Expand description
AWS Secrets Manager provides a service to enable you to store, manage, and retrieve, secrets.
This guide provides descriptions of the Secrets Manager API. For more information about using this service, see the AWS Secrets Manager User Guide.
API Version
This version of the Secrets Manager API Reference documents the Secrets Manager API version 2017-10-17.
As an alternative to using the API, you can use one of the AWS SDKs, which consist of libraries and sample code for various programming languages and platforms such as Java, Ruby, .NET, iOS, and Android. The SDKs provide a convenient way to create programmatic access to AWS Secrets Manager. For example, the SDKs provide cryptographically signing requests, managing errors, and retrying requests automatically. For more information about the AWS SDKs, including downloading and installing them, see Tools for Amazon Web Services.
We recommend you use the AWS SDKs to make programmatic API calls to Secrets Manager. However, you also can use the Secrets Manager HTTP Query API to make direct calls to the Secrets Manager web service. To learn more about the Secrets Manager HTTP Query API, see Making Query Requests in the AWS Secrets Manager User Guide.
Secrets Manager API supports GET and POST requests for all actions, and doesn't require you to use GET for some actions and POST for others. However, GET requests are subject to the limitation size of a URL. Therefore, for operations that require larger sizes, use a POST request.
Support and Feedback for AWS Secrets Manager
We welcome your feedback. Send your comments to awssecretsmanager-feedback@amazon.com, or post your feedback and questions in the AWS Secrets Manager Discussion Forum. For more information about the AWS Discussion Forums, see Forums Help.
How examples are presented
The JSON that AWS Secrets Manager expects as your request parameters and the service returns as a response to HTTP query requests contain single, long strings without line breaks or white space formatting. The JSON shown in the examples displays the code formatted with both line breaks and white space to improve readability. When example input parameters can also cause long strings extending beyond the screen, you can insert line breaks to enhance readability. You should always submit the input as a single JSON text string.
Logging API Requests
AWS Secrets Manager supports AWS CloudTrail, a service that records AWS API calls for your AWS account and delivers log files to an Amazon S3 bucket. By using information that's collected by AWS CloudTrail, you can determine the requests successfully made to Secrets Manager, who made the request, when it was made, and so on. For more about AWS Secrets Manager and support for AWS CloudTrail, see Logging AWS Secrets Manager Events with AWS CloudTrail in the AWS Secrets Manager User Guide. To learn more about CloudTrail, including enabling it and find your log files, see the AWS CloudTrail User Guide.
If you’re using the service, you’re probably looking for SecretsManagerClient and SecretsManager.
Structs§
- Cancel
Rotate Secret Request - Cancel
Rotate Secret Response - Create
Secret Request - Create
Secret Response - Delete
Resource Policy Request - Delete
Resource Policy Response - Delete
Secret Request - Delete
Secret Response - Describe
Secret Request - Describe
Secret Response - Filter
Allows you to add filters when you use the search function in Secrets Manager.
- GetRandom
Password Request - GetRandom
Password Response - GetResource
Policy Request - GetResource
Policy Response - GetSecret
Value Request - GetSecret
Value Response - List
Secret Version IdsRequest - List
Secret Version IdsResponse - List
Secrets Request - List
Secrets Response - PutResource
Policy Request - PutResource
Policy Response - PutSecret
Value Request - PutSecret
Value Response - Remove
Regions From Replication Request - Remove
Regions From Replication Response - Replica
Region Type (Optional) Custom type consisting of a
Region(required) and theKmsKeyIdwhich can be anARN,Key ID, orAlias.- Replicate
Secret ToRegions Request - Replicate
Secret ToRegions Response - Replication
Status Type A replication object consisting of a
RegionReplicationStatusobject and includes a Region, KMSKeyId, status, and status message.- Restore
Secret Request - Restore
Secret Response - Rotate
Secret Request - Rotate
Secret Response - Rotation
Rules Type A structure that defines the rotation configuration for the secret.
- Secret
List Entry A structure that contains the details about a secret. It does not include the encrypted
SecretStringandSecretBinaryvalues. To get those values, use the GetSecretValue operation.- Secret
Versions List Entry A structure that contains information about one version of a secret.
- Secrets
Manager Client - A client for the AWS Secrets Manager API.
- Stop
Replication ToReplica Request - Stop
Replication ToReplica Response - Tag
A structure that contains information about a tag.
- TagResource
Request - Untag
Resource Request - Update
Secret Request - Update
Secret Response - Update
Secret Version Stage Request - Update
Secret Version Stage Response - Validate
Resource Policy Request - Validate
Resource Policy Response - Validation
Errors Entry Displays errors that occurred during validation of the resource policy.
Enums§
- Cancel
Rotate Secret Error - Errors returned by CancelRotateSecret
- Create
Secret Error - Errors returned by CreateSecret
- Delete
Resource Policy Error - Errors returned by DeleteResourcePolicy
- Delete
Secret Error - Errors returned by DeleteSecret
- Describe
Secret Error - Errors returned by DescribeSecret
- GetRandom
Password Error - Errors returned by GetRandomPassword
- GetResource
Policy Error - Errors returned by GetResourcePolicy
- GetSecret
Value Error - Errors returned by GetSecretValue
- List
Secret Version IdsError - Errors returned by ListSecretVersionIds
- List
Secrets Error - Errors returned by ListSecrets
- PutResource
Policy Error - Errors returned by PutResourcePolicy
- PutSecret
Value Error - Errors returned by PutSecretValue
- Remove
Regions From Replication Error - Errors returned by RemoveRegionsFromReplication
- Replicate
Secret ToRegions Error - Errors returned by ReplicateSecretToRegions
- Restore
Secret Error - Errors returned by RestoreSecret
- Rotate
Secret Error - Errors returned by RotateSecret
- Stop
Replication ToReplica Error - Errors returned by StopReplicationToReplica
- TagResource
Error - Errors returned by TagResource
- Untag
Resource Error - Errors returned by UntagResource
- Update
Secret Error - Errors returned by UpdateSecret
- Update
Secret Version Stage Error - Errors returned by UpdateSecretVersionStage
- Validate
Resource Policy Error - Errors returned by ValidateResourcePolicy
Traits§
- Secrets
Manager - Trait representing the capabilities of the AWS Secrets Manager API. AWS Secrets Manager clients implement this trait.