AWS Secrets Manager allows us to:
- Centrally store and manage credentials, API keys, and other secrets.
- Use AWS Identity and Access Management (IAM) permissions policies to manage access to your secrets.
- Rotate secrets on demand or on a schedule, without redeploying or disrupting active applications.
- Integrate secrets with AWS logging, monitoring, and notification services.
Viewing Secrets
To list all secrets in a particular region:
% aws secretsmanager list-secrets --region us-east-2
{
"SecretList": [
{
"ARN": "arn:aws:secretsmanager:us-east-2:700840607999:secret:my-app/stage/my-secret-bwwria",
"Name": "my-app/stage/my-secret ",
"Description": "Secret for my-app in staging env",
"LastChangedDate": "2025-01-13T12:51:21.204000+00:00",
"LastAccessedDate": "2025-02-07T00:00:00+00:00",
"Tags": [
{
"Key": "environment",
"Value": "stage"
},
{
"Key": "service",
"Value": "main-app"
}
],
"SecretVersionsToStages": {
"11877f11-1999-4f37-8311-283ad04d70f1": [
"AWSCURRENT"
],
"ab81397d-eb1d-4dc1-8a44-961ce45de258": [
"AWSPREVIOUS"
]
},
"CreatedDate": "2022-08-17T12:55:43.194000+01:00",
"PrimaryRegion": "us-east-2"
},
...
]
}
Deleting a secret
By default, secret is not deleted immediately but after 7 days.
To delete a secret immediately use --force-delete-without-recovery option:
% aws secretsmanager delete-secret --secret-id my-app/stage/my-secret --force-delete-without-recovery --region eu-west-2
{
"ARN": "arn:aws:secretsmanager:eu-west-2:700859607999:secret:my-app/stage/my-secret-E0yyRM",
"Name": "my-app/stage/my-secret",
"DeletionDate": "2025-02-07T14:54:30.386000+00:00"
}
No comments:
Post a Comment