets Manager creates it for you automatically the first time.
Name string: Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.
NamePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
Policy string: Valid JSON document representing a resource policy. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.secretsmanager.SecretPolicy. To delete the policy, set it to "{}" (an empty JSON document).
RecoveryWindowInDays int: Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.
Replicas []SecretReplicaArgs: Configuration block to support secret replication. See details below.
Tags map[string]string: Key-value map of user-defined tags that are attached to the secret. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

description String: Description of the secret.
forceOverwriteReplicaSecret Boolean: Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.
kmsKeyId String: ARN or Id of the AWS KMS key to be used to encrypt the secret values in the versions stored in this secret. If you need to reference a CMK in a different account, you can use only the key ARN. If you don't specify this value, then Secrets Manager defaults to using the AWS account's default KMS key (the one named aws/secretsmanager). If the default KMS key with that name doesn't yet exist, then AWS Secrets Manager creates it for you automatically the first time.
name String: Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.
namePrefix String: Creates a unique name beginning with the specified prefix. Conflicts with name.
policy String: Valid JSON document representing a resource policy. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.secretsmanager.SecretPolicy. To delete the policy, set it to "{}" (an empty JSON document).
recoveryWindowInDays Integer: Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.
replicas List<SecretReplica>: Configuration block to support secret replication. See details below.
tags Map<String,String>: Key-value map of user-defined tags that are attached to the secret. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

description string: Description of the secret.
forceOverwriteReplicaSecret boolean: Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.
kmsKeyId string: ARN or Id of the AWS KMS key to be used to encrypt the secret values in the versions stored in this secret. If you need to reference a CMK in a different account, you can use only the key ARN. If you don't specify this value, then Secrets Manager defaults to using the AWS account's default KMS key (the one named aws/secretsmanager). If the default KMS key with that name doesn't yet exist, then AWS Secrets Manager creates it for you automatically the first time.
name string: Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.
namePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
policy string: Valid JSON document representing a resource policy. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.secretsmanager.SecretPolicy. To delete the policy, set it to "{}" (an empty JSON document).
recoveryWindowInDays number: Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.
replicas SecretReplica[]: Configuration block to support secret replication. See details below.
tags {[key: string]: string}: Key-value map of user-defined tags that are attached to the secret. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

description str: Description of the secret.
force_overwrite_replica_secret bool: Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.
kms_key_id str: ARN or Id of the AWS KMS key to be used to encrypt the secret values in the versions stored in this secret. If you need to reference a CMK in a different account, you can use only the key ARN. If you don't specify this value, then Secrets Manager defaults to using the AWS account's default KMS key (the one named aws/secretsmanager). If the default KMS key with that name doesn't yet exist, then AWS Secrets Manager creates it for you automatically the first time.
name str: Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.
name_prefix str: Creates a unique name beginning with the specified prefix. Conflicts with name.
policy str: Valid JSON document representing a resource policy. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.secretsmanager.SecretPolicy. To delete the policy, set it to "{}" (an empty JSON document).
recovery_window_in_days int: Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.
replicas Sequence[SecretReplicaArgs]: Configuration block to support secret replication. See details below.
tags Mapping[str, str]: Key-value map of user-defined tags that are attached to the secret. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

description String: Description of the secret.
forceOverwriteReplicaSecret Boolean: Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.
kmsKeyId String: ARN or Id of the AWS KMS key to be used to encrypt the secret values in the versions stored in this secret. If you need to reference a CMK in a different account, you can use only the key ARN. If you don't specify this value, then Secrets Manager defaults to using the AWS account's default KMS key (the one named aws/secretsmanager). If the default KMS key with that name doesn't yet exist, then AWS Secrets Manager creates it for you automatically the first time.
name String: Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.
namePrefix String: Creates a unique name beginning with the specified prefix. Conflicts with name.
policy String: Valid JSON document representing a resource policy. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.secretsmanager.SecretPolicy. To delete the policy, set it to "{}" (an empty JSON document).
recoveryWindowInDays Number: Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.
replicas List<Property Map>: Configuration block to support secret replication. See details below.
tags Map<String>: Key-value map of user-defined tags that are attached to the secret. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Outputs

All input properties are implicitly available as output properties. Additionally, the Secret resource produces the following output properties:

Arn string

ARN of the secret.

Id string

The provider-assigned unique ID for this managed resource.

TagsAll Dictionary<string, string>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated:

Please use tags instead.

Arn string

ARN of the secret.

Id string

The provider-assigned unique ID for this managed resource.

TagsAll map[string]string

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated:

Please use tags instead.

arn String

ARN of the secret.

id String

The provider-assigned unique ID for this managed resource.

tagsAll Map<String,String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated:

Please use tags instead.

arn string

ARN of the secret.

id string

The provider-assigned unique ID for this managed resource.

tagsAll {[key: string]: string}

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated:

Please use tags instead.

arn str

ARN of the secret.

id str

The provider-assigned unique ID for this managed resource.

tags_all Mapping[str, str]

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated:

Please use tags instead.

arn String

ARN of the secret.

id String

The provider-assigned unique ID for this managed resource.

tagsAll Map<String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated:

Please use tags instead.

Look up Existing Secret Resource

Get an existing Secret resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecretState, opts?: CustomResourceOptions): Secret

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        description: Optional[str] = None,
        force_overwrite_replica_secret: Optional[bool] = None,
        kms_key_id: Optional[str] = None,
        name: Optional[str] = None,
        name_prefix: Optional[str] = None,
        policy: Optional[str] = None,
        recovery_window_in_days: Optional[int] = None,
        replicas: Optional[Sequence[SecretReplicaArgs]] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None) -> Secret

func GetSecret(ctx *Context, name string, id IDInput, state *SecretState, opts ...ResourceOption) (*Secret, error)

public static Secret Get(string name, Input<string> id, SecretState? state, CustomResourceOptions? opts = null)

public static Secret get(String name, Output<String> id, SecretState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Arn string

ARN of the secret.

Description string

Description of the secret.

ForceOverwriteReplicaSecret bool

Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.

KmsKeyId string

ARN or Id of the AWS KMS key to be used to encrypt the secret values in the versions stored in this secret. If you need to reference a CMK in a different account, you can use only the key ARN. If you don't specify this value, then Secrets Manager defaults to using the AWS account's default KMS key (the one named aws/secretsmanager). If the default KMS key with that name doesn't yet exist, then AWS Secrets Manager creates it for you automatically the first time.

Name string

Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.

NamePrefix string

Creates a unique name beginning with the specified prefix. Conflicts with name.

Policy string

Valid JSON document representing a resource policy. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.secretsmanager.SecretPolicy. To delete the policy, set it to "{}" (an empty JSON document).

RecoveryWindowInDays int

Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.

Replicas List<SecretReplica>

Configuration block to support secret replication. See details below.

Tags Dictionary<string, string>

Key-value map of user-defined tags that are attached to the secret. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll Dictionary<string, string>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated:

Please use tags instead.

Arn string

ARN of the secret.

Description string

Description of the secret.

ForceOverwriteReplicaSecret bool

Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.

KmsKeyId string

Name string

Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.

NamePrefix string

Creates a unique name beginning with the specified prefix. Conflicts with name.

Policy string

RecoveryWindowInDays int

Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.

Replicas []SecretReplicaArgs

Configuration block to support secret replication. See details below.

Tags map[string]string

TagsAll map[string]string

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated:

Please use tags instead.

arn String

ARN of the secret.

description String

Description of the secret.

forceOverwriteReplicaSecret Boolean

Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.

kmsKeyId String

name String

Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.

namePrefix String

Creates a unique name beginning with the specified prefix. Conflicts with name.

policy String

recoveryWindowInDays Integer

Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.

replicas List<SecretReplica>

Configuration block to support secret replication. See details below.

tags Map<String,String>

tagsAll Map<String,String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated:

Please use tags instead.

arn string

ARN of the secret.

description string

Description of the secret.

forceOverwriteReplicaSecret boolean

Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.

kmsKeyId string

name string

Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.

namePrefix string

Creates a unique name beginning with the specified prefix. Conflicts with name.

policy string

recoveryWindowInDays number

Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.

replicas SecretReplica[]

Configuration block to support secret replication. See details below.

tags {[key: string]: string}

tagsAll {[key: string]: string}

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated:

Please use tags instead.

arn str

ARN of the secret.

description str

Description of the secret.

force_overwrite_replica_secret bool

Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.

kms_key_id str

name str

Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.

name_prefix str

Creates a unique name beginning with the specified prefix. Conflicts with name.

policy str

recovery_window_in_days int

Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.

replicas Sequence[SecretReplicaArgs]

Configuration block to support secret replication. See details below.

tags Mapping[str, str]

tags_all Mapping[str, str]

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated:

Please use tags instead.

arn String

ARN of the secret.

description String

Description of the secret.

forceOverwriteReplicaSecret Boolean

Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.

kmsKeyId String

name String

Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.

namePrefix String

Creates a unique name beginning with the specified prefix. Conflicts with name.

policy String

recoveryWindowInDays Number

Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.

replicas List<Property Map>

Configuration block to support secret replication. See details below.

tags Map<String>

tagsAll Map<String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated:

Please use tags instead.

Supporting Types

SecretReplica, SecretReplicaArgs

Region string: Region for replicating the secret.
KmsKeyId string: ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (aws/secretsmanager) in the region or creates one for use if non-existent.
LastAccessedDate string: Date that you last accessed the secret in the Region.
Status string: Status can be InProgress, Failed, or InSync.
StatusMessage string: Message such as Replication succeeded or Secret with this name already exists in this region.

Region string: Region for replicating the secret.
KmsKeyId string: ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (aws/secretsmanager) in the region or creates one for use if non-existent.
LastAccessedDate string: Date that you last accessed the secret in the Region.
Status string: Status can be InProgress, Failed, or InSync.
StatusMessage string: Message such as Replication succeeded or Secret with this name already exists in this region.

region String: Region for replicating the secret.
kmsKeyId String: ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (aws/secretsmanager) in the region or creates one for use if non-existent.
lastAccessedDate String: Date that you last accessed the secret in the Region.
status String: Status can be InProgress, Failed, or InSync.
statusMessage String: Message such as Replication succeeded or Secret with this name already exists in this region.

region string: Region for replicating the secret.
kmsKeyId string: ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (aws/secretsmanager) in the region or creates one for use if non-existent.
lastAccessedDate string: Date that you last accessed the secret in the Region.
status string: Status can be InProgress, Failed, or InSync.
statusMessage string: Message such as Replication succeeded or Secret with this name already exists in this region.

region str: Region for replicating the secret.
kms_key_id str: ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (aws/secretsmanager) in the region or creates one for use if non-existent.
last_accessed_date str: Date that you last accessed the secret in the Region.
status str: Status can be InProgress, Failed, or InSync.
status_message str: Message such as Replication succeeded or Secret with this name already exists in this region.

region String: Region for replicating the secret.
kmsKeyId String: ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (aws/secretsmanager) in the region or creates one for use if non-existent.
lastAccessedDate String: Date that you last accessed the secret in the Region.
status String: Status can be InProgress, Failed, or InSync.
statusMessage String: Message such as Replication succeeded or Secret with this name already exists in this region.

Import

Using pulumi import, import aws_secretsmanager_secret using the secret Amazon Resource Name (ARN). For example:

 $ pulumi import aws:secretsmanager/secret:Secret example arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.3.0 published on Thursday, Sep 28, 2023 by Pulumi

pulumi/pulumi-aws

aws.secretsmanager.Secret

On this page

On this page

Example Usage

Basic

Create Secret Resource

Secret Resource Properties

Inputs

Outputs

Look up Existing Secret Resource

Supporting Types

SecretReplica, SecretReplicaArgs

Import

Package Details

On this page

On this page