secretsmanager

package
v4.33.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 6, 2022 License: Apache-2.0 Imports: 7 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type GetSecretRotationRotationRule 

type GetSecretRotationRotationRule struct {
	AutomaticallyAfterDays int `pulumi:"automaticallyAfterDays"`
}

type GetSecretRotationRotationRuleArgs 

type GetSecretRotationRotationRuleArgs struct {
	AutomaticallyAfterDays pulumi.IntInput `pulumi:"automaticallyAfterDays"`
}

func (GetSecretRotationRotationRuleArgs) ElementType 

func (GetSecretRotationRotationRuleArgs) ElementType() reflect.Type

func (GetSecretRotationRotationRuleArgs) ToGetSecretRotationRotationRuleOutput 

func (i GetSecretRotationRotationRuleArgs) ToGetSecretRotationRotationRuleOutput() GetSecretRotationRotationRuleOutput

func (GetSecretRotationRotationRuleArgs) ToGetSecretRotationRotationRuleOutputWithContext 

func (i GetSecretRotationRotationRuleArgs) ToGetSecretRotationRotationRuleOutputWithContext(ctx context.Context) GetSecretRotationRotationRuleOutput

type GetSecretRotationRotationRuleArray 

type GetSecretRotationRotationRuleArray []GetSecretRotationRotationRuleInput

func (GetSecretRotationRotationRuleArray) ElementType 

func (GetSecretRotationRotationRuleArray) ElementType() reflect.Type

func (GetSecretRotationRotationRuleArray) ToGetSecretRotationRotationRuleArrayOutput 

func (i GetSecretRotationRotationRuleArray) ToGetSecretRotationRotationRuleArrayOutput() GetSecretRotationRotationRuleArrayOutput

func (GetSecretRotationRotationRuleArray) ToGetSecretRotationRotationRuleArrayOutputWithContext 

func (i GetSecretRotationRotationRuleArray) ToGetSecretRotationRotationRuleArrayOutputWithContext(ctx context.Context) GetSecretRotationRotationRuleArrayOutput

type GetSecretRotationRotationRuleArrayInput 

type GetSecretRotationRotationRuleArrayInput interface {
	pulumi.Input

	ToGetSecretRotationRotationRuleArrayOutput() GetSecretRotationRotationRuleArrayOutput
	ToGetSecretRotationRotationRuleArrayOutputWithContext(context.Context) GetSecretRotationRotationRuleArrayOutput
}

GetSecretRotationRotationRuleArrayInput is an input type that accepts GetSecretRotationRotationRuleArray and GetSecretRotationRotationRuleArrayOutput values. You can construct a concrete instance of `GetSecretRotationRotationRuleArrayInput` via: 

GetSecretRotationRotationRuleArray{ GetSecretRotationRotationRuleArgs{...} }

type GetSecretRotationRotationRuleArrayOutput 

type GetSecretRotationRotationRuleArrayOutput struct{ *pulumi.OutputState }

func (GetSecretRotationRotationRuleArrayOutput) ElementType 

func (GetSecretRotationRotationRuleArrayOutput) ElementType() reflect.Type

func (GetSecretRotationRotationRuleArrayOutput) Index 

func (o GetSecretRotationRotationRuleArrayOutput) Index(i pulumi.IntInput) GetSecretRotationRotationRuleOutput

func (GetSecretRotationRotationRuleArrayOutput) ToGetSecretRotationRotationRuleArrayOutput 

func (o GetSecretRotationRotationRuleArrayOutput) ToGetSecretRotationRotationRuleArrayOutput() GetSecretRotationRotationRuleArrayOutput

func (GetSecretRotationRotationRuleArrayOutput) ToGetSecretRotationRotationRuleArrayOutputWithContext 

func (o GetSecretRotationRotationRuleArrayOutput) ToGetSecretRotationRotationRuleArrayOutputWithContext(ctx context.Context) GetSecretRotationRotationRuleArrayOutput

type GetSecretRotationRotationRuleInput 

type GetSecretRotationRotationRuleInput interface {
	pulumi.Input

	ToGetSecretRotationRotationRuleOutput() GetSecretRotationRotationRuleOutput
	ToGetSecretRotationRotationRuleOutputWithContext(context.Context) GetSecretRotationRotationRuleOutput
}

GetSecretRotationRotationRuleInput is an input type that accepts GetSecretRotationRotationRuleArgs and GetSecretRotationRotationRuleOutput values. You can construct a concrete instance of `GetSecretRotationRotationRuleInput` via: 

GetSecretRotationRotationRuleArgs{...}

type GetSecretRotationRotationRuleOutput 

type GetSecretRotationRotationRuleOutput struct{ *pulumi.OutputState }

func (GetSecretRotationRotationRuleOutput) AutomaticallyAfterDays 

func (o GetSecretRotationRotationRuleOutput) AutomaticallyAfterDays() pulumi.IntOutput

func (GetSecretRotationRotationRuleOutput) ElementType 

func (GetSecretRotationRotationRuleOutput) ElementType() reflect.Type

func (GetSecretRotationRotationRuleOutput) ToGetSecretRotationRotationRuleOutput 

func (o GetSecretRotationRotationRuleOutput) ToGetSecretRotationRotationRuleOutput() GetSecretRotationRotationRuleOutput

func (GetSecretRotationRotationRuleOutput) ToGetSecretRotationRotationRuleOutputWithContext 

func (o GetSecretRotationRotationRuleOutput) ToGetSecretRotationRotationRuleOutputWithContext(ctx context.Context) GetSecretRotationRotationRuleOutput

type GetSecretRotationRule 

type GetSecretRotationRule struct {
	AutomaticallyAfterDays int `pulumi:"automaticallyAfterDays"`
}

type GetSecretRotationRuleArgs 

type GetSecretRotationRuleArgs struct {
	AutomaticallyAfterDays pulumi.IntInput `pulumi:"automaticallyAfterDays"`
}

func (GetSecretRotationRuleArgs) ElementType 

func (GetSecretRotationRuleArgs) ElementType() reflect.Type

func (GetSecretRotationRuleArgs) ToGetSecretRotationRuleOutput 

func (i GetSecretRotationRuleArgs) ToGetSecretRotationRuleOutput() GetSecretRotationRuleOutput

func (GetSecretRotationRuleArgs) ToGetSecretRotationRuleOutputWithContext 

func (i GetSecretRotationRuleArgs) ToGetSecretRotationRuleOutputWithContext(ctx context.Context) GetSecretRotationRuleOutput

type GetSecretRotationRuleArray 

type GetSecretRotationRuleArray []GetSecretRotationRuleInput

func (GetSecretRotationRuleArray) ElementType 

func (GetSecretRotationRuleArray) ElementType() reflect.Type

func (GetSecretRotationRuleArray) ToGetSecretRotationRuleArrayOutput 

func (i GetSecretRotationRuleArray) ToGetSecretRotationRuleArrayOutput() GetSecretRotationRuleArrayOutput

func (GetSecretRotationRuleArray) ToGetSecretRotationRuleArrayOutputWithContext 

func (i GetSecretRotationRuleArray) ToGetSecretRotationRuleArrayOutputWithContext(ctx context.Context) GetSecretRotationRuleArrayOutput

type GetSecretRotationRuleArrayInput 

type GetSecretRotationRuleArrayInput interface {
	pulumi.Input

	ToGetSecretRotationRuleArrayOutput() GetSecretRotationRuleArrayOutput
	ToGetSecretRotationRuleArrayOutputWithContext(context.Context) GetSecretRotationRuleArrayOutput
}

GetSecretRotationRuleArrayInput is an input type that accepts GetSecretRotationRuleArray and GetSecretRotationRuleArrayOutput values. You can construct a concrete instance of `GetSecretRotationRuleArrayInput` via: 

GetSecretRotationRuleArray{ GetSecretRotationRuleArgs{...} }

type GetSecretRotationRuleArrayOutput 

type GetSecretRotationRuleArrayOutput struct{ *pulumi.OutputState }

func (GetSecretRotationRuleArrayOutput) ElementType 

func (GetSecretRotationRuleArrayOutput) ElementType() reflect.Type

func (GetSecretRotationRuleArrayOutput) Index 

func (o GetSecretRotationRuleArrayOutput) Index(i pulumi.IntInput) GetSecretRotationRuleOutput

func (GetSecretRotationRuleArrayOutput) ToGetSecretRotationRuleArrayOutput 

func (o GetSecretRotationRuleArrayOutput) ToGetSecretRotationRuleArrayOutput() GetSecretRotationRuleArrayOutput

func (GetSecretRotationRuleArrayOutput) ToGetSecretRotationRuleArrayOutputWithContext 

func (o GetSecretRotationRuleArrayOutput) ToGetSecretRotationRuleArrayOutputWithContext(ctx context.Context) GetSecretRotationRuleArrayOutput

type GetSecretRotationRuleInput 

type GetSecretRotationRuleInput interface {
	pulumi.Input

	ToGetSecretRotationRuleOutput() GetSecretRotationRuleOutput
	ToGetSecretRotationRuleOutputWithContext(context.Context) GetSecretRotationRuleOutput
}

GetSecretRotationRuleInput is an input type that accepts GetSecretRotationRuleArgs and GetSecretRotationRuleOutput values. You can construct a concrete instance of `GetSecretRotationRuleInput` via: 

GetSecretRotationRuleArgs{...}

type GetSecretRotationRuleOutput 

type GetSecretRotationRuleOutput struct{ *pulumi.OutputState }

func (GetSecretRotationRuleOutput) AutomaticallyAfterDays 

func (o GetSecretRotationRuleOutput) AutomaticallyAfterDays() pulumi.IntOutput

func (GetSecretRotationRuleOutput) ElementType 

func (GetSecretRotationRuleOutput) ElementType() reflect.Type

func (GetSecretRotationRuleOutput) ToGetSecretRotationRuleOutput 

func (o GetSecretRotationRuleOutput) ToGetSecretRotationRuleOutput() GetSecretRotationRuleOutput

func (GetSecretRotationRuleOutput) ToGetSecretRotationRuleOutputWithContext 

func (o GetSecretRotationRuleOutput) ToGetSecretRotationRuleOutputWithContext(ctx context.Context) GetSecretRotationRuleOutput

type LookupSecretArgs 

type LookupSecretArgs struct {
	// The Amazon Resource Name (ARN) of the secret to retrieve.
	Arn *string `pulumi:"arn"`
	// The name of the secret to retrieve.
	Name *string `pulumi:"name"`
}

A collection of arguments for invoking getSecret.

type LookupSecretOutputArgs added in v4.21.0 

type LookupSecretOutputArgs struct {
	// The Amazon Resource Name (ARN) of the secret to retrieve.
	Arn pulumi.StringPtrInput `pulumi:"arn"`
	// The name of the secret to retrieve.
	Name pulumi.StringPtrInput `pulumi:"name"`
}

A collection of arguments for invoking getSecret.

func (LookupSecretOutputArgs) ElementType added in v4.21.0 

func (LookupSecretOutputArgs) ElementType() reflect.Type

type LookupSecretResult 

type LookupSecretResult struct {
	// The Amazon Resource Name (ARN) of the secret.
	Arn string `pulumi:"arn"`
	// A description of the secret.
	Description string `pulumi:"description"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// The Key Management Service (KMS) Customer Master Key (CMK) associated with the secret.
	KmsKeyId string `pulumi:"kmsKeyId"`
	Name     string `pulumi:"name"`
	// The resource-based policy document that's attached to the secret.
	Policy string `pulumi:"policy"`
	// Whether rotation is enabled or not.
	//
	// Deprecated: Use the aws_secretsmanager_secret_rotation data source instead
	RotationEnabled bool `pulumi:"rotationEnabled"`
	// Rotation Lambda function Amazon Resource Name (ARN) if rotation is enabled.
	//
	// Deprecated: Use the aws_secretsmanager_secret_rotation data source instead
	RotationLambdaArn string `pulumi:"rotationLambdaArn"`
	// Rotation rules if rotation is enabled.
	//
	// Deprecated: Use the aws_secretsmanager_secret_rotation data source instead
	RotationRules []GetSecretRotationRule `pulumi:"rotationRules"`
	// Tags of the secret.
	Tags map[string]string `pulumi:"tags"`
}

A collection of values returned by getSecret.

func LookupSecret 

func LookupSecret(ctx *pulumi.Context, args *LookupSecretArgs, opts ...pulumi.InvokeOption) (*LookupSecretResult, error)

Retrieve metadata information about a Secrets Manager secret. To retrieve a secret value, see the `secretsmanager.SecretVersion`.

