secretsmanager

class pulumi_aws.secretsmanager.GetSecretResult(arn=None, description=None, kms_key_id=None, name=None, policy=None, rotation_enabled=None, rotation_lambda_arn=None, rotation_rules=None, tags=None, id=None)

A collection of values returned by getSecret.

arn = None

The Amazon Resource Name (ARN) of the secret.

description = None

A description of the secret.

kms_key_id = None

The Key Management Service (KMS) Customer Master Key (CMK) associated with the secret.

policy = None

The resource-based policy document that’s attached to the secret.

rotation_enabled = None

Whether rotation is enabled or not.

rotation_lambda_arn = None

Rotation Lambda function Amazon Resource Name (ARN) if rotation is enabled.

rotation_rules = None

Rotation rules if rotation is enabled.

tags = None

Tags of the secret.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_aws.secretsmanager.GetSecretVersionResult(arn=None, secret_binary=None, secret_string=None, version_id=None, version_stages=None, id=None)

A collection of values returned by getSecretVersion.

arn = None

The ARN of the secret.

secret_binary = None

The decrypted part of the protected secret information that was originally provided as a binary. Base64 encoded.

secret_string = None

The decrypted part of the protected secret information that was originally provided as a string.

version_id = None

The unique identifier of this version of the secret.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_aws.secretsmanager.Secret(resource_name, opts=None, description=None, kms_key_id=None, name=None, name_prefix=None, policy=None, recovery_window_in_days=None, rotation_lambda_arn=None, rotation_rules=None, tags=None, __name__=None, __opts__=None)

Provides a resource to manage AWS Secrets Manager secret metadata. To manage a secret value, see the ``aws_secretsmanager_secret_version` resource <https://www.terraform.io/docs/providers/aws/r/secretsmanager_secret_version.html>`_.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • description (pulumi.Input[str]) – A description of the secret.
  • kms_key*id (pulumi.Input[str]) –

    Specifies the ARN or alias of the AWS KMS customer master key (CMK) to be used to encrypt the secret values in the versions stored in this secret. If you don’t specify this value, then Secrets Manager defaults to using the AWS account’s default CMK (the one named aws/secretsmanager). If the default KMS CMK with that name doesn’t yet exist, then AWS Secrets Manager creates it for you automatically the first time.

  • name (pulumi.Input[str]) – Specifies the friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /*+=.@-``Conflicts with`name_prefix``.
  • name_prefix (pulumi.Input[str]) – Creates a unique name beginning with the specified prefix. Conflicts with``name``.
  • policy (pulumi.Input[str]) – A valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). For more information about building AWS IAM policy documents with Terraform, see the [AWS IAM Policy Document Guide](https://www.terraform.io/docs/providers/aws/guides/iam-policy-documents.html).
  • recovery_window_in_days (pulumi.Input[float]) – Specifies the number of days that AWS Secrets Manager waits before it can delete the secret. This value can be``0to force deletion without recovery or range from7to30days. The default value is30`.
  • rotation_lambda_arn (pulumi.Input[str]) – Specifies the ARN of the Lambda function that can rotate the secret.
  • rotation_rules (pulumi.Input[dict]) – A structure that defines the rotation configuration for this secret. Defined below.
  • tags (pulumi.Input[dict]) – Specifies a key-value map of user-defined tags that are attached to the secret.
arn = None

Amazon Resource Name (ARN) of the secret.

description = None

A description of the secret.

kms_key_id = None

Specifies the ARN or alias of the AWS KMS customer master key (CMK) to be used to encrypt the secret values in the versions stored in this secret. If you don’t specify this value, then Secrets Manager defaults to using the AWS account’s default CMK (the one named aws/secretsmanager). If the default KMS CMK with that name doesn’t yet exist, then AWS Secrets Manager creates it for you automatically the first time.

name = None

Specifies the friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.

name_prefix = None

Creates a unique name beginning with the specified prefix. Conflicts with name.

policy = None

A valid JSON document representing a resource policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.

recovery_window_in_days = None

Specifies the number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.

rotation_enabled = None

Specifies whether automatic rotation is enabled for this secret.

rotation_lambda_arn = None

Specifies the ARN of the Lambda function that can rotate the secret.

rotation_rules = None

A structure that defines the rotation configuration for this secret. Defined below.

tags = None

Specifies a key-value map of user-defined tags that are attached to the secret.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_aws.secretsmanager.SecretVersion(resource_name, opts=None, secret_binary=None, secret_id=None, secret_string=None, version_stages=None, __name__=None, __opts__=None)

Provides a resource to manage AWS Secrets Manager secret version including its secret value. To manage secret metadata, see the ``aws_secretsmanager_secret` resource <https://www.terraform.io/docs/providers/aws/r/secretsmanager_secret.html>`_.

NOTE: If the AWSCURRENT staging label is present on this version during resource deletion, that label cannot be removed and will be skipped to prevent errors when fully deleting the secret. That label will leave this secret version active even after the resource is deleted from Terraform unless the secret itself is deleted. Move the AWSCURRENT staging label before or after deleting this resource from Terraform to fully trigger version deprecation if necessary.
Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • secret_binary (pulumi.Input[str]) – Specifies binary data that you want to encrypt and store in this version of the secret. This is required if secret_string is not set. Needs to be encoded to base64.
  • secret_id (pulumi.Input[str]) – Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.
  • secret_string (pulumi.Input[str]) – Specifies text data that you want to encrypt and store in this version of the secret. This is required if secret_binary is not set.
  • version_stages (pulumi.Input[list]) – Specifies a list of staging labels that are attached to this version of the secret. A staging label must be unique to a single version of the secret. If you specify a staging label that’s already associated with a different version of the same secret then that staging label is automatically removed from the other version and attached to this version. If you do not specify a value, then AWS Secrets Manager automatically moves the staging label AWSCURRENT to this new version on creation.
arn = None

The ARN of the secret.

secret_binary = None

Specifies binary data that you want to encrypt and store in this version of the secret. This is required if secret_string is not set. Needs to be encoded to base64.

secret_id = None

Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.

secret_string = None

Specifies text data that you want to encrypt and store in this version of the secret. This is required if secret_binary is not set.

version_id = None

The unique identifier of the version of the secret.

version_stages = None

Specifies a list of staging labels that are attached to this version of the secret. A staging label must be unique to a single version of the secret. If you specify a staging label that’s already associated with a different version of the same secret then that staging label is automatically removed from the other version and attached to this version. If you do not specify a value, then AWS Secrets Manager automatically moves the staging label AWSCURRENT to this new version on creation.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
pulumi_aws.secretsmanager.get_secret(arn=None, name=None, opts=None)

Retrieve metadata information about a Secrets Manager secret. To retrieve a secret value, see the ``aws_secretsmanager_secret_version` data source <https://www.terraform.io/docs/providers/aws/d/secretsmanager_secret_version.html>`_.

pulumi_aws.secretsmanager.get_secret_version(secret_id=None, version_id=None, version_stage=None, opts=None)

Retrieve information about a Secrets Manager secret version, including its secret value. To retrieve secret metadata, see the ``aws_secretsmanager_secret` data source <https://www.terraform.io/docs/providers/aws/d/secretsmanager_secret.html>`_.