getSecrets

AWS v5.43.0 (5.x), Mar 10 26

Viewing docs for AWS v5.43.0 (Older version)
published on Tuesday, Mar 10, 2026 by Pulumi

Go to latest version

Schema (JSON)

pulumi/pulumi-aws

Viewing docs for AWS v5.43.0 (Older version)
published on Tuesday, Mar 10, 2026 by Pulumi

Go to latest version

Schema (JSON)

pulumi/pulumi-aws

Using getSecrets

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getSecrets(args: GetSecretsArgs, opts?: InvokeOptions): Promise<GetSecretsResult>
function getSecretsOutput(args: GetSecretsOutputArgs, opts?: InvokeOptions): Output<GetSecretsResult>

def get_secrets(secrets: Optional[Sequence[GetSecretsSecret]] = None,
                opts: Optional[InvokeOptions] = None) -> GetSecretsResult
def get_secrets_output(secrets: Optional[pulumi.Input[Sequence[pulumi.Input[GetSecretsSecretArgs]]]] = None,
                opts: Optional[InvokeOptions] = None) -> Output[GetSecretsResult]

func GetSecrets(ctx *Context, args *GetSecretsArgs, opts ...InvokeOption) (*GetSecretsResult, error)
func GetSecretsOutput(ctx *Context, args *GetSecretsOutputArgs, opts ...InvokeOption) GetSecretsResultOutput

> Note: This function is named GetSecrets in the Go SDK.

public static class GetSecrets 
{
    public static Task<GetSecretsResult> InvokeAsync(GetSecretsArgs args, InvokeOptions? opts = null)
    public static Output<GetSecretsResult> Invoke(GetSecretsInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetSecretsResult> getSecrets(GetSecretsArgs args, InvokeOptions options)
public static Output<GetSecretsResult> getSecrets(GetSecretsArgs args, InvokeOptions options)

fn::invoke:
  function: aws:kms/getSecrets:getSecrets
  arguments:
    # arguments dictionary

The following arguments are supported:

Secrets List<GetSecretsSecret>: One or more encrypted payload definitions from the KMS service. See the Secret Definitions below.

Secrets []GetSecretsSecret: One or more encrypted payload definitions from the KMS service. See the Secret Definitions below.

secrets List<GetSecretsSecret>: One or more encrypted payload definitions from the KMS service. See the Secret Definitions below.

secrets GetSecretsSecret[]: One or more encrypted payload definitions from the KMS service. See the Secret Definitions below.

secrets Sequence[GetSecretsSecret]: One or more encrypted payload definitions from the KMS service. See the Secret Definitions below.

secrets List<Property Map>: One or more encrypted payload definitions from the KMS service. See the Secret Definitions below.

getSecrets Result

The following output properties are available:

Id string: The provider-assigned unique ID for this managed resource.
Plaintext Dictionary<string, string>: Map containing each secret name as the key with its decrypted plaintext value
Secrets List<GetSecretsSecret>

Id string: The provider-assigned unique ID for this managed resource.
Plaintext map[string]string: Map containing each secret name as the key with its decrypted plaintext value
Secrets []GetSecretsSecret

id String: The provider-assigned unique ID for this managed resource.
plaintext Map<String,String>: Map containing each secret name as the key with its decrypted plaintext value
secrets List<GetSecretsSecret>

id string: The provider-assigned unique ID for this managed resource.
plaintext {[key: string]: string}: Map containing each secret name as the key with its decrypted plaintext value
secrets GetSecretsSecret[]

id str: The provider-assigned unique ID for this managed resource.
plaintext Mapping[str, str]: Map containing each secret name as the key with its decrypted plaintext value
secrets Sequence[GetSecretsSecret]

id String: The provider-assigned unique ID for this managed resource.
plaintext Map<String>: Map containing each secret name as the key with its decrypted plaintext value
secrets List<Property Map>

Supporting Types

GetSecretsSecret

Name string

Name to export this secret under in the attributes.

Payload string

Base64 encoded payload, as returned from a KMS encrypt operation.

Context Dictionary<string, string>

An optional mapping that makes up the Encryption Context for the secret.

EncryptionAlgorithm string

The encryption algorithm that will be used to decrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. Valid Values: SYMMETRIC_DEFAULT | RSAES_OAEP_SHA_1 | RSAES_OAEP_SHA_256 | SM2PKE

GrantTokens List<string>

An optional list of Grant Tokens for the secret.

KeyId string

Specifies the KMS key that AWS KMS uses to decrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key.

For more information on context and grant_tokens see the KMS Concepts

Name string

Name to export this secret under in the attributes.

Payload string

Base64 encoded payload, as returned from a KMS encrypt operation.

Context map[string]string

An optional mapping that makes up the Encryption Context for the secret.

EncryptionAlgorithm string

GrantTokens []string

An optional list of Grant Tokens for the secret.

KeyId string

Specifies the KMS key that AWS KMS uses to decrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key.

For more information on context and grant_tokens see the KMS Concepts

name String

Name to export this secret under in the attributes.

payload String

Base64 encoded payload, as returned from a KMS encrypt operation.

context Map<String,String>

An optional mapping that makes up the Encryption Context for the secret.

encryptionAlgorithm String

grantTokens List<String>

An optional list of Grant Tokens for the secret.

keyId String

Specifies the KMS key that AWS KMS uses to decrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key.

For more information on context and grant_tokens see the KMS Concepts

name string

Name to export this secret under in the attributes.

payload string

Base64 encoded payload, as returned from a KMS encrypt operation.

context {[key: string]: string}

An optional mapping that makes up the Encryption Context for the secret.

encryptionAlgorithm string

grantTokens string[]

An optional list of Grant Tokens for the secret.

keyId string

Specifies the KMS key that AWS KMS uses to decrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key.

For more information on context and grant_tokens see the KMS Concepts

name str

Name to export this secret under in the attributes.

payload str

Base64 encoded payload, as returned from a KMS encrypt operation.

context Mapping[str, str]

An optional mapping that makes up the Encryption Context for the secret.

encryption_algorithm str

grant_tokens Sequence[str]

An optional list of Grant Tokens for the secret.

key_id str

Specifies the KMS key that AWS KMS uses to decrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key.

For more information on context and grant_tokens see the KMS Concepts

name String

Name to export this secret under in the attributes.

payload String

Base64 encoded payload, as returned from a KMS encrypt operation.

context Map<String>

An optional mapping that makes up the Encryption Context for the secret.

encryptionAlgorithm String

grantTokens List<String>

An optional list of Grant Tokens for the secret.

keyId String

Specifies the KMS key that AWS KMS uses to decrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key.

For more information on context and grant_tokens see the KMS Concepts