## Example Usage ### ARN

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		opt0 := "arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456"
		_, err := secretsmanager.LookupSecret(ctx, &secretsmanager.LookupSecretArgs{
			Arn: &opt0,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Name

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		opt0 := "example"
		_, err := secretsmanager.LookupSecret(ctx, &secretsmanager.LookupSecretArgs{
			Name: &opt0,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type LookupSecretResultOutput added in v4.21.0 

type LookupSecretResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getSecret.

func LookupSecretOutput added in v4.21.0 

func LookupSecretOutput(ctx *pulumi.Context, args LookupSecretOutputArgs, opts ...pulumi.InvokeOption) LookupSecretResultOutput

func (LookupSecretResultOutput) Arn added in v4.21.0 

func (o LookupSecretResultOutput) Arn() pulumi.StringOutput

The Amazon Resource Name (ARN) of the secret.

func (LookupSecretResultOutput) Description added in v4.21.0 

func (o LookupSecretResultOutput) Description() pulumi.StringOutput

A description of the secret.

func (LookupSecretResultOutput) ElementType added in v4.21.0 

func (LookupSecretResultOutput) ElementType() reflect.Type

func (LookupSecretResultOutput) Id added in v4.21.0 

func (o LookupSecretResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (LookupSecretResultOutput) KmsKeyId added in v4.21.0 

func (o LookupSecretResultOutput) KmsKeyId() pulumi.StringOutput

The Key Management Service (KMS) Customer Master Key (CMK) associated with the secret.

func (LookupSecretResultOutput) Name added in v4.21.0 

func (o LookupSecretResultOutput) Name() pulumi.StringOutput

func (LookupSecretResultOutput) Policy added in v4.21.0 

func (o LookupSecretResultOutput) Policy() pulumi.StringOutput

The resource-based policy document that's attached to the secret.

func (LookupSecretResultOutput) RotationEnabled deprecated added in v4.21.0 

func (o LookupSecretResultOutput) RotationEnabled() pulumi.BoolOutput

Whether rotation is enabled or not.

Deprecated: Use the aws_secretsmanager_secret_rotation data source instead

func (LookupSecretResultOutput) RotationLambdaArn deprecated added in v4.21.0 

func (o LookupSecretResultOutput) RotationLambdaArn() pulumi.StringOutput

Rotation Lambda function Amazon Resource Name (ARN) if rotation is enabled.

Deprecated: Use the aws_secretsmanager_secret_rotation data source instead

func (LookupSecretResultOutput) RotationRules deprecated added in v4.21.0 

func (o LookupSecretResultOutput) RotationRules() GetSecretRotationRuleArrayOutput

Rotation rules if rotation is enabled.

Deprecated: Use the aws_secretsmanager_secret_rotation data source instead

func (LookupSecretResultOutput) Tags added in v4.21.0 

func (o LookupSecretResultOutput) Tags() pulumi.StringMapOutput

Tags of the secret.

func (LookupSecretResultOutput) ToLookupSecretResultOutput added in v4.21.0 

func (o LookupSecretResultOutput) ToLookupSecretResultOutput() LookupSecretResultOutput

func (LookupSecretResultOutput) ToLookupSecretResultOutputWithContext added in v4.21.0 

func (o LookupSecretResultOutput) ToLookupSecretResultOutputWithContext(ctx context.Context) LookupSecretResultOutput

type LookupSecretRotationArgs 

type LookupSecretRotationArgs struct {
	// Specifies the secret containing the version that you want to retrieve. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.
	SecretId string `pulumi:"secretId"`
}

A collection of arguments for invoking getSecretRotation.

type LookupSecretRotationOutputArgs added in v4.21.0 

type LookupSecretRotationOutputArgs struct {
	// Specifies the secret containing the version that you want to retrieve. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.
	SecretId pulumi.StringInput `pulumi:"secretId"`
}

A collection of arguments for invoking getSecretRotation.

func (LookupSecretRotationOutputArgs) ElementType added in v4.21.0 

func (LookupSecretRotationOutputArgs) ElementType() reflect.Type

type LookupSecretRotationResult 

type LookupSecretRotationResult struct {
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// The ARN of the secret.
	RotationEnabled bool `pulumi:"rotationEnabled"`
	// The decrypted part of the protected secret information that was originally provided as a string.
	RotationLambdaArn string `pulumi:"rotationLambdaArn"`
	// The decrypted part of the protected secret information that was originally provided as a binary. Base64 encoded.
	RotationRules []GetSecretRotationRotationRule `pulumi:"rotationRules"`
	SecretId      string                          `pulumi:"secretId"`
}

A collection of values returned by getSecretRotation.

func LookupSecretRotation 

func LookupSecretRotation(ctx *pulumi.Context, args *LookupSecretRotationArgs, opts ...pulumi.InvokeOption) (*LookupSecretRotationResult, error)

Retrieve information about a Secrets Manager secret rotation. To retrieve secret metadata, see the `secretsmanager.Secret` data source. To retrieve a secret value, see the `secretsmanager.SecretVersion` data source.

## Example Usage ### Retrieve Secret Rotation Configuration

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.LookupSecretRotation(ctx, &secretsmanager.LookupSecretRotationArgs{
			SecretId: data.Aws_secretsmanager_secret.Example.Id,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type LookupSecretRotationResultOutput added in v4.21.0 

type LookupSecretRotationResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getSecretRotation.

func LookupSecretRotationOutput added in v4.21.0 

func LookupSecretRotationOutput(ctx *pulumi.Context, args LookupSecretRotationOutputArgs, opts ...pulumi.InvokeOption) LookupSecretRotationResultOutput

func (LookupSecretRotationResultOutput) ElementType added in v4.21.0 

func (LookupSecretRotationResultOutput) ElementType() reflect.Type

func (LookupSecretRotationResultOutput) Id added in v4.21.0 

func (o LookupSecretRotationResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (LookupSecretRotationResultOutput) RotationEnabled added in v4.21.0 

func (o LookupSecretRotationResultOutput) RotationEnabled() pulumi.BoolOutput

The ARN of the secret.

func (LookupSecretRotationResultOutput) RotationLambdaArn added in v4.21.0 

func (o LookupSecretRotationResultOutput) RotationLambdaArn() pulumi.StringOutput

The decrypted part of the protected secret information that was originally provided as a string.

func (LookupSecretRotationResultOutput) RotationRules added in v4.21.0 

func (o LookupSecretRotationResultOutput) RotationRules() GetSecretRotationRotationRuleArrayOutput

The decrypted part of the protected secret information that was originally provided as a binary. Base64 encoded.

func (LookupSecretRotationResultOutput) SecretId added in v4.21.0 

func (o LookupSecretRotationResultOutput) SecretId() pulumi.StringOutput

func (LookupSecretRotationResultOutput) ToLookupSecretRotationResultOutput added in v4.21.0 

func (o LookupSecretRotationResultOutput) ToLookupSecretRotationResultOutput() LookupSecretRotationResultOutput

func (LookupSecretRotationResultOutput) ToLookupSecretRotationResultOutputWithContext added in v4.21.0 

func (o LookupSecretRotationResultOutput) ToLookupSecretRotationResultOutputWithContext(ctx context.Context) LookupSecretRotationResultOutput

type LookupSecretVersionArgs 

type LookupSecretVersionArgs struct {
	// Specifies the secret containing the version that you want to retrieve. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.
	SecretId string `pulumi:"secretId"`
	// Specifies the unique identifier of the version of the secret that you want to retrieve. Overrides `versionStage`.
	VersionId *string `pulumi:"versionId"`
	// Specifies the secret version that you want to retrieve by the staging label attached to the version. Defaults to `AWSCURRENT`.
	VersionStage *string `pulumi:"versionStage"`
}

A collection of arguments for invoking getSecretVersion.

type LookupSecretVersionOutputArgs added in v4.21.0 

type LookupSecretVersionOutputArgs struct {
	// Specifies the secret containing the version that you want to retrieve. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.
	SecretId pulumi.StringInput `pulumi:"secretId"`
	// Specifies the unique identifier of the version of the secret that you want to retrieve. Overrides `versionStage`.
	VersionId pulumi.StringPtrInput `pulumi:"versionId"`
	// Specifies the secret version that you want to retrieve by the staging label attached to the version. Defaults to `AWSCURRENT`.
	VersionStage pulumi.StringPtrInput `pulumi:"versionStage"`
}

A collection of arguments for invoking getSecretVersion.

func (LookupSecretVersionOutputArgs) ElementType added in v4.21.0 

func (LookupSecretVersionOutputArgs) ElementType() reflect.Type

type LookupSecretVersionResult 

type LookupSecretVersionResult struct {
	// The ARN of the secret.
	Arn string `pulumi:"arn"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// The decrypted part of the protected secret information that was originally provided as a binary. Base64 encoded.
	SecretBinary string `pulumi:"secretBinary"`
	SecretId     string `pulumi:"secretId"`
	// The decrypted part of the protected secret information that was originally provided as a string.
	SecretString string `pulumi:"secretString"`
	// The unique identifier of this version of the secret.
	VersionId     string   `pulumi:"versionId"`
	VersionStage  *string  `pulumi:"versionStage"`
	VersionStages []string `pulumi:"versionStages"`
}

A collection of values returned by getSecretVersion.

func LookupSecretVersion 

func LookupSecretVersion(ctx *pulumi.Context, args *LookupSecretVersionArgs, opts ...pulumi.InvokeOption) (*LookupSecretVersionResult, error)

Retrieve information about a Secrets Manager secret version, including its secret value. To retrieve secret metadata, see the `secretsmanager.Secret` data source.

## Example Usage ### Retrieve Current Secret Version

By default, this data sources retrieves information based on the `AWSCURRENT` staging label.

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.LookupSecretVersion(ctx, &secretsmanager.LookupSecretVersionArgs{
			SecretId: data.Aws_secretsmanager_secret.Example.Id,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Retrieve Specific Secret Version

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		opt0 := "example"
		_, err := secretsmanager.LookupSecretVersion(ctx, &secretsmanager.LookupSecretVersionArgs{
			SecretId:     data.Aws_secretsmanager_secret.Example.Id,
			VersionStage: &opt0,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type LookupSecretVersionResultOutput added in v4.21.0 

type LookupSecretVersionResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getSecretVersion.

func LookupSecretVersionOutput added in v4.21.0 

func LookupSecretVersionOutput(ctx *pulumi.Context, args LookupSecretVersionOutputArgs, opts ...pulumi.InvokeOption) LookupSecretVersionResultOutput

func (LookupSecretVersionResultOutput) Arn added in v4.21.0 

func (o LookupSecretVersionResultOutput) Arn() pulumi.StringOutput

The ARN of the secret.

func (LookupSecretVersionResultOutput) ElementType added in v4.21.0 

func (LookupSecretVersionResultOutput) ElementType() reflect.Type

func (LookupSecretVersionResultOutput) Id added in v4.21.0 

func (o LookupSecretVersionResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (LookupSecretVersionResultOutput) SecretBinary added in v4.21.0 

func (o LookupSecretVersionResultOutput) SecretBinary() pulumi.StringOutput

The decrypted part of the protected secret information that was originally provided as a binary. Base64 encoded.

func (LookupSecretVersionResultOutput) SecretId added in v4.21.0 

func (o LookupSecretVersionResultOutput) SecretId() pulumi.StringOutput

func (LookupSecretVersionResultOutput) SecretString added in v4.21.0 

func (o LookupSecretVersionResultOutput) SecretString() pulumi.StringOutput

The decrypted part of the protected secret information that was originally provided as a string.

func (LookupSecretVersionResultOutput) ToLookupSecretVersionResultOutput added in v4.21.0 

func (o LookupSecretVersionResultOutput) ToLookupSecretVersionResultOutput() LookupSecretVersionResultOutput

func (LookupSecretVersionResultOutput) ToLookupSecretVersionResultOutputWithContext added in v4.21.0 

func (o LookupSecretVersionResultOutput) ToLookupSecretVersionResultOutputWithContext(ctx context.Context) LookupSecretVersionResultOutput

func (LookupSecretVersionResultOutput) VersionId added in v4.21.0 

func (o LookupSecretVersionResultOutput) VersionId() pulumi.StringOutput

The unique identifier of this version of the secret.

func (LookupSecretVersionResultOutput) VersionStage added in v4.21.0 

func (o LookupSecretVersionResultOutput) VersionStage() pulumi.StringPtrOutput

func (LookupSecretVersionResultOutput) VersionStages added in v4.21.0 

func (o LookupSecretVersionResultOutput) VersionStages() pulumi.StringArrayOutput

type Secret 

type Secret struct {
	pulumi.CustomResourceState

	// ARN of the secret.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// Description of the secret.
	Description                 pulumi.StringPtrOutput `pulumi:"description"`
	ForceOverwriteReplicaSecret pulumi.BoolPtrOutput   `pulumi:"forceOverwriteReplicaSecret"`
	// ARN, Key ID, or Alias.
	KmsKeyId pulumi.StringPtrOutput `pulumi:"kmsKeyId"`
	// Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: `/_+=.@-` Conflicts with `namePrefix`.
	Name pulumi.StringOutput `pulumi:"name"`
	// Creates a unique name beginning with the specified prefix. Conflicts with `name`.
	NamePrefix pulumi.StringOutput `pulumi:"namePrefix"`
	// Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Removing `policy` from your configuration or setting `policy` to null or an empty string (i.e., `policy = ""`) _will not_ delete the policy since it could have been set by `secretsmanager.SecretPolicy`. To delete the `policy`, set it to `"{}"` (an empty JSON document).
	Policy pulumi.StringOutput `pulumi:"policy"`
	// Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be `0` to force deletion without recovery or range from `7` to `30` days. The default value is `30`.
	RecoveryWindowInDays pulumi.IntPtrOutput `pulumi:"recoveryWindowInDays"`
	// Configuration block to support secret replication. See details below.
	Replicas SecretReplicaArrayOutput `pulumi:"replicas"`
	// Whether automatic rotation is enabled for this secret.
	//
	// Deprecated: Use the aws_secretsmanager_secret_rotation resource instead
	RotationEnabled pulumi.BoolOutput `pulumi:"rotationEnabled"`
	// ARN of the Lambda function that can rotate the secret. Use the `secretsmanager.SecretRotation` resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.
	//
	// Deprecated: Use the aws_secretsmanager_secret_rotation resource instead
	RotationLambdaArn pulumi.StringOutput `pulumi:"rotationLambdaArn"`
	// Configuration block for the rotation configuration of this secret. Defined below. Use the `secretsmanager.SecretRotation` resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.
	//
	// Deprecated: Use the aws_secretsmanager_secret_rotation resource instead
	RotationRules SecretRotationRulesOutput `pulumi:"rotationRules"`
	// Key-value map of user-defined tags that are attached to the secret. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapOutput `pulumi:"tags"`
	// Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
	TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"`
}

Provides a resource to manage AWS Secrets Manager secret metadata. To manage secret rotation, see the `secretsmanager.SecretRotation` resource. To manage a secret value, see the `secretsmanager.SecretVersion` resource.

## Example Usage ### Basic

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.NewSecret(ctx, "example", nil)
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Rotation Configuration

To enable automatic secret rotation, the Secrets Manager service requires usage of a Lambda function. The [Rotate Secrets section in the Secrets Manager User Guide](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html) provides additional information about deploying a prebuilt Lambda functions for supported credential rotation (e.g., RDS) or deploying a custom Lambda function.

> **NOTE:** Configuring rotation causes the secret to rotate once as soon as you store the secret. Before you do this, you must ensure that all of your applications that use the credentials stored in the secret are updated to retrieve the secret from AWS Secrets Manager. The old credentials might no longer be usable after the initial rotation and any applications that you fail to update will break as soon as the old credentials are no longer valid.

> **NOTE:** If you cancel a rotation that is in progress (by removing the `rotation` configuration), it can leave the VersionStage labels in an unexpected state. Depending on what step of the rotation was in progress, you might need to remove the staging label AWSPENDING from the partially created version, specified by the SecretVersionId response value. You should also evaluate the partially rotated new version to see if it should be deleted, which you can do by removing all staging labels from the new version's VersionStage field.

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.NewSecret(ctx, "rotation_example", &secretsmanager.SecretArgs{
			RotationLambdaArn: pulumi.Any(aws_lambda_function.Example.Arn),
			RotationRules: &secretsmanager.SecretRotationRulesArgs{
				AutomaticallyAfterDays: pulumi.Int(7),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

`aws_secretsmanager_secret` can be imported by using the secret Amazon Resource Name (ARN), e.g.,

```sh 

$ pulumi import aws:secretsmanager/secret:Secret example arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456

```

func GetSecret 

func GetSecret(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretState, opts ...pulumi.ResourceOption) (*Secret, error)

GetSecret gets an existing Secret resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecret 

func NewSecret(ctx *pulumi.Context,
	name string, args *SecretArgs, opts ...pulumi.ResourceOption) (*Secret, error)

NewSecret registers a new resource with the given unique name, arguments, and options.

func (*Secret) ElementType 

func (*Secret) ElementType() reflect.Type

func (*Secret) ToSecretOutput 

func (i *Secret) ToSecretOutput() SecretOutput

func (*Secret) ToSecretOutputWithContext 

func (i *Secret) ToSecretOutputWithContext(ctx context.Context) SecretOutput

func (*Secret) ToSecretPtrOutput 

func (i *Secret) ToSecretPtrOutput() SecretPtrOutput

func (*Secret) ToSecretPtrOutputWithContext 

func (i *Secret) ToSecretPtrOutputWithContext(ctx context.Context) SecretPtrOutput

type SecretArgs 

type SecretArgs struct {
	// Description of the secret.
	Description                 pulumi.StringPtrInput
	ForceOverwriteReplicaSecret pulumi.BoolPtrInput
	// ARN, Key ID, or Alias.
	KmsKeyId pulumi.StringPtrInput
	// Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: `/_+=.@-` Conflicts with `namePrefix`.
	Name pulumi.StringPtrInput
	// Creates a unique name beginning with the specified prefix. Conflicts with `name`.
	NamePrefix pulumi.StringPtrInput
	// Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Removing `policy` from your configuration or setting `policy` to null or an empty string (i.e., `policy = ""`) _will not_ delete the policy since it could have been set by `secretsmanager.SecretPolicy`. To delete the `policy`, set it to `"{}"` (an empty JSON document).
	Policy pulumi.StringPtrInput
	// Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be `0` to force deletion without recovery or range from `7` to `30` days. The default value is `30`.
	RecoveryWindowInDays pulumi.IntPtrInput
	// Configuration block to support secret replication. See details below.
	Replicas SecretReplicaArrayInput
	// ARN of the Lambda function that can rotate the secret. Use the `secretsmanager.SecretRotation` resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.
	//
	// Deprecated: Use the aws_secretsmanager_secret_rotation resource instead
	RotationLambdaArn pulumi.StringPtrInput
	// Configuration block for the rotation configuration of this secret. Defined below. Use the `secretsmanager.SecretRotation` resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.
	//
	// Deprecated: Use the aws_secretsmanager_secret_rotation resource instead
	RotationRules SecretRotationRulesPtrInput
	// Key-value map of user-defined tags that are attached to the secret. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapInput
}

The set of arguments for constructing a Secret resource.

func (SecretArgs) ElementType 

func (SecretArgs) ElementType() reflect.Type

type SecretArray 

type SecretArray []SecretInput

func (SecretArray) ElementType 

func (SecretArray) ElementType() reflect.Type

func (SecretArray) ToSecretArrayOutput 

func (i SecretArray) ToSecretArrayOutput() SecretArrayOutput

func (SecretArray) ToSecretArrayOutputWithContext 

func (i SecretArray) ToSecretArrayOutputWithContext(ctx context.Context) SecretArrayOutput

type SecretArrayInput 

type SecretArrayInput interface {
	pulumi.Input

	ToSecretArrayOutput() SecretArrayOutput
	ToSecretArrayOutputWithContext(context.Context) SecretArrayOutput
}

SecretArrayInput is an input type that accepts SecretArray and SecretArrayOutput values. You can construct a concrete instance of `SecretArrayInput` via: 

SecretArray{ SecretArgs{...} }

type SecretArrayOutput 

type SecretArrayOutput struct{ *pulumi.OutputState }

func (SecretArrayOutput) ElementType 

func (SecretArrayOutput) ElementType() reflect.Type

func (SecretArrayOutput) Index 

func (o SecretArrayOutput) Index(i pulumi.IntInput) SecretOutput

func (SecretArrayOutput) ToSecretArrayOutput 

func (o SecretArrayOutput) ToSecretArrayOutput() SecretArrayOutput

func (SecretArrayOutput) ToSecretArrayOutputWithContext 

func (o SecretArrayOutput) ToSecretArrayOutputWithContext(ctx context.Context) SecretArrayOutput

type SecretInput 

type SecretInput interface {
	pulumi.Input

	ToSecretOutput() SecretOutput
	ToSecretOutputWithContext(ctx context.Context) SecretOutput
}

type SecretMap 

type SecretMap map[string]SecretInput

func (SecretMap) ElementType 

func (SecretMap) ElementType() reflect.Type

func (SecretMap) ToSecretMapOutput 

func (i SecretMap) ToSecretMapOutput() SecretMapOutput

func (SecretMap) ToSecretMapOutputWithContext 

func (i SecretMap) ToSecretMapOutputWithContext(ctx context.Context) SecretMapOutput

type SecretMapInput 

type SecretMapInput interface {
	pulumi.Input

	ToSecretMapOutput() SecretMapOutput
	ToSecretMapOutputWithContext(context.Context) SecretMapOutput
}

SecretMapInput is an input type that accepts SecretMap and SecretMapOutput values. You can construct a concrete instance of `SecretMapInput` via: 

SecretMap{ "key": SecretArgs{...} }

type SecretMapOutput 

type SecretMapOutput struct{ *pulumi.OutputState }

func (SecretMapOutput) ElementType 

func (SecretMapOutput) ElementType() reflect.Type

func (SecretMapOutput) MapIndex 

func (o SecretMapOutput) MapIndex(k pulumi.StringInput) SecretOutput

func (SecretMapOutput) ToSecretMapOutput 

func (o SecretMapOutput) ToSecretMapOutput() SecretMapOutput

func (SecretMapOutput) ToSecretMapOutputWithContext 

func (o SecretMapOutput) ToSecretMapOutputWithContext(ctx context.Context) SecretMapOutput

type SecretOutput 

type SecretOutput struct{ *pulumi.OutputState }

func (SecretOutput) ElementType 

func (SecretOutput) ElementType() reflect.Type

func (SecretOutput) ToSecretOutput 

func (o SecretOutput) ToSecretOutput() SecretOutput

func (SecretOutput) ToSecretOutputWithContext 

func (o SecretOutput) ToSecretOutputWithContext(ctx context.Context) SecretOutput

func (SecretOutput) ToSecretPtrOutput 

func (o SecretOutput) ToSecretPtrOutput() SecretPtrOutput

func (SecretOutput) ToSecretPtrOutputWithContext 

func (o SecretOutput) ToSecretPtrOutputWithContext(ctx context.Context) SecretPtrOutput

type SecretPolicy 

type SecretPolicy struct {
	pulumi.CustomResourceState

	// Makes an optional API call to Zelkova to validate the Resource Policy to prevent broad access to your secret.
	BlockPublicPolicy pulumi.BoolPtrOutput `pulumi:"blockPublicPolicy"`
	// Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Unlike `secretsmanager.Secret`, where `policy` can be set to `"{}"` to delete the policy, `"{}"` is not a valid policy since `policy` is required.
	Policy pulumi.StringOutput `pulumi:"policy"`
	// Secret ARN.
	SecretArn pulumi.StringOutput `pulumi:"secretArn"`
}

Provides a resource to manage AWS Secrets Manager secret policy.

## Example Usage ### Basic

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleSecret, err := secretsmanager.NewSecret(ctx, "exampleSecret", nil)
		if err != nil {
			return err
		}
		_, err = secretsmanager.NewSecretPolicy(ctx, "exampleSecretPolicy", &secretsmanager.SecretPolicyArgs{
			SecretArn: exampleSecret.Arn,
			Policy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "	{\n", "	  \"Sid\": \"EnableAllPermissions\",\n", "	  \"Effect\": \"Allow\",\n", "	  \"Principal\": {\n", "		\"AWS\": \"*\"\n", "	  },\n", "	  \"Action\": \"secretsmanager:GetSecretValue\",\n", "	  \"Resource\": \"*\"\n", "	}\n", "  ]\n", "}\n")),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

`aws_secretsmanager_secret_policy` can be imported by using the secret Amazon Resource Name (ARN), e.g.,

```sh 

$ pulumi import aws:secretsmanager/secretPolicy:SecretPolicy example arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456

```

func GetSecretPolicy 

func GetSecretPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretPolicyState, opts ...pulumi.ResourceOption) (*SecretPolicy, error)

GetSecretPolicy gets an existing SecretPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretPolicy 

func NewSecretPolicy(ctx *pulumi.Context,
	name string, args *SecretPolicyArgs, opts ...pulumi.ResourceOption) (*SecretPolicy, error)

NewSecretPolicy registers a new resource with the given unique name, arguments, and options.

func (*SecretPolicy) ElementType 

func (*SecretPolicy) ElementType() reflect.Type

func (*SecretPolicy) ToSecretPolicyOutput 

func (i *SecretPolicy) ToSecretPolicyOutput() SecretPolicyOutput

func (*SecretPolicy) ToSecretPolicyOutputWithContext 

func (i *SecretPolicy) ToSecretPolicyOutputWithContext(ctx context.Context) SecretPolicyOutput

func (*SecretPolicy) ToSecretPolicyPtrOutput 

func (i *SecretPolicy) ToSecretPolicyPtrOutput() SecretPolicyPtrOutput

func (*SecretPolicy) ToSecretPolicyPtrOutputWithContext 

func (i *SecretPolicy) ToSecretPolicyPtrOutputWithContext(ctx context.Context) SecretPolicyPtrOutput

type SecretPolicyArgs 

type SecretPolicyArgs struct {
	// Makes an optional API call to Zelkova to validate the Resource Policy to prevent broad access to your secret.
	BlockPublicPolicy pulumi.BoolPtrInput
	// Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Unlike `secretsmanager.Secret`, where `policy` can be set to `"{}"` to delete the policy, `"{}"` is not a valid policy since `policy` is required.
	Policy pulumi.StringInput
	// Secret ARN.
	SecretArn pulumi.StringInput
}

The set of arguments for constructing a SecretPolicy resource.

func (SecretPolicyArgs) ElementType 

func (SecretPolicyArgs) ElementType() reflect.Type

type SecretPolicyArray 

type SecretPolicyArray []SecretPolicyInput

func (SecretPolicyArray) ElementType 

func (SecretPolicyArray) ElementType() reflect.Type

func (SecretPolicyArray) ToSecretPolicyArrayOutput 

func (i SecretPolicyArray) ToSecretPolicyArrayOutput() SecretPolicyArrayOutput

func (SecretPolicyArray) ToSecretPolicyArrayOutputWithContext 

func (i SecretPolicyArray) ToSecretPolicyArrayOutputWithContext(ctx context.Context) SecretPolicyArrayOutput

type SecretPolicyArrayInput 

type SecretPolicyArrayInput interface {
	pulumi.Input

	ToSecretPolicyArrayOutput() SecretPolicyArrayOutput
	ToSecretPolicyArrayOutputWithContext(context.Context) SecretPolicyArrayOutput
}

SecretPolicyArrayInput is an input type that accepts SecretPolicyArray and SecretPolicyArrayOutput values. You can construct a concrete instance of `SecretPolicyArrayInput` via: 

SecretPolicyArray{ SecretPolicyArgs{...} }

type SecretPolicyArrayOutput 

type SecretPolicyArrayOutput struct{ *pulumi.OutputState }

func (SecretPolicyArrayOutput) ElementType 

func (SecretPolicyArrayOutput) ElementType() reflect.Type

func (SecretPolicyArrayOutput) Index 

func (o SecretPolicyArrayOutput) Index(i pulumi.IntInput) SecretPolicyOutput

func (SecretPolicyArrayOutput) ToSecretPolicyArrayOutput 

func (o SecretPolicyArrayOutput) ToSecretPolicyArrayOutput() SecretPolicyArrayOutput

func (SecretPolicyArrayOutput) ToSecretPolicyArrayOutputWithContext 

func (o SecretPolicyArrayOutput) ToSecretPolicyArrayOutputWithContext(ctx context.Context) SecretPolicyArrayOutput

type SecretPolicyInput 

type SecretPolicyInput interface {
	pulumi.Input

	ToSecretPolicyOutput() SecretPolicyOutput
	ToSecretPolicyOutputWithContext(ctx context.Context) SecretPolicyOutput
}

type SecretPolicyMap 

type SecretPolicyMap map[string]SecretPolicyInput

func (SecretPolicyMap) ElementType 

func (SecretPolicyMap) ElementType() reflect.Type

func (SecretPolicyMap) ToSecretPolicyMapOutput 

func (i SecretPolicyMap) ToSecretPolicyMapOutput() SecretPolicyMapOutput

func (SecretPolicyMap) ToSecretPolicyMapOutputWithContext 

func (i SecretPolicyMap) ToSecretPolicyMapOutputWithContext(ctx context.Context) SecretPolicyMapOutput

type SecretPolicyMapInput 

type SecretPolicyMapInput interface {
	pulumi.Input

	ToSecretPolicyMapOutput() SecretPolicyMapOutput
	ToSecretPolicyMapOutputWithContext(context.Context) SecretPolicyMapOutput
}

SecretPolicyMapInput is an input type that accepts SecretPolicyMap and SecretPolicyMapOutput values. You can construct a concrete instance of `SecretPolicyMapInput` via: 

SecretPolicyMap{ "key": SecretPolicyArgs{...} }

type SecretPolicyMapOutput 

type SecretPolicyMapOutput struct{ *pulumi.OutputState }

func (SecretPolicyMapOutput) ElementType 

func (SecretPolicyMapOutput) ElementType() reflect.Type

func (SecretPolicyMapOutput) MapIndex 

func (o SecretPolicyMapOutput) MapIndex(k pulumi.StringInput) SecretPolicyOutput

func (SecretPolicyMapOutput) ToSecretPolicyMapOutput 

func (o SecretPolicyMapOutput) ToSecretPolicyMapOutput() SecretPolicyMapOutput

func (SecretPolicyMapOutput) ToSecretPolicyMapOutputWithContext 

func (o SecretPolicyMapOutput) ToSecretPolicyMapOutputWithContext(ctx context.Context) SecretPolicyMapOutput

type SecretPolicyOutput 

type SecretPolicyOutput struct{ *pulumi.OutputState }

func (SecretPolicyOutput) ElementType 

func (SecretPolicyOutput) ElementType() reflect.Type

func (SecretPolicyOutput) ToSecretPolicyOutput 

func (o SecretPolicyOutput) ToSecretPolicyOutput() SecretPolicyOutput

func (SecretPolicyOutput) ToSecretPolicyOutputWithContext 

func (o SecretPolicyOutput) ToSecretPolicyOutputWithContext(ctx context.Context) SecretPolicyOutput

func (SecretPolicyOutput) ToSecretPolicyPtrOutput 

func (o SecretPolicyOutput) ToSecretPolicyPtrOutput() SecretPolicyPtrOutput

func (SecretPolicyOutput) ToSecretPolicyPtrOutputWithContext 

func (o SecretPolicyOutput) ToSecretPolicyPtrOutputWithContext(ctx context.Context) SecretPolicyPtrOutput

type SecretPolicyPtrInput 

type SecretPolicyPtrInput interface {
	pulumi.Input

	ToSecretPolicyPtrOutput() SecretPolicyPtrOutput
	ToSecretPolicyPtrOutputWithContext(ctx context.Context) SecretPolicyPtrOutput
}

type SecretPolicyPtrOutput 

type SecretPolicyPtrOutput struct{ *pulumi.OutputState }

func (SecretPolicyPtrOutput) Elem added in v4.15.0 

func (o SecretPolicyPtrOutput) Elem() SecretPolicyOutput

func (SecretPolicyPtrOutput) ElementType 

func (SecretPolicyPtrOutput) ElementType() reflect.Type

func (SecretPolicyPtrOutput) ToSecretPolicyPtrOutput 

func (o SecretPolicyPtrOutput) ToSecretPolicyPtrOutput() SecretPolicyPtrOutput

func (SecretPolicyPtrOutput) ToSecretPolicyPtrOutputWithContext 

func (o SecretPolicyPtrOutput) ToSecretPolicyPtrOutputWithContext(ctx context.Context) SecretPolicyPtrOutput

type SecretPolicyState 

type SecretPolicyState struct {
	// Makes an optional API call to Zelkova to validate the Resource Policy to prevent broad access to your secret.
	BlockPublicPolicy pulumi.BoolPtrInput
	// Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Unlike `secretsmanager.Secret`, where `policy` can be set to `"{}"` to delete the policy, `"{}"` is not a valid policy since `policy` is required.
	Policy pulumi.StringPtrInput
	// Secret ARN.
	SecretArn pulumi.StringPtrInput
}

func (SecretPolicyState) ElementType 

func (SecretPolicyState) ElementType() reflect.Type

type SecretPtrInput 

type SecretPtrInput interface {
	pulumi.Input

	ToSecretPtrOutput() SecretPtrOutput
	ToSecretPtrOutputWithContext(ctx context.Context) SecretPtrOutput
}

type SecretPtrOutput 

type SecretPtrOutput struct{ *pulumi.OutputState }

func (SecretPtrOutput) Elem added in v4.15.0 

func (o SecretPtrOutput) Elem() SecretOutput

func (SecretPtrOutput) ElementType 

func (SecretPtrOutput) ElementType() reflect.Type

func (SecretPtrOutput) ToSecretPtrOutput 

func (o SecretPtrOutput) ToSecretPtrOutput() SecretPtrOutput

func (SecretPtrOutput) ToSecretPtrOutputWithContext 

func (o SecretPtrOutput) ToSecretPtrOutputWithContext(ctx context.Context) SecretPtrOutput

type SecretReplica added in v4.15.0 

type SecretReplica struct {
	// ARN, Key ID, or Alias.
	KmsKeyId *string `pulumi:"kmsKeyId"`
	// Date that you last accessed the secret in the Region.
	LastAccessedDate *string `pulumi:"lastAccessedDate"`
	// Region for replicating the secret.
	Region string `pulumi:"region"`
	// Status can be `InProgress`, `Failed`, or `InSync`.
	Status *string `pulumi:"status"`
	// Message such as `Replication succeeded` or `Secret with this name already exists in this region`.
	StatusMessage *string `pulumi:"statusMessage"`
}

type SecretReplicaArgs added in v4.15.0 

type SecretReplicaArgs struct {
	// ARN, Key ID, or Alias.
	KmsKeyId pulumi.StringPtrInput `pulumi:"kmsKeyId"`
	// Date that you last accessed the secret in the Region.
	LastAccessedDate pulumi.StringPtrInput `pulumi:"lastAccessedDate"`
	// Region for replicating the secret.
	Region pulumi.StringInput `pulumi:"region"`
	// Status can be `InProgress`, `Failed`, or `InSync`.
	Status pulumi.StringPtrInput `pulumi:"status"`
	// Message such as `Replication succeeded` or `Secret with this name already exists in this region`.
	StatusMessage pulumi.StringPtrInput `pulumi:"statusMessage"`
}

func (SecretReplicaArgs) ElementType added in v4.15.0 

func (SecretReplicaArgs) ElementType() reflect.Type

func (SecretReplicaArgs) ToSecretReplicaOutput added in v4.15.0 

func (i SecretReplicaArgs) ToSecretReplicaOutput() SecretReplicaOutput

func (SecretReplicaArgs) ToSecretReplicaOutputWithContext added in v4.15.0 

func (i SecretReplicaArgs) ToSecretReplicaOutputWithContext(ctx context.Context) SecretReplicaOutput

type SecretReplicaArray added in v4.15.0 

type SecretReplicaArray []SecretReplicaInput

func (SecretReplicaArray) ElementType added in v4.15.0 

func (SecretReplicaArray) ElementType() reflect.Type

func (SecretReplicaArray) ToSecretReplicaArrayOutput added in v4.15.0 

func (i SecretReplicaArray) ToSecretReplicaArrayOutput() SecretReplicaArrayOutput

func (SecretReplicaArray) ToSecretReplicaArrayOutputWithContext added in v4.15.0 

func (i SecretReplicaArray) ToSecretReplicaArrayOutputWithContext(ctx context.Context) SecretReplicaArrayOutput

type SecretReplicaArrayInput added in v4.15.0 

type SecretReplicaArrayInput interface {
	pulumi.Input

	ToSecretReplicaArrayOutput() SecretReplicaArrayOutput
	ToSecretReplicaArrayOutputWithContext(context.Context) SecretReplicaArrayOutput
}

SecretReplicaArrayInput is an input type that accepts SecretReplicaArray and SecretReplicaArrayOutput values. You can construct a concrete instance of `SecretReplicaArrayInput` via: 

SecretReplicaArray{ SecretReplicaArgs{...} }

type SecretReplicaArrayOutput added in v4.15.0 

type SecretReplicaArrayOutput struct{ *pulumi.OutputState }

func (SecretReplicaArrayOutput) ElementType added in v4.15.0 

func (SecretReplicaArrayOutput) ElementType() reflect.Type

func (SecretReplicaArrayOutput) Index added in v4.15.0 

func (o SecretReplicaArrayOutput) Index(i pulumi.IntInput) SecretReplicaOutput

func (SecretReplicaArrayOutput) ToSecretReplicaArrayOutput added in v4.15.0 

func (o SecretReplicaArrayOutput) ToSecretReplicaArrayOutput() SecretReplicaArrayOutput

func (SecretReplicaArrayOutput) ToSecretReplicaArrayOutputWithContext added in v4.15.0 

func (o SecretReplicaArrayOutput) ToSecretReplicaArrayOutputWithContext(ctx context.Context) SecretReplicaArrayOutput

type SecretReplicaInput added in v4.15.0 

type SecretReplicaInput interface {
	pulumi.Input

	ToSecretReplicaOutput() SecretReplicaOutput
	ToSecretReplicaOutputWithContext(context.Context) SecretReplicaOutput
}

SecretReplicaInput is an input type that accepts SecretReplicaArgs and SecretReplicaOutput values. You can construct a concrete instance of `SecretReplicaInput` via: 

SecretReplicaArgs{...}

type SecretReplicaOutput added in v4.15.0 

type SecretReplicaOutput struct{ *pulumi.OutputState }

func (SecretReplicaOutput) ElementType added in v4.15.0 

func (SecretReplicaOutput) ElementType() reflect.Type

func (SecretReplicaOutput) KmsKeyId added in v4.15.0 

func (o SecretReplicaOutput) KmsKeyId() pulumi.StringPtrOutput

ARN, Key ID, or Alias.

func (SecretReplicaOutput) LastAccessedDate added in v4.15.0 

func (o SecretReplicaOutput) LastAccessedDate() pulumi.StringPtrOutput

Date that you last accessed the secret in the Region.

func (SecretReplicaOutput) Region added in v4.15.0 

func (o SecretReplicaOutput) Region() pulumi.StringOutput

Region for replicating the secret.

func (SecretReplicaOutput) Status added in v4.15.0 

func (o SecretReplicaOutput) Status() pulumi.StringPtrOutput

Status can be `InProgress`, `Failed`, or `InSync`.

func (SecretReplicaOutput) StatusMessage added in v4.15.0 

func (o SecretReplicaOutput) StatusMessage() pulumi.StringPtrOutput

Message such as `Replication succeeded` or `Secret with this name already exists in this region`.

func (SecretReplicaOutput) ToSecretReplicaOutput added in v4.15.0 

func (o SecretReplicaOutput) ToSecretReplicaOutput() SecretReplicaOutput

func (SecretReplicaOutput) ToSecretReplicaOutputWithContext added in v4.15.0 

func (o SecretReplicaOutput) ToSecretReplicaOutputWithContext(ctx context.Context) SecretReplicaOutput

type SecretRotation 

type SecretRotation struct {
	pulumi.CustomResourceState

	// Specifies whether automatic rotation is enabled for this secret.
	RotationEnabled pulumi.BoolOutput `pulumi:"rotationEnabled"`
	// Specifies the ARN of the Lambda function that can rotate the secret.
	RotationLambdaArn pulumi.StringOutput `pulumi:"rotationLambdaArn"`
	// A structure that defines the rotation configuration for this secret. Defined below.
	RotationRules SecretRotationRotationRulesOutput `pulumi:"rotationRules"`
	// Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.
	SecretId pulumi.StringOutput    `pulumi:"secretId"`
	Tags     pulumi.StringMapOutput `pulumi:"tags"`
}

Provides a resource to manage AWS Secrets Manager secret rotation. To manage a secret, see the `secretsmanager.Secret` resource. To manage a secret value, see the `secretsmanager.SecretVersion` resource.

## Example Usage ### Basic

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.NewSecretRotation(ctx, "example", &secretsmanager.SecretRotationArgs{
			SecretId:          pulumi.Any(aws_secretsmanager_secret.Example.Id),
			RotationLambdaArn: pulumi.Any(aws_lambda_function.Example.Arn),
			RotationRules: &secretsmanager.SecretRotationRotationRulesArgs{
				AutomaticallyAfterDays: pulumi.Int(30),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Rotation Configuration

To enable automatic secret rotation, the Secrets Manager service requires usage of a Lambda function. The [Rotate Secrets section in the Secrets Manager User Guide](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html) provides additional information about deploying a prebuilt Lambda functions for supported credential rotation (e.g., RDS) or deploying a custom Lambda function.

> **NOTE:** Configuring rotation causes the secret to rotate once as soon as you enable rotation. Before you do this, you must ensure that all of your applications that use the credentials stored in the secret are updated to retrieve the secret from AWS Secrets Manager. The old credentials might no longer be usable after the initial rotation and any applications that you fail to update will break as soon as the old credentials are no longer valid.

> **NOTE:** If you cancel a rotation that is in progress (by removing the `rotation` configuration), it can leave the VersionStage labels in an unexpected state. Depending on what step of the rotation was in progress, you might need to remove the staging label AWSPENDING from the partially created version, specified by the SecretVersionId response value. You should also evaluate the partially rotated new version to see if it should be deleted, which you can do by removing all staging labels from the new version's VersionStage field.

## Import

`aws_secretsmanager_secret_rotation` can be imported by using the secret Amazon Resource Name (ARN), e.g.,

```sh 

$ pulumi import aws:secretsmanager/secretRotation:SecretRotation example arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456

```

func GetSecretRotation 

func GetSecretRotation(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretRotationState, opts ...pulumi.ResourceOption) (*SecretRotation, error)

GetSecretRotation gets an existing SecretRotation resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretRotation 

func NewSecretRotation(ctx *pulumi.Context,
	name string, args *SecretRotationArgs, opts ...pulumi.ResourceOption) (*SecretRotation, error)

NewSecretRotation registers a new resource with the given unique name, arguments, and options.

func (*SecretRotation) ElementType 

func (*SecretRotation) ElementType() reflect.Type

func (*SecretRotation) ToSecretRotationOutput 

func (i *SecretRotation) ToSecretRotationOutput() SecretRotationOutput

func (*SecretRotation) ToSecretRotationOutputWithContext 

func (i *SecretRotation) ToSecretRotationOutputWithContext(ctx context.Context) SecretRotationOutput

func (*SecretRotation) ToSecretRotationPtrOutput 

func (i *SecretRotation) ToSecretRotationPtrOutput() SecretRotationPtrOutput

func (*SecretRotation) ToSecretRotationPtrOutputWithContext 

func (i *SecretRotation) ToSecretRotationPtrOutputWithContext(ctx context.Context) SecretRotationPtrOutput

type SecretRotationArgs 

type SecretRotationArgs struct {
	// Specifies the ARN of the Lambda function that can rotate the secret.
	RotationLambdaArn pulumi.StringInput
	// A structure that defines the rotation configuration for this secret. Defined below.
	RotationRules SecretRotationRotationRulesInput
	// Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.
	SecretId pulumi.StringInput
	Tags     pulumi.StringMapInput
}

The set of arguments for constructing a SecretRotation resource.

func (SecretRotationArgs) ElementType 

func (SecretRotationArgs) ElementType() reflect.Type

type SecretRotationArray 

type SecretRotationArray []SecretRotationInput

func (SecretRotationArray) ElementType 

func (SecretRotationArray) ElementType() reflect.Type

func (SecretRotationArray) ToSecretRotationArrayOutput 

func (i SecretRotationArray) ToSecretRotationArrayOutput() SecretRotationArrayOutput

func (SecretRotationArray) ToSecretRotationArrayOutputWithContext 

func (i SecretRotationArray) ToSecretRotationArrayOutputWithContext(ctx context.Context) SecretRotationArrayOutput

type SecretRotationArrayInput 

type SecretRotationArrayInput interface {
	pulumi.Input

	ToSecretRotationArrayOutput() SecretRotationArrayOutput
	ToSecretRotationArrayOutputWithContext(context.Context) SecretRotationArrayOutput
}

SecretRotationArrayInput is an input type that accepts SecretRotationArray and SecretRotationArrayOutput values. You can construct a concrete instance of `SecretRotationArrayInput` via: 

SecretRotationArray{ SecretRotationArgs{...} }

type SecretRotationArrayOutput 

type SecretRotationArrayOutput struct{ *pulumi.OutputState }

func (SecretRotationArrayOutput) ElementType 

func (SecretRotationArrayOutput) ElementType() reflect.Type

func (SecretRotationArrayOutput) Index 

func (o SecretRotationArrayOutput) Index(i pulumi.IntInput) SecretRotationOutput

func (SecretRotationArrayOutput) ToSecretRotationArrayOutput 

func (o SecretRotationArrayOutput) ToSecretRotationArrayOutput() SecretRotationArrayOutput

func (SecretRotationArrayOutput) ToSecretRotationArrayOutputWithContext 

func (o SecretRotationArrayOutput) ToSecretRotationArrayOutputWithContext(ctx context.Context) SecretRotationArrayOutput

type SecretRotationInput 

type SecretRotationInput interface {
	pulumi.Input

	ToSecretRotationOutput() SecretRotationOutput
	ToSecretRotationOutputWithContext(ctx context.Context) SecretRotationOutput
}

type SecretRotationMap 

type SecretRotationMap map[string]SecretRotationInput

func (SecretRotationMap) ElementType 

func (SecretRotationMap) ElementType() reflect.Type

func (SecretRotationMap) ToSecretRotationMapOutput 

func (i SecretRotationMap) ToSecretRotationMapOutput() SecretRotationMapOutput

func (SecretRotationMap) ToSecretRotationMapOutputWithContext 

func (i SecretRotationMap) ToSecretRotationMapOutputWithContext(ctx context.Context) SecretRotationMapOutput

type SecretRotationMapInput 

type SecretRotationMapInput interface {
	pulumi.Input

	ToSecretRotationMapOutput() SecretRotationMapOutput
	ToSecretRotationMapOutputWithContext(context.Context) SecretRotationMapOutput
}

SecretRotationMapInput is an input type that accepts SecretRotationMap and SecretRotationMapOutput values. You can construct a concrete instance of `SecretRotationMapInput` via: 

SecretRotationMap{ "key": SecretRotationArgs{...} }

type SecretRotationMapOutput 

type SecretRotationMapOutput struct{ *pulumi.OutputState }

func (SecretRotationMapOutput) ElementType 

func (SecretRotationMapOutput) ElementType() reflect.Type

func (SecretRotationMapOutput) MapIndex 

func (o SecretRotationMapOutput) MapIndex(k pulumi.StringInput) SecretRotationOutput

func (SecretRotationMapOutput) ToSecretRotationMapOutput 

func (o SecretRotationMapOutput) ToSecretRotationMapOutput() SecretRotationMapOutput

func (SecretRotationMapOutput) ToSecretRotationMapOutputWithContext 

func (o SecretRotationMapOutput) ToSecretRotationMapOutputWithContext(ctx context.Context) SecretRotationMapOutput

type SecretRotationOutput 

type SecretRotationOutput struct{ *pulumi.OutputState }

func (SecretRotationOutput) ElementType 

func (SecretRotationOutput) ElementType() reflect.Type

func (SecretRotationOutput) ToSecretRotationOutput 

func (o SecretRotationOutput) ToSecretRotationOutput() SecretRotationOutput

func (SecretRotationOutput) ToSecretRotationOutputWithContext 

func (o SecretRotationOutput) ToSecretRotationOutputWithContext(ctx context.Context) SecretRotationOutput

func (SecretRotationOutput) ToSecretRotationPtrOutput 

func (o SecretRotationOutput) ToSecretRotationPtrOutput() SecretRotationPtrOutput

func (SecretRotationOutput) ToSecretRotationPtrOutputWithContext 

func (o SecretRotationOutput) ToSecretRotationPtrOutputWithContext(ctx context.Context) SecretRotationPtrOutput

type SecretRotationPtrInput 

type SecretRotationPtrInput interface {
	pulumi.Input

	ToSecretRotationPtrOutput() SecretRotationPtrOutput
	ToSecretRotationPtrOutputWithContext(ctx context.Context) SecretRotationPtrOutput
}

type SecretRotationPtrOutput 

type SecretRotationPtrOutput struct{ *pulumi.OutputState }

func (SecretRotationPtrOutput) Elem added in v4.15.0 

func (o SecretRotationPtrOutput) Elem() SecretRotationOutput

func (SecretRotationPtrOutput) ElementType 

func (SecretRotationPtrOutput) ElementType() reflect.Type

func (SecretRotationPtrOutput) ToSecretRotationPtrOutput 

func (o SecretRotationPtrOutput) ToSecretRotationPtrOutput() SecretRotationPtrOutput

func (SecretRotationPtrOutput) ToSecretRotationPtrOutputWithContext 

func (o SecretRotationPtrOutput) ToSecretRotationPtrOutputWithContext(ctx context.Context) SecretRotationPtrOutput

type SecretRotationRotationRules 

type SecretRotationRotationRules struct {
	// Specifies the number of days between automatic scheduled rotations of the secret.
	AutomaticallyAfterDays int `pulumi:"automaticallyAfterDays"`
}

type SecretRotationRotationRulesArgs 

type SecretRotationRotationRulesArgs struct {
	// Specifies the number of days between automatic scheduled rotations of the secret.
	AutomaticallyAfterDays pulumi.IntInput `pulumi:"automaticallyAfterDays"`
}

func (SecretRotationRotationRulesArgs) ElementType 

func (SecretRotationRotationRulesArgs) ElementType() reflect.Type

func (SecretRotationRotationRulesArgs) ToSecretRotationRotationRulesOutput 

func (i SecretRotationRotationRulesArgs) ToSecretRotationRotationRulesOutput() SecretRotationRotationRulesOutput

func (SecretRotationRotationRulesArgs) ToSecretRotationRotationRulesOutputWithContext 

func (i SecretRotationRotationRulesArgs) ToSecretRotationRotationRulesOutputWithContext(ctx context.Context) SecretRotationRotationRulesOutput

func (SecretRotationRotationRulesArgs) ToSecretRotationRotationRulesPtrOutput 

func (i SecretRotationRotationRulesArgs) ToSecretRotationRotationRulesPtrOutput() SecretRotationRotationRulesPtrOutput

func (SecretRotationRotationRulesArgs) ToSecretRotationRotationRulesPtrOutputWithContext 

func (i SecretRotationRotationRulesArgs) ToSecretRotationRotationRulesPtrOutputWithContext(ctx context.Context) SecretRotationRotationRulesPtrOutput

type SecretRotationRotationRulesInput 

type SecretRotationRotationRulesInput interface {
	pulumi.Input

	ToSecretRotationRotationRulesOutput() SecretRotationRotationRulesOutput
	ToSecretRotationRotationRulesOutputWithContext(context.Context) SecretRotationRotationRulesOutput
}

SecretRotationRotationRulesInput is an input type that accepts SecretRotationRotationRulesArgs and SecretRotationRotationRulesOutput values. You can construct a concrete instance of `SecretRotationRotationRulesInput` via: 

SecretRotationRotationRulesArgs{...}

type SecretRotationRotationRulesOutput 

type SecretRotationRotationRulesOutput struct{ *pulumi.OutputState }

func (SecretRotationRotationRulesOutput) AutomaticallyAfterDays 

func (o SecretRotationRotationRulesOutput) AutomaticallyAfterDays() pulumi.IntOutput

Specifies the number of days between automatic scheduled rotations of the secret.

func (SecretRotationRotationRulesOutput) ElementType 

func (SecretRotationRotationRulesOutput) ElementType() reflect.Type

func (SecretRotationRotationRulesOutput) ToSecretRotationRotationRulesOutput 

func (o SecretRotationRotationRulesOutput) ToSecretRotationRotationRulesOutput() SecretRotationRotationRulesOutput

func (SecretRotationRotationRulesOutput) ToSecretRotationRotationRulesOutputWithContext 

func (o SecretRotationRotationRulesOutput) ToSecretRotationRotationRulesOutputWithContext(ctx context.Context) SecretRotationRotationRulesOutput

func (SecretRotationRotationRulesOutput) ToSecretRotationRotationRulesPtrOutput 

func (o SecretRotationRotationRulesOutput) ToSecretRotationRotationRulesPtrOutput() SecretRotationRotationRulesPtrOutput

func (SecretRotationRotationRulesOutput) ToSecretRotationRotationRulesPtrOutputWithContext 

func (o SecretRotationRotationRulesOutput) ToSecretRotationRotationRulesPtrOutputWithContext(ctx context.Context) SecretRotationRotationRulesPtrOutput

type SecretRotationRotationRulesPtrInput 

type SecretRotationRotationRulesPtrInput interface {
	pulumi.Input

	ToSecretRotationRotationRulesPtrOutput() SecretRotationRotationRulesPtrOutput
	ToSecretRotationRotationRulesPtrOutputWithContext(context.Context) SecretRotationRotationRulesPtrOutput
}

SecretRotationRotationRulesPtrInput is an input type that accepts SecretRotationRotationRulesArgs, SecretRotationRotationRulesPtr and SecretRotationRotationRulesPtrOutput values. You can construct a concrete instance of `SecretRotationRotationRulesPtrInput` via: 

        SecretRotationRotationRulesArgs{...}

or:

        nil

func SecretRotationRotationRulesPtr 

func SecretRotationRotationRulesPtr(v *SecretRotationRotationRulesArgs) SecretRotationRotationRulesPtrInput

type SecretRotationRotationRulesPtrOutput 

type SecretRotationRotationRulesPtrOutput struct{ *pulumi.OutputState }

func (SecretRotationRotationRulesPtrOutput) AutomaticallyAfterDays 

func (o SecretRotationRotationRulesPtrOutput) AutomaticallyAfterDays() pulumi.IntPtrOutput

Specifies the number of days between automatic scheduled rotations of the secret.

func (SecretRotationRotationRulesPtrOutput) Elem 

func (o SecretRotationRotationRulesPtrOutput) Elem() SecretRotationRotationRulesOutput

func (SecretRotationRotationRulesPtrOutput) ElementType 

func (SecretRotationRotationRulesPtrOutput) ElementType() reflect.Type

func (SecretRotationRotationRulesPtrOutput) ToSecretRotationRotationRulesPtrOutput 

func (o SecretRotationRotationRulesPtrOutput) ToSecretRotationRotationRulesPtrOutput() SecretRotationRotationRulesPtrOutput

func (SecretRotationRotationRulesPtrOutput) ToSecretRotationRotationRulesPtrOutputWithContext 

func (o SecretRotationRotationRulesPtrOutput) ToSecretRotationRotationRulesPtrOutputWithContext(ctx context.Context) SecretRotationRotationRulesPtrOutput

type SecretRotationRules 

type SecretRotationRules struct {
	// Specifies the number of days between automatic scheduled rotations of the secret.
	AutomaticallyAfterDays int `pulumi:"automaticallyAfterDays"`
}

type SecretRotationRulesArgs 

type SecretRotationRulesArgs struct {
	// Specifies the number of days between automatic scheduled rotations of the secret.
	AutomaticallyAfterDays pulumi.IntInput `pulumi:"automaticallyAfterDays"`
}

func (SecretRotationRulesArgs) ElementType 

func (SecretRotationRulesArgs) ElementType() reflect.Type

func (SecretRotationRulesArgs) ToSecretRotationRulesOutput 

func (i SecretRotationRulesArgs) ToSecretRotationRulesOutput() SecretRotationRulesOutput

func (SecretRotationRulesArgs) ToSecretRotationRulesOutputWithContext 

func (i SecretRotationRulesArgs) ToSecretRotationRulesOutputWithContext(ctx context.Context) SecretRotationRulesOutput

func (SecretRotationRulesArgs) ToSecretRotationRulesPtrOutput 

func (i SecretRotationRulesArgs) ToSecretRotationRulesPtrOutput() SecretRotationRulesPtrOutput

func (SecretRotationRulesArgs) ToSecretRotationRulesPtrOutputWithContext 

func (i SecretRotationRulesArgs) ToSecretRotationRulesPtrOutputWithContext(ctx context.Context) SecretRotationRulesPtrOutput

type SecretRotationRulesInput 

type SecretRotationRulesInput interface {
	pulumi.Input

	ToSecretRotationRulesOutput() SecretRotationRulesOutput
	ToSecretRotationRulesOutputWithContext(context.Context) SecretRotationRulesOutput
}

SecretRotationRulesInput is an input type that accepts SecretRotationRulesArgs and SecretRotationRulesOutput values. You can construct a concrete instance of `SecretRotationRulesInput` via: 

SecretRotationRulesArgs{...}

type SecretRotationRulesOutput 

type SecretRotationRulesOutput struct{ *pulumi.OutputState }

func (SecretRotationRulesOutput) AutomaticallyAfterDays 

func (o SecretRotationRulesOutput) AutomaticallyAfterDays() pulumi.IntOutput

Specifies the number of days between automatic scheduled rotations of the secret.

func (SecretRotationRulesOutput) ElementType 

func (SecretRotationRulesOutput) ElementType() reflect.Type

func (SecretRotationRulesOutput) ToSecretRotationRulesOutput 

func (o SecretRotationRulesOutput) ToSecretRotationRulesOutput() SecretRotationRulesOutput

func (SecretRotationRulesOutput) ToSecretRotationRulesOutputWithContext 

func (o SecretRotationRulesOutput) ToSecretRotationRulesOutputWithContext(ctx context.Context) SecretRotationRulesOutput

func (SecretRotationRulesOutput) ToSecretRotationRulesPtrOutput 

func (o SecretRotationRulesOutput) ToSecretRotationRulesPtrOutput() SecretRotationRulesPtrOutput

func (SecretRotationRulesOutput) ToSecretRotationRulesPtrOutputWithContext 

func (o SecretRotationRulesOutput) ToSecretRotationRulesPtrOutputWithContext(ctx context.Context) SecretRotationRulesPtrOutput

type SecretRotationRulesPtrInput 

type SecretRotationRulesPtrInput interface {
	pulumi.Input

	ToSecretRotationRulesPtrOutput() SecretRotationRulesPtrOutput
	ToSecretRotationRulesPtrOutputWithContext(context.Context) SecretRotationRulesPtrOutput
}

SecretRotationRulesPtrInput is an input type that accepts SecretRotationRulesArgs, SecretRotationRulesPtr and SecretRotationRulesPtrOutput values. You can construct a concrete instance of `SecretRotationRulesPtrInput` via: 

        SecretRotationRulesArgs{...}

or:

        nil

func SecretRotationRulesPtr 

func SecretRotationRulesPtr(v *SecretRotationRulesArgs) SecretRotationRulesPtrInput

type SecretRotationRulesPtrOutput 

type SecretRotationRulesPtrOutput struct{ *pulumi.OutputState }

func (SecretRotationRulesPtrOutput) AutomaticallyAfterDays 

func (o SecretRotationRulesPtrOutput) AutomaticallyAfterDays() pulumi.IntPtrOutput

Specifies the number of days between automatic scheduled rotations of the secret.

func (SecretRotationRulesPtrOutput) Elem 

func (o SecretRotationRulesPtrOutput) Elem() SecretRotationRulesOutput

func (SecretRotationRulesPtrOutput) ElementType 

func (SecretRotationRulesPtrOutput) ElementType() reflect.Type

func (SecretRotationRulesPtrOutput) ToSecretRotationRulesPtrOutput 

func (o SecretRotationRulesPtrOutput) ToSecretRotationRulesPtrOutput() SecretRotationRulesPtrOutput

func (SecretRotationRulesPtrOutput) ToSecretRotationRulesPtrOutputWithContext 

func (o SecretRotationRulesPtrOutput) ToSecretRotationRulesPtrOutputWithContext(ctx context.Context) SecretRotationRulesPtrOutput

type SecretRotationState 

type SecretRotationState struct {
	// Specifies whether automatic rotation is enabled for this secret.
	RotationEnabled pulumi.BoolPtrInput
	// Specifies the ARN of the Lambda function that can rotate the secret.
	RotationLambdaArn pulumi.StringPtrInput
	// A structure that defines the rotation configuration for this secret. Defined below.
	RotationRules SecretRotationRotationRulesPtrInput
	// Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.
	SecretId pulumi.StringPtrInput
	Tags     pulumi.StringMapInput
}

func (SecretRotationState) ElementType 

func (SecretRotationState) ElementType() reflect.Type

type SecretState 

type SecretState struct {
	// ARN of the secret.
	Arn pulumi.StringPtrInput
	// Description of the secret.
	Description                 pulumi.StringPtrInput
	ForceOverwriteReplicaSecret pulumi.BoolPtrInput
	// ARN, Key ID, or Alias.
	KmsKeyId pulumi.StringPtrInput
	// Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: `/_+=.@-` Conflicts with `namePrefix`.
	Name pulumi.StringPtrInput
	// Creates a unique name beginning with the specified prefix. Conflicts with `name`.
	NamePrefix pulumi.StringPtrInput
	// Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Removing `policy` from your configuration or setting `policy` to null or an empty string (i.e., `policy = ""`) _will not_ delete the policy since it could have been set by `secretsmanager.SecretPolicy`. To delete the `policy`, set it to `"{}"` (an empty JSON document).
	Policy pulumi.StringPtrInput
	// Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be `0` to force deletion without recovery or range from `7` to `30` days. The default value is `30`.
	RecoveryWindowInDays pulumi.IntPtrInput
	// Configuration block to support secret replication. See details below.
	Replicas SecretReplicaArrayInput
	// Whether automatic rotation is enabled for this secret.
	//
	// Deprecated: Use the aws_secretsmanager_secret_rotation resource instead
	RotationEnabled pulumi.BoolPtrInput
	// ARN of the Lambda function that can rotate the secret. Use the `secretsmanager.SecretRotation` resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.
	//
	// Deprecated: Use the aws_secretsmanager_secret_rotation resource instead
	RotationLambdaArn pulumi.StringPtrInput
	// Configuration block for the rotation configuration of this secret. Defined below. Use the `secretsmanager.SecretRotation` resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.
	//
	// Deprecated: Use the aws_secretsmanager_secret_rotation resource instead
	RotationRules SecretRotationRulesPtrInput
	// Key-value map of user-defined tags that are attached to the secret. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapInput
	// Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
	TagsAll pulumi.StringMapInput
}

func (SecretState) ElementType 

func (SecretState) ElementType() reflect.Type

type SecretVersion 

type SecretVersion struct {
	pulumi.CustomResourceState

	// The ARN of the secret.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// Specifies binary data that you want to encrypt and store in this version of the secret. This is required if secretString is not set. Needs to be encoded to base64.
	SecretBinary pulumi.StringPtrOutput `pulumi:"secretBinary"`
	// Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.
	SecretId pulumi.StringOutput `pulumi:"secretId"`
	// Specifies text data that you want to encrypt and store in this version of the secret. This is required if secretBinary is not set.
	SecretString pulumi.StringPtrOutput `pulumi:"secretString"`
	// The unique identifier of the version of the secret.
	VersionId pulumi.StringOutput `pulumi:"versionId"`
	// Specifies a list of staging labels that are attached to this version of the secret. A staging label must be unique to a single version of the secret. If you specify a staging label that's already associated with a different version of the same secret then that staging label is automatically removed from the other version and attached to this version. If you do not specify a value, then AWS Secrets Manager automatically moves the staging label `AWSCURRENT` to this new version on creation.
	VersionStages pulumi.StringArrayOutput `pulumi:"versionStages"`
}

Provides a resource to manage AWS Secrets Manager secret version including its secret value. To manage secret metadata, see the `secretsmanager.Secret` resource.

> **NOTE:** If the `AWSCURRENT` staging label is present on this version during resource deletion, that label cannot be removed and will be skipped to prevent errors when fully deleting the secret. That label will leave this secret version active even after the resource is deleted from this provider unless the secret itself is deleted. Move the `AWSCURRENT` staging label before or after deleting this resource from this provider to fully trigger version deprecation if necessary.

## Example Usage ### Simple String Value

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.NewSecretVersion(ctx, "example", &secretsmanager.SecretVersionArgs{
			SecretId:     pulumi.Any(aws_secretsmanager_secret.Example.Id),
			SecretString: pulumi.String("example-string-to-protect"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Key-Value Pairs

Secrets Manager also accepts key-value pairs in JSON.

```go package main

import ( 

"encoding/json"

"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		cfg := config.New(ctx, "")
		example := map[string]interface{}{
			"key1": "value1",
			"key2": "value2",
		}
		if param := cfg.GetBool("example"); param != nil {
			example = param
		}
		tmpJSON0, err := json.Marshal(example)
		if err != nil {
			return err
		}
		json0 := string(tmpJSON0)
		_, err := secretsmanager.NewSecretVersion(ctx, "exampleSecretVersion", &secretsmanager.SecretVersionArgs{
			SecretId:     pulumi.Any(aws_secretsmanager_secret.Example.Id),
			SecretString: pulumi.String(json0),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

`aws_secretsmanager_secret_version` can be imported by using the secret ID and version ID, e.g.,

```sh 

$ pulumi import aws:secretsmanager/secretVersion:SecretVersion example 'arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456|xxxxx-xxxxxxx-xxxxxxx-xxxxx'

```

func GetSecretVersion 

func GetSecretVersion(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretVersionState, opts ...pulumi.ResourceOption) (*SecretVersion, error)

GetSecretVersion gets an existing SecretVersion resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretVersion 

func NewSecretVersion(ctx *pulumi.Context,
	name string, args *SecretVersionArgs, opts ...pulumi.ResourceOption) (*SecretVersion, error)

NewSecretVersion registers a new resource with the given unique name, arguments, and options.

func (*SecretVersion) ElementType 

func (*SecretVersion) ElementType() reflect.Type

func (*SecretVersion) ToSecretVersionOutput 

func (i *SecretVersion) ToSecretVersionOutput() SecretVersionOutput

func (*SecretVersion) ToSecretVersionOutputWithContext 

func (i *SecretVersion) ToSecretVersionOutputWithContext(ctx context.Context) SecretVersionOutput

func (*SecretVersion) ToSecretVersionPtrOutput 

func (i *SecretVersion) ToSecretVersionPtrOutput() SecretVersionPtrOutput

func (*SecretVersion) ToSecretVersionPtrOutputWithContext 

func (i *SecretVersion) ToSecretVersionPtrOutputWithContext(ctx context.Context) SecretVersionPtrOutput

type SecretVersionArgs 

type SecretVersionArgs struct {
	// Specifies binary data that you want to encrypt and store in this version of the secret. This is required if secretString is not set. Needs to be encoded to base64.
	SecretBinary pulumi.StringPtrInput
	// Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.
	SecretId pulumi.StringInput
	// Specifies text data that you want to encrypt and store in this version of the secret. This is required if secretBinary is not set.
	SecretString pulumi.StringPtrInput
	// Specifies a list of staging labels that are attached to this version of the secret. A staging label must be unique to a single version of the secret. If you specify a staging label that's already associated with a different version of the same secret then that staging label is automatically removed from the other version and attached to this version. If you do not specify a value, then AWS Secrets Manager automatically moves the staging label `AWSCURRENT` to this new version on creation.
	VersionStages pulumi.StringArrayInput
}

The set of arguments for constructing a SecretVersion resource.

func (SecretVersionArgs) ElementType 

func (SecretVersionArgs) ElementType() reflect.Type

type SecretVersionArray 

type SecretVersionArray []SecretVersionInput

func (SecretVersionArray) ElementType 

func (SecretVersionArray) ElementType() reflect.Type

func (SecretVersionArray) ToSecretVersionArrayOutput 

func (i SecretVersionArray) ToSecretVersionArrayOutput() SecretVersionArrayOutput

func (SecretVersionArray) ToSecretVersionArrayOutputWithContext 

func (i SecretVersionArray) ToSecretVersionArrayOutputWithContext(ctx context.Context) SecretVersionArrayOutput

type SecretVersionArrayInput 

type SecretVersionArrayInput interface {
	pulumi.Input

	ToSecretVersionArrayOutput() SecretVersionArrayOutput
	ToSecretVersionArrayOutputWithContext(context.Context) SecretVersionArrayOutput
}

SecretVersionArrayInput is an input type that accepts SecretVersionArray and SecretVersionArrayOutput values. You can construct a concrete instance of `SecretVersionArrayInput` via: 

SecretVersionArray{ SecretVersionArgs{...} }

type SecretVersionArrayOutput 

type SecretVersionArrayOutput struct{ *pulumi.OutputState }

func (SecretVersionArrayOutput) ElementType 

func (SecretVersionArrayOutput) ElementType() reflect.Type

func (SecretVersionArrayOutput) Index 

func (o SecretVersionArrayOutput) Index(i pulumi.IntInput) SecretVersionOutput

func (SecretVersionArrayOutput) ToSecretVersionArrayOutput 

func (o SecretVersionArrayOutput) ToSecretVersionArrayOutput() SecretVersionArrayOutput

func (SecretVersionArrayOutput) ToSecretVersionArrayOutputWithContext 

func (o SecretVersionArrayOutput) ToSecretVersionArrayOutputWithContext(ctx context.Context) SecretVersionArrayOutput

type SecretVersionInput 

type SecretVersionInput interface {
	pulumi.Input

	ToSecretVersionOutput() SecretVersionOutput
	ToSecretVersionOutputWithContext(ctx context.Context) SecretVersionOutput
}

type SecretVersionMap 

type SecretVersionMap map[string]SecretVersionInput

func (SecretVersionMap) ElementType 

func (SecretVersionMap) ElementType() reflect.Type

func (SecretVersionMap) ToSecretVersionMapOutput 

func (i SecretVersionMap) ToSecretVersionMapOutput() SecretVersionMapOutput

func (SecretVersionMap) ToSecretVersionMapOutputWithContext 

func (i SecretVersionMap) ToSecretVersionMapOutputWithContext(ctx context.Context) SecretVersionMapOutput

type SecretVersionMapInput 

type SecretVersionMapInput interface {
	pulumi.Input

	ToSecretVersionMapOutput() SecretVersionMapOutput
	ToSecretVersionMapOutputWithContext(context.Context) SecretVersionMapOutput
}

SecretVersionMapInput is an input type that accepts SecretVersionMap and SecretVersionMapOutput values. You can construct a concrete instance of `SecretVersionMapInput` via: 

SecretVersionMap{ "key": SecretVersionArgs{...} }

type SecretVersionMapOutput 

type SecretVersionMapOutput struct{ *pulumi.OutputState }

func (SecretVersionMapOutput) ElementType 

func (SecretVersionMapOutput) ElementType() reflect.Type

func (SecretVersionMapOutput) MapIndex 

func (o SecretVersionMapOutput) MapIndex(k pulumi.StringInput) SecretVersionOutput

func (SecretVersionMapOutput) ToSecretVersionMapOutput 

func (o SecretVersionMapOutput) ToSecretVersionMapOutput() SecretVersionMapOutput

func (SecretVersionMapOutput) ToSecretVersionMapOutputWithContext 

func (o SecretVersionMapOutput) ToSecretVersionMapOutputWithContext(ctx context.Context) SecretVersionMapOutput

type SecretVersionOutput 

type SecretVersionOutput struct{ *pulumi.OutputState }

func (SecretVersionOutput) ElementType 

func (SecretVersionOutput) ElementType() reflect.Type

func (SecretVersionOutput) ToSecretVersionOutput 

func (o SecretVersionOutput) ToSecretVersionOutput() SecretVersionOutput

func (SecretVersionOutput) ToSecretVersionOutputWithContext 

func (o SecretVersionOutput) ToSecretVersionOutputWithContext(ctx context.Context) SecretVersionOutput

func (SecretVersionOutput) ToSecretVersionPtrOutput 

func (o SecretVersionOutput) ToSecretVersionPtrOutput() SecretVersionPtrOutput

func (SecretVersionOutput) ToSecretVersionPtrOutputWithContext 

func (o SecretVersionOutput) ToSecretVersionPtrOutputWithContext(ctx context.Context) SecretVersionPtrOutput

type SecretVersionPtrInput 

type SecretVersionPtrInput interface {
	pulumi.Input

	ToSecretVersionPtrOutput() SecretVersionPtrOutput
	ToSecretVersionPtrOutputWithContext(ctx context.Context) SecretVersionPtrOutput
}

type SecretVersionPtrOutput 

type SecretVersionPtrOutput struct{ *pulumi.OutputState }

func (SecretVersionPtrOutput) Elem added in v4.15.0 

func (o SecretVersionPtrOutput) Elem() SecretVersionOutput

func (SecretVersionPtrOutput) ElementType 

func (SecretVersionPtrOutput) ElementType() reflect.Type

func (SecretVersionPtrOutput) ToSecretVersionPtrOutput 

func (o SecretVersionPtrOutput) ToSecretVersionPtrOutput() SecretVersionPtrOutput

func (SecretVersionPtrOutput) ToSecretVersionPtrOutputWithContext 

func (o SecretVersionPtrOutput) ToSecretVersionPtrOutputWithContext(ctx context.Context) SecretVersionPtrOutput

type SecretVersionState 

type SecretVersionState struct {
	// The ARN of the secret.
	Arn pulumi.StringPtrInput
	// Specifies binary data that you want to encrypt and store in this version of the secret. This is required if secretString is not set. Needs to be encoded to base64.
	SecretBinary pulumi.StringPtrInput
	// Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.
	SecretId pulumi.StringPtrInput
	// Specifies text data that you want to encrypt and store in this version of the secret. This is required if secretBinary is not set.
	SecretString pulumi.StringPtrInput
	// The unique identifier of the version of the secret.
	VersionId pulumi.StringPtrInput
	// Specifies a list of staging labels that are attached to this version of the secret. A staging label must be unique to a single version of the secret. If you specify a staging label that's already associated with a different version of the same secret then that staging label is automatically removed from the other version and attached to this version. If you do not specify a value, then AWS Secrets Manager automatically moves the staging label `AWSCURRENT` to this new version on creation.
	VersionStages pulumi.StringArrayInput
}

func (SecretVersionState) ElementType 

func (SecretVersionState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.