How To Manage Secrets In AWS Secret Manager Using API

How To Manage Secrets In AWS Secret Manager Using API

How To Manage Secrets In AWS Secret Manager Using API

Hello Everyone

Welcome to CloudAffaire and this is Debjeet.

In today’s blog post, we will discuss how to manage secrets in AWS secret manager using API. AWS Secret Manager enables you to store, retrieve, delete and rotate a secret for your application programmatically. AWS Secret Manager also supports encryption and secret versions to further enhance your secret management requirements. You can also use other AWS service like AWS Config or CloudWatch and CloudTrail for monitoring and logging of the secrets in AWS Secret Manager.

How To Manage Secrets In AWS Secret Manager Using API:

Prerequisites:

  • AWS CLI installed and configured with proper access. You can use below link to install and configure AWS CLI.

https://cloudaffaire.com/how-to-install-aws-cli/

https://cloudaffaire.com/how-to-configure-aws-cli/

Step 1: Create a new secret with default encryption in AWS secret manager using AWS CLI.

Note: By default, if you don’t provide a KMS key during the secret creation, AWS encrypts the secret with default encryption key. If you want to encrypt the secret with your own KMS key, then you need to pass the KMS key with –kms-key-id parameter above.

Step 2: Get the newly created secret details.

Observe, though we get the secret details like secret version, creation date etc. we are yet to get the actual secret value that we have stored which we will do next.

Step 3: Get the secret value from AWS secret manager using AWS CLI.

Note: A secret has versions which hold copies of the encrypted secret value. When you change the secret value, or the secret is rotated, Secrets Manager creates a new version. A secret always has a version with the staging label AWSCURRENT, which is the current secret value. During rotation, Secrets Manager uses staging labels to indicate the different versions of a secret:

  • AWSCURRENT indicates the version that is actively used by clients. A secret always has an AWSCURRENT version.
  • AWSPENDING indicates the version that will become AWSCURRENT when rotation completes.
  • AWSPREVIOUS indicates the last known good version, in other words, the previous AWSCURRENT version.

Next, we are going to update this secret with a new secret value.

Step 4: Update a secret in AWS secret manager using AWS CLI.

We have successfully created and updated a secret in AWS secret manager using AWS CLI.

How To Manage Secrets In AWS Secret Manager Using API

You can also retrieve the secret value from AWS management console by clicking on the “Retrieve secret value” button.

How To Manage Secrets In AWS Secret Manager Using AWS CLI

Step 5: Delete a secret in AWS secret manager using AWS CLI.

Hope you have enjoyed this article. To know more about AWS Secret Manager, please refer below official documentation

https://docs.aws.amazon.com/secretsmanager/index.html

Leave a Reply

Close Menu