Amazon Web Services Secrets Manager
Amazon Web Services Secrets Manager provides a service to enable you to store, manage, and retrieve, secrets.
This guide provides descriptions of the Secrets Manager API. For more information about using this service, see the Amazon Web Services Secrets Manager User Guide.
API Version
This version of the Secrets Manager API Reference documents the Secrets Manager API version 2017-10-17.
For a list of endpoints, see Amazon Web Services Secrets Manager endpoints.
Support and Feedback for Amazon Web Services Secrets Manager
We welcome your feedback. Send your comments to awssecretsmanager-feedback@amazon.com, or post your feedback and questions in the Amazon Web Services Secrets Manager Discussion Forum. For more information about the Amazon Web Services Discussion Forums, see Forums Help.
Logging API Requests
Amazon Web Services Secrets Manager supports Amazon Web Services CloudTrail, a service that records Amazon Web Services API calls for your Amazon Web Services account and delivers log files to an Amazon S3 bucket. By using information that's collected by Amazon Web Services CloudTrail, you can determine the requests successfully made to Secrets Manager, who made the request, when it was made, and so on. For more about Amazon Web Services Secrets Manager and support for Amazon Web Services CloudTrail, see Logging Amazon Web Services Secrets Manager Events with Amazon Web Services CloudTrail in the Amazon Web Services Secrets Manager User Guide. To learn more about CloudTrail, including enabling it and find your log files, see the Amazon Web Services CloudTrail User Guide.
secretsmanager(
config = list(),
credentials = list(),
endpoint = NULL,
region = NULL
)A client for the service. You can call the service's operations using
syntax like svc$operation(...), where svc is the name you've assigned
to the client. The available operations are listed in the
Operations section.
Optional configuration of credentials, endpoint, and/or region.
credentials:
creds:
access_key_id: AWS access key ID
secret_access_key: AWS secret access key
session_token: AWS temporary session token
profile: The name of a profile to use. If not given, then the default profile is used.
anonymous: Set anonymous credentials.
endpoint: The complete URL to use for the constructed client.
region: The AWS Region used in instantiating the client.
close_connection: Immediately close all HTTP connections.
timeout: The time in seconds till a timeout exception is thrown when attempting to make a connection. The default is 60 seconds.
s3_force_path_style: Set this to true to force the request to use path-style addressing, i.e. http://s3.amazonaws.com/BUCKET/KEY.
sts_regional_endpoint: Set sts regional endpoint resolver to regional or legacy https://docs.aws.amazon.com/sdkref/latest/guide/feature-sts-regionalized-endpoints.html
Optional credentials shorthand for the config parameter
creds:
access_key_id: AWS access key ID
secret_access_key: AWS secret access key
session_token: AWS temporary session token
profile: The name of a profile to use. If not given, then the default profile is used.
anonymous: Set anonymous credentials.
Optional shorthand for complete URL to use for the constructed client.
Optional shorthand for AWS Region used in instantiating the client.
svc <- secretsmanager(
config = list(
credentials = list(
creds = list(
access_key_id = "string",
secret_access_key = "string",
session_token = "string"
),
profile = "string",
anonymous = "logical"
),
endpoint = "string",
region = "string",
close_connection = "logical",
timeout = "numeric",
s3_force_path_style = "logical",
sts_regional_endpoint = "string"
),
credentials = list(
creds = list(
access_key_id = "string",
secret_access_key = "string",
session_token = "string"
),
profile = "string",
anonymous = "logical"
),
endpoint = "string",
region = "string"
)
| batch_get_secret_value | Retrieves the contents of the encrypted fields SecretString or SecretBinary for up to 20 secrets |
| cancel_rotate_secret | Turns off automatic rotation, and if a rotation is currently in progress, cancels the rotation |
| create_secret | Creates a new secret |
| delete_resource_policy | Deletes the resource-based permission policy attached to the secret |
| delete_secret | Deletes a secret and all of its versions |
| describe_secret | Retrieves the details of a secret |
| get_random_password | Generates a random password |
| get_resource_policy | Retrieves the JSON text of the resource-based policy document attached to the secret |
| get_secret_value | Retrieves the contents of the encrypted fields SecretString or SecretBinary from the specified version of a secret, whichever contains content |
| list_secrets | Lists the secrets that are stored by Secrets Manager in the Amazon Web Services account, not including secrets that are marked for deletion |
| list_secret_version_ids | Lists the versions of a secret |
| put_resource_policy | Attaches a resource-based permission policy to a secret |
| put_secret_value | Creates a new version with a new encrypted secret value and attaches it to the secret |
| remove_regions_from_replication | For a secret that is replicated to other Regions, deletes the secret replicas from the Regions you specify |
| replicate_secret_to_regions | Replicates the secret to a new Regions |
| restore_secret | Cancels the scheduled deletion of a secret by removing the DeletedDate time stamp |
| rotate_secret | Configures and starts the asynchronous process of rotating the secret |
| stop_replication_to_replica | Removes the link between the replica secret and the primary secret and promotes the replica to a primary secret in the replica Region |
| tag_resource | Attaches tags to a secret |
| untag_resource | Removes specific tags from a secret |
| update_secret | Modifies the details of a secret, including metadata and the secret value |
| update_secret_version_stage | Modifies the staging labels attached to a version of a secret |
| validate_resource_policy | Validates that a resource policy does not grant a wide range of principals access to your secret |
if (FALSE) {
svc <- secretsmanager()
# The following example shows how to cancel rotation for a secret. The
# operation sets the RotationEnabled field to false and cancels all
# scheduled rotations. To resume scheduled rotations, you must re-enable
# rotation by calling the rotate-secret operation.
svc$cancel_rotate_secret(
SecretId = "MyTestDatabaseSecret"
)
}
Run the code above in your browser using DataLab