AWS Secrets Manager: Secrets Manager
Summary
This module contains actions for reading, creating, & updating secrets in AWS Secrets Manager.
PPA Appliance & Vault Requirements
This plugin requires PPA version 2.7.1 or later.
You must have an AWS Secrets Manager provisioned as a Vault inside PPA to use this plugin.
Actions
aws_secrets_manager.secrets.
create
Create a new secret.
Minimum Plugin Version: 2.0.0
Input
-
name: the name of the secret
-
data: a dictionary containing the secret keys & values
-
tags: optional dictionary containing tags for the secret (defaults to empty)
-
description: optional description for the secret (defaults to empty)
-
secrets_manager: the name of the AWS Secrets Manager (required if multiple are configured)
Output
Nothing is outputted by this action.
Example
1 2 3 4 5 6 7 8 |
|
aws_secrets_manager.secrets.
delete
Delete a secret.
Minimum Plugin Version: 2.0.0
Input
-
secret: the secret to delete
-
force: set to
true
to force delete the secret with no recovery (defaults tofalse
) -
recovery_days: optional number of days to set as the recovery period (defaults to
30
) -
secrets_manager: the name of the AWS Secrets Manager (required if multiple are configured)
Force Deletion & Recovery
You cannot supply both the force & recovery_days inputs.
Output
Nothing is outputted by this action.
Example
1 2 3 |
|
aws_secrets_manager.secrets.
list
List all secrets.
This action only shows which secrets exist, it does not reveal any sensitive secret data.
Minimum Plugin Version: 2.0.0
Input
- secrets_manager: the name of the AWS Secrets Manager (required if multiple are configured)
Output
A list of ListedSecret dictionaries.
Example
1 2 |
|
aws_secrets_manager.secrets.
read
Read a secret.
Minimum Plugin Version: 2.0.0
Input
-
secret: the name of the secret
-
secrets_manager: the name of the AWS Secrets Manager (required if multiple are configured)
Output
A single Secret.
Example
1 2 3 |
|
aws_secrets_manager.secrets.
update
Create a new version of the secret with the supplied data.
Minimum Plugin Version: 2.0.0
Input
-
name: the secret to update
-
data: a dictionary containing the secret keys & values
-
secrets_manager: the name of the AWS Secrets Manager (required if multiple are configured)
Updating Secrets
This action creates a new secret version containing only the keys & values supplied in data
.
Any keys that exist in the current secret will not exist in the new version unless a value is supplied.
Output
Nothing is outputted by this action.
Example
1 2 3 4 |
|