The aws secretsmanager command is part of the AWS Command Line Interface (CLI) and provides functionality to store, manage, and retrieve secrets using AWS Secrets Manager. AWS Secrets Manager is a fully managed service that helps you protect sensitive information such as API keys, database passwords, and secure tokens.
Here’s an overview of the aws secretsmanager command and its functionality:
- Storing Secrets: The primary purpose of the aws secretsmanager command is to store secrets securely. You can use this command to create a secret by providing the necessary information, such as the secret value, name, description, and additional configuration options.
- Retrieving Secrets: The aws secretsmanager command allows you to retrieve secrets by specifying the secret name or ARN (Amazon Resource Name). It retrieves the secret value, which you can then use in your applications, scripts, or automation workflows.
- Managing Secrets: The aws secretsmanager command provides capabilities to manage secrets. You can update the secret value, change the description or tags associated with a secret, enable or disable rotation for a secret, and configure other settings related to the secret’s lifecycle.
- Secret Rotation: AWS Secrets Manager offers built-in support for secret rotation, which helps you automatically and securely rotate secrets. With the aws secretsmanager command, you can initiate or configure secret rotation for supported secrets, such as database credentials or API keys.
- Access Control: Secrets Manager integrates with AWS Identity and Access Management (IAM) to control access to secrets. The aws secretsmanager command requires appropriate IAM permissions to perform operations on secrets. You can define fine-grained IAM policies to control who can manage and retrieve secrets.
- Integration with other AWS Services: Secrets Manager seamlessly integrates with other AWS services. For example, you can use secrets stored in Secrets Manager as environment variables in AWS Lambda functions, or configure Amazon RDS database instances to retrieve database credentials from Secrets Manager.
The aws secretsmanager command provides a convenient way to interact with AWS Secrets Manager from the command line. It allows you to store sensitive information securely, retrieve secrets when needed, and manage the lifecycle of your secrets.
aws secretsmanager Command Examples
1. Show secrets stored by the secrets manager in the current account:
# aws secretsmanager list-secrets
2. Create a secret:
# aws secretsmanager create-secret --name name --description "secret_description" --secret-string secret
3. Delete a secret:
# aws secretsmanager delete-secret --secret-id name_or_arn
4. View details of a secret except for secret text:
# aws secretsmanager describe-secret --secret-id name_or_arn
5. Retrieve the value of a secret (to get the latest version of the secret omit — version-stage):
# aws secretsmanager get-secret-value --secret-id name_or_arn --version-stage version_of_secret
6. Rotate the secret immediately using a Lambda function:
# aws secretsmanager rotate-secret --secret-id name_or_arn --rotation-lambda-arn arn_of_lambda_function
7. Rotate the secret automatically every 30 days using a Lambda function:
# aws secretsmanager rotate-secret --secret-id name_or_arn --rotation-lambda-arn arn_of_lambda_function --rotation- rules AutomaticallyAfterDays=30