secretsmanager

package
v5.43.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 21, 2023 License: Apache-2.0 Imports: 7 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type GetRandomPasswordArgs added in v5.10.0 

type GetRandomPasswordArgs struct {
	// String of the characters that you don't want in the password.
	ExcludeCharacters *string `pulumi:"excludeCharacters"`
	// Specifies whether to exclude lowercase letters from the password.
	ExcludeLowercase *bool `pulumi:"excludeLowercase"`
	// Specifies whether to exclude numbers from the password.
	ExcludeNumbers *bool `pulumi:"excludeNumbers"`
	// Specifies whether to exclude the following punctuation characters from the password: “! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ .“
	ExcludePunctuation *bool `pulumi:"excludePunctuation"`
	// Specifies whether to exclude uppercase letters from the password.
	ExcludeUppercase *bool `pulumi:"excludeUppercase"`
	// Specifies whether to include the space character.
	IncludeSpace *bool `pulumi:"includeSpace"`
	// Length of the password.
	PasswordLength *int `pulumi:"passwordLength"`
	// Random password.
	RandomPassword *string `pulumi:"randomPassword"`
	// Specifies whether to include at least one upper and lowercase letter, one number, and one punctuation.
	RequireEachIncludedType *bool `pulumi:"requireEachIncludedType"`
}

A collection of arguments for invoking getRandomPassword.

type GetRandomPasswordOutputArgs added in v5.10.0 

type GetRandomPasswordOutputArgs struct {
	// String of the characters that you don't want in the password.
	ExcludeCharacters pulumi.StringPtrInput `pulumi:"excludeCharacters"`
	// Specifies whether to exclude lowercase letters from the password.
	ExcludeLowercase pulumi.BoolPtrInput `pulumi:"excludeLowercase"`
	// Specifies whether to exclude numbers from the password.
	ExcludeNumbers pulumi.BoolPtrInput `pulumi:"excludeNumbers"`
	// Specifies whether to exclude the following punctuation characters from the password: “! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ .“
	ExcludePunctuation pulumi.BoolPtrInput `pulumi:"excludePunctuation"`
	// Specifies whether to exclude uppercase letters from the password.
	ExcludeUppercase pulumi.BoolPtrInput `pulumi:"excludeUppercase"`
	// Specifies whether to include the space character.
	IncludeSpace pulumi.BoolPtrInput `pulumi:"includeSpace"`
	// Length of the password.
	PasswordLength pulumi.IntPtrInput `pulumi:"passwordLength"`
	// Random password.
	RandomPassword pulumi.StringPtrInput `pulumi:"randomPassword"`
	// Specifies whether to include at least one upper and lowercase letter, one number, and one punctuation.
	RequireEachIncludedType pulumi.BoolPtrInput `pulumi:"requireEachIncludedType"`
}

A collection of arguments for invoking getRandomPassword.

func (GetRandomPasswordOutputArgs) ElementType added in v5.10.0 

func (GetRandomPasswordOutputArgs) ElementType() reflect.Type

type GetRandomPasswordResult added in v5.10.0 

type GetRandomPasswordResult struct {
	ExcludeCharacters  *string `pulumi:"excludeCharacters"`
	ExcludeLowercase   *bool   `pulumi:"excludeLowercase"`
	ExcludeNumbers     *bool   `pulumi:"excludeNumbers"`
	ExcludePunctuation *bool   `pulumi:"excludePunctuation"`
	ExcludeUppercase   *bool   `pulumi:"excludeUppercase"`
	// The provider-assigned unique ID for this managed resource.
	Id             string `pulumi:"id"`
	IncludeSpace   *bool  `pulumi:"includeSpace"`
	PasswordLength *int   `pulumi:"passwordLength"`
	// Random password.
	RandomPassword          string `pulumi:"randomPassword"`
	RequireEachIncludedType *bool  `pulumi:"requireEachIncludedType"`
}

A collection of values returned by getRandomPassword.

func GetRandomPassword added in v5.10.0 

func GetRandomPassword(ctx *pulumi.Context, args *GetRandomPasswordArgs, opts ...pulumi.InvokeOption) (*GetRandomPasswordResult, error)

Generate a random password.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.GetRandomPassword(ctx, &secretsmanager.GetRandomPasswordArgs{
			ExcludeNumbers: pulumi.BoolRef(true),
			PasswordLength: pulumi.IntRef(50),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type GetRandomPasswordResultOutput added in v5.10.0 

type GetRandomPasswordResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getRandomPassword.

func GetRandomPasswordOutput added in v5.10.0 

func GetRandomPasswordOutput(ctx *pulumi.Context, args GetRandomPasswordOutputArgs, opts ...pulumi.InvokeOption) GetRandomPasswordResultOutput

func (GetRandomPasswordResultOutput) ElementType added in v5.10.0 

func (GetRandomPasswordResultOutput) ElementType() reflect.Type

func (GetRandomPasswordResultOutput) ExcludeCharacters added in v5.10.0 

func (o GetRandomPasswordResultOutput) ExcludeCharacters() pulumi.StringPtrOutput

func (GetRandomPasswordResultOutput) ExcludeLowercase added in v5.10.0 

func (o GetRandomPasswordResultOutput) ExcludeLowercase() pulumi.BoolPtrOutput

func (GetRandomPasswordResultOutput) ExcludeNumbers added in v5.10.0 

func (o GetRandomPasswordResultOutput) ExcludeNumbers() pulumi.BoolPtrOutput

func (GetRandomPasswordResultOutput) ExcludePunctuation added in v5.10.0 

func (o GetRandomPasswordResultOutput) ExcludePunctuation() pulumi.BoolPtrOutput

func (GetRandomPasswordResultOutput) ExcludeUppercase added in v5.10.0 

func (o GetRandomPasswordResultOutput) ExcludeUppercase() pulumi.BoolPtrOutput

func (GetRandomPasswordResultOutput) Id added in v5.10.0 

func (o GetRandomPasswordResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetRandomPasswordResultOutput) IncludeSpace added in v5.10.0 

func (o GetRandomPasswordResultOutput) IncludeSpace() pulumi.BoolPtrOutput

func (GetRandomPasswordResultOutput) PasswordLength added in v5.10.0 

func (o GetRandomPasswordResultOutput) PasswordLength() pulumi.IntPtrOutput

func (GetRandomPasswordResultOutput) RandomPassword added in v5.10.0 

func (o GetRandomPasswordResultOutput) RandomPassword() pulumi.StringOutput

Random password.

func (GetRandomPasswordResultOutput) RequireEachIncludedType added in v5.10.0 

func (o GetRandomPasswordResultOutput) RequireEachIncludedType() pulumi.BoolPtrOutput

func (GetRandomPasswordResultOutput) ToGetRandomPasswordResultOutput added in v5.10.0 

func (o GetRandomPasswordResultOutput) ToGetRandomPasswordResultOutput() GetRandomPasswordResultOutput

func (GetRandomPasswordResultOutput) ToGetRandomPasswordResultOutputWithContext added in v5.10.0 

func (o GetRandomPasswordResultOutput) ToGetRandomPasswordResultOutputWithContext(ctx context.Context) GetRandomPasswordResultOutput

type GetSecretRotationRotationRule 

type GetSecretRotationRotationRule struct {
	AutomaticallyAfterDays int    `pulumi:"automaticallyAfterDays"`
	Duration               string `pulumi:"duration"`
	ScheduleExpression     string `pulumi:"scheduleExpression"`
}

type GetSecretRotationRotationRuleArgs 

type GetSecretRotationRotationRuleArgs struct {
	AutomaticallyAfterDays pulumi.IntInput    `pulumi:"automaticallyAfterDays"`
	Duration               pulumi.StringInput `pulumi:"duration"`
	ScheduleExpression     pulumi.StringInput `pulumi:"scheduleExpression"`
}

func (GetSecretRotationRotationRuleArgs) ElementType 

func (GetSecretRotationRotationRuleArgs) ElementType() reflect.Type

func (GetSecretRotationRotationRuleArgs) ToGetSecretRotationRotationRuleOutput 

func (i GetSecretRotationRotationRuleArgs) ToGetSecretRotationRotationRuleOutput() GetSecretRotationRotationRuleOutput

func (GetSecretRotationRotationRuleArgs) ToGetSecretRotationRotationRuleOutputWithContext 

func (i GetSecretRotationRotationRuleArgs) ToGetSecretRotationRotationRuleOutputWithContext(ctx context.Context) GetSecretRotationRotationRuleOutput

type GetSecretRotationRotationRuleArray 

type GetSecretRotationRotationRuleArray []GetSecretRotationRotationRuleInput

func (GetSecretRotationRotationRuleArray) ElementType 

func (GetSecretRotationRotationRuleArray) ElementType() reflect.Type

func (GetSecretRotationRotationRuleArray) ToGetSecretRotationRotationRuleArrayOutput 

func (i GetSecretRotationRotationRuleArray) ToGetSecretRotationRotationRuleArrayOutput() GetSecretRotationRotationRuleArrayOutput

func (GetSecretRotationRotationRuleArray) ToGetSecretRotationRotationRuleArrayOutputWithContext 

func (i GetSecretRotationRotationRuleArray) ToGetSecretRotationRotationRuleArrayOutputWithContext(ctx context.Context) GetSecretRotationRotationRuleArrayOutput

type GetSecretRotationRotationRuleArrayInput 

type GetSecretRotationRotationRuleArrayInput interface {
	pulumi.Input

	ToGetSecretRotationRotationRuleArrayOutput() GetSecretRotationRotationRuleArrayOutput
	ToGetSecretRotationRotationRuleArrayOutputWithContext(context.Context) GetSecretRotationRotationRuleArrayOutput
}

GetSecretRotationRotationRuleArrayInput is an input type that accepts GetSecretRotationRotationRuleArray and GetSecretRotationRotationRuleArrayOutput values. You can construct a concrete instance of `GetSecretRotationRotationRuleArrayInput` via: 

GetSecretRotationRotationRuleArray{ GetSecretRotationRotationRuleArgs{...} }

type GetSecretRotationRotationRuleArrayOutput 

type GetSecretRotationRotationRuleArrayOutput struct{ *pulumi.OutputState }

func (GetSecretRotationRotationRuleArrayOutput) ElementType 

func (GetSecretRotationRotationRuleArrayOutput) ElementType() reflect.Type

func (GetSecretRotationRotationRuleArrayOutput) Index 

func (o GetSecretRotationRotationRuleArrayOutput) Index(i pulumi.IntInput) GetSecretRotationRotationRuleOutput

func (GetSecretRotationRotationRuleArrayOutput) ToGetSecretRotationRotationRuleArrayOutput 

func (o GetSecretRotationRotationRuleArrayOutput) ToGetSecretRotationRotationRuleArrayOutput() GetSecretRotationRotationRuleArrayOutput

func (GetSecretRotationRotationRuleArrayOutput) ToGetSecretRotationRotationRuleArrayOutputWithContext 

func (o GetSecretRotationRotationRuleArrayOutput) ToGetSecretRotationRotationRuleArrayOutputWithContext(ctx context.Context) GetSecretRotationRotationRuleArrayOutput

type GetSecretRotationRotationRuleInput 

type GetSecretRotationRotationRuleInput interface {
	pulumi.Input

	ToGetSecretRotationRotationRuleOutput() GetSecretRotationRotationRuleOutput
	ToGetSecretRotationRotationRuleOutputWithContext(context.Context) GetSecretRotationRotationRuleOutput
}

GetSecretRotationRotationRuleInput is an input type that accepts GetSecretRotationRotationRuleArgs and GetSecretRotationRotationRuleOutput values. You can construct a concrete instance of `GetSecretRotationRotationRuleInput` via: 

GetSecretRotationRotationRuleArgs{...}

type GetSecretRotationRotationRuleOutput 

type GetSecretRotationRotationRuleOutput struct{ *pulumi.OutputState }

func (GetSecretRotationRotationRuleOutput) AutomaticallyAfterDays 

func (o GetSecretRotationRotationRuleOutput) AutomaticallyAfterDays() pulumi.IntOutput

func (GetSecretRotationRotationRuleOutput) Duration added in v5.36.0 

func (o GetSecretRotationRotationRuleOutput) Duration() pulumi.StringOutput

func (GetSecretRotationRotationRuleOutput) ElementType 

func (GetSecretRotationRotationRuleOutput) ElementType() reflect.Type

func (GetSecretRotationRotationRuleOutput) ScheduleExpression added in v5.36.0 

func (o GetSecretRotationRotationRuleOutput) ScheduleExpression() pulumi.StringOutput

func (GetSecretRotationRotationRuleOutput) ToGetSecretRotationRotationRuleOutput 

func (o GetSecretRotationRotationRuleOutput) ToGetSecretRotationRotationRuleOutput() GetSecretRotationRotationRuleOutput

func (GetSecretRotationRotationRuleOutput) ToGetSecretRotationRotationRuleOutputWithContext 

func (o GetSecretRotationRotationRuleOutput) ToGetSecretRotationRotationRuleOutputWithContext(ctx context.Context) GetSecretRotationRotationRuleOutput

type GetSecretRotationRule 

type GetSecretRotationRule struct {
	AutomaticallyAfterDays int    `pulumi:"automaticallyAfterDays"`
	Duration               string `pulumi:"duration"`
	ScheduleExpression     string `pulumi:"scheduleExpression"`
}

type GetSecretRotationRuleArgs 

type GetSecretRotationRuleArgs struct {
	AutomaticallyAfterDays pulumi.IntInput    `pulumi:"automaticallyAfterDays"`
	Duration               pulumi.StringInput `pulumi:"duration"`
	ScheduleExpression     pulumi.StringInput `pulumi:"scheduleExpression"`
}

func (GetSecretRotationRuleArgs) ElementType 

func (GetSecretRotationRuleArgs) ElementType() reflect.Type

func (GetSecretRotationRuleArgs) ToGetSecretRotationRuleOutput 

func (i GetSecretRotationRuleArgs) ToGetSecretRotationRuleOutput() GetSecretRotationRuleOutput

func (GetSecretRotationRuleArgs) ToGetSecretRotationRuleOutputWithContext 

func (i GetSecretRotationRuleArgs) ToGetSecretRotationRuleOutputWithContext(ctx context.Context) GetSecretRotationRuleOutput

type GetSecretRotationRuleArray 

type GetSecretRotationRuleArray []GetSecretRotationRuleInput

func (GetSecretRotationRuleArray) ElementType 

func (GetSecretRotationRuleArray) ElementType() reflect.Type

func (GetSecretRotationRuleArray) ToGetSecretRotationRuleArrayOutput 

func (i GetSecretRotationRuleArray) ToGetSecretRotationRuleArrayOutput() GetSecretRotationRuleArrayOutput

func (GetSecretRotationRuleArray) ToGetSecretRotationRuleArrayOutputWithContext 

func (i GetSecretRotationRuleArray) ToGetSecretRotationRuleArrayOutputWithContext(ctx context.Context) GetSecretRotationRuleArrayOutput

type GetSecretRotationRuleArrayInput 

type GetSecretRotationRuleArrayInput interface {
	pulumi.Input

	ToGetSecretRotationRuleArrayOutput() GetSecretRotationRuleArrayOutput
	ToGetSecretRotationRuleArrayOutputWithContext(context.Context) GetSecretRotationRuleArrayOutput
}

GetSecretRotationRuleArrayInput is an input type that accepts GetSecretRotationRuleArray and GetSecretRotationRuleArrayOutput values. You can construct a concrete instance of `GetSecretRotationRuleArrayInput` via: 

GetSecretRotationRuleArray{ GetSecretRotationRuleArgs{...} }

type GetSecretRotationRuleArrayOutput 

type GetSecretRotationRuleArrayOutput struct{ *pulumi.OutputState }

func (GetSecretRotationRuleArrayOutput) ElementType 

func (GetSecretRotationRuleArrayOutput) ElementType() reflect.Type

func (GetSecretRotationRuleArrayOutput) Index 

func (o GetSecretRotationRuleArrayOutput) Index(i pulumi.IntInput) GetSecretRotationRuleOutput

func (GetSecretRotationRuleArrayOutput) ToGetSecretRotationRuleArrayOutput 

func (o GetSecretRotationRuleArrayOutput) ToGetSecretRotationRuleArrayOutput() GetSecretRotationRuleArrayOutput

func (GetSecretRotationRuleArrayOutput) ToGetSecretRotationRuleArrayOutputWithContext 

func (o GetSecretRotationRuleArrayOutput) ToGetSecretRotationRuleArrayOutputWithContext(ctx context.Context) GetSecretRotationRuleArrayOutput

type GetSecretRotationRuleInput 

type GetSecretRotationRuleInput interface {
	pulumi.Input

	ToGetSecretRotationRuleOutput() GetSecretRotationRuleOutput
	ToGetSecretRotationRuleOutputWithContext(context.Context) GetSecretRotationRuleOutput
}

GetSecretRotationRuleInput is an input type that accepts GetSecretRotationRuleArgs and GetSecretRotationRuleOutput values. You can construct a concrete instance of `GetSecretRotationRuleInput` via: 

GetSecretRotationRuleArgs{...}

type GetSecretRotationRuleOutput 

type GetSecretRotationRuleOutput struct{ *pulumi.OutputState }

func (GetSecretRotationRuleOutput) AutomaticallyAfterDays 

func (o GetSecretRotationRuleOutput) AutomaticallyAfterDays() pulumi.IntOutput

func (GetSecretRotationRuleOutput) Duration added in v5.36.0 

func (o GetSecretRotationRuleOutput) Duration() pulumi.StringOutput

func (GetSecretRotationRuleOutput) ElementType 

func (GetSecretRotationRuleOutput) ElementType() reflect.Type

func (GetSecretRotationRuleOutput) ScheduleExpression added in v5.36.0 

func (o GetSecretRotationRuleOutput) ScheduleExpression() pulumi.StringOutput

func (GetSecretRotationRuleOutput) ToGetSecretRotationRuleOutput 

func (o GetSecretRotationRuleOutput) ToGetSecretRotationRuleOutput() GetSecretRotationRuleOutput

func (GetSecretRotationRuleOutput) ToGetSecretRotationRuleOutputWithContext 

func (o GetSecretRotationRuleOutput) ToGetSecretRotationRuleOutputWithContext(ctx context.Context) GetSecretRotationRuleOutput

type GetSecretsArgs added in v5.5.0 

type GetSecretsArgs struct {
	// Configuration block(s) for filtering. Detailed below.
	Filters []GetSecretsFilter `pulumi:"filters"`
}

A collection of arguments for invoking getSecrets.

type GetSecretsFilter added in v5.5.0 

type GetSecretsFilter struct {
	// Name of the filter field. Valid values can be found in the [Secrets Manager ListSecrets API Reference](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_ListSecrets.html).
	Name string `pulumi:"name"`
	// Set of values that are accepted for the given filter field. Results will be selected if any given value matches.
	Values []string `pulumi:"values"`
}

type GetSecretsFilterArgs added in v5.5.0 

type GetSecretsFilterArgs struct {
	// Name of the filter field. Valid values can be found in the [Secrets Manager ListSecrets API Reference](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_ListSecrets.html).
	Name pulumi.StringInput `pulumi:"name"`
	// Set of values that are accepted for the given filter field. Results will be selected if any given value matches.
	Values pulumi.StringArrayInput `pulumi:"values"`
}

func (GetSecretsFilterArgs) ElementType added in v5.5.0 

func (GetSecretsFilterArgs) ElementType() reflect.Type

func (GetSecretsFilterArgs) ToGetSecretsFilterOutput added in v5.5.0 

func (i GetSecretsFilterArgs) ToGetSecretsFilterOutput() GetSecretsFilterOutput

func (GetSecretsFilterArgs) ToGetSecretsFilterOutputWithContext added in v5.5.0 

func (i GetSecretsFilterArgs) ToGetSecretsFilterOutputWithContext(ctx context.Context) GetSecretsFilterOutput

type GetSecretsFilterArray added in v5.5.0 

type GetSecretsFilterArray []GetSecretsFilterInput

func (GetSecretsFilterArray) ElementType added in v5.5.0 

func (GetSecretsFilterArray) ElementType() reflect.Type

func (GetSecretsFilterArray) ToGetSecretsFilterArrayOutput added in v5.5.0 

func (i GetSecretsFilterArray) ToGetSecretsFilterArrayOutput() GetSecretsFilterArrayOutput

func (GetSecretsFilterArray) ToGetSecretsFilterArrayOutputWithContext added in v5.5.0 

func (i GetSecretsFilterArray) ToGetSecretsFilterArrayOutputWithContext(ctx context.Context) GetSecretsFilterArrayOutput

type GetSecretsFilterArrayInput added in v5.5.0 

type GetSecretsFilterArrayInput interface {
	pulumi.Input

	ToGetSecretsFilterArrayOutput() GetSecretsFilterArrayOutput
	ToGetSecretsFilterArrayOutputWithContext(context.Context) GetSecretsFilterArrayOutput
}

GetSecretsFilterArrayInput is an input type that accepts GetSecretsFilterArray and GetSecretsFilterArrayOutput values. You can construct a concrete instance of `GetSecretsFilterArrayInput` via: 

GetSecretsFilterArray{ GetSecretsFilterArgs{...} }

type GetSecretsFilterArrayOutput added in v5.5.0 

type GetSecretsFilterArrayOutput struct{ *pulumi.OutputState }

func (GetSecretsFilterArrayOutput) ElementType added in v5.5.0 

func (GetSecretsFilterArrayOutput) ElementType() reflect.Type

func (GetSecretsFilterArrayOutput) Index added in v5.5.0 

func (o GetSecretsFilterArrayOutput) Index(i pulumi.IntInput) GetSecretsFilterOutput

func (GetSecretsFilterArrayOutput) ToGetSecretsFilterArrayOutput added in v5.5.0 

func (o GetSecretsFilterArrayOutput) ToGetSecretsFilterArrayOutput() GetSecretsFilterArrayOutput

func (GetSecretsFilterArrayOutput) ToGetSecretsFilterArrayOutputWithContext added in v5.5.0 

func (o GetSecretsFilterArrayOutput) ToGetSecretsFilterArrayOutputWithContext(ctx context.Context) GetSecretsFilterArrayOutput

type GetSecretsFilterInput added in v5.5.0 

type GetSecretsFilterInput interface {
	pulumi.Input

	ToGetSecretsFilterOutput() GetSecretsFilterOutput
	ToGetSecretsFilterOutputWithContext(context.Context) GetSecretsFilterOutput
}

GetSecretsFilterInput is an input type that accepts GetSecretsFilterArgs and GetSecretsFilterOutput values. You can construct a concrete instance of `GetSecretsFilterInput` via: 

GetSecretsFilterArgs{...}

type GetSecretsFilterOutput added in v5.5.0 

type GetSecretsFilterOutput struct{ *pulumi.OutputState }

func (GetSecretsFilterOutput) ElementType added in v5.5.0 

func (GetSecretsFilterOutput) ElementType() reflect.Type

func (GetSecretsFilterOutput) Name added in v5.5.0 

func (o GetSecretsFilterOutput) Name() pulumi.StringOutput

Name of the filter field. Valid values can be found in the [Secrets Manager ListSecrets API Reference](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_ListSecrets.html).

func (GetSecretsFilterOutput) ToGetSecretsFilterOutput added in v5.5.0 

func (o GetSecretsFilterOutput) ToGetSecretsFilterOutput() GetSecretsFilterOutput

func (GetSecretsFilterOutput) ToGetSecretsFilterOutputWithContext added in v5.5.0 

func (o GetSecretsFilterOutput) ToGetSecretsFilterOutputWithContext(ctx context.Context) GetSecretsFilterOutput

func (GetSecretsFilterOutput) Values added in v5.5.0 

func (o GetSecretsFilterOutput) Values() pulumi.StringArrayOutput

Set of values that are accepted for the given filter field. Results will be selected if any given value matches.

type GetSecretsOutputArgs added in v5.5.0 

type GetSecretsOutputArgs struct {
	// Configuration block(s) for filtering. Detailed below.
	Filters GetSecretsFilterArrayInput `pulumi:"filters"`
}

A collection of arguments for invoking getSecrets.

func (GetSecretsOutputArgs) ElementType added in v5.5.0 

func (GetSecretsOutputArgs) ElementType() reflect.Type

type GetSecretsResult added in v5.5.0 

type GetSecretsResult struct {
	// Set of ARNs of the matched Secrets Manager secrets.
	Arns    []string           `pulumi:"arns"`
	Filters []GetSecretsFilter `pulumi:"filters"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// Set of names of the matched Secrets Manager secrets.
	Names []string `pulumi:"names"`
}

A collection of values returned by getSecrets.

func GetSecrets added in v5.5.0 

func GetSecrets(ctx *pulumi.Context, args *GetSecretsArgs, opts ...pulumi.InvokeOption) (*GetSecretsResult, error)

Use this data source to get the ARNs and names of Secrets Manager secrets matching the specified criteria.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.GetSecrets(ctx, &secretsmanager.GetSecretsArgs{
			Filters: []secretsmanager.GetSecretsFilter{
				{
					Name: "name",
					Values: []string{
						"example",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type GetSecretsResultOutput added in v5.5.0 

type GetSecretsResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getSecrets.

func GetSecretsOutput added in v5.5.0 

func GetSecretsOutput(ctx *pulumi.Context, args GetSecretsOutputArgs, opts ...pulumi.InvokeOption) GetSecretsResultOutput

func (GetSecretsResultOutput) Arns added in v5.5.0 

func (o GetSecretsResultOutput) Arns() pulumi.StringArrayOutput

Set of ARNs of the matched Secrets Manager secrets.

func (GetSecretsResultOutput) ElementType added in v5.5.0 

func (GetSecretsResultOutput) ElementType() reflect.Type

func (GetSecretsResultOutput) Filters added in v5.5.0 

func (o GetSecretsResultOutput) Filters() GetSecretsFilterArrayOutput

func (GetSecretsResultOutput) Id added in v5.5.0 

func (o GetSecretsResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetSecretsResultOutput) Names added in v5.5.0 

func (o GetSecretsResultOutput) Names() pulumi.StringArrayOutput

Set of names of the matched Secrets Manager secrets.

func (GetSecretsResultOutput) ToGetSecretsResultOutput added in v5.5.0 

func (o GetSecretsResultOutput) ToGetSecretsResultOutput() GetSecretsResultOutput

func (GetSecretsResultOutput) ToGetSecretsResultOutputWithContext added in v5.5.0 

func (o GetSecretsResultOutput) ToGetSecretsResultOutputWithContext(ctx context.Context) GetSecretsResultOutput

type LookupSecretArgs 

type LookupSecretArgs struct {
	// ARN of the secret to retrieve.
	Arn *string `pulumi:"arn"`
	// Name of the secret to retrieve.
	Name *string `pulumi:"name"`
}

A collection of arguments for invoking getSecret.

type LookupSecretOutputArgs 

type LookupSecretOutputArgs struct {
	// ARN of the secret to retrieve.
	Arn pulumi.StringPtrInput `pulumi:"arn"`
	// Name of the secret to retrieve.
	Name pulumi.StringPtrInput `pulumi:"name"`
}

A collection of arguments for invoking getSecret.

func (LookupSecretOutputArgs) ElementType 

func (LookupSecretOutputArgs) ElementType() reflect.Type

type LookupSecretResult 

type LookupSecretResult struct {
	// ARN of the secret.
	Arn string `pulumi:"arn"`
	// Description of the secret.
	Description string `pulumi:"description"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// Key Management Service (KMS) Customer Master Key (CMK) associated with the secret.
	KmsKeyId string `pulumi:"kmsKeyId"`
	Name     string `pulumi:"name"`
	// Resource-based policy document that's attached to the secret.
	Policy string `pulumi:"policy"`
	// Whether rotation is enabled or not.
	//
	// Deprecated: Use the aws_secretsmanager_secret_rotation data source instead
	RotationEnabled bool `pulumi:"rotationEnabled"`
	// Rotation Lambda function ARN if rotation is enabled.
	//
	// Deprecated: Use the aws_secretsmanager_secret_rotation data source instead
	RotationLambdaArn string `pulumi:"rotationLambdaArn"`
	// Rotation rules if rotation is enabled.
	//
	// Deprecated: Use the aws_secretsmanager_secret_rotation data source instead
	RotationRules []GetSecretRotationRule `pulumi:"rotationRules"`
	// Tags of the secret.
	Tags map[string]string `pulumi:"tags"`
}

A collection of values returned by getSecret.

func LookupSecret 

func LookupSecret(ctx *pulumi.Context, args *LookupSecretArgs, opts ...pulumi.InvokeOption) (*LookupSecretResult, error)

Retrieve metadata information about a Secrets Manager secret. To retrieve a secret value, see the `secretsmanager.SecretVersion` data source.

## Example Usage ### ARN

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.LookupSecret(ctx, &secretsmanager.LookupSecretArgs{
			Arn: pulumi.StringRef("arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Name

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.LookupSecret(ctx, &secretsmanager.LookupSecretArgs{
			Name: pulumi.StringRef("example"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type LookupSecretResultOutput 

type LookupSecretResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getSecret.

func LookupSecretOutput 

func LookupSecretOutput(ctx *pulumi.Context, args LookupSecretOutputArgs, opts ...pulumi.InvokeOption) LookupSecretResultOutput

func (LookupSecretResultOutput) Arn 

func (o LookupSecretResultOutput) Arn() pulumi.StringOutput

ARN of the secret.

func (LookupSecretResultOutput) Description 

func (o LookupSecretResultOutput) Description() pulumi.StringOutput

Description of the secret.

func (LookupSecretResultOutput) ElementType 

func (LookupSecretResultOutput) ElementType() reflect.Type

func (LookupSecretResultOutput) Id 

func (o LookupSecretResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (LookupSecretResultOutput) KmsKeyId 

func (o LookupSecretResultOutput) KmsKeyId() pulumi.StringOutput

Key Management Service (KMS) Customer Master Key (CMK) associated with the secret.

func (LookupSecretResultOutput) Name 

func (o LookupSecretResultOutput) Name() pulumi.StringOutput

func (LookupSecretResultOutput) Policy 

func (o LookupSecretResultOutput) Policy() pulumi.StringOutput

Resource-based policy document that's attached to the secret.

func (LookupSecretResultOutput) RotationEnabled deprecated 

func (o LookupSecretResultOutput) RotationEnabled() pulumi.BoolOutput

Whether rotation is enabled or not.

Deprecated: Use the aws_secretsmanager_secret_rotation data source instead

func (LookupSecretResultOutput) RotationLambdaArn deprecated 

func (o LookupSecretResultOutput) RotationLambdaArn() pulumi.StringOutput

Rotation Lambda function ARN if rotation is enabled.

Deprecated: Use the aws_secretsmanager_secret_rotation data source instead

func (LookupSecretResultOutput) RotationRules deprecated 

func (o LookupSecretResultOutput) RotationRules() GetSecretRotationRuleArrayOutput

Rotation rules if rotation is enabled.

Deprecated: Use the aws_secretsmanager_secret_rotation data source instead

func (LookupSecretResultOutput) Tags 

func (o LookupSecretResultOutput) Tags() pulumi.StringMapOutput

Tags of the secret.

func (LookupSecretResultOutput) ToLookupSecretResultOutput 

func (o LookupSecretResultOutput) ToLookupSecretResultOutput() LookupSecretResultOutput

func (LookupSecretResultOutput) ToLookupSecretResultOutputWithContext 

func (o LookupSecretResultOutput) ToLookupSecretResultOutputWithContext(ctx context.Context) LookupSecretResultOutput

type LookupSecretRotationArgs 

type LookupSecretRotationArgs struct {
	// Specifies the secret containing the version that you want to retrieve. You can specify either the ARN or the friendly name of the secret.
	SecretId string `pulumi:"secretId"`
}

A collection of arguments for invoking getSecretRotation.

type LookupSecretRotationOutputArgs 

type LookupSecretRotationOutputArgs struct {
	// Specifies the secret containing the version that you want to retrieve. You can specify either the ARN or the friendly name of the secret.
	SecretId pulumi.StringInput `pulumi:"secretId"`
}

A collection of arguments for invoking getSecretRotation.

func (LookupSecretRotationOutputArgs) ElementType 

func (LookupSecretRotationOutputArgs) ElementType() reflect.Type

type LookupSecretRotationResult 

type LookupSecretRotationResult struct {
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// ARN of the secret.
	RotationEnabled bool `pulumi:"rotationEnabled"`
	// Decrypted part of the protected secret information that was originally provided as a string.
	RotationLambdaArn string `pulumi:"rotationLambdaArn"`
	// Decrypted part of the protected secret information that was originally provided as a binary. Base64 encoded.
	RotationRules []GetSecretRotationRotationRule `pulumi:"rotationRules"`
	SecretId      string                          `pulumi:"secretId"`
}

A collection of values returned by getSecretRotation.

func LookupSecretRotation 

func LookupSecretRotation(ctx *pulumi.Context, args *LookupSecretRotationArgs, opts ...pulumi.InvokeOption) (*LookupSecretRotationResult, error)

Retrieve information about a Secrets Manager secret rotation. To retrieve secret metadata, see the `secretsmanager.Secret` data source. To retrieve a secret value, see the `secretsmanager.SecretVersion` data source.

## Example Usage ### Retrieve Secret Rotation Configuration

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.LookupSecretRotation(ctx, &secretsmanager.LookupSecretRotationArgs{
			SecretId: data.Aws_secretsmanager_secret.Example.Id,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type LookupSecretRotationResultOutput 

type LookupSecretRotationResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getSecretRotation.

func LookupSecretRotationOutput 

func LookupSecretRotationOutput(ctx *pulumi.Context, args LookupSecretRotationOutputArgs, opts ...pulumi.InvokeOption) LookupSecretRotationResultOutput

func (LookupSecretRotationResultOutput) ElementType 

func (LookupSecretRotationResultOutput) ElementType() reflect.Type

func (LookupSecretRotationResultOutput) Id 

func (o LookupSecretRotationResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (LookupSecretRotationResultOutput) RotationEnabled 

func (o LookupSecretRotationResultOutput) RotationEnabled() pulumi.BoolOutput

ARN of the secret.

func (LookupSecretRotationResultOutput) RotationLambdaArn 

func (o LookupSecretRotationResultOutput) RotationLambdaArn() pulumi.StringOutput

Decrypted part of the protected secret information that was originally provided as a string.

func (LookupSecretRotationResultOutput) RotationRules 

func (o LookupSecretRotationResultOutput) RotationRules() GetSecretRotationRotationRuleArrayOutput

Decrypted part of the protected secret information that was originally provided as a binary. Base64 encoded.

func (LookupSecretRotationResultOutput) SecretId 

func (o LookupSecretRotationResultOutput) SecretId() pulumi.StringOutput

func (LookupSecretRotationResultOutput) ToLookupSecretRotationResultOutput 

func (o LookupSecretRotationResultOutput) ToLookupSecretRotationResultOutput() LookupSecretRotationResultOutput

func (LookupSecretRotationResultOutput) ToLookupSecretRotationResultOutputWithContext 

func (o LookupSecretRotationResultOutput) ToLookupSecretRotationResultOutputWithContext(ctx context.Context) LookupSecretRotationResultOutput

type LookupSecretVersionArgs 

type LookupSecretVersionArgs struct {
	// Specifies the secret containing the version that you want to retrieve. You can specify either the ARN or the friendly name of the secret.
	SecretId string `pulumi:"secretId"`
	// Specifies the unique identifier of the version of the secret that you want to retrieve. Overrides `versionStage`.
	VersionId *string `pulumi:"versionId"`
	// Specifies the secret version that you want to retrieve by the staging label attached to the version. Defaults to `AWSCURRENT`.
	VersionStage *string `pulumi:"versionStage"`
}

A collection of arguments for invoking getSecretVersion.

type LookupSecretVersionOutputArgs 

type LookupSecretVersionOutputArgs struct {
	// Specifies the secret containing the version that you want to retrieve. You can specify either the ARN or the friendly name of the secret.
	SecretId pulumi.StringInput `pulumi:"secretId"`
	// Specifies the unique identifier of the version of the secret that you want to retrieve. Overrides `versionStage`.
	VersionId pulumi.StringPtrInput `pulumi:"versionId"`
	// Specifies the secret version that you want to retrieve by the staging label attached to the version. Defaults to `AWSCURRENT`.
	VersionStage pulumi.StringPtrInput `pulumi:"versionStage"`
}

A collection of arguments for invoking getSecretVersion.

func (LookupSecretVersionOutputArgs) ElementType 

func (LookupSecretVersionOutputArgs) ElementType() reflect.Type

type LookupSecretVersionResult 

type LookupSecretVersionResult struct {
	// ARN of the secret.
	Arn string `pulumi:"arn"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// Decrypted part of the protected secret information that was originally provided as a binary.
	SecretBinary string `pulumi:"secretBinary"`
	SecretId     string `pulumi:"secretId"`
	// Decrypted part of the protected secret information that was originally provided as a string.
	SecretString string `pulumi:"secretString"`
	// Unique identifier of this version of the secret.
	VersionId     string   `pulumi:"versionId"`
	VersionStage  *string  `pulumi:"versionStage"`
	VersionStages []string `pulumi:"versionStages"`
}

A collection of values returned by getSecretVersion.

func LookupSecretVersion 

func LookupSecretVersion(ctx *pulumi.Context, args *LookupSecretVersionArgs, opts ...pulumi.InvokeOption) (*LookupSecretVersionResult, error)

Retrieve information about a Secrets Manager secret version, including its secret value. To retrieve secret metadata, see the `secretsmanager.Secret` data source.

## Example Usage ### Retrieve Current Secret Version

By default, this data sources retrieves information based on the `AWSCURRENT` staging label.

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.LookupSecretVersion(ctx, &secretsmanager.LookupSecretVersionArgs{
			SecretId: data.Aws_secretsmanager_secret.Example.Id,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Retrieve Specific Secret Version

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.LookupSecretVersion(ctx, &secretsmanager.LookupSecretVersionArgs{
			SecretId:     data.Aws_secretsmanager_secret.Example.Id,
			VersionStage: pulumi.StringRef("example"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type LookupSecretVersionResultOutput 

type LookupSecretVersionResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getSecretVersion.

func LookupSecretVersionOutput 

func LookupSecretVersionOutput(ctx *pulumi.Context, args LookupSecretVersionOutputArgs, opts ...pulumi.InvokeOption) LookupSecretVersionResultOutput

func (LookupSecretVersionResultOutput) Arn 

func (o LookupSecretVersionResultOutput) Arn() pulumi.StringOutput

ARN of the secret.

func (LookupSecretVersionResultOutput) ElementType 

func (LookupSecretVersionResultOutput) ElementType() reflect.Type

func (LookupSecretVersionResultOutput) Id 

func (o LookupSecretVersionResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (LookupSecretVersionResultOutput) SecretBinary 

func (o LookupSecretVersionResultOutput) SecretBinary() pulumi.StringOutput

Decrypted part of the protected secret information that was originally provided as a binary.

func (LookupSecretVersionResultOutput) SecretId 

func (o LookupSecretVersionResultOutput) SecretId() pulumi.StringOutput

func (LookupSecretVersionResultOutput) SecretString 

func (o LookupSecretVersionResultOutput) SecretString() pulumi.StringOutput

Decrypted part of the protected secret information that was originally provided as a string.

func (LookupSecretVersionResultOutput) ToLookupSecretVersionResultOutput 

func (o LookupSecretVersionResultOutput) ToLookupSecretVersionResultOutput() LookupSecretVersionResultOutput

func (LookupSecretVersionResultOutput) ToLookupSecretVersionResultOutputWithContext 

func (o LookupSecretVersionResultOutput) ToLookupSecretVersionResultOutputWithContext(ctx context.Context) LookupSecretVersionResultOutput

func (LookupSecretVersionResultOutput) VersionId 

func (o LookupSecretVersionResultOutput) VersionId() pulumi.StringOutput

Unique identifier of this version of the secret.

func (LookupSecretVersionResultOutput) VersionStage 

func (o LookupSecretVersionResultOutput) VersionStage() pulumi.StringPtrOutput

func (LookupSecretVersionResultOutput) VersionStages 

func (o LookupSecretVersionResultOutput) VersionStages() pulumi.StringArrayOutput

type Secret 

type Secret struct {
	pulumi.CustomResourceState

	// ARN of the secret.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// Description of the secret.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.
	ForceOverwriteReplicaSecret pulumi.BoolPtrOutput `pulumi:"forceOverwriteReplicaSecret"`
	// ARN or Id of the AWS KMS key to be used to encrypt the secret values in the versions stored in this secret. If you need to reference a CMK in a different account, you can use only the key ARN. If you don't specify this value, then Secrets Manager defaults to using the AWS account's default KMS key (the one named `aws/secretsmanager`). If the default KMS key with that name doesn't yet exist, then AWS Secrets Manager creates it for you automatically the first time.
	KmsKeyId pulumi.StringPtrOutput `pulumi:"kmsKeyId"`
	// Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: `/_+=.@-` Conflicts with `namePrefix`.
	Name pulumi.StringOutput `pulumi:"name"`
	// Creates a unique name beginning with the specified prefix. Conflicts with `name`.
	NamePrefix pulumi.StringOutput `pulumi:"namePrefix"`
	// Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Removing `policy` from your configuration or setting `policy` to null or an empty string (i.e., `policy = ""`) _will not_ delete the policy since it could have been set by `secretsmanager.SecretPolicy`. To delete the `policy`, set it to `"{}"` (an empty JSON document).
	Policy pulumi.StringOutput `pulumi:"policy"`
	// Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be `0` to force deletion without recovery or range from `7` to `30` days. The default value is `30`.
	RecoveryWindowInDays pulumi.IntPtrOutput `pulumi:"recoveryWindowInDays"`
	// Configuration block to support secret replication. See details below.
	Replicas SecretReplicaArrayOutput `pulumi:"replicas"`
	// Whether automatic rotation is enabled for this secret.
	//
	// Deprecated: Use the aws_secretsmanager_secret_rotation resource instead
	RotationEnabled pulumi.BoolOutput `pulumi:"rotationEnabled"`
	// ARN of the Lambda function that can rotate the secret. Use the `secretsmanager.SecretRotation` resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.
	//
	// Deprecated: Use the aws_secretsmanager_secret_rotation resource instead
	RotationLambdaArn pulumi.StringOutput `pulumi:"rotationLambdaArn"`
	// Configuration block for the rotation configuration of this secret. Defined below. Use the `secretsmanager.SecretRotation` resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.
	//
	// Deprecated: Use the aws_secretsmanager_secret_rotation resource instead
	RotationRules SecretRotationRulesOutput `pulumi:"rotationRules"`
	// Key-value map of user-defined tags that are attached to the secret. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapOutput `pulumi:"tags"`
	// Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
	TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"`
}

Provides a resource to manage AWS Secrets Manager secret metadata. To manage secret rotation, see the `secretsmanager.SecretRotation` resource. To manage a secret value, see the `secretsmanager.SecretVersion` resource.

## Example Usage ### Basic

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.NewSecret(ctx, "example", nil)
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Rotation Configuration

To enable automatic secret rotation, the Secrets Manager service requires usage of a Lambda function. The [Rotate Secrets section in the Secrets Manager User Guide](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html) provides additional information about deploying a prebuilt Lambda functions for supported credential rotation (e.g., RDS) or deploying a custom Lambda function.

> **NOTE:** Configuring rotation causes the secret to rotate once as soon as you store the secret. Before you do this, you must ensure that all of your applications that use the credentials stored in the secret are updated to retrieve the secret from AWS Secrets Manager. The old credentials might no longer be usable after the initial rotation and any applications that you fail to update will break as soon as the old credentials are no longer valid.

> **NOTE:** If you cancel a rotation that is in progress (by removing the `rotation` configuration), it can leave the VersionStage labels in an unexpected state. Depending on what step of the rotation was in progress, you might need to remove the staging label AWSPENDING from the partially created version, specified by the SecretVersionId response value. You should also evaluate the partially rotated new version to see if it should be deleted, which you can do by removing all staging labels from the new version's VersionStage field.

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.NewSecret(ctx, "rotation-example", &secretsmanager.SecretArgs{
			RotationLambdaArn: pulumi.Any(aws_lambda_function.Example.Arn),
			RotationRules: &secretsmanager.SecretRotationRulesArgs{
				AutomaticallyAfterDays: pulumi.Int(7),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

`aws_secretsmanager_secret` can be imported by using the secret Amazon Resource Name (ARN), e.g.,

```sh 

$ pulumi import aws:secretsmanager/secret:Secret example arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456

```

func GetSecret 

func GetSecret(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretState, opts ...pulumi.ResourceOption) (*Secret, error)

GetSecret gets an existing Secret resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecret 

func NewSecret(ctx *pulumi.Context,
	name string, args *SecretArgs, opts ...pulumi.ResourceOption) (*Secret, error)

NewSecret registers a new resource with the given unique name, arguments, and options.

func (*Secret) ElementType 

func (*Secret) ElementType() reflect.Type

func (*Secret) ToSecretOutput 

func (i *Secret) ToSecretOutput() SecretOutput

func (*Secret) ToSecretOutputWithContext 

func (i *Secret) ToSecretOutputWithContext(ctx context.Context) SecretOutput

type SecretArgs 

type SecretArgs struct {
	// Description of the secret.
	Description pulumi.StringPtrInput
	// Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.
	ForceOverwriteReplicaSecret pulumi.BoolPtrInput
	// ARN or Id of the AWS KMS key to be used to encrypt the secret values in the versions stored in this secret. If you need to reference a CMK in a different account, you can use only the key ARN. If you don't specify this value, then Secrets Manager defaults to using the AWS account's default KMS key (the one named `aws/secretsmanager`). If the default KMS key with that name doesn't yet exist, then AWS Secrets Manager creates it for you automatically the first time.
	KmsKeyId pulumi.StringPtrInput
	// Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: `/_+=.@-` Conflicts with `namePrefix`.
	Name pulumi.StringPtrInput
	// Creates a unique name beginning with the specified prefix. Conflicts with `name`.
	NamePrefix pulumi.StringPtrInput
	// Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Removing `policy` from your configuration or setting `policy` to null or an empty string (i.e., `policy = ""`) _will not_ delete the policy since it could have been set by `secretsmanager.SecretPolicy`. To delete the `policy`, set it to `"{}"` (an empty JSON document).
	Policy pulumi.StringPtrInput
	// Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be `0` to force deletion without recovery or range from `7` to `30` days. The default value is `30`.
	RecoveryWindowInDays pulumi.IntPtrInput
	// Configuration block to support secret replication. See details below.
	Replicas SecretReplicaArrayInput
	// ARN of the Lambda function that can rotate the secret. Use the `secretsmanager.SecretRotation` resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.
	//
	// Deprecated: Use the aws_secretsmanager_secret_rotation resource instead
	RotationLambdaArn pulumi.StringPtrInput
	// Configuration block for the rotation configuration of this secret. Defined below. Use the `secretsmanager.SecretRotation` resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.
	//
	// Deprecated: Use the aws_secretsmanager_secret_rotation resource instead
	RotationRules SecretRotationRulesPtrInput
	// Key-value map of user-defined tags that are attached to the secret. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapInput
}

The set of arguments for constructing a Secret resource.

func (SecretArgs) ElementType 

func (SecretArgs) ElementType() reflect.Type

type SecretArray 

type SecretArray []SecretInput

func (SecretArray) ElementType 

func (SecretArray) ElementType() reflect.Type

func (SecretArray) ToSecretArrayOutput 

func (i SecretArray) ToSecretArrayOutput() SecretArrayOutput

func (SecretArray) ToSecretArrayOutputWithContext 

func (i SecretArray) ToSecretArrayOutputWithContext(ctx context.Context) SecretArrayOutput

type SecretArrayInput 

type SecretArrayInput interface {
	pulumi.Input

	ToSecretArrayOutput() SecretArrayOutput
	ToSecretArrayOutputWithContext(context.Context) SecretArrayOutput
}

SecretArrayInput is an input type that accepts SecretArray and SecretArrayOutput values. You can construct a concrete instance of `SecretArrayInput` via: 

SecretArray{ SecretArgs{...} }

type SecretArrayOutput 

type SecretArrayOutput struct{ *pulumi.OutputState }

func (SecretArrayOutput) ElementType 

func (SecretArrayOutput) ElementType() reflect.Type

func (SecretArrayOutput) Index 

func (o SecretArrayOutput) Index(i pulumi.IntInput) SecretOutput

func (SecretArrayOutput) ToSecretArrayOutput 

func (o SecretArrayOutput) ToSecretArrayOutput() SecretArrayOutput

func (SecretArrayOutput) ToSecretArrayOutputWithContext 

func (o SecretArrayOutput) ToSecretArrayOutputWithContext(ctx context.Context) SecretArrayOutput

type SecretInput 

type SecretInput interface {
	pulumi.Input

	ToSecretOutput() SecretOutput
	ToSecretOutputWithContext(ctx context.Context) SecretOutput
}

type SecretMap 

type SecretMap map[string]SecretInput

func (SecretMap) ElementType 

func (SecretMap) ElementType() reflect.Type

func (SecretMap) ToSecretMapOutput 

func (i SecretMap) ToSecretMapOutput() SecretMapOutput

func (SecretMap) ToSecretMapOutputWithContext 

func (i SecretMap) ToSecretMapOutputWithContext(ctx context.Context) SecretMapOutput

type SecretMapInput 

type SecretMapInput interface {
	pulumi.Input

	ToSecretMapOutput() SecretMapOutput
	ToSecretMapOutputWithContext(context.Context) SecretMapOutput
}

SecretMapInput is an input type that accepts SecretMap and SecretMapOutput values. You can construct a concrete instance of `SecretMapInput` via: 

SecretMap{ "key": SecretArgs{...} }

type SecretMapOutput 

type SecretMapOutput struct{ *pulumi.OutputState }

func (SecretMapOutput) ElementType 

func (SecretMapOutput) ElementType() reflect.Type

func (SecretMapOutput) MapIndex 

func (o SecretMapOutput) MapIndex(k pulumi.StringInput) SecretOutput

func (SecretMapOutput) ToSecretMapOutput 

func (o SecretMapOutput) ToSecretMapOutput() SecretMapOutput

func (SecretMapOutput) ToSecretMapOutputWithContext 

func (o SecretMapOutput) ToSecretMapOutputWithContext(ctx context.Context) SecretMapOutput

type SecretOutput 

type SecretOutput struct{ *pulumi.OutputState }

func (SecretOutput) Arn added in v5.4.0 

func (o SecretOutput) Arn() pulumi.StringOutput

ARN of the secret.

func (SecretOutput) Description added in v5.4.0 

func (o SecretOutput) Description() pulumi.StringPtrOutput

Description of the secret.

func (SecretOutput) ElementType 

func (SecretOutput) ElementType() reflect.Type

func (SecretOutput) ForceOverwriteReplicaSecret added in v5.4.0 

func (o SecretOutput) ForceOverwriteReplicaSecret() pulumi.BoolPtrOutput

Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.

func (SecretOutput) KmsKeyId added in v5.4.0 

func (o SecretOutput) KmsKeyId() pulumi.StringPtrOutput

ARN or Id of the AWS KMS key to be used to encrypt the secret values in the versions stored in this secret. If you need to reference a CMK in a different account, you can use only the key ARN. If you don't specify this value, then Secrets Manager defaults to using the AWS account's default KMS key (the one named `aws/secretsmanager`). If the default KMS key with that name doesn't yet exist, then AWS Secrets Manager creates it for you automatically the first time.

func (SecretOutput) Name added in v5.4.0 

func (o SecretOutput) Name() pulumi.StringOutput

Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: `/_+=.@-` Conflicts with `namePrefix`.

func (SecretOutput) NamePrefix added in v5.4.0 

func (o SecretOutput) NamePrefix() pulumi.StringOutput

Creates a unique name beginning with the specified prefix. Conflicts with `name`.

func (SecretOutput) Policy added in v5.4.0 

func (o SecretOutput) Policy() pulumi.StringOutput

Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Removing `policy` from your configuration or setting `policy` to null or an empty string (i.e., `policy = ""`) _will not_ delete the policy since it could have been set by `secretsmanager.SecretPolicy`. To delete the `policy`, set it to `"{}"` (an empty JSON document).

func (SecretOutput) RecoveryWindowInDays added in v5.4.0 

func (o SecretOutput) RecoveryWindowInDays() pulumi.IntPtrOutput

Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be `0` to force deletion without recovery or range from `7` to `30` days. The default value is `30`.

func (SecretOutput) Replicas added in v5.4.0 

func (o SecretOutput) Replicas() SecretReplicaArrayOutput

Configuration block to support secret replication. See details below.

func (SecretOutput) RotationEnabled deprecated added in v5.4.0 

func (o SecretOutput) RotationEnabled() pulumi.BoolOutput

Whether automatic rotation is enabled for this secret.

Deprecated: Use the aws_secretsmanager_secret_rotation resource instead

func (SecretOutput) RotationLambdaArn deprecated added in v5.4.0 

func (o SecretOutput) RotationLambdaArn() pulumi.StringOutput

ARN of the Lambda function that can rotate the secret. Use the `secretsmanager.SecretRotation` resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.

Deprecated: Use the aws_secretsmanager_secret_rotation resource instead

func (SecretOutput) RotationRules deprecated added in v5.4.0 

func (o SecretOutput) RotationRules() SecretRotationRulesOutput

Configuration block for the rotation configuration of this secret. Defined below. Use the `secretsmanager.SecretRotation` resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.

Deprecated: Use the aws_secretsmanager_secret_rotation resource instead

func (SecretOutput) Tags added in v5.4.0 

func (o SecretOutput) Tags() pulumi.StringMapOutput

Key-value map of user-defined tags that are attached to the secret. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.

func (SecretOutput) TagsAll added in v5.4.0 

func (o SecretOutput) TagsAll() pulumi.StringMapOutput

Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.

func (SecretOutput) ToSecretOutput 

func (o SecretOutput) ToSecretOutput() SecretOutput

func (SecretOutput) ToSecretOutputWithContext 

func (o SecretOutput) ToSecretOutputWithContext(ctx context.Context) SecretOutput

type SecretPolicy 

type SecretPolicy struct {
	pulumi.CustomResourceState

	// Makes an optional API call to Zelkova to validate the Resource Policy to prevent broad access to your secret.
	BlockPublicPolicy pulumi.BoolPtrOutput `pulumi:"blockPublicPolicy"`
	// Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Unlike `secretsmanager.Secret`, where `policy` can be set to `"{}"` to delete the policy, `"{}"` is not a valid policy since `policy` is required.
	Policy pulumi.StringOutput `pulumi:"policy"`
	// Secret ARN.
	//
	// The following arguments are optional:
	SecretArn pulumi.StringOutput `pulumi:"secretArn"`
}

Provides a resource to manage AWS Secrets Manager secret policy.

## Example Usage ### Basic

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleSecret, err := secretsmanager.NewSecret(ctx, "exampleSecret", nil)
		if err != nil {
			return err
		}
		examplePolicyDocument, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
			Statements: []iam.GetPolicyDocumentStatement{
				{
					Sid:    pulumi.StringRef("EnableAnotherAWSAccountToReadTheSecret"),
					Effect: pulumi.StringRef("Allow"),
					Principals: []iam.GetPolicyDocumentStatementPrincipal{
						{
							Type: "AWS",
							Identifiers: []string{
								"arn:aws:iam::123456789012:root",
							},
						},
					},
					Actions: []string{
						"secretsmanager:GetSecretValue",
					},
					Resources: []string{
						"*",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = secretsmanager.NewSecretPolicy(ctx, "exampleSecretPolicy", &secretsmanager.SecretPolicyArgs{
			SecretArn: exampleSecret.Arn,
			Policy:    *pulumi.String(examplePolicyDocument.Json),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

`aws_secretsmanager_secret_policy` can be imported by using the secret Amazon Resource Name (ARN), e.g.,

```sh 

$ pulumi import aws:secretsmanager/secretPolicy:SecretPolicy example arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456

```

func GetSecretPolicy 

func GetSecretPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretPolicyState, opts ...pulumi.ResourceOption) (*SecretPolicy, error)

GetSecretPolicy gets an existing SecretPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretPolicy 

func NewSecretPolicy(ctx *pulumi.Context,
	name string, args *SecretPolicyArgs, opts ...pulumi.ResourceOption) (*SecretPolicy, error)

NewSecretPolicy registers a new resource with the given unique name, arguments, and options.

func (*SecretPolicy) ElementType 

func (*SecretPolicy) ElementType() reflect.Type

func (*SecretPolicy) ToSecretPolicyOutput 

func (i *SecretPolicy) ToSecretPolicyOutput() SecretPolicyOutput

func (*SecretPolicy) ToSecretPolicyOutputWithContext 

func (i *SecretPolicy) ToSecretPolicyOutputWithContext(ctx context.Context) SecretPolicyOutput

type SecretPolicyArgs 

type SecretPolicyArgs struct {
	// Makes an optional API call to Zelkova to validate the Resource Policy to prevent broad access to your secret.
	BlockPublicPolicy pulumi.BoolPtrInput
	// Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Unlike `secretsmanager.Secret`, where `policy` can be set to `"{}"` to delete the policy, `"{}"` is not a valid policy since `policy` is required.
	Policy pulumi.StringInput
	// Secret ARN.
	//
	// The following arguments are optional:
	SecretArn pulumi.StringInput
}

The set of arguments for constructing a SecretPolicy resource.

func (SecretPolicyArgs) ElementType 

func (SecretPolicyArgs) ElementType() reflect.Type

type SecretPolicyArray 

type SecretPolicyArray []SecretPolicyInput

func (SecretPolicyArray) ElementType 

func (SecretPolicyArray) ElementType() reflect.Type

func (SecretPolicyArray) ToSecretPolicyArrayOutput 

func (i SecretPolicyArray) ToSecretPolicyArrayOutput() SecretPolicyArrayOutput

func (SecretPolicyArray) ToSecretPolicyArrayOutputWithContext 

func (i SecretPolicyArray) ToSecretPolicyArrayOutputWithContext(ctx context.Context) SecretPolicyArrayOutput

type SecretPolicyArrayInput 

type SecretPolicyArrayInput interface {
	pulumi.Input

	ToSecretPolicyArrayOutput() SecretPolicyArrayOutput
	ToSecretPolicyArrayOutputWithContext(context.Context) SecretPolicyArrayOutput
}

SecretPolicyArrayInput is an input type that accepts SecretPolicyArray and SecretPolicyArrayOutput values. You can construct a concrete instance of `SecretPolicyArrayInput` via: 

SecretPolicyArray{ SecretPolicyArgs{...} }

type SecretPolicyArrayOutput 

type SecretPolicyArrayOutput struct{ *pulumi.OutputState }

func (SecretPolicyArrayOutput) ElementType 

func (SecretPolicyArrayOutput) ElementType() reflect.Type

func (SecretPolicyArrayOutput) Index 

func (o SecretPolicyArrayOutput) Index(i pulumi.IntInput) SecretPolicyOutput

func (SecretPolicyArrayOutput) ToSecretPolicyArrayOutput 

func (o SecretPolicyArrayOutput) ToSecretPolicyArrayOutput() SecretPolicyArrayOutput

func (SecretPolicyArrayOutput) ToSecretPolicyArrayOutputWithContext 

func (o SecretPolicyArrayOutput) ToSecretPolicyArrayOutputWithContext(ctx context.Context) SecretPolicyArrayOutput

type SecretPolicyInput 

type SecretPolicyInput interface {
	pulumi.Input

	ToSecretPolicyOutput() SecretPolicyOutput
	ToSecretPolicyOutputWithContext(ctx context.Context) SecretPolicyOutput
}

type SecretPolicyMap 

type SecretPolicyMap map[string]SecretPolicyInput

func (SecretPolicyMap) ElementType 

func (SecretPolicyMap) ElementType() reflect.Type

func (SecretPolicyMap) ToSecretPolicyMapOutput 

func (i SecretPolicyMap) ToSecretPolicyMapOutput() SecretPolicyMapOutput

func (SecretPolicyMap) ToSecretPolicyMapOutputWithContext 

func (i SecretPolicyMap) ToSecretPolicyMapOutputWithContext(ctx context.Context) SecretPolicyMapOutput

type SecretPolicyMapInput 

type SecretPolicyMapInput interface {
	pulumi.Input

	ToSecretPolicyMapOutput() SecretPolicyMapOutput
	ToSecretPolicyMapOutputWithContext(context.Context) SecretPolicyMapOutput
}

SecretPolicyMapInput is an input type that accepts SecretPolicyMap and SecretPolicyMapOutput values. You can construct a concrete instance of `SecretPolicyMapInput` via: 

SecretPolicyMap{ "key": SecretPolicyArgs{...} }

type SecretPolicyMapOutput 

type SecretPolicyMapOutput struct{ *pulumi.OutputState }

func (SecretPolicyMapOutput) ElementType 

func (SecretPolicyMapOutput) ElementType() reflect.Type

func (SecretPolicyMapOutput) MapIndex 

func (o SecretPolicyMapOutput) MapIndex(k pulumi.StringInput) SecretPolicyOutput

func (SecretPolicyMapOutput) ToSecretPolicyMapOutput 

func (o SecretPolicyMapOutput) ToSecretPolicyMapOutput() SecretPolicyMapOutput

func (SecretPolicyMapOutput) ToSecretPolicyMapOutputWithContext 

func (o SecretPolicyMapOutput) ToSecretPolicyMapOutputWithContext(ctx context.Context) SecretPolicyMapOutput

type SecretPolicyOutput 

type SecretPolicyOutput struct{ *pulumi.OutputState }

func (SecretPolicyOutput) BlockPublicPolicy added in v5.4.0 

func (o SecretPolicyOutput) BlockPublicPolicy() pulumi.BoolPtrOutput

Makes an optional API call to Zelkova to validate the Resource Policy to prevent broad access to your secret.

func (SecretPolicyOutput) ElementType 

func (SecretPolicyOutput) ElementType() reflect.Type

func (SecretPolicyOutput) Policy added in v5.4.0 

func (o SecretPolicyOutput) Policy() pulumi.StringOutput

Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Unlike `secretsmanager.Secret`, where `policy` can be set to `"{}"` to delete the policy, `"{}"` is not a valid policy since `policy` is required.

func (SecretPolicyOutput) SecretArn added in v5.4.0 

func (o SecretPolicyOutput) SecretArn() pulumi.StringOutput

Secret ARN.

The following arguments are optional:

func (SecretPolicyOutput) ToSecretPolicyOutput 

func (o SecretPolicyOutput) ToSecretPolicyOutput() SecretPolicyOutput

func (SecretPolicyOutput) ToSecretPolicyOutputWithContext 

func (o SecretPolicyOutput) ToSecretPolicyOutputWithContext(ctx context.Context) SecretPolicyOutput

type SecretPolicyState 

type SecretPolicyState struct {
	// Makes an optional API call to Zelkova to validate the Resource Policy to prevent broad access to your secret.
	BlockPublicPolicy pulumi.BoolPtrInput
	// Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Unlike `secretsmanager.Secret`, where `policy` can be set to `"{}"` to delete the policy, `"{}"` is not a valid policy since `policy` is required.
	Policy pulumi.StringPtrInput
	// Secret ARN.
	//
	// The following arguments are optional:
	SecretArn pulumi.StringPtrInput
}

func (SecretPolicyState) ElementType 

func (SecretPolicyState) ElementType() reflect.Type

type SecretReplica 

type SecretReplica struct {
	// ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (`aws/secretsmanager`) in the region or creates one for use if non-existent.
	KmsKeyId *string `pulumi:"kmsKeyId"`
	// Date that you last accessed the secret in the Region.
	LastAccessedDate *string `pulumi:"lastAccessedDate"`
	// Region for replicating the secret.
	Region string `pulumi:"region"`
	// Status can be `InProgress`, `Failed`, or `InSync`.
	Status *string `pulumi:"status"`
	// Message such as `Replication succeeded` or `Secret with this name already exists in this region`.
	StatusMessage *string `pulumi:"statusMessage"`
}

type SecretReplicaArgs 

type SecretReplicaArgs struct {
	// ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (`aws/secretsmanager`) in the region or creates one for use if non-existent.
	KmsKeyId pulumi.StringPtrInput `pulumi:"kmsKeyId"`
	// Date that you last accessed the secret in the Region.
	LastAccessedDate pulumi.StringPtrInput `pulumi:"lastAccessedDate"`
	// Region for replicating the secret.
	Region pulumi.StringInput `pulumi:"region"`
	// Status can be `InProgress`, `Failed`, or `InSync`.
	Status pulumi.StringPtrInput `pulumi:"status"`
	// Message such as `Replication succeeded` or `Secret with this name already exists in this region`.
	StatusMessage pulumi.StringPtrInput `pulumi:"statusMessage"`
}

func (SecretReplicaArgs) ElementType 

func (SecretReplicaArgs) ElementType() reflect.Type

func (SecretReplicaArgs) ToSecretReplicaOutput 

func (i SecretReplicaArgs) ToSecretReplicaOutput() SecretReplicaOutput

func (SecretReplicaArgs) ToSecretReplicaOutputWithContext 

func (i SecretReplicaArgs) ToSecretReplicaOutputWithContext(ctx context.Context) SecretReplicaOutput

type SecretReplicaArray 

type SecretReplicaArray []SecretReplicaInput

func (SecretReplicaArray) ElementType 

func (SecretReplicaArray) ElementType() reflect.Type

func (SecretReplicaArray) ToSecretReplicaArrayOutput 

func (i SecretReplicaArray) ToSecretReplicaArrayOutput() SecretReplicaArrayOutput

func (SecretReplicaArray) ToSecretReplicaArrayOutputWithContext 

func (i SecretReplicaArray) ToSecretReplicaArrayOutputWithContext(ctx context.Context) SecretReplicaArrayOutput

type SecretReplicaArrayInput 

type SecretReplicaArrayInput interface {
	pulumi.Input

	ToSecretReplicaArrayOutput() SecretReplicaArrayOutput
	ToSecretReplicaArrayOutputWithContext(context.Context) SecretReplicaArrayOutput
}

SecretReplicaArrayInput is an input type that accepts SecretReplicaArray and SecretReplicaArrayOutput values. You can construct a concrete instance of `SecretReplicaArrayInput` via: 

SecretReplicaArray{ SecretReplicaArgs{...} }

type SecretReplicaArrayOutput 

type SecretReplicaArrayOutput struct{ *pulumi.OutputState }

func (SecretReplicaArrayOutput) ElementType 

func (SecretReplicaArrayOutput) ElementType() reflect.Type

func (SecretReplicaArrayOutput) Index 

func (o SecretReplicaArrayOutput) Index(i pulumi.IntInput) SecretReplicaOutput

func (SecretReplicaArrayOutput) ToSecretReplicaArrayOutput 

func (o SecretReplicaArrayOutput) ToSecretReplicaArrayOutput() SecretReplicaArrayOutput

func (SecretReplicaArrayOutput) ToSecretReplicaArrayOutputWithContext 

func (o SecretReplicaArrayOutput) ToSecretReplicaArrayOutputWithContext(ctx context.Context) SecretReplicaArrayOutput

type SecretReplicaInput 

type SecretReplicaInput interface {
	pulumi.Input

	ToSecretReplicaOutput() SecretReplicaOutput
	ToSecretReplicaOutputWithContext(context.Context) SecretReplicaOutput
}

SecretReplicaInput is an input type that accepts SecretReplicaArgs and SecretReplicaOutput values. You can construct a concrete instance of `SecretReplicaInput` via: 

SecretReplicaArgs{...}

type SecretReplicaOutput 

type SecretReplicaOutput struct{ *pulumi.OutputState }

func (SecretReplicaOutput) ElementType 

func (SecretReplicaOutput) ElementType() reflect.Type

func (SecretReplicaOutput) KmsKeyId 

func (o SecretReplicaOutput) KmsKeyId() pulumi.StringPtrOutput

ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (`aws/secretsmanager`) in the region or creates one for use if non-existent.

func (SecretReplicaOutput) LastAccessedDate 

func (o SecretReplicaOutput) LastAccessedDate() pulumi.StringPtrOutput

Date that you last accessed the secret in the Region.

func (SecretReplicaOutput) Region 

func (o SecretReplicaOutput) Region() pulumi.StringOutput

Region for replicating the secret.

func (SecretReplicaOutput) Status 

func (o SecretReplicaOutput) Status() pulumi.StringPtrOutput

Status can be `InProgress`, `Failed`, or `InSync`.

func (SecretReplicaOutput) StatusMessage 

func (o SecretReplicaOutput) StatusMessage() pulumi.StringPtrOutput

Message such as `Replication succeeded` or `Secret with this name already exists in this region`.

func (SecretReplicaOutput) ToSecretReplicaOutput 

func (o SecretReplicaOutput) ToSecretReplicaOutput() SecretReplicaOutput

func (SecretReplicaOutput) ToSecretReplicaOutputWithContext 

func (o SecretReplicaOutput) ToSecretReplicaOutputWithContext(ctx context.Context) SecretReplicaOutput

type SecretRotation 

type SecretRotation struct {
	pulumi.CustomResourceState

	// Specifies whether automatic rotation is enabled for this secret.
	RotationEnabled pulumi.BoolOutput `pulumi:"rotationEnabled"`
	// Specifies the ARN of the Lambda function that can rotate the secret.
	RotationLambdaArn pulumi.StringOutput `pulumi:"rotationLambdaArn"`
	// A structure that defines the rotation configuration for this secret. Defined below.
	RotationRules SecretRotationRotationRulesOutput `pulumi:"rotationRules"`
	// Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.
	SecretId pulumi.StringOutput `pulumi:"secretId"`
}

Provides a resource to manage AWS Secrets Manager secret rotation. To manage a secret, see the `secretsmanager.Secret` resource. To manage a secret value, see the `secretsmanager.SecretVersion` resource.

## Example Usage ### Basic

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.NewSecretRotation(ctx, "example", &secretsmanager.SecretRotationArgs{
			SecretId:          pulumi.Any(aws_secretsmanager_secret.Example.Id),
			RotationLambdaArn: pulumi.Any(aws_lambda_function.Example.Arn),
			RotationRules: &secretsmanager.SecretRotationRotationRulesArgs{
				AutomaticallyAfterDays: pulumi.Int(30),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Rotation Configuration

To enable automatic secret rotation, the Secrets Manager service requires usage of a Lambda function. The [Rotate Secrets section in the Secrets Manager User Guide](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html) provides additional information about deploying a prebuilt Lambda functions for supported credential rotation (e.g., RDS) or deploying a custom Lambda function.

> **NOTE:** Configuring rotation causes the secret to rotate once as soon as you enable rotation. Before you do this, you must ensure that all of your applications that use the credentials stored in the secret are updated to retrieve the secret from AWS Secrets Manager. The old credentials might no longer be usable after the initial rotation and any applications that you fail to update will break as soon as the old credentials are no longer valid.

> **NOTE:** If you cancel a rotation that is in progress (by removing the `rotation` configuration), it can leave the VersionStage labels in an unexpected state. Depending on what step of the rotation was in progress, you might need to remove the staging label AWSPENDING from the partially created version, specified by the SecretVersionId response value. You should also evaluate the partially rotated new version to see if it should be deleted, which you can do by removing all staging labels from the new version's VersionStage field.

## Import

`aws_secretsmanager_secret_rotation` can be imported by using the secret Amazon Resource Name (ARN), e.g.,

```sh 

$ pulumi import aws:secretsmanager/secretRotation:SecretRotation example arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456

```

func GetSecretRotation 

func GetSecretRotation(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretRotationState, opts ...pulumi.ResourceOption) (*SecretRotation, error)

GetSecretRotation gets an existing SecretRotation resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretRotation 

func NewSecretRotation(ctx *pulumi.Context,
	name string, args *SecretRotationArgs, opts ...pulumi.ResourceOption) (*SecretRotation, error)

NewSecretRotation registers a new resource with the given unique name, arguments, and options.

func (*SecretRotation) ElementType 

func (*SecretRotation) ElementType() reflect.Type

func (*SecretRotation) ToSecretRotationOutput 

func (i *SecretRotation) ToSecretRotationOutput() SecretRotationOutput

func (*SecretRotation) ToSecretRotationOutputWithContext 

func (i *SecretRotation) ToSecretRotationOutputWithContext(ctx context.Context) SecretRotationOutput

type SecretRotationArgs 

type SecretRotationArgs struct {
	// Specifies the ARN of the Lambda function that can rotate the secret.
	RotationLambdaArn pulumi.StringInput
	// A structure that defines the rotation configuration for this secret. Defined below.
	RotationRules SecretRotationRotationRulesInput
	// Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.
	SecretId pulumi.StringInput
}

The set of arguments for constructing a SecretRotation resource.

func (SecretRotationArgs) ElementType 

func (SecretRotationArgs) ElementType() reflect.Type

type SecretRotationArray 

type SecretRotationArray []SecretRotationInput

func (SecretRotationArray) ElementType 

func (SecretRotationArray) ElementType() reflect.Type

func (SecretRotationArray) ToSecretRotationArrayOutput 

func (i SecretRotationArray) ToSecretRotationArrayOutput() SecretRotationArrayOutput

func (SecretRotationArray) ToSecretRotationArrayOutputWithContext 

func (i SecretRotationArray) ToSecretRotationArrayOutputWithContext(ctx context.Context) SecretRotationArrayOutput

type SecretRotationArrayInput 

type SecretRotationArrayInput interface {
	pulumi.Input

	ToSecretRotationArrayOutput() SecretRotationArrayOutput
	ToSecretRotationArrayOutputWithContext(context.Context) SecretRotationArrayOutput
}

SecretRotationArrayInput is an input type that accepts SecretRotationArray and SecretRotationArrayOutput values. You can construct a concrete instance of `SecretRotationArrayInput` via: 

SecretRotationArray{ SecretRotationArgs{...} }

type SecretRotationArrayOutput 

type SecretRotationArrayOutput struct{ *pulumi.OutputState }

func (SecretRotationArrayOutput) ElementType 

func (SecretRotationArrayOutput) ElementType() reflect.Type

func (SecretRotationArrayOutput) Index 

func (o SecretRotationArrayOutput) Index(i pulumi.IntInput) SecretRotationOutput

func (SecretRotationArrayOutput) ToSecretRotationArrayOutput 

func (o SecretRotationArrayOutput) ToSecretRotationArrayOutput() SecretRotationArrayOutput

func (SecretRotationArrayOutput) ToSecretRotationArrayOutputWithContext 

func (o SecretRotationArrayOutput) ToSecretRotationArrayOutputWithContext(ctx context.Context) SecretRotationArrayOutput

type SecretRotationInput 

type SecretRotationInput interface {
	pulumi.Input

	ToSecretRotationOutput() SecretRotationOutput
	ToSecretRotationOutputWithContext(ctx context.Context) SecretRotationOutput
}

type SecretRotationMap 

type SecretRotationMap map[string]SecretRotationInput

func (SecretRotationMap) ElementType 

func (SecretRotationMap) ElementType() reflect.Type

func (SecretRotationMap) ToSecretRotationMapOutput 

func (i SecretRotationMap) ToSecretRotationMapOutput() SecretRotationMapOutput

func (SecretRotationMap) ToSecretRotationMapOutputWithContext 

func (i SecretRotationMap) ToSecretRotationMapOutputWithContext(ctx context.Context) SecretRotationMapOutput

type SecretRotationMapInput 

type SecretRotationMapInput interface {
	pulumi.Input

	ToSecretRotationMapOutput() SecretRotationMapOutput
	ToSecretRotationMapOutputWithContext(context.Context) SecretRotationMapOutput
}

SecretRotationMapInput is an input type that accepts SecretRotationMap and SecretRotationMapOutput values. You can construct a concrete instance of `SecretRotationMapInput` via: 

SecretRotationMap{ "key": SecretRotationArgs{...} }

type SecretRotationMapOutput 

type SecretRotationMapOutput struct{ *pulumi.OutputState }

func (SecretRotationMapOutput) ElementType 

func (SecretRotationMapOutput) ElementType() reflect.Type

func (SecretRotationMapOutput) MapIndex 

func (o SecretRotationMapOutput) MapIndex(k pulumi.StringInput) SecretRotationOutput

func (SecretRotationMapOutput) ToSecretRotationMapOutput 

func (o SecretRotationMapOutput) ToSecretRotationMapOutput() SecretRotationMapOutput

func (SecretRotationMapOutput) ToSecretRotationMapOutputWithContext 

func (o SecretRotationMapOutput) ToSecretRotationMapOutputWithContext(ctx context.Context) SecretRotationMapOutput

type SecretRotationOutput 

type SecretRotationOutput struct{ *pulumi.OutputState }

func (SecretRotationOutput) ElementType 

func (SecretRotationOutput) ElementType() reflect.Type

func (SecretRotationOutput) RotationEnabled added in v5.4.0 

func (o SecretRotationOutput) RotationEnabled() pulumi.BoolOutput

Specifies whether automatic rotation is enabled for this secret.

func (SecretRotationOutput) RotationLambdaArn added in v5.4.0 

func (o SecretRotationOutput) RotationLambdaArn() pulumi.StringOutput

Specifies the ARN of the Lambda function that can rotate the secret.

func (SecretRotationOutput) RotationRules added in v5.4.0 

func (o SecretRotationOutput) RotationRules() SecretRotationRotationRulesOutput

A structure that defines the rotation configuration for this secret. Defined below.

func (SecretRotationOutput) SecretId added in v5.4.0 

func (o SecretRotationOutput) SecretId() pulumi.StringOutput

Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.

func (SecretRotationOutput) ToSecretRotationOutput 

func (o SecretRotationOutput) ToSecretRotationOutput() SecretRotationOutput

func (SecretRotationOutput) ToSecretRotationOutputWithContext 

func (o SecretRotationOutput) ToSecretRotationOutputWithContext(ctx context.Context) SecretRotationOutput

type SecretRotationRotationRules 

type SecretRotationRotationRules struct {
	// Specifies the number of days between automatic scheduled rotations of the secret. Either `automaticallyAfterDays` or `scheduleExpression` must be specified.
	AutomaticallyAfterDays *int `pulumi:"automaticallyAfterDays"`
	// The length of the rotation window in hours. For example, `3h` for a three hour window.
	Duration *string `pulumi:"duration"`
	// A `cron()` or `rate()` expression that defines the schedule for rotating your secret. Either `automaticallyAfterDays` or `scheduleExpression` must be specified.
	ScheduleExpression *string `pulumi:"scheduleExpression"`
}

type SecretRotationRotationRulesArgs 

type SecretRotationRotationRulesArgs struct {
	// Specifies the number of days between automatic scheduled rotations of the secret. Either `automaticallyAfterDays` or `scheduleExpression` must be specified.
	AutomaticallyAfterDays pulumi.IntPtrInput `pulumi:"automaticallyAfterDays"`
	// The length of the rotation window in hours. For example, `3h` for a three hour window.
	Duration pulumi.StringPtrInput `pulumi:"duration"`
	// A `cron()` or `rate()` expression that defines the schedule for rotating your secret. Either `automaticallyAfterDays` or `scheduleExpression` must be specified.
	ScheduleExpression pulumi.StringPtrInput `pulumi:"scheduleExpression"`
}

func (SecretRotationRotationRulesArgs) ElementType 

func (SecretRotationRotationRulesArgs) ElementType() reflect.Type

func (SecretRotationRotationRulesArgs) ToSecretRotationRotationRulesOutput 

func (i SecretRotationRotationRulesArgs) ToSecretRotationRotationRulesOutput() SecretRotationRotationRulesOutput

func (SecretRotationRotationRulesArgs) ToSecretRotationRotationRulesOutputWithContext 

func (i SecretRotationRotationRulesArgs) ToSecretRotationRotationRulesOutputWithContext(ctx context.Context) SecretRotationRotationRulesOutput

func (SecretRotationRotationRulesArgs) ToSecretRotationRotationRulesPtrOutput 

func (i SecretRotationRotationRulesArgs) ToSecretRotationRotationRulesPtrOutput() SecretRotationRotationRulesPtrOutput

func (SecretRotationRotationRulesArgs) ToSecretRotationRotationRulesPtrOutputWithContext 

func (i SecretRotationRotationRulesArgs) ToSecretRotationRotationRulesPtrOutputWithContext(ctx context.Context) SecretRotationRotationRulesPtrOutput

type SecretRotationRotationRulesInput 

type SecretRotationRotationRulesInput interface {
	pulumi.Input

	ToSecretRotationRotationRulesOutput() SecretRotationRotationRulesOutput
	ToSecretRotationRotationRulesOutputWithContext(context.Context) SecretRotationRotationRulesOutput
}

SecretRotationRotationRulesInput is an input type that accepts SecretRotationRotationRulesArgs and SecretRotationRotationRulesOutput values. You can construct a concrete instance of `SecretRotationRotationRulesInput` via: 

SecretRotationRotationRulesArgs{...}

type SecretRotationRotationRulesOutput 

type SecretRotationRotationRulesOutput struct{ *pulumi.OutputState }

func (SecretRotationRotationRulesOutput) AutomaticallyAfterDays 

func (o SecretRotationRotationRulesOutput) AutomaticallyAfterDays() pulumi.IntPtrOutput

Specifies the number of days between automatic scheduled rotations of the secret. Either `automaticallyAfterDays` or `scheduleExpression` must be specified.

func (SecretRotationRotationRulesOutput) Duration added in v5.36.0 

func (o SecretRotationRotationRulesOutput) Duration() pulumi.StringPtrOutput

The length of the rotation window in hours. For example, `3h` for a three hour window.

func (SecretRotationRotationRulesOutput) ElementType 

func (SecretRotationRotationRulesOutput) ElementType() reflect.Type

func (SecretRotationRotationRulesOutput) ScheduleExpression added in v5.36.0 

func (o SecretRotationRotationRulesOutput) ScheduleExpression() pulumi.StringPtrOutput

A `cron()` or `rate()` expression that defines the schedule for rotating your secret. Either `automaticallyAfterDays` or `scheduleExpression` must be specified.

func (SecretRotationRotationRulesOutput) ToSecretRotationRotationRulesOutput 

func (o SecretRotationRotationRulesOutput) ToSecretRotationRotationRulesOutput() SecretRotationRotationRulesOutput

func (SecretRotationRotationRulesOutput) ToSecretRotationRotationRulesOutputWithContext 

func (o SecretRotationRotationRulesOutput) ToSecretRotationRotationRulesOutputWithContext(ctx context.Context) SecretRotationRotationRulesOutput

func (SecretRotationRotationRulesOutput) ToSecretRotationRotationRulesPtrOutput 

func (o SecretRotationRotationRulesOutput) ToSecretRotationRotationRulesPtrOutput() SecretRotationRotationRulesPtrOutput

func (SecretRotationRotationRulesOutput) ToSecretRotationRotationRulesPtrOutputWithContext 

func (o SecretRotationRotationRulesOutput) ToSecretRotationRotationRulesPtrOutputWithContext(ctx context.Context) SecretRotationRotationRulesPtrOutput

type SecretRotationRotationRulesPtrInput 

type SecretRotationRotationRulesPtrInput interface {
	pulumi.Input

	ToSecretRotationRotationRulesPtrOutput() SecretRotationRotationRulesPtrOutput
	ToSecretRotationRotationRulesPtrOutputWithContext(context.Context) SecretRotationRotationRulesPtrOutput
}

SecretRotationRotationRulesPtrInput is an input type that accepts SecretRotationRotationRulesArgs, SecretRotationRotationRulesPtr and SecretRotationRotationRulesPtrOutput values. You can construct a concrete instance of `SecretRotationRotationRulesPtrInput` via: 

        SecretRotationRotationRulesArgs{...}

or:

        nil

func SecretRotationRotationRulesPtr 

func SecretRotationRotationRulesPtr(v *SecretRotationRotationRulesArgs) SecretRotationRotationRulesPtrInput

type SecretRotationRotationRulesPtrOutput 

type SecretRotationRotationRulesPtrOutput struct{ *pulumi.OutputState }

func (SecretRotationRotationRulesPtrOutput) AutomaticallyAfterDays 

func (o SecretRotationRotationRulesPtrOutput) AutomaticallyAfterDays() pulumi.IntPtrOutput

Specifies the number of days between automatic scheduled rotations of the secret. Either `automaticallyAfterDays` or `scheduleExpression` must be specified.

func (SecretRotationRotationRulesPtrOutput) Duration added in v5.36.0 

func (o SecretRotationRotationRulesPtrOutput) Duration() pulumi.StringPtrOutput

The length of the rotation window in hours. For example, `3h` for a three hour window.

func (SecretRotationRotationRulesPtrOutput) Elem 

func (o SecretRotationRotationRulesPtrOutput) Elem() SecretRotationRotationRulesOutput

func (SecretRotationRotationRulesPtrOutput) ElementType 

func (SecretRotationRotationRulesPtrOutput) ElementType() reflect.Type

func (SecretRotationRotationRulesPtrOutput) ScheduleExpression added in v5.36.0 

func (o SecretRotationRotationRulesPtrOutput) ScheduleExpression() pulumi.StringPtrOutput

A `cron()` or `rate()` expression that defines the schedule for rotating your secret. Either `automaticallyAfterDays` or `scheduleExpression` must be specified.

func (SecretRotationRotationRulesPtrOutput) ToSecretRotationRotationRulesPtrOutput 

func (o SecretRotationRotationRulesPtrOutput) ToSecretRotationRotationRulesPtrOutput() SecretRotationRotationRulesPtrOutput

func (SecretRotationRotationRulesPtrOutput) ToSecretRotationRotationRulesPtrOutputWithContext 

func (o SecretRotationRotationRulesPtrOutput) ToSecretRotationRotationRulesPtrOutputWithContext(ctx context.Context) SecretRotationRotationRulesPtrOutput

type SecretRotationRules 

type SecretRotationRules struct {
	// Specifies the number of days between automatic scheduled rotations of the secret.
	AutomaticallyAfterDays *int    `pulumi:"automaticallyAfterDays"`
	Duration               *string `pulumi:"duration"`
	ScheduleExpression     *string `pulumi:"scheduleExpression"`
}

type SecretRotationRulesArgs 

type SecretRotationRulesArgs struct {
	// Specifies the number of days between automatic scheduled rotations of the secret.
	AutomaticallyAfterDays pulumi.IntPtrInput    `pulumi:"automaticallyAfterDays"`
	Duration               pulumi.StringPtrInput `pulumi:"duration"`
	ScheduleExpression     pulumi.StringPtrInput `pulumi:"scheduleExpression"`
}

func (SecretRotationRulesArgs) ElementType 

func (SecretRotationRulesArgs) ElementType() reflect.Type

func (SecretRotationRulesArgs) ToSecretRotationRulesOutput 

func (i SecretRotationRulesArgs) ToSecretRotationRulesOutput() SecretRotationRulesOutput

func (SecretRotationRulesArgs) ToSecretRotationRulesOutputWithContext 

func (i SecretRotationRulesArgs) ToSecretRotationRulesOutputWithContext(ctx context.Context) SecretRotationRulesOutput

func (SecretRotationRulesArgs) ToSecretRotationRulesPtrOutput 

func (i SecretRotationRulesArgs) ToSecretRotationRulesPtrOutput() SecretRotationRulesPtrOutput

func (SecretRotationRulesArgs) ToSecretRotationRulesPtrOutputWithContext 

func (i SecretRotationRulesArgs) ToSecretRotationRulesPtrOutputWithContext(ctx context.Context) SecretRotationRulesPtrOutput

type SecretRotationRulesInput 

type SecretRotationRulesInput interface {
	pulumi.Input

	ToSecretRotationRulesOutput() SecretRotationRulesOutput
	ToSecretRotationRulesOutputWithContext(context.Context) SecretRotationRulesOutput
}

SecretRotationRulesInput is an input type that accepts SecretRotationRulesArgs and SecretRotationRulesOutput values. You can construct a concrete instance of `SecretRotationRulesInput` via: 

SecretRotationRulesArgs{...}

type SecretRotationRulesOutput 

type SecretRotationRulesOutput struct{ *pulumi.OutputState }

func (SecretRotationRulesOutput) AutomaticallyAfterDays 

func (o SecretRotationRulesOutput) AutomaticallyAfterDays() pulumi.IntPtrOutput

Specifies the number of days between automatic scheduled rotations of the secret.

func (SecretRotationRulesOutput) Duration added in v5.36.0 

func (o SecretRotationRulesOutput) Duration() pulumi.StringPtrOutput

func (SecretRotationRulesOutput) ElementType 

func (SecretRotationRulesOutput) ElementType() reflect.Type

func (SecretRotationRulesOutput) ScheduleExpression added in v5.36.0 

func (o SecretRotationRulesOutput) ScheduleExpression() pulumi.StringPtrOutput

func (SecretRotationRulesOutput) ToSecretRotationRulesOutput 

func (o SecretRotationRulesOutput) ToSecretRotationRulesOutput() SecretRotationRulesOutput

func (SecretRotationRulesOutput) ToSecretRotationRulesOutputWithContext 

func (o SecretRotationRulesOutput) ToSecretRotationRulesOutputWithContext(ctx context.Context) SecretRotationRulesOutput

func (SecretRotationRulesOutput) ToSecretRotationRulesPtrOutput 

func (o SecretRotationRulesOutput) ToSecretRotationRulesPtrOutput() SecretRotationRulesPtrOutput

func (SecretRotationRulesOutput) ToSecretRotationRulesPtrOutputWithContext 

func (o SecretRotationRulesOutput) ToSecretRotationRulesPtrOutputWithContext(ctx context.Context) SecretRotationRulesPtrOutput

type SecretRotationRulesPtrInput 

type SecretRotationRulesPtrInput interface {
	pulumi.Input

	ToSecretRotationRulesPtrOutput() SecretRotationRulesPtrOutput
	ToSecretRotationRulesPtrOutputWithContext(context.Context) SecretRotationRulesPtrOutput
}

SecretRotationRulesPtrInput is an input type that accepts SecretRotationRulesArgs, SecretRotationRulesPtr and SecretRotationRulesPtrOutput values. You can construct a concrete instance of `SecretRotationRulesPtrInput` via: 

        SecretRotationRulesArgs{...}

or:

        nil

func SecretRotationRulesPtr 

func SecretRotationRulesPtr(v *SecretRotationRulesArgs) SecretRotationRulesPtrInput

type SecretRotationRulesPtrOutput 

type SecretRotationRulesPtrOutput struct{ *pulumi.OutputState }

func (SecretRotationRulesPtrOutput) AutomaticallyAfterDays 

func (o SecretRotationRulesPtrOutput) AutomaticallyAfterDays() pulumi.IntPtrOutput

Specifies the number of days between automatic scheduled rotations of the secret.

func (SecretRotationRulesPtrOutput) Duration added in v5.36.0 

func (o SecretRotationRulesPtrOutput) Duration() pulumi.StringPtrOutput

func (SecretRotationRulesPtrOutput) Elem 

func (o SecretRotationRulesPtrOutput) Elem() SecretRotationRulesOutput

func (SecretRotationRulesPtrOutput) ElementType 

func (SecretRotationRulesPtrOutput) ElementType() reflect.Type

func (SecretRotationRulesPtrOutput) ScheduleExpression added in v5.36.0 

func (o SecretRotationRulesPtrOutput) ScheduleExpression() pulumi.StringPtrOutput

func (SecretRotationRulesPtrOutput) ToSecretRotationRulesPtrOutput 

func (o SecretRotationRulesPtrOutput) ToSecretRotationRulesPtrOutput() SecretRotationRulesPtrOutput

func (SecretRotationRulesPtrOutput) ToSecretRotationRulesPtrOutputWithContext 

func (o SecretRotationRulesPtrOutput) ToSecretRotationRulesPtrOutputWithContext(ctx context.Context) SecretRotationRulesPtrOutput

type SecretRotationState 

type SecretRotationState struct {
	// Specifies whether automatic rotation is enabled for this secret.
	RotationEnabled pulumi.BoolPtrInput
	// Specifies the ARN of the Lambda function that can rotate the secret.
	RotationLambdaArn pulumi.StringPtrInput
	// A structure that defines the rotation configuration for this secret. Defined below.
	RotationRules SecretRotationRotationRulesPtrInput
	// Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.
	SecretId pulumi.StringPtrInput
}

func (SecretRotationState) ElementType 

func (SecretRotationState) ElementType() reflect.Type

type SecretState 

type SecretState struct {
	// ARN of the secret.
	Arn pulumi.StringPtrInput
	// Description of the secret.
	Description pulumi.StringPtrInput
	// Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.
	ForceOverwriteReplicaSecret pulumi.BoolPtrInput
	// ARN or Id of the AWS KMS key to be used to encrypt the secret values in the versions stored in this secret. If you need to reference a CMK in a different account, you can use only the key ARN. If you don't specify this value, then Secrets Manager defaults to using the AWS account's default KMS key (the one named `aws/secretsmanager`). If the default KMS key with that name doesn't yet exist, then AWS Secrets Manager creates it for you automatically the first time.
	KmsKeyId pulumi.StringPtrInput
	// Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: `/_+=.@-` Conflicts with `namePrefix`.
	Name pulumi.StringPtrInput
	// Creates a unique name beginning with the specified prefix. Conflicts with `name`.
	NamePrefix pulumi.StringPtrInput
	// Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Removing `policy` from your configuration or setting `policy` to null or an empty string (i.e., `policy = ""`) _will not_ delete the policy since it could have been set by `secretsmanager.SecretPolicy`. To delete the `policy`, set it to `"{}"` (an empty JSON document).
	Policy pulumi.StringPtrInput
	// Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be `0` to force deletion without recovery or range from `7` to `30` days. The default value is `30`.
	RecoveryWindowInDays pulumi.IntPtrInput
	// Configuration block to support secret replication. See details below.
	Replicas SecretReplicaArrayInput
	// Whether automatic rotation is enabled for this secret.
	//
	// Deprecated: Use the aws_secretsmanager_secret_rotation resource instead
	RotationEnabled pulumi.BoolPtrInput
	// ARN of the Lambda function that can rotate the secret. Use the `secretsmanager.SecretRotation` resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.
	//
	// Deprecated: Use the aws_secretsmanager_secret_rotation resource instead
	RotationLambdaArn pulumi.StringPtrInput
	// Configuration block for the rotation configuration of this secret. Defined below. Use the `secretsmanager.SecretRotation` resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.
	//
	// Deprecated: Use the aws_secretsmanager_secret_rotation resource instead
	RotationRules SecretRotationRulesPtrInput
	// Key-value map of user-defined tags that are attached to the secret. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapInput
	// Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
	TagsAll pulumi.StringMapInput
}

func (SecretState) ElementType 

func (SecretState) ElementType() reflect.Type

type SecretVersion 

type SecretVersion struct {
	pulumi.CustomResourceState

	// The ARN of the secret.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// Specifies binary data that you want to encrypt and store in this version of the secret. This is required if secretString is not set. Needs to be encoded to base64.
	SecretBinary pulumi.StringPtrOutput `pulumi:"secretBinary"`
	// Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.
	SecretId pulumi.StringOutput `pulumi:"secretId"`
	// Specifies text data that you want to encrypt and store in this version of the secret. This is required if secretBinary is not set.
	SecretString pulumi.StringPtrOutput `pulumi:"secretString"`
	// The unique identifier of the version of the secret.
	VersionId pulumi.StringOutput `pulumi:"versionId"`
	// Specifies a list of staging labels that are attached to this version of the secret. A staging label must be unique to a single version of the secret. If you specify a staging label that's already associated with a different version of the same secret then that staging label is automatically removed from the other version and attached to this version. If you do not specify a value, then AWS Secrets Manager automatically moves the staging label `AWSCURRENT` to this new version on creation.
	//
	// > **NOTE:** If `versionStages` is configured, you must include the `AWSCURRENT` staging label if this secret version is the only version or if the label is currently present on this secret version, otherwise this provider will show a perpetual difference.
	VersionStages pulumi.StringArrayOutput `pulumi:"versionStages"`
}

Provides a resource to manage AWS Secrets Manager secret version including its secret value. To manage secret metadata, see the `secretsmanager.Secret` resource.

> **NOTE:** If the `AWSCURRENT` staging label is present on this version during resource deletion, that label cannot be removed and will be skipped to prevent errors when fully deleting the secret. That label will leave this secret version active even after the resource is deleted from this provider unless the secret itself is deleted. Move the `AWSCURRENT` staging label before or after deleting this resource from this provider to fully trigger version deprecation if necessary.

## Example Usage ### Simple String Value

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.NewSecretVersion(ctx, "example", &secretsmanager.SecretVersionArgs{
			SecretId:     pulumi.Any(aws_secretsmanager_secret.Example.Id),
			SecretString: pulumi.String("example-string-to-protect"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

`aws_secretsmanager_secret_version` can be imported by using the secret ID and version ID, e.g.,

```sh 

$ pulumi import aws:secretsmanager/secretVersion:SecretVersion example 'arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456|xxxxx-xxxxxxx-xxxxxxx-xxxxx'

```

func GetSecretVersion 

func GetSecretVersion(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretVersionState, opts ...pulumi.ResourceOption) (*SecretVersion, error)

GetSecretVersion gets an existing SecretVersion resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretVersion 

func NewSecretVersion(ctx *pulumi.Context,
	name string, args *SecretVersionArgs, opts ...pulumi.ResourceOption) (*SecretVersion, error)

NewSecretVersion registers a new resource with the given unique name, arguments, and options.

func (*SecretVersion) ElementType 

func (*SecretVersion) ElementType() reflect.Type

func (*SecretVersion) ToSecretVersionOutput 

func (i *SecretVersion) ToSecretVersionOutput() SecretVersionOutput

func (*SecretVersion) ToSecretVersionOutputWithContext 

func (i *SecretVersion) ToSecretVersionOutputWithContext(ctx context.Context) SecretVersionOutput

type SecretVersionArgs 

type SecretVersionArgs struct {
	// Specifies binary data that you want to encrypt and store in this version of the secret. This is required if secretString is not set. Needs to be encoded to base64.
	SecretBinary pulumi.StringPtrInput
	// Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.
	SecretId pulumi.StringInput
	// Specifies text data that you want to encrypt and store in this version of the secret. This is required if secretBinary is not set.
	SecretString pulumi.StringPtrInput
	// Specifies a list of staging labels that are attached to this version of the secret. A staging label must be unique to a single version of the secret. If you specify a staging label that's already associated with a different version of the same secret then that staging label is automatically removed from the other version and attached to this version. If you do not specify a value, then AWS Secrets Manager automatically moves the staging label `AWSCURRENT` to this new version on creation.
	//
	// > **NOTE:** If `versionStages` is configured, you must include the `AWSCURRENT` staging label if this secret version is the only version or if the label is currently present on this secret version, otherwise this provider will show a perpetual difference.
	VersionStages pulumi.StringArrayInput
}

The set of arguments for constructing a SecretVersion resource.

func (SecretVersionArgs) ElementType 

func (SecretVersionArgs) ElementType() reflect.Type

type SecretVersionArray 

type SecretVersionArray []SecretVersionInput

func (SecretVersionArray) ElementType 

func (SecretVersionArray) ElementType() reflect.Type

func (SecretVersionArray) ToSecretVersionArrayOutput 

func (i SecretVersionArray) ToSecretVersionArrayOutput() SecretVersionArrayOutput

func (SecretVersionArray) ToSecretVersionArrayOutputWithContext 

func (i SecretVersionArray) ToSecretVersionArrayOutputWithContext(ctx context.Context) SecretVersionArrayOutput

type SecretVersionArrayInput 

type SecretVersionArrayInput interface {
	pulumi.Input

	ToSecretVersionArrayOutput() SecretVersionArrayOutput
	ToSecretVersionArrayOutputWithContext(context.Context) SecretVersionArrayOutput
}

SecretVersionArrayInput is an input type that accepts SecretVersionArray and SecretVersionArrayOutput values. You can construct a concrete instance of `SecretVersionArrayInput` via: 

SecretVersionArray{ SecretVersionArgs{...} }

type SecretVersionArrayOutput 

type SecretVersionArrayOutput struct{ *pulumi.OutputState }

func (SecretVersionArrayOutput) ElementType 

func (SecretVersionArrayOutput) ElementType() reflect.Type

func (SecretVersionArrayOutput) Index 

func (o SecretVersionArrayOutput) Index(i pulumi.IntInput) SecretVersionOutput

func (SecretVersionArrayOutput) ToSecretVersionArrayOutput 

func (o SecretVersionArrayOutput) ToSecretVersionArrayOutput() SecretVersionArrayOutput

func (SecretVersionArrayOutput) ToSecretVersionArrayOutputWithContext 

func (o SecretVersionArrayOutput) ToSecretVersionArrayOutputWithContext(ctx context.Context) SecretVersionArrayOutput

type SecretVersionInput 

type SecretVersionInput interface {
	pulumi.Input

	ToSecretVersionOutput() SecretVersionOutput
	ToSecretVersionOutputWithContext(ctx context.Context) SecretVersionOutput
}

type SecretVersionMap 

type SecretVersionMap map[string]SecretVersionInput

func (SecretVersionMap) ElementType 

func (SecretVersionMap) ElementType() reflect.Type

func (SecretVersionMap) ToSecretVersionMapOutput 

func (i SecretVersionMap) ToSecretVersionMapOutput() SecretVersionMapOutput

func (SecretVersionMap) ToSecretVersionMapOutputWithContext 

func (i SecretVersionMap) ToSecretVersionMapOutputWithContext(ctx context.Context) SecretVersionMapOutput

type SecretVersionMapInput 

type SecretVersionMapInput interface {
	pulumi.Input

	ToSecretVersionMapOutput() SecretVersionMapOutput
	ToSecretVersionMapOutputWithContext(context.Context) SecretVersionMapOutput
}

SecretVersionMapInput is an input type that accepts SecretVersionMap and SecretVersionMapOutput values. You can construct a concrete instance of `SecretVersionMapInput` via: 

SecretVersionMap{ "key": SecretVersionArgs{...} }

type SecretVersionMapOutput 

type SecretVersionMapOutput struct{ *pulumi.OutputState }

func (SecretVersionMapOutput) ElementType 

func (SecretVersionMapOutput) ElementType() reflect.Type

func (SecretVersionMapOutput) MapIndex 

func (o SecretVersionMapOutput) MapIndex(k pulumi.StringInput) SecretVersionOutput

func (SecretVersionMapOutput) ToSecretVersionMapOutput 

func (o SecretVersionMapOutput) ToSecretVersionMapOutput() SecretVersionMapOutput

func (SecretVersionMapOutput) ToSecretVersionMapOutputWithContext 

func (o SecretVersionMapOutput) ToSecretVersionMapOutputWithContext(ctx context.Context) SecretVersionMapOutput

type SecretVersionOutput 

type SecretVersionOutput struct{ *pulumi.OutputState }

func (SecretVersionOutput) Arn added in v5.4.0 

func (o SecretVersionOutput) Arn() pulumi.StringOutput

The ARN of the secret.

func (SecretVersionOutput) ElementType 

func (SecretVersionOutput) ElementType() reflect.Type

func (SecretVersionOutput) SecretBinary added in v5.4.0 

func (o SecretVersionOutput) SecretBinary() pulumi.StringPtrOutput

Specifies binary data that you want to encrypt and store in this version of the secret. This is required if secretString is not set. Needs to be encoded to base64.

func (SecretVersionOutput) SecretId added in v5.4.0 

func (o SecretVersionOutput) SecretId() pulumi.StringOutput

Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.

func (SecretVersionOutput) SecretString added in v5.4.0 

func (o SecretVersionOutput) SecretString() pulumi.StringPtrOutput

Specifies text data that you want to encrypt and store in this version of the secret. This is required if secretBinary is not set.

func (SecretVersionOutput) ToSecretVersionOutput 

func (o SecretVersionOutput) ToSecretVersionOutput() SecretVersionOutput

func (SecretVersionOutput) ToSecretVersionOutputWithContext 

func (o SecretVersionOutput) ToSecretVersionOutputWithContext(ctx context.Context) SecretVersionOutput

func (SecretVersionOutput) VersionId added in v5.4.0 

func (o SecretVersionOutput) VersionId() pulumi.StringOutput

The unique identifier of the version of the secret.

func (SecretVersionOutput) VersionStages added in v5.4.0 

func (o SecretVersionOutput) VersionStages() pulumi.StringArrayOutput

Specifies a list of staging labels that are attached to this version of the secret. A staging label must be unique to a single version of the secret. If you specify a staging label that's already associated with a different version of the same secret then that staging label is automatically removed from the other version and attached to this version. If you do not specify a value, then AWS Secrets Manager automatically moves the staging label `AWSCURRENT` to this new version on creation.

> **NOTE:** If `versionStages` is configured, you must include the `AWSCURRENT` staging label if this secret version is the only version or if the label is currently present on this secret version, otherwise this provider will show a perpetual difference.

type SecretVersionState 

type SecretVersionState struct {
	// The ARN of the secret.
	Arn pulumi.StringPtrInput
	// Specifies binary data that you want to encrypt and store in this version of the secret. This is required if secretString is not set. Needs to be encoded to base64.
	SecretBinary pulumi.StringPtrInput
	// Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.
	SecretId pulumi.StringPtrInput
	// Specifies text data that you want to encrypt and store in this version of the secret. This is required if secretBinary is not set.
	SecretString pulumi.StringPtrInput
	// The unique identifier of the version of the secret.
	VersionId pulumi.StringPtrInput
	// Specifies a list of staging labels that are attached to this version of the secret. A staging label must be unique to a single version of the secret. If you specify a staging label that's already associated with a different version of the same secret then that staging label is automatically removed from the other version and attached to this version. If you do not specify a value, then AWS Secrets Manager automatically moves the staging label `AWSCURRENT` to this new version on creation.
	//
	// > **NOTE:** If `versionStages` is configured, you must include the `AWSCURRENT` staging label if this secret version is the only version or if the label is currently present on this secret version, otherwise this provider will show a perpetual difference.
	VersionStages pulumi.StringArrayInput
}

func (SecretVersionState) ElementType 

func (SecretVersionState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.