secretsmanager

package
v7.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 6, 2025 License: Apache-2.0 Imports: 7 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type GetRandomPasswordArgs 

type GetRandomPasswordArgs struct {
	// String of the characters that you don't want in the password.
	ExcludeCharacters *string `pulumi:"excludeCharacters"`
	// Specifies whether to exclude lowercase letters from the password.
	ExcludeLowercase *bool `pulumi:"excludeLowercase"`
	// Specifies whether to exclude numbers from the password.
	ExcludeNumbers *bool `pulumi:"excludeNumbers"`
	// Specifies whether to exclude the following punctuation characters from the password: “! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ .“
	ExcludePunctuation *bool `pulumi:"excludePunctuation"`
	// Specifies whether to exclude uppercase letters from the password.
	ExcludeUppercase *bool `pulumi:"excludeUppercase"`
	// Specifies whether to include the space character.
	IncludeSpace *bool `pulumi:"includeSpace"`
	// Length of the password.
	PasswordLength *int `pulumi:"passwordLength"`
	// Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
	Region *string `pulumi:"region"`
	// Specifies whether to include at least one upper and lowercase letter, one number, and one punctuation.
	RequireEachIncludedType *bool `pulumi:"requireEachIncludedType"`
}

A collection of arguments for invoking getRandomPassword.

type GetRandomPasswordOutputArgs 

type GetRandomPasswordOutputArgs struct {
	// String of the characters that you don't want in the password.
	ExcludeCharacters pulumi.StringPtrInput `pulumi:"excludeCharacters"`
	// Specifies whether to exclude lowercase letters from the password.
	ExcludeLowercase pulumi.BoolPtrInput `pulumi:"excludeLowercase"`
	// Specifies whether to exclude numbers from the password.
	ExcludeNumbers pulumi.BoolPtrInput `pulumi:"excludeNumbers"`
	// Specifies whether to exclude the following punctuation characters from the password: “! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ .“
	ExcludePunctuation pulumi.BoolPtrInput `pulumi:"excludePunctuation"`
	// Specifies whether to exclude uppercase letters from the password.
	ExcludeUppercase pulumi.BoolPtrInput `pulumi:"excludeUppercase"`
	// Specifies whether to include the space character.
	IncludeSpace pulumi.BoolPtrInput `pulumi:"includeSpace"`
	// Length of the password.
	PasswordLength pulumi.IntPtrInput `pulumi:"passwordLength"`
	// Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
	Region pulumi.StringPtrInput `pulumi:"region"`
	// Specifies whether to include at least one upper and lowercase letter, one number, and one punctuation.
	RequireEachIncludedType pulumi.BoolPtrInput `pulumi:"requireEachIncludedType"`
}

A collection of arguments for invoking getRandomPassword.

func (GetRandomPasswordOutputArgs) ElementType 

func (GetRandomPasswordOutputArgs) ElementType() reflect.Type

type GetRandomPasswordResult 

type GetRandomPasswordResult struct {
	ExcludeCharacters  *string `pulumi:"excludeCharacters"`
	ExcludeLowercase   *bool   `pulumi:"excludeLowercase"`
	ExcludeNumbers     *bool   `pulumi:"excludeNumbers"`
	ExcludePunctuation *bool   `pulumi:"excludePunctuation"`
	ExcludeUppercase   *bool   `pulumi:"excludeUppercase"`
	// The provider-assigned unique ID for this managed resource.
	Id             string `pulumi:"id"`
	IncludeSpace   *bool  `pulumi:"includeSpace"`
	PasswordLength *int   `pulumi:"passwordLength"`
	// Random password.
	RandomPassword          string `pulumi:"randomPassword"`
	Region                  string `pulumi:"region"`
	RequireEachIncludedType *bool  `pulumi:"requireEachIncludedType"`
}

A collection of values returned by getRandomPassword.

func GetRandomPassword 

func GetRandomPassword(ctx *pulumi.Context, args *GetRandomPasswordArgs, opts ...pulumi.InvokeOption) (*GetRandomPasswordResult, error)

Generate a random password.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.GetRandomPassword(ctx, &secretsmanager.GetRandomPasswordArgs{
			PasswordLength: pulumi.IntRef(50),
			ExcludeNumbers: pulumi.BoolRef(true),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type GetRandomPasswordResultOutput 

type GetRandomPasswordResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getRandomPassword.

func GetRandomPasswordOutput 

func GetRandomPasswordOutput(ctx *pulumi.Context, args GetRandomPasswordOutputArgs, opts ...pulumi.InvokeOption) GetRandomPasswordResultOutput

func (GetRandomPasswordResultOutput) ElementType 

func (GetRandomPasswordResultOutput) ElementType() reflect.Type

func (GetRandomPasswordResultOutput) ExcludeCharacters 

func (o GetRandomPasswordResultOutput) ExcludeCharacters() pulumi.StringPtrOutput

func (GetRandomPasswordResultOutput) ExcludeLowercase 

func (o GetRandomPasswordResultOutput) ExcludeLowercase() pulumi.BoolPtrOutput

func (GetRandomPasswordResultOutput) ExcludeNumbers 

func (o GetRandomPasswordResultOutput) ExcludeNumbers() pulumi.BoolPtrOutput

func (GetRandomPasswordResultOutput) ExcludePunctuation 

func (o GetRandomPasswordResultOutput) ExcludePunctuation() pulumi.BoolPtrOutput

func (GetRandomPasswordResultOutput) ExcludeUppercase 

func (o GetRandomPasswordResultOutput) ExcludeUppercase() pulumi.BoolPtrOutput

func (GetRandomPasswordResultOutput) Id 

func (o GetRandomPasswordResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetRandomPasswordResultOutput) IncludeSpace 

func (o GetRandomPasswordResultOutput) IncludeSpace() pulumi.BoolPtrOutput

func (GetRandomPasswordResultOutput) PasswordLength 

func (o GetRandomPasswordResultOutput) PasswordLength() pulumi.IntPtrOutput

func (GetRandomPasswordResultOutput) RandomPassword 

func (o GetRandomPasswordResultOutput) RandomPassword() pulumi.StringOutput

Random password.

func (GetRandomPasswordResultOutput) Region 

func (o GetRandomPasswordResultOutput) Region() pulumi.StringOutput

func (GetRandomPasswordResultOutput) RequireEachIncludedType 

func (o GetRandomPasswordResultOutput) RequireEachIncludedType() pulumi.BoolPtrOutput

func (GetRandomPasswordResultOutput) ToGetRandomPasswordResultOutput 

func (o GetRandomPasswordResultOutput) ToGetRandomPasswordResultOutput() GetRandomPasswordResultOutput

func (GetRandomPasswordResultOutput) ToGetRandomPasswordResultOutputWithContext 

func (o GetRandomPasswordResultOutput) ToGetRandomPasswordResultOutputWithContext(ctx context.Context) GetRandomPasswordResultOutput

type GetSecretRotationRotationRule 

type GetSecretRotationRotationRule struct {
	// Number of days between automatic scheduled rotations of the secret.
	AutomaticallyAfterDays int `pulumi:"automaticallyAfterDays"`
	// Length of the rotation window in hours.
	Duration string `pulumi:"duration"`
	// A `cron()` or `rate()` expression that defines the schedule for rotating the secret.
	ScheduleExpression string `pulumi:"scheduleExpression"`
}

type GetSecretRotationRotationRuleArgs 

type GetSecretRotationRotationRuleArgs struct {
	// Number of days between automatic scheduled rotations of the secret.
	AutomaticallyAfterDays pulumi.IntInput `pulumi:"automaticallyAfterDays"`
	// Length of the rotation window in hours.
	Duration pulumi.StringInput `pulumi:"duration"`
	// A `cron()` or `rate()` expression that defines the schedule for rotating the secret.
	ScheduleExpression pulumi.StringInput `pulumi:"scheduleExpression"`
}

func (GetSecretRotationRotationRuleArgs) ElementType 

func (GetSecretRotationRotationRuleArgs) ElementType() reflect.Type

func (GetSecretRotationRotationRuleArgs) ToGetSecretRotationRotationRuleOutput 

func (i GetSecretRotationRotationRuleArgs) ToGetSecretRotationRotationRuleOutput() GetSecretRotationRotationRuleOutput

func (GetSecretRotationRotationRuleArgs) ToGetSecretRotationRotationRuleOutputWithContext 

func (i GetSecretRotationRotationRuleArgs) ToGetSecretRotationRotationRuleOutputWithContext(ctx context.Context) GetSecretRotationRotationRuleOutput

type GetSecretRotationRotationRuleArray 

type GetSecretRotationRotationRuleArray []GetSecretRotationRotationRuleInput

func (GetSecretRotationRotationRuleArray) ElementType 

func (GetSecretRotationRotationRuleArray) ElementType() reflect.Type

func (GetSecretRotationRotationRuleArray) ToGetSecretRotationRotationRuleArrayOutput 

func (i GetSecretRotationRotationRuleArray) ToGetSecretRotationRotationRuleArrayOutput() GetSecretRotationRotationRuleArrayOutput

func (GetSecretRotationRotationRuleArray) ToGetSecretRotationRotationRuleArrayOutputWithContext 

func (i GetSecretRotationRotationRuleArray) ToGetSecretRotationRotationRuleArrayOutputWithContext(ctx context.Context) GetSecretRotationRotationRuleArrayOutput

type GetSecretRotationRotationRuleArrayInput 

type GetSecretRotationRotationRuleArrayInput interface {
	pulumi.Input

	ToGetSecretRotationRotationRuleArrayOutput() GetSecretRotationRotationRuleArrayOutput
	ToGetSecretRotationRotationRuleArrayOutputWithContext(context.Context) GetSecretRotationRotationRuleArrayOutput
}

GetSecretRotationRotationRuleArrayInput is an input type that accepts GetSecretRotationRotationRuleArray and GetSecretRotationRotationRuleArrayOutput values. You can construct a concrete instance of `GetSecretRotationRotationRuleArrayInput` via: 

GetSecretRotationRotationRuleArray{ GetSecretRotationRotationRuleArgs{...} }

type GetSecretRotationRotationRuleArrayOutput 

type GetSecretRotationRotationRuleArrayOutput struct{ *pulumi.OutputState }

func (GetSecretRotationRotationRuleArrayOutput) ElementType 

func (GetSecretRotationRotationRuleArrayOutput) ElementType() reflect.Type

func (GetSecretRotationRotationRuleArrayOutput) Index 

func (o GetSecretRotationRotationRuleArrayOutput) Index(i pulumi.IntInput) GetSecretRotationRotationRuleOutput

func (GetSecretRotationRotationRuleArrayOutput) ToGetSecretRotationRotationRuleArrayOutput 

func (o GetSecretRotationRotationRuleArrayOutput) ToGetSecretRotationRotationRuleArrayOutput() GetSecretRotationRotationRuleArrayOutput

func (GetSecretRotationRotationRuleArrayOutput) ToGetSecretRotationRotationRuleArrayOutputWithContext 

func (o GetSecretRotationRotationRuleArrayOutput) ToGetSecretRotationRotationRuleArrayOutputWithContext(ctx context.Context) GetSecretRotationRotationRuleArrayOutput

type GetSecretRotationRotationRuleInput 

type GetSecretRotationRotationRuleInput interface {
	pulumi.Input

	ToGetSecretRotationRotationRuleOutput() GetSecretRotationRotationRuleOutput
	ToGetSecretRotationRotationRuleOutputWithContext(context.Context) GetSecretRotationRotationRuleOutput
}

GetSecretRotationRotationRuleInput is an input type that accepts GetSecretRotationRotationRuleArgs and GetSecretRotationRotationRuleOutput values. You can construct a concrete instance of `GetSecretRotationRotationRuleInput` via: 

GetSecretRotationRotationRuleArgs{...}

type GetSecretRotationRotationRuleOutput 

type GetSecretRotationRotationRuleOutput struct{ *pulumi.OutputState }

func (GetSecretRotationRotationRuleOutput) AutomaticallyAfterDays 

func (o GetSecretRotationRotationRuleOutput) AutomaticallyAfterDays() pulumi.IntOutput

Number of days between automatic scheduled rotations of the secret.

func (GetSecretRotationRotationRuleOutput) Duration 

func (o GetSecretRotationRotationRuleOutput) Duration() pulumi.StringOutput

Length of the rotation window in hours.

func (GetSecretRotationRotationRuleOutput) ElementType 

func (GetSecretRotationRotationRuleOutput) ElementType() reflect.Type

func (GetSecretRotationRotationRuleOutput) ScheduleExpression 

func (o GetSecretRotationRotationRuleOutput) ScheduleExpression() pulumi.StringOutput

A `cron()` or `rate()` expression that defines the schedule for rotating the secret.

func (GetSecretRotationRotationRuleOutput) ToGetSecretRotationRotationRuleOutput 

func (o GetSecretRotationRotationRuleOutput) ToGetSecretRotationRotationRuleOutput() GetSecretRotationRotationRuleOutput

func (GetSecretRotationRotationRuleOutput) ToGetSecretRotationRotationRuleOutputWithContext 

func (o GetSecretRotationRotationRuleOutput) ToGetSecretRotationRotationRuleOutputWithContext(ctx context.Context) GetSecretRotationRotationRuleOutput

type GetSecretVersionsArgs 

type GetSecretVersionsArgs struct {
	// If true, all deprecated secret versions are included in the response.
	// If false, no deprecated secret versions are included in the response. If no value is specified, the default value is `false`.
	IncludeDeprecated *bool `pulumi:"includeDeprecated"`
	// Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
	Region *string `pulumi:"region"`
	// Specifies the secret containing the version that you want to retrieve. You can specify either the ARN or the friendly name of the secret.
	SecretId string `pulumi:"secretId"`
}

A collection of arguments for invoking getSecretVersions.

type GetSecretVersionsOutputArgs 

type GetSecretVersionsOutputArgs struct {
	// If true, all deprecated secret versions are included in the response.
	// If false, no deprecated secret versions are included in the response. If no value is specified, the default value is `false`.
	IncludeDeprecated pulumi.BoolPtrInput `pulumi:"includeDeprecated"`
	// Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
	Region pulumi.StringPtrInput `pulumi:"region"`
	// Specifies the secret containing the version that you want to retrieve. You can specify either the ARN or the friendly name of the secret.
	SecretId pulumi.StringInput `pulumi:"secretId"`
}

A collection of arguments for invoking getSecretVersions.

func (GetSecretVersionsOutputArgs) ElementType 

func (GetSecretVersionsOutputArgs) ElementType() reflect.Type

type GetSecretVersionsResult 

type GetSecretVersionsResult struct {
	// ARN of the secret.
	Arn string `pulumi:"arn"`
	// The provider-assigned unique ID for this managed resource.
	Id                string `pulumi:"id"`
	IncludeDeprecated *bool  `pulumi:"includeDeprecated"`
	Name              string `pulumi:"name"`
	Region            string `pulumi:"region"`
	SecretId          string `pulumi:"secretId"`
	// List of the versions of the secret. Attributes are specified below.
	Versions []GetSecretVersionsVersion `pulumi:"versions"`
}

A collection of values returned by getSecretVersions.

func GetSecretVersions 

func GetSecretVersions(ctx *pulumi.Context, args *GetSecretVersionsArgs, opts ...pulumi.InvokeOption) (*GetSecretVersionsResult, error)

type GetSecretVersionsResultOutput 

type GetSecretVersionsResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getSecretVersions.

func GetSecretVersionsOutput 

func GetSecretVersionsOutput(ctx *pulumi.Context, args GetSecretVersionsOutputArgs, opts ...pulumi.InvokeOption) GetSecretVersionsResultOutput

func (GetSecretVersionsResultOutput) Arn 

func (o GetSecretVersionsResultOutput) Arn() pulumi.StringOutput

ARN of the secret.

func (GetSecretVersionsResultOutput) ElementType 

func (GetSecretVersionsResultOutput) ElementType() reflect.Type

func (GetSecretVersionsResultOutput) Id 

func (o GetSecretVersionsResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetSecretVersionsResultOutput) IncludeDeprecated 

func (o GetSecretVersionsResultOutput) IncludeDeprecated() pulumi.BoolPtrOutput

func (GetSecretVersionsResultOutput) Name 

func (o GetSecretVersionsResultOutput) Name() pulumi.StringOutput

func (GetSecretVersionsResultOutput) Region 

func (o GetSecretVersionsResultOutput) Region() pulumi.StringOutput

func (GetSecretVersionsResultOutput) SecretId 

func (o GetSecretVersionsResultOutput) SecretId() pulumi.StringOutput

func (GetSecretVersionsResultOutput) ToGetSecretVersionsResultOutput 

func (o GetSecretVersionsResultOutput) ToGetSecretVersionsResultOutput() GetSecretVersionsResultOutput

func (GetSecretVersionsResultOutput) ToGetSecretVersionsResultOutputWithContext 

func (o GetSecretVersionsResultOutput) ToGetSecretVersionsResultOutputWithContext(ctx context.Context) GetSecretVersionsResultOutput

func (GetSecretVersionsResultOutput) Versions 

func (o GetSecretVersionsResultOutput) Versions() GetSecretVersionsVersionArrayOutput

List of the versions of the secret. Attributes are specified below.

type GetSecretVersionsVersion 

type GetSecretVersionsVersion struct {
	// Date and time this version of the secret was created.
	CreatedTime string `pulumi:"createdTime"`
	// Date that this version of the secret was last accessed.
	LastAccessedDate string `pulumi:"lastAccessedDate"`
	// Unique version identifier of this version of the secret.
	VersionId string `pulumi:"versionId"`
	// List of staging labels attached to the version.
	VersionStages []string `pulumi:"versionStages"`
}

type GetSecretVersionsVersionArgs 

type GetSecretVersionsVersionArgs struct {
	// Date and time this version of the secret was created.
	CreatedTime pulumi.StringInput `pulumi:"createdTime"`
	// Date that this version of the secret was last accessed.
	LastAccessedDate pulumi.StringInput `pulumi:"lastAccessedDate"`
	// Unique version identifier of this version of the secret.
	VersionId pulumi.StringInput `pulumi:"versionId"`
	// List of staging labels attached to the version.
	VersionStages pulumi.StringArrayInput `pulumi:"versionStages"`
}

func (GetSecretVersionsVersionArgs) ElementType 

func (GetSecretVersionsVersionArgs) ElementType() reflect.Type

func (GetSecretVersionsVersionArgs) ToGetSecretVersionsVersionOutput 

func (i GetSecretVersionsVersionArgs) ToGetSecretVersionsVersionOutput() GetSecretVersionsVersionOutput

func (GetSecretVersionsVersionArgs) ToGetSecretVersionsVersionOutputWithContext 

func (i GetSecretVersionsVersionArgs) ToGetSecretVersionsVersionOutputWithContext(ctx context.Context) GetSecretVersionsVersionOutput

type GetSecretVersionsVersionArray 

type GetSecretVersionsVersionArray []GetSecretVersionsVersionInput

func (GetSecretVersionsVersionArray) ElementType 

func (GetSecretVersionsVersionArray) ElementType() reflect.Type

func (GetSecretVersionsVersionArray) ToGetSecretVersionsVersionArrayOutput 

func (i GetSecretVersionsVersionArray) ToGetSecretVersionsVersionArrayOutput() GetSecretVersionsVersionArrayOutput

func (GetSecretVersionsVersionArray) ToGetSecretVersionsVersionArrayOutputWithContext 

func (i GetSecretVersionsVersionArray) ToGetSecretVersionsVersionArrayOutputWithContext(ctx context.Context) GetSecretVersionsVersionArrayOutput

type GetSecretVersionsVersionArrayInput 

type GetSecretVersionsVersionArrayInput interface {
	pulumi.Input

	ToGetSecretVersionsVersionArrayOutput() GetSecretVersionsVersionArrayOutput
	ToGetSecretVersionsVersionArrayOutputWithContext(context.Context) GetSecretVersionsVersionArrayOutput
}

GetSecretVersionsVersionArrayInput is an input type that accepts GetSecretVersionsVersionArray and GetSecretVersionsVersionArrayOutput values. You can construct a concrete instance of `GetSecretVersionsVersionArrayInput` via: 

GetSecretVersionsVersionArray{ GetSecretVersionsVersionArgs{...} }

type GetSecretVersionsVersionArrayOutput 

type GetSecretVersionsVersionArrayOutput struct{ *pulumi.OutputState }

func (GetSecretVersionsVersionArrayOutput) ElementType 

func (GetSecretVersionsVersionArrayOutput) ElementType() reflect.Type

func (GetSecretVersionsVersionArrayOutput) Index 

func (o GetSecretVersionsVersionArrayOutput) Index(i pulumi.IntInput) GetSecretVersionsVersionOutput

func (GetSecretVersionsVersionArrayOutput) ToGetSecretVersionsVersionArrayOutput 

func (o GetSecretVersionsVersionArrayOutput) ToGetSecretVersionsVersionArrayOutput() GetSecretVersionsVersionArrayOutput

func (GetSecretVersionsVersionArrayOutput) ToGetSecretVersionsVersionArrayOutputWithContext 

func (o GetSecretVersionsVersionArrayOutput) ToGetSecretVersionsVersionArrayOutputWithContext(ctx context.Context) GetSecretVersionsVersionArrayOutput

type GetSecretVersionsVersionInput 

type GetSecretVersionsVersionInput interface {
	pulumi.Input

	ToGetSecretVersionsVersionOutput() GetSecretVersionsVersionOutput
	ToGetSecretVersionsVersionOutputWithContext(context.Context) GetSecretVersionsVersionOutput
}

GetSecretVersionsVersionInput is an input type that accepts GetSecretVersionsVersionArgs and GetSecretVersionsVersionOutput values. You can construct a concrete instance of `GetSecretVersionsVersionInput` via: 

GetSecretVersionsVersionArgs{...}

type GetSecretVersionsVersionOutput 

type GetSecretVersionsVersionOutput struct{ *pulumi.OutputState }

func (GetSecretVersionsVersionOutput) CreatedTime 

func (o GetSecretVersionsVersionOutput) CreatedTime() pulumi.StringOutput

Date and time this version of the secret was created.

func (GetSecretVersionsVersionOutput) ElementType 

func (GetSecretVersionsVersionOutput) ElementType() reflect.Type

func (GetSecretVersionsVersionOutput) LastAccessedDate 

func (o GetSecretVersionsVersionOutput) LastAccessedDate() pulumi.StringOutput

Date that this version of the secret was last accessed.

func (GetSecretVersionsVersionOutput) ToGetSecretVersionsVersionOutput 

func (o GetSecretVersionsVersionOutput) ToGetSecretVersionsVersionOutput() GetSecretVersionsVersionOutput

func (GetSecretVersionsVersionOutput) ToGetSecretVersionsVersionOutputWithContext 

func (o GetSecretVersionsVersionOutput) ToGetSecretVersionsVersionOutputWithContext(ctx context.Context) GetSecretVersionsVersionOutput

func (GetSecretVersionsVersionOutput) VersionId 

func (o GetSecretVersionsVersionOutput) VersionId() pulumi.StringOutput

Unique version identifier of this version of the secret.

func (GetSecretVersionsVersionOutput) VersionStages 

func (o GetSecretVersionsVersionOutput) VersionStages() pulumi.StringArrayOutput

List of staging labels attached to the version.

type GetSecretsArgs 

type GetSecretsArgs struct {
	// Configuration block(s) for filtering. Detailed below.
	Filters []GetSecretsFilter `pulumi:"filters"`
	// Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
	Region *string `pulumi:"region"`
}

A collection of arguments for invoking getSecrets.

type GetSecretsFilter 

type GetSecretsFilter struct {
	// Name of the filter field. Valid values can be found in the [Secrets Manager ListSecrets API Reference](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_ListSecrets.html).
	Name string `pulumi:"name"`
	// Set of values that are accepted for the given filter field. Results will be selected if any given value matches.
	Values []string `pulumi:"values"`
}

type GetSecretsFilterArgs 

type GetSecretsFilterArgs struct {
	// Name of the filter field. Valid values can be found in the [Secrets Manager ListSecrets API Reference](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_ListSecrets.html).
	Name pulumi.StringInput `pulumi:"name"`
	// Set of values that are accepted for the given filter field. Results will be selected if any given value matches.
	Values pulumi.StringArrayInput `pulumi:"values"`
}

func (GetSecretsFilterArgs) ElementType 

func (GetSecretsFilterArgs) ElementType() reflect.Type

func (GetSecretsFilterArgs) ToGetSecretsFilterOutput 

func (i GetSecretsFilterArgs) ToGetSecretsFilterOutput() GetSecretsFilterOutput

func (GetSecretsFilterArgs) ToGetSecretsFilterOutputWithContext 

func (i GetSecretsFilterArgs) ToGetSecretsFilterOutputWithContext(ctx context.Context) GetSecretsFilterOutput

type GetSecretsFilterArray 

type GetSecretsFilterArray []GetSecretsFilterInput

func (GetSecretsFilterArray) ElementType 

func (GetSecretsFilterArray) ElementType() reflect.Type

func (GetSecretsFilterArray) ToGetSecretsFilterArrayOutput 

func (i GetSecretsFilterArray) ToGetSecretsFilterArrayOutput() GetSecretsFilterArrayOutput

func (GetSecretsFilterArray) ToGetSecretsFilterArrayOutputWithContext 

func (i GetSecretsFilterArray) ToGetSecretsFilterArrayOutputWithContext(ctx context.Context) GetSecretsFilterArrayOutput

type GetSecretsFilterArrayInput 

type GetSecretsFilterArrayInput interface {
	pulumi.Input

	ToGetSecretsFilterArrayOutput() GetSecretsFilterArrayOutput
	ToGetSecretsFilterArrayOutputWithContext(context.Context) GetSecretsFilterArrayOutput
}

GetSecretsFilterArrayInput is an input type that accepts GetSecretsFilterArray and GetSecretsFilterArrayOutput values. You can construct a concrete instance of `GetSecretsFilterArrayInput` via: 

GetSecretsFilterArray{ GetSecretsFilterArgs{...} }

type GetSecretsFilterArrayOutput 

type GetSecretsFilterArrayOutput struct{ *pulumi.OutputState }

func (GetSecretsFilterArrayOutput) ElementType 

func (GetSecretsFilterArrayOutput) ElementType() reflect.Type

func (GetSecretsFilterArrayOutput) Index 

func (o GetSecretsFilterArrayOutput) Index(i pulumi.IntInput) GetSecretsFilterOutput

func (GetSecretsFilterArrayOutput) ToGetSecretsFilterArrayOutput 

func (o GetSecretsFilterArrayOutput) ToGetSecretsFilterArrayOutput() GetSecretsFilterArrayOutput

func (GetSecretsFilterArrayOutput) ToGetSecretsFilterArrayOutputWithContext 

func (o GetSecretsFilterArrayOutput) ToGetSecretsFilterArrayOutputWithContext(ctx context.Context) GetSecretsFilterArrayOutput

type GetSecretsFilterInput 

type GetSecretsFilterInput interface {
	pulumi.Input

	ToGetSecretsFilterOutput() GetSecretsFilterOutput
	ToGetSecretsFilterOutputWithContext(context.Context) GetSecretsFilterOutput
}

GetSecretsFilterInput is an input type that accepts GetSecretsFilterArgs and GetSecretsFilterOutput values. You can construct a concrete instance of `GetSecretsFilterInput` via: 

GetSecretsFilterArgs{...}

type GetSecretsFilterOutput 

type GetSecretsFilterOutput struct{ *pulumi.OutputState }

func (GetSecretsFilterOutput) ElementType 

func (GetSecretsFilterOutput) ElementType() reflect.Type

func (GetSecretsFilterOutput) Name 

func (o GetSecretsFilterOutput) Name() pulumi.StringOutput

Name of the filter field. Valid values can be found in the [Secrets Manager ListSecrets API Reference](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_ListSecrets.html).

func (GetSecretsFilterOutput) ToGetSecretsFilterOutput 

func (o GetSecretsFilterOutput) ToGetSecretsFilterOutput() GetSecretsFilterOutput

func (GetSecretsFilterOutput) ToGetSecretsFilterOutputWithContext 

func (o GetSecretsFilterOutput) ToGetSecretsFilterOutputWithContext(ctx context.Context) GetSecretsFilterOutput

func (GetSecretsFilterOutput) Values 

func (o GetSecretsFilterOutput) Values() pulumi.StringArrayOutput

Set of values that are accepted for the given filter field. Results will be selected if any given value matches.

type GetSecretsOutputArgs 

type GetSecretsOutputArgs struct {
	// Configuration block(s) for filtering. Detailed below.
	Filters GetSecretsFilterArrayInput `pulumi:"filters"`
	// Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
	Region pulumi.StringPtrInput `pulumi:"region"`
}

A collection of arguments for invoking getSecrets.

func (GetSecretsOutputArgs) ElementType 

func (GetSecretsOutputArgs) ElementType() reflect.Type

type GetSecretsResult 

type GetSecretsResult struct {
	// Set of ARNs of the matched Secrets Manager secrets.
	Arns    []string           `pulumi:"arns"`
	Filters []GetSecretsFilter `pulumi:"filters"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// Set of names of the matched Secrets Manager secrets.
	Names  []string `pulumi:"names"`
	Region string   `pulumi:"region"`
}

A collection of values returned by getSecrets.

func GetSecrets 

func GetSecrets(ctx *pulumi.Context, args *GetSecretsArgs, opts ...pulumi.InvokeOption) (*GetSecretsResult, error)

Use this data source to get the ARNs and names of Secrets Manager secrets matching the specified criteria.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.GetSecrets(ctx, &secretsmanager.GetSecretsArgs{
			Filters: []secretsmanager.GetSecretsFilter{
				{
					Name: "name",
					Values: []string{
						"example",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type GetSecretsResultOutput 

type GetSecretsResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getSecrets.

func GetSecretsOutput 

func GetSecretsOutput(ctx *pulumi.Context, args GetSecretsOutputArgs, opts ...pulumi.InvokeOption) GetSecretsResultOutput

func (GetSecretsResultOutput) Arns 

func (o GetSecretsResultOutput) Arns() pulumi.StringArrayOutput

Set of ARNs of the matched Secrets Manager secrets.

func (GetSecretsResultOutput) ElementType 

func (GetSecretsResultOutput) ElementType() reflect.Type

func (GetSecretsResultOutput) Filters 

func (o GetSecretsResultOutput) Filters() GetSecretsFilterArrayOutput

func (GetSecretsResultOutput) Id 

func (o GetSecretsResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetSecretsResultOutput) Names 

func (o GetSecretsResultOutput) Names() pulumi.StringArrayOutput

Set of names of the matched Secrets Manager secrets.

func (GetSecretsResultOutput) Region 

func (o GetSecretsResultOutput) Region() pulumi.StringOutput

func (GetSecretsResultOutput) ToGetSecretsResultOutput 

func (o GetSecretsResultOutput) ToGetSecretsResultOutput() GetSecretsResultOutput

func (GetSecretsResultOutput) ToGetSecretsResultOutputWithContext 

func (o GetSecretsResultOutput) ToGetSecretsResultOutputWithContext(ctx context.Context) GetSecretsResultOutput

type LookupSecretArgs 

type LookupSecretArgs struct {
	// ARN of the secret to retrieve.
	Arn *string `pulumi:"arn"`
	// Name of the secret to retrieve.
	Name *string `pulumi:"name"`
	// Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
	Region *string `pulumi:"region"`
	// Tags of the secret.
	Tags map[string]string `pulumi:"tags"`
}

A collection of arguments for invoking getSecret.

type LookupSecretOutputArgs 

type LookupSecretOutputArgs struct {
	// ARN of the secret to retrieve.
	Arn pulumi.StringPtrInput `pulumi:"arn"`
	// Name of the secret to retrieve.
	Name pulumi.StringPtrInput `pulumi:"name"`
	// Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
	Region pulumi.StringPtrInput `pulumi:"region"`
	// Tags of the secret.
	Tags pulumi.StringMapInput `pulumi:"tags"`
}

A collection of arguments for invoking getSecret.

func (LookupSecretOutputArgs) ElementType 

func (LookupSecretOutputArgs) ElementType() reflect.Type

type LookupSecretResult 

type LookupSecretResult struct {
	// ARN of the secret.
	Arn string `pulumi:"arn"`
	// Created date of the secret in UTC.
	CreatedDate string `pulumi:"createdDate"`
	// Description of the secret.
	Description string `pulumi:"description"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// Key Management Service (KMS) Customer Master Key (CMK) associated with the secret.
	KmsKeyId string `pulumi:"kmsKeyId"`
	// Last updated date of the secret in UTC.
	LastChangedDate string `pulumi:"lastChangedDate"`
	Name            string `pulumi:"name"`
	// Resource-based policy document that's attached to the secret.
	Policy string `pulumi:"policy"`
	Region string `pulumi:"region"`
	// Tags of the secret.
	Tags map[string]string `pulumi:"tags"`
}

A collection of values returned by getSecret.

func LookupSecret 

func LookupSecret(ctx *pulumi.Context, args *LookupSecretArgs, opts ...pulumi.InvokeOption) (*LookupSecretResult, error)

Retrieve metadata information about a Secrets Manager secret. To retrieve a secret value, see the `secretsmanager.SecretVersion` data source.

## Example Usage

### ARN

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.LookupSecret(ctx, &secretsmanager.LookupSecretArgs{
			Arn: pulumi.StringRef("arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

### Name

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.LookupSecret(ctx, &secretsmanager.LookupSecretArgs{
			Name: pulumi.StringRef("example"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type LookupSecretResultOutput 

type LookupSecretResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getSecret.

func LookupSecretOutput 

func LookupSecretOutput(ctx *pulumi.Context, args LookupSecretOutputArgs, opts ...pulumi.InvokeOption) LookupSecretResultOutput

func (LookupSecretResultOutput) Arn 

func (o LookupSecretResultOutput) Arn() pulumi.StringOutput

ARN of the secret.

func (LookupSecretResultOutput) CreatedDate 

func (o LookupSecretResultOutput) CreatedDate() pulumi.StringOutput

Created date of the secret in UTC.

func (LookupSecretResultOutput) Description 

func (o LookupSecretResultOutput) Description() pulumi.StringOutput

Description of the secret.

func (LookupSecretResultOutput) ElementType 

func (LookupSecretResultOutput) ElementType() reflect.Type

func (LookupSecretResultOutput) Id 

func (o LookupSecretResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (LookupSecretResultOutput) KmsKeyId 

func (o LookupSecretResultOutput) KmsKeyId() pulumi.StringOutput

Key Management Service (KMS) Customer Master Key (CMK) associated with the secret.

func (LookupSecretResultOutput) LastChangedDate 

func (o LookupSecretResultOutput) LastChangedDate() pulumi.StringOutput

Last updated date of the secret in UTC.

func (LookupSecretResultOutput) Name 

func (o LookupSecretResultOutput) Name() pulumi.StringOutput

func (LookupSecretResultOutput) Policy 

func (o LookupSecretResultOutput) Policy() pulumi.StringOutput

Resource-based policy document that's attached to the secret.

func (LookupSecretResultOutput) Region 

func (o LookupSecretResultOutput) Region() pulumi.StringOutput

func (LookupSecretResultOutput) Tags 

func (o LookupSecretResultOutput) Tags() pulumi.StringMapOutput

Tags of the secret.

func (LookupSecretResultOutput) ToLookupSecretResultOutput 

func (o LookupSecretResultOutput) ToLookupSecretResultOutput() LookupSecretResultOutput

func (LookupSecretResultOutput) ToLookupSecretResultOutputWithContext 

func (o LookupSecretResultOutput) ToLookupSecretResultOutputWithContext(ctx context.Context) LookupSecretResultOutput

type LookupSecretRotationArgs 

type LookupSecretRotationArgs struct {
	// Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
	Region *string `pulumi:"region"`
	// Specifies the secret containing the version that you want to retrieve. You can specify either the ARN or the friendly name of the secret.
	SecretId string `pulumi:"secretId"`
}

A collection of arguments for invoking getSecretRotation.

type LookupSecretRotationOutputArgs 

type LookupSecretRotationOutputArgs struct {
	// Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
	Region pulumi.StringPtrInput `pulumi:"region"`
	// Specifies the secret containing the version that you want to retrieve. You can specify either the ARN or the friendly name of the secret.
	SecretId pulumi.StringInput `pulumi:"secretId"`
}

A collection of arguments for invoking getSecretRotation.

func (LookupSecretRotationOutputArgs) ElementType 

func (LookupSecretRotationOutputArgs) ElementType() reflect.Type

type LookupSecretRotationResult 

type LookupSecretRotationResult struct {
	// The provider-assigned unique ID for this managed resource.
	Id     string `pulumi:"id"`
	Region string `pulumi:"region"`
	// Specifies whether automatic rotation is enabled for this secret.
	RotationEnabled bool `pulumi:"rotationEnabled"`
	// Amazon Resource Name (ARN) of the lambda function used for rotation.
	RotationLambdaArn string `pulumi:"rotationLambdaArn"`
	// Configuration block for rotation rules. See `rotationRules` below.
	RotationRules []GetSecretRotationRotationRule `pulumi:"rotationRules"`
	SecretId      string                          `pulumi:"secretId"`
}

A collection of values returned by getSecretRotation.

func LookupSecretRotation 

func LookupSecretRotation(ctx *pulumi.Context, args *LookupSecretRotationArgs, opts ...pulumi.InvokeOption) (*LookupSecretRotationResult, error)

Retrieve information about a Secrets Manager secret rotation. To retrieve secret metadata, see the `secretsmanager.Secret` data source. To retrieve a secret value, see the `secretsmanager.SecretVersion` data source.

## Example Usage

### Retrieve Secret Rotation Configuration

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.LookupSecretRotation(ctx, &secretsmanager.LookupSecretRotationArgs{
			SecretId: exampleAwsSecretsmanagerSecret.Id,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type LookupSecretRotationResultOutput 

type LookupSecretRotationResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getSecretRotation.

func LookupSecretRotationOutput 

func LookupSecretRotationOutput(ctx *pulumi.Context, args LookupSecretRotationOutputArgs, opts ...pulumi.InvokeOption) LookupSecretRotationResultOutput

func (LookupSecretRotationResultOutput) ElementType 

func (LookupSecretRotationResultOutput) ElementType() reflect.Type

func (LookupSecretRotationResultOutput) Id 

func (o LookupSecretRotationResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (LookupSecretRotationResultOutput) Region 

func (o LookupSecretRotationResultOutput) Region() pulumi.StringOutput

func (LookupSecretRotationResultOutput) RotationEnabled 

func (o LookupSecretRotationResultOutput) RotationEnabled() pulumi.BoolOutput

Specifies whether automatic rotation is enabled for this secret.

func (LookupSecretRotationResultOutput) RotationLambdaArn 

func (o LookupSecretRotationResultOutput) RotationLambdaArn() pulumi.StringOutput

Amazon Resource Name (ARN) of the lambda function used for rotation.

func (LookupSecretRotationResultOutput) RotationRules 

func (o LookupSecretRotationResultOutput) RotationRules() GetSecretRotationRotationRuleArrayOutput

Configuration block for rotation rules. See `rotationRules` below.

func (LookupSecretRotationResultOutput) SecretId 

func (o LookupSecretRotationResultOutput) SecretId() pulumi.StringOutput

func (LookupSecretRotationResultOutput) ToLookupSecretRotationResultOutput 

func (o LookupSecretRotationResultOutput) ToLookupSecretRotationResultOutput() LookupSecretRotationResultOutput

func (LookupSecretRotationResultOutput) ToLookupSecretRotationResultOutputWithContext 

func (o LookupSecretRotationResultOutput) ToLookupSecretRotationResultOutputWithContext(ctx context.Context) LookupSecretRotationResultOutput

type LookupSecretVersionArgs 

type LookupSecretVersionArgs struct {
	// Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
	Region *string `pulumi:"region"`
	// Specifies the secret containing the version that you want to retrieve. You can specify either the ARN or the friendly name of the secret.
	SecretId string `pulumi:"secretId"`
	// Specifies the unique identifier of the version of the secret that you want to retrieve. Overrides `versionStage`.
	VersionId *string `pulumi:"versionId"`
	// Specifies the secret version that you want to retrieve by the staging label attached to the version. Defaults to `AWSCURRENT`.
	VersionStage *string `pulumi:"versionStage"`
}

A collection of arguments for invoking getSecretVersion.

type LookupSecretVersionOutputArgs 

type LookupSecretVersionOutputArgs struct {
	// Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
	Region pulumi.StringPtrInput `pulumi:"region"`
	// Specifies the secret containing the version that you want to retrieve. You can specify either the ARN or the friendly name of the secret.
	SecretId pulumi.StringInput `pulumi:"secretId"`
	// Specifies the unique identifier of the version of the secret that you want to retrieve. Overrides `versionStage`.
	VersionId pulumi.StringPtrInput `pulumi:"versionId"`
	// Specifies the secret version that you want to retrieve by the staging label attached to the version. Defaults to `AWSCURRENT`.
	VersionStage pulumi.StringPtrInput `pulumi:"versionStage"`
}

A collection of arguments for invoking getSecretVersion.

func (LookupSecretVersionOutputArgs) ElementType 

func (LookupSecretVersionOutputArgs) ElementType() reflect.Type

type LookupSecretVersionResult 

type LookupSecretVersionResult struct {
	// ARN of the secret.
	Arn string `pulumi:"arn"`
	// Created date of the secret in UTC.
	CreatedDate string `pulumi:"createdDate"`
	// The provider-assigned unique ID for this managed resource.
	Id     string `pulumi:"id"`
	Region string `pulumi:"region"`
	// Decrypted part of the protected secret information that was originally provided as a binary.
	SecretBinary string `pulumi:"secretBinary"`
	SecretId     string `pulumi:"secretId"`
	// Decrypted part of the protected secret information that was originally provided as a string.
	SecretString string `pulumi:"secretString"`
	// Unique identifier of this version of the secret.
	VersionId     string   `pulumi:"versionId"`
	VersionStage  *string  `pulumi:"versionStage"`
	VersionStages []string `pulumi:"versionStages"`
}

A collection of values returned by getSecretVersion.

func LookupSecretVersion 

func LookupSecretVersion(ctx *pulumi.Context, args *LookupSecretVersionArgs, opts ...pulumi.InvokeOption) (*LookupSecretVersionResult, error)

Retrieve information about a Secrets Manager secret version, including its secret value. To retrieve secret metadata, see the `secretsmanager.Secret` data source.

## Example Usage

### Retrieve Current Secret Version

By default, this data sources retrieves information based on the `AWSCURRENT` staging label.

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.LookupSecretVersion(ctx, &secretsmanager.LookupSecretVersionArgs{
			SecretId: example.Id,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

### Retrieve Specific Secret Version

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.LookupSecretVersion(ctx, &secretsmanager.LookupSecretVersionArgs{
			SecretId:     example.Id,
			VersionStage: pulumi.StringRef("example"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type LookupSecretVersionResultOutput 

type LookupSecretVersionResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getSecretVersion.

func LookupSecretVersionOutput 

func LookupSecretVersionOutput(ctx *pulumi.Context, args LookupSecretVersionOutputArgs, opts ...pulumi.InvokeOption) LookupSecretVersionResultOutput

func (LookupSecretVersionResultOutput) Arn 

func (o LookupSecretVersionResultOutput) Arn() pulumi.StringOutput

ARN of the secret.

func (LookupSecretVersionResultOutput) CreatedDate 

func (o LookupSecretVersionResultOutput) CreatedDate() pulumi.StringOutput

Created date of the secret in UTC.

func (LookupSecretVersionResultOutput) ElementType 

func (LookupSecretVersionResultOutput) ElementType() reflect.Type

func (LookupSecretVersionResultOutput) Id 

func (o LookupSecretVersionResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (LookupSecretVersionResultOutput) Region 

func (o LookupSecretVersionResultOutput) Region() pulumi.StringOutput

func (LookupSecretVersionResultOutput) SecretBinary 

func (o LookupSecretVersionResultOutput) SecretBinary() pulumi.StringOutput

Decrypted part of the protected secret information that was originally provided as a binary.

func (LookupSecretVersionResultOutput) SecretId 

func (o LookupSecretVersionResultOutput) SecretId() pulumi.StringOutput

func (LookupSecretVersionResultOutput) SecretString 

func (o LookupSecretVersionResultOutput) SecretString() pulumi.StringOutput

Decrypted part of the protected secret information that was originally provided as a string.

func (LookupSecretVersionResultOutput) ToLookupSecretVersionResultOutput 

func (o LookupSecretVersionResultOutput) ToLookupSecretVersionResultOutput() LookupSecretVersionResultOutput

func (LookupSecretVersionResultOutput) ToLookupSecretVersionResultOutputWithContext 

func (o LookupSecretVersionResultOutput) ToLookupSecretVersionResultOutputWithContext(ctx context.Context) LookupSecretVersionResultOutput

func (LookupSecretVersionResultOutput) VersionId 

func (o LookupSecretVersionResultOutput) VersionId() pulumi.StringOutput

Unique identifier of this version of the secret.

func (LookupSecretVersionResultOutput) VersionStage 

func (o LookupSecretVersionResultOutput) VersionStage() pulumi.StringPtrOutput

func (LookupSecretVersionResultOutput) VersionStages 

func (o LookupSecretVersionResultOutput) VersionStages() pulumi.StringArrayOutput

type Secret 

type Secret struct {
	pulumi.CustomResourceState

	// ARN of the secret.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// Description of the secret.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.
	ForceOverwriteReplicaSecret pulumi.BoolPtrOutput `pulumi:"forceOverwriteReplicaSecret"`
	// ARN or Id of the AWS KMS key to be used to encrypt the secret values in the versions stored in this secret. If you need to reference a CMK in a different account, you can use only the key ARN. If you don't specify this value, then Secrets Manager defaults to using the AWS account's default KMS key (the one named `aws/secretsmanager`). If the default KMS key with that name doesn't yet exist, then AWS Secrets Manager creates it for you automatically the first time.
	KmsKeyId pulumi.StringPtrOutput `pulumi:"kmsKeyId"`
	// Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: `/_+=.@-` Conflicts with `namePrefix`.
	Name pulumi.StringOutput `pulumi:"name"`
	// Creates a unique name beginning with the specified prefix. Conflicts with `name`.
	NamePrefix pulumi.StringOutput `pulumi:"namePrefix"`
	// Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Removing `policy` from your configuration or setting `policy` to null or an empty string (i.e., `policy = ""`) _will not_ delete the policy since it could have been set by `secretsmanager.SecretPolicy`. To delete the `policy`, set it to `"{}"` (an empty JSON document).
	Policy pulumi.StringOutput `pulumi:"policy"`
	// Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be `0` to force deletion without recovery or range from `7` to `30` days. The default value is `30`.
	RecoveryWindowInDays pulumi.IntPtrOutput `pulumi:"recoveryWindowInDays"`
	// Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
	Region pulumi.StringOutput `pulumi:"region"`
	// Configuration block to support secret replication. See details below.
	Replicas SecretReplicaArrayOutput `pulumi:"replicas"`
	// Key-value map of user-defined tags that are attached to the secret. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapOutput `pulumi:"tags"`
	// Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
	TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"`
}

Provides a resource to manage AWS Secrets Manager secret metadata. To manage secret rotation, see the `secretsmanager.SecretRotation` resource. To manage a secret value, see the `secretsmanager.SecretVersion` resource.

## Example Usage

### Basic

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.NewSecret(ctx, "example", &secretsmanager.SecretArgs{
			Name: pulumi.String("example"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Using `pulumi import`, import `aws_secretsmanager_secret` using the secret Amazon Resource Name (ARN). For example:

```sh $ pulumi import aws:secretsmanager/secret:Secret example arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456 ```

func GetSecret 

func GetSecret(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretState, opts ...pulumi.ResourceOption) (*Secret, error)

GetSecret gets an existing Secret resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecret 

func NewSecret(ctx *pulumi.Context,
	name string, args *SecretArgs, opts ...pulumi.ResourceOption) (*Secret, error)

NewSecret registers a new resource with the given unique name, arguments, and options.

func (*Secret) ElementType 

func (*Secret) ElementType() reflect.Type

func (*Secret) ToSecretOutput 

func (i *Secret) ToSecretOutput() SecretOutput

func (*Secret) ToSecretOutputWithContext 

func (i *Secret) ToSecretOutputWithContext(ctx context.Context) SecretOutput

type SecretArgs 

type SecretArgs struct {
	// Description of the secret.
	Description pulumi.StringPtrInput
	// Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.
	ForceOverwriteReplicaSecret pulumi.BoolPtrInput
	// ARN or Id of the AWS KMS key to be used to encrypt the secret values in the versions stored in this secret. If you need to reference a CMK in a different account, you can use only the key ARN. If you don't specify this value, then Secrets Manager defaults to using the AWS account's default KMS key (the one named `aws/secretsmanager`). If the default KMS key with that name doesn't yet exist, then AWS Secrets Manager creates it for you automatically the first time.
	KmsKeyId pulumi.StringPtrInput
	// Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: `/_+=.@-` Conflicts with `namePrefix`.
	Name pulumi.StringPtrInput
	// Creates a unique name beginning with the specified prefix. Conflicts with `name`.
	NamePrefix pulumi.StringPtrInput
	// Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Removing `policy` from your configuration or setting `policy` to null or an empty string (i.e., `policy = ""`) _will not_ delete the policy since it could have been set by `secretsmanager.SecretPolicy`. To delete the `policy`, set it to `"{}"` (an empty JSON document).
	Policy pulumi.StringPtrInput
	// Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be `0` to force deletion without recovery or range from `7` to `30` days. The default value is `30`.
	RecoveryWindowInDays pulumi.IntPtrInput
	// Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
	Region pulumi.StringPtrInput
	// Configuration block to support secret replication. See details below.
	Replicas SecretReplicaArrayInput
	// Key-value map of user-defined tags that are attached to the secret. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapInput
}

The set of arguments for constructing a Secret resource.

func (SecretArgs) ElementType 

func (SecretArgs) ElementType() reflect.Type

type SecretArray 

type SecretArray []SecretInput

func (SecretArray) ElementType 

func (SecretArray) ElementType() reflect.Type

func (SecretArray) ToSecretArrayOutput 

func (i SecretArray) ToSecretArrayOutput() SecretArrayOutput

func (SecretArray) ToSecretArrayOutputWithContext 

func (i SecretArray) ToSecretArrayOutputWithContext(ctx context.Context) SecretArrayOutput

type SecretArrayInput 

type SecretArrayInput interface {
	pulumi.Input

	ToSecretArrayOutput() SecretArrayOutput
	ToSecretArrayOutputWithContext(context.Context) SecretArrayOutput
}

SecretArrayInput is an input type that accepts SecretArray and SecretArrayOutput values. You can construct a concrete instance of `SecretArrayInput` via: 

SecretArray{ SecretArgs{...} }

type SecretArrayOutput 

type SecretArrayOutput struct{ *pulumi.OutputState }

func (SecretArrayOutput) ElementType 

func (SecretArrayOutput) ElementType() reflect.Type

func (SecretArrayOutput) Index 

func (o SecretArrayOutput) Index(i pulumi.IntInput) SecretOutput

func (SecretArrayOutput) ToSecretArrayOutput 

func (o SecretArrayOutput) ToSecretArrayOutput() SecretArrayOutput

func (SecretArrayOutput) ToSecretArrayOutputWithContext 

func (o SecretArrayOutput) ToSecretArrayOutputWithContext(ctx context.Context) SecretArrayOutput

type SecretInput 

type SecretInput interface {
	pulumi.Input

	ToSecretOutput() SecretOutput
	ToSecretOutputWithContext(ctx context.Context) SecretOutput
}

type SecretMap 

type SecretMap map[string]SecretInput

func (SecretMap) ElementType 

func (SecretMap) ElementType() reflect.Type

func (SecretMap) ToSecretMapOutput 

func (i SecretMap) ToSecretMapOutput() SecretMapOutput

func (SecretMap) ToSecretMapOutputWithContext 

func (i SecretMap) ToSecretMapOutputWithContext(ctx context.Context) SecretMapOutput

type SecretMapInput 

type SecretMapInput interface {
	pulumi.Input

	ToSecretMapOutput() SecretMapOutput
	ToSecretMapOutputWithContext(context.Context) SecretMapOutput
}

SecretMapInput is an input type that accepts SecretMap and SecretMapOutput values. You can construct a concrete instance of `SecretMapInput` via: 

SecretMap{ "key": SecretArgs{...} }

type SecretMapOutput 

type SecretMapOutput struct{ *pulumi.OutputState }

func (SecretMapOutput) ElementType 

func (SecretMapOutput) ElementType() reflect.Type

func (SecretMapOutput) MapIndex 

func (o SecretMapOutput) MapIndex(k pulumi.StringInput) SecretOutput

func (SecretMapOutput) ToSecretMapOutput 

func (o SecretMapOutput) ToSecretMapOutput() SecretMapOutput

func (SecretMapOutput) ToSecretMapOutputWithContext 

func (o SecretMapOutput) ToSecretMapOutputWithContext(ctx context.Context) SecretMapOutput

type SecretOutput 

type SecretOutput struct{ *pulumi.OutputState }

func (SecretOutput) Arn 

func (o SecretOutput) Arn() pulumi.StringOutput

ARN of the secret.

func (SecretOutput) Description 

func (o SecretOutput) Description() pulumi.StringPtrOutput

Description of the secret.

func (SecretOutput) ElementType 

func (SecretOutput) ElementType() reflect.Type

func (SecretOutput) ForceOverwriteReplicaSecret 

func (o SecretOutput) ForceOverwriteReplicaSecret() pulumi.BoolPtrOutput

Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.

func (SecretOutput) KmsKeyId 

func (o SecretOutput) KmsKeyId() pulumi.StringPtrOutput

ARN or Id of the AWS KMS key to be used to encrypt the secret values in the versions stored in this secret. If you need to reference a CMK in a different account, you can use only the key ARN. If you don't specify this value, then Secrets Manager defaults to using the AWS account's default KMS key (the one named `aws/secretsmanager`). If the default KMS key with that name doesn't yet exist, then AWS Secrets Manager creates it for you automatically the first time.

func (SecretOutput) Name 

func (o SecretOutput) Name() pulumi.StringOutput

Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: `/_+=.@-` Conflicts with `namePrefix`.

func (SecretOutput) NamePrefix 

func (o SecretOutput) NamePrefix() pulumi.StringOutput

Creates a unique name beginning with the specified prefix. Conflicts with `name`.

func (SecretOutput) Policy 

func (o SecretOutput) Policy() pulumi.StringOutput

Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Removing `policy` from your configuration or setting `policy` to null or an empty string (i.e., `policy = ""`) _will not_ delete the policy since it could have been set by `secretsmanager.SecretPolicy`. To delete the `policy`, set it to `"{}"` (an empty JSON document).

func (SecretOutput) RecoveryWindowInDays 

func (o SecretOutput) RecoveryWindowInDays() pulumi.IntPtrOutput

Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be `0` to force deletion without recovery or range from `7` to `30` days. The default value is `30`.

func (SecretOutput) Region 

func (o SecretOutput) Region() pulumi.StringOutput

Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.

func (SecretOutput) Replicas 

func (o SecretOutput) Replicas() SecretReplicaArrayOutput

Configuration block to support secret replication. See details below.

func (SecretOutput) Tags 

func (o SecretOutput) Tags() pulumi.StringMapOutput

Key-value map of user-defined tags that are attached to the secret. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.

func (SecretOutput) TagsAll 

func (o SecretOutput) TagsAll() pulumi.StringMapOutput

Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.

func (SecretOutput) ToSecretOutput 

func (o SecretOutput) ToSecretOutput() SecretOutput

func (SecretOutput) ToSecretOutputWithContext 

func (o SecretOutput) ToSecretOutputWithContext(ctx context.Context) SecretOutput

type SecretPolicy 

type SecretPolicy struct {
	pulumi.CustomResourceState

	// Makes an optional API call to Zelkova to validate the Resource Policy to prevent broad access to your secret.
	BlockPublicPolicy pulumi.BoolPtrOutput `pulumi:"blockPublicPolicy"`
	// Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Unlike `secretsmanager.Secret`, where `policy` can be set to `"{}"` to delete the policy, `"{}"` is not a valid policy since `policy` is required.
	Policy pulumi.StringOutput `pulumi:"policy"`
	// Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
	Region pulumi.StringOutput `pulumi:"region"`
	// Secret ARN.
	//
	// The following arguments are optional:
	SecretArn pulumi.StringOutput `pulumi:"secretArn"`
}

Provides a resource to manage AWS Secrets Manager secret policy.

## Example Usage

### Basic

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleSecret, err := secretsmanager.NewSecret(ctx, "example", &secretsmanager.SecretArgs{
			Name: pulumi.String("example"),
		})
		if err != nil {
			return err
		}
		example, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
			Statements: []iam.GetPolicyDocumentStatement{
				{
					Sid:    pulumi.StringRef("EnableAnotherAWSAccountToReadTheSecret"),
					Effect: pulumi.StringRef("Allow"),
					Principals: []iam.GetPolicyDocumentStatementPrincipal{
						{
							Type: "AWS",
							Identifiers: []string{
								"arn:aws:iam::123456789012:root",
							},
						},
					},
					Actions: []string{
						"secretsmanager:GetSecretValue",
					},
					Resources: []string{
						"*",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = secretsmanager.NewSecretPolicy(ctx, "example", &secretsmanager.SecretPolicyArgs{
			SecretArn: exampleSecret.Arn,
			Policy:    pulumi.String(example.Json),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Using `pulumi import`, import `aws_secretsmanager_secret_policy` using the secret Amazon Resource Name (ARN). For example:

```sh $ pulumi import aws:secretsmanager/secretPolicy:SecretPolicy example arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456 ```

func GetSecretPolicy 

func GetSecretPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretPolicyState, opts ...pulumi.ResourceOption) (*SecretPolicy, error)

GetSecretPolicy gets an existing SecretPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretPolicy 

func NewSecretPolicy(ctx *pulumi.Context,
	name string, args *SecretPolicyArgs, opts ...pulumi.ResourceOption) (*SecretPolicy, error)

NewSecretPolicy registers a new resource with the given unique name, arguments, and options.

func (*SecretPolicy) ElementType 

func (*SecretPolicy) ElementType() reflect.Type

func (*SecretPolicy) ToSecretPolicyOutput 

func (i *SecretPolicy) ToSecretPolicyOutput() SecretPolicyOutput

func (*SecretPolicy) ToSecretPolicyOutputWithContext 

func (i *SecretPolicy) ToSecretPolicyOutputWithContext(ctx context.Context) SecretPolicyOutput

type SecretPolicyArgs 

type SecretPolicyArgs struct {
	// Makes an optional API call to Zelkova to validate the Resource Policy to prevent broad access to your secret.
	BlockPublicPolicy pulumi.BoolPtrInput
	// Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Unlike `secretsmanager.Secret`, where `policy` can be set to `"{}"` to delete the policy, `"{}"` is not a valid policy since `policy` is required.
	Policy pulumi.StringInput
	// Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
	Region pulumi.StringPtrInput
	// Secret ARN.
	//
	// The following arguments are optional:
	SecretArn pulumi.StringInput
}

The set of arguments for constructing a SecretPolicy resource.

func (SecretPolicyArgs) ElementType 

func (SecretPolicyArgs) ElementType() reflect.Type

type SecretPolicyArray 

type SecretPolicyArray []SecretPolicyInput

func (SecretPolicyArray) ElementType 

func (SecretPolicyArray) ElementType() reflect.Type

func (SecretPolicyArray) ToSecretPolicyArrayOutput 

func (i SecretPolicyArray) ToSecretPolicyArrayOutput() SecretPolicyArrayOutput

func (SecretPolicyArray) ToSecretPolicyArrayOutputWithContext 

func (i SecretPolicyArray) ToSecretPolicyArrayOutputWithContext(ctx context.Context) SecretPolicyArrayOutput

type SecretPolicyArrayInput 

type SecretPolicyArrayInput interface {
	pulumi.Input

	ToSecretPolicyArrayOutput() SecretPolicyArrayOutput
	ToSecretPolicyArrayOutputWithContext(context.Context) SecretPolicyArrayOutput
}

SecretPolicyArrayInput is an input type that accepts SecretPolicyArray and SecretPolicyArrayOutput values. You can construct a concrete instance of `SecretPolicyArrayInput` via: 

SecretPolicyArray{ SecretPolicyArgs{...} }

type SecretPolicyArrayOutput 

type SecretPolicyArrayOutput struct{ *pulumi.OutputState }

func (SecretPolicyArrayOutput) ElementType 

func (SecretPolicyArrayOutput) ElementType() reflect.Type

func (SecretPolicyArrayOutput) Index 

func (o SecretPolicyArrayOutput) Index(i pulumi.IntInput) SecretPolicyOutput

func (SecretPolicyArrayOutput) ToSecretPolicyArrayOutput 

func (o SecretPolicyArrayOutput) ToSecretPolicyArrayOutput() SecretPolicyArrayOutput

func (SecretPolicyArrayOutput) ToSecretPolicyArrayOutputWithContext 

func (o SecretPolicyArrayOutput) ToSecretPolicyArrayOutputWithContext(ctx context.Context) SecretPolicyArrayOutput

type SecretPolicyInput 

type SecretPolicyInput interface {
	pulumi.Input

	ToSecretPolicyOutput() SecretPolicyOutput
	ToSecretPolicyOutputWithContext(ctx context.Context) SecretPolicyOutput
}

type SecretPolicyMap 

type SecretPolicyMap map[string]SecretPolicyInput

func (SecretPolicyMap) ElementType 

func (SecretPolicyMap) ElementType() reflect.Type

func (SecretPolicyMap) ToSecretPolicyMapOutput 

func (i SecretPolicyMap) ToSecretPolicyMapOutput() SecretPolicyMapOutput

func (SecretPolicyMap) ToSecretPolicyMapOutputWithContext 

func (i SecretPolicyMap) ToSecretPolicyMapOutputWithContext(ctx context.Context) SecretPolicyMapOutput

type SecretPolicyMapInput 

type SecretPolicyMapInput interface {
	pulumi.Input

	ToSecretPolicyMapOutput() SecretPolicyMapOutput
	ToSecretPolicyMapOutputWithContext(context.Context) SecretPolicyMapOutput
}

SecretPolicyMapInput is an input type that accepts SecretPolicyMap and SecretPolicyMapOutput values. You can construct a concrete instance of `SecretPolicyMapInput` via: 

SecretPolicyMap{ "key": SecretPolicyArgs{...} }

type SecretPolicyMapOutput 

type SecretPolicyMapOutput struct{ *pulumi.OutputState }

func (SecretPolicyMapOutput) ElementType 

func (SecretPolicyMapOutput) ElementType() reflect.Type

func (SecretPolicyMapOutput) MapIndex 

func (o SecretPolicyMapOutput) MapIndex(k pulumi.StringInput) SecretPolicyOutput

func (SecretPolicyMapOutput) ToSecretPolicyMapOutput 

func (o SecretPolicyMapOutput) ToSecretPolicyMapOutput() SecretPolicyMapOutput

func (SecretPolicyMapOutput) ToSecretPolicyMapOutputWithContext 

func (o SecretPolicyMapOutput) ToSecretPolicyMapOutputWithContext(ctx context.Context) SecretPolicyMapOutput

type SecretPolicyOutput 

type SecretPolicyOutput struct{ *pulumi.OutputState }

func (SecretPolicyOutput) BlockPublicPolicy 

func (o SecretPolicyOutput) BlockPublicPolicy() pulumi.BoolPtrOutput

Makes an optional API call to Zelkova to validate the Resource Policy to prevent broad access to your secret.

func (SecretPolicyOutput) ElementType 

func (SecretPolicyOutput) ElementType() reflect.Type

func (SecretPolicyOutput) Policy 

func (o SecretPolicyOutput) Policy() pulumi.StringOutput

Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Unlike `secretsmanager.Secret`, where `policy` can be set to `"{}"` to delete the policy, `"{}"` is not a valid policy since `policy` is required.

func (SecretPolicyOutput) Region 

func (o SecretPolicyOutput) Region() pulumi.StringOutput

Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.

func (SecretPolicyOutput) SecretArn 

func (o SecretPolicyOutput) SecretArn() pulumi.StringOutput

Secret ARN.

The following arguments are optional:

func (SecretPolicyOutput) ToSecretPolicyOutput 

func (o SecretPolicyOutput) ToSecretPolicyOutput() SecretPolicyOutput

func (SecretPolicyOutput) ToSecretPolicyOutputWithContext 

func (o SecretPolicyOutput) ToSecretPolicyOutputWithContext(ctx context.Context) SecretPolicyOutput

type SecretPolicyState 

type SecretPolicyState struct {
	// Makes an optional API call to Zelkova to validate the Resource Policy to prevent broad access to your secret.
	BlockPublicPolicy pulumi.BoolPtrInput
	// Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Unlike `secretsmanager.Secret`, where `policy` can be set to `"{}"` to delete the policy, `"{}"` is not a valid policy since `policy` is required.
	Policy pulumi.StringPtrInput
	// Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
	Region pulumi.StringPtrInput
	// Secret ARN.
	//
	// The following arguments are optional:
	SecretArn pulumi.StringPtrInput
}

func (SecretPolicyState) ElementType 

func (SecretPolicyState) ElementType() reflect.Type

type SecretReplica 

type SecretReplica struct {
	// ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (`aws/secretsmanager`) in the region or creates one for use if non-existent.
	KmsKeyId *string `pulumi:"kmsKeyId"`
	// Date that you last accessed the secret in the Region.
	LastAccessedDate *string `pulumi:"lastAccessedDate"`
	// Region for replicating the secret.
	Region string `pulumi:"region"`
	// Status can be `InProgress`, `Failed`, or `InSync`.
	Status *string `pulumi:"status"`
	// Message such as `Replication succeeded` or `Secret with this name already exists in this region`.
	StatusMessage *string `pulumi:"statusMessage"`
}

type SecretReplicaArgs 

type SecretReplicaArgs struct {
	// ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (`aws/secretsmanager`) in the region or creates one for use if non-existent.
	KmsKeyId pulumi.StringPtrInput `pulumi:"kmsKeyId"`
	// Date that you last accessed the secret in the Region.
	LastAccessedDate pulumi.StringPtrInput `pulumi:"lastAccessedDate"`
	// Region for replicating the secret.
	Region pulumi.StringInput `pulumi:"region"`
	// Status can be `InProgress`, `Failed`, or `InSync`.
	Status pulumi.StringPtrInput `pulumi:"status"`
	// Message such as `Replication succeeded` or `Secret with this name already exists in this region`.
	StatusMessage pulumi.StringPtrInput `pulumi:"statusMessage"`
}

func (SecretReplicaArgs) ElementType 

func (SecretReplicaArgs) ElementType() reflect.Type

func (SecretReplicaArgs) ToSecretReplicaOutput 

func (i SecretReplicaArgs) ToSecretReplicaOutput() SecretReplicaOutput

func (SecretReplicaArgs) ToSecretReplicaOutputWithContext 

func (i SecretReplicaArgs) ToSecretReplicaOutputWithContext(ctx context.Context) SecretReplicaOutput

type SecretReplicaArray 

type SecretReplicaArray []SecretReplicaInput

func (SecretReplicaArray) ElementType 

func (SecretReplicaArray) ElementType() reflect.Type

func (SecretReplicaArray) ToSecretReplicaArrayOutput 

func (i SecretReplicaArray) ToSecretReplicaArrayOutput() SecretReplicaArrayOutput

func (SecretReplicaArray) ToSecretReplicaArrayOutputWithContext 

func (i SecretReplicaArray) ToSecretReplicaArrayOutputWithContext(ctx context.Context) SecretReplicaArrayOutput

type SecretReplicaArrayInput 

type SecretReplicaArrayInput interface {
	pulumi.Input

	ToSecretReplicaArrayOutput() SecretReplicaArrayOutput
	ToSecretReplicaArrayOutputWithContext(context.Context) SecretReplicaArrayOutput
}

SecretReplicaArrayInput is an input type that accepts SecretReplicaArray and SecretReplicaArrayOutput values. You can construct a concrete instance of `SecretReplicaArrayInput` via: 

SecretReplicaArray{ SecretReplicaArgs{...} }

type SecretReplicaArrayOutput 

type SecretReplicaArrayOutput struct{ *pulumi.OutputState }

func (SecretReplicaArrayOutput) ElementType 

func (SecretReplicaArrayOutput) ElementType() reflect.Type

func (SecretReplicaArrayOutput) Index 

func (o SecretReplicaArrayOutput) Index(i pulumi.IntInput) SecretReplicaOutput

func (SecretReplicaArrayOutput) ToSecretReplicaArrayOutput 

func (o SecretReplicaArrayOutput) ToSecretReplicaArrayOutput() SecretReplicaArrayOutput

func (SecretReplicaArrayOutput) ToSecretReplicaArrayOutputWithContext 

func (o SecretReplicaArrayOutput) ToSecretReplicaArrayOutputWithContext(ctx context.Context) SecretReplicaArrayOutput

type SecretReplicaInput 

type SecretReplicaInput interface {
	pulumi.Input

	ToSecretReplicaOutput() SecretReplicaOutput
	ToSecretReplicaOutputWithContext(context.Context) SecretReplicaOutput
}

SecretReplicaInput is an input type that accepts SecretReplicaArgs and SecretReplicaOutput values. You can construct a concrete instance of `SecretReplicaInput` via: 

SecretReplicaArgs{...}

type SecretReplicaOutput 

type SecretReplicaOutput struct{ *pulumi.OutputState }

func (SecretReplicaOutput) ElementType 

func (SecretReplicaOutput) ElementType() reflect.Type

func (SecretReplicaOutput) KmsKeyId 

func (o SecretReplicaOutput) KmsKeyId() pulumi.StringPtrOutput

ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (`aws/secretsmanager`) in the region or creates one for use if non-existent.

func (SecretReplicaOutput) LastAccessedDate 

func (o SecretReplicaOutput) LastAccessedDate() pulumi.StringPtrOutput

Date that you last accessed the secret in the Region.

func (SecretReplicaOutput) Region 

func (o SecretReplicaOutput) Region() pulumi.StringOutput

Region for replicating the secret.

func (SecretReplicaOutput) Status 

func (o SecretReplicaOutput) Status() pulumi.StringPtrOutput

Status can be `InProgress`, `Failed`, or `InSync`.

func (SecretReplicaOutput) StatusMessage 

func (o SecretReplicaOutput) StatusMessage() pulumi.StringPtrOutput

Message such as `Replication succeeded` or `Secret with this name already exists in this region`.

func (SecretReplicaOutput) ToSecretReplicaOutput 

func (o SecretReplicaOutput) ToSecretReplicaOutput() SecretReplicaOutput

func (SecretReplicaOutput) ToSecretReplicaOutputWithContext 

func (o SecretReplicaOutput) ToSecretReplicaOutputWithContext(ctx context.Context) SecretReplicaOutput

type SecretRotation 

type SecretRotation struct {
	pulumi.CustomResourceState

	// Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
	Region pulumi.StringOutput `pulumi:"region"`
	// Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. The rotation schedule is defined in `rotationRules`. For secrets that use a Lambda rotation function to rotate, if you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the testSecret step (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html) of the Lambda rotation function. The test creates an AWSPENDING version of the secret and then removes it. Defaults to `true`.
	RotateImmediately pulumi.BoolPtrOutput `pulumi:"rotateImmediately"`
	// Specifies whether automatic rotation is enabled for this secret.
	RotationEnabled pulumi.BoolOutput `pulumi:"rotationEnabled"`
	// Specifies the ARN of the Lambda function that can rotate the secret. Must be supplied if the secret is not managed by AWS.
	RotationLambdaArn pulumi.StringPtrOutput `pulumi:"rotationLambdaArn"`
	// A structure that defines the rotation configuration for this secret. Defined below.
	RotationRules SecretRotationRotationRulesOutput `pulumi:"rotationRules"`
	// Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.
	SecretId pulumi.StringOutput `pulumi:"secretId"`
}

Provides a resource to manage AWS Secrets Manager secret rotation. To manage a secret, see the `secretsmanager.Secret` resource. To manage a secret value, see the `secretsmanager.SecretVersion` resource.

## Example Usage

### Basic

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.NewSecretRotation(ctx, "example", &secretsmanager.SecretRotationArgs{
			SecretId:          pulumi.Any(exampleAwsSecretsmanagerSecret.Id),
			RotationLambdaArn: pulumi.Any(exampleAwsLambdaFunction.Arn),
			RotationRules: &secretsmanager.SecretRotationRotationRulesArgs{
				AutomaticallyAfterDays: pulumi.Int(30),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

### Rotation Configuration

To enable automatic secret rotation, the Secrets Manager service requires usage of a Lambda function. The [Rotate Secrets section in the Secrets Manager User Guide](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html) provides additional information about deploying a prebuilt Lambda functions for supported credential rotation (e.g., RDS) or deploying a custom Lambda function.

> **NOTE:** Configuring rotation causes the secret to rotate once as soon as you enable rotation. Before you do this, you must ensure that all of your applications that use the credentials stored in the secret are updated to retrieve the secret from AWS Secrets Manager. The old credentials might no longer be usable after the initial rotation and any applications that you fail to update will break as soon as the old credentials are no longer valid.

> **NOTE:** If you cancel a rotation that is in progress (by removing the `rotation` configuration), it can leave the VersionStage labels in an unexpected state. Depending on what step of the rotation was in progress, you might need to remove the staging label AWSPENDING from the partially created version, specified by the SecretVersionId response value. You should also evaluate the partially rotated new version to see if it should be deleted, which you can do by removing all staging labels from the new version's VersionStage field.

## Import

Using `pulumi import`, import `aws_secretsmanager_secret_rotation` using the secret Amazon Resource Name (ARN). For example:

```sh $ pulumi import aws:secretsmanager/secretRotation:SecretRotation example arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456 ```

func GetSecretRotation 

func GetSecretRotation(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretRotationState, opts ...pulumi.ResourceOption) (*SecretRotation, error)

GetSecretRotation gets an existing SecretRotation resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretRotation 

func NewSecretRotation(ctx *pulumi.Context,
	name string, args *SecretRotationArgs, opts ...pulumi.ResourceOption) (*SecretRotation, error)

NewSecretRotation registers a new resource with the given unique name, arguments, and options.

func (*SecretRotation) ElementType 

func (*SecretRotation) ElementType() reflect.Type

func (*SecretRotation) ToSecretRotationOutput 

func (i *SecretRotation) ToSecretRotationOutput() SecretRotationOutput

func (*SecretRotation) ToSecretRotationOutputWithContext 

func (i *SecretRotation) ToSecretRotationOutputWithContext(ctx context.Context) SecretRotationOutput

type SecretRotationArgs 

type SecretRotationArgs struct {
	// Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
	Region pulumi.StringPtrInput
	// Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. The rotation schedule is defined in `rotationRules`. For secrets that use a Lambda rotation function to rotate, if you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the testSecret step (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html) of the Lambda rotation function. The test creates an AWSPENDING version of the secret and then removes it. Defaults to `true`.
	RotateImmediately pulumi.BoolPtrInput
	// Specifies the ARN of the Lambda function that can rotate the secret. Must be supplied if the secret is not managed by AWS.
	RotationLambdaArn pulumi.StringPtrInput
	// A structure that defines the rotation configuration for this secret. Defined below.
	RotationRules SecretRotationRotationRulesInput
	// Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.
	SecretId pulumi.StringInput
}

The set of arguments for constructing a SecretRotation resource.

func (SecretRotationArgs) ElementType 

func (SecretRotationArgs) ElementType() reflect.Type

type SecretRotationArray 

type SecretRotationArray []SecretRotationInput

func (SecretRotationArray) ElementType 

func (SecretRotationArray) ElementType() reflect.Type

func (SecretRotationArray) ToSecretRotationArrayOutput 

func (i SecretRotationArray) ToSecretRotationArrayOutput() SecretRotationArrayOutput

func (SecretRotationArray) ToSecretRotationArrayOutputWithContext 

func (i SecretRotationArray) ToSecretRotationArrayOutputWithContext(ctx context.Context) SecretRotationArrayOutput

type SecretRotationArrayInput 

type SecretRotationArrayInput interface {
	pulumi.Input

	ToSecretRotationArrayOutput() SecretRotationArrayOutput
	ToSecretRotationArrayOutputWithContext(context.Context) SecretRotationArrayOutput
}

SecretRotationArrayInput is an input type that accepts SecretRotationArray and SecretRotationArrayOutput values. You can construct a concrete instance of `SecretRotationArrayInput` via: 

SecretRotationArray{ SecretRotationArgs{...} }

type SecretRotationArrayOutput 

type SecretRotationArrayOutput struct{ *pulumi.OutputState }

func (SecretRotationArrayOutput) ElementType 

func (SecretRotationArrayOutput) ElementType() reflect.Type

func (SecretRotationArrayOutput) Index 

func (o SecretRotationArrayOutput) Index(i pulumi.IntInput) SecretRotationOutput

func (SecretRotationArrayOutput) ToSecretRotationArrayOutput 

func (o SecretRotationArrayOutput) ToSecretRotationArrayOutput() SecretRotationArrayOutput

func (SecretRotationArrayOutput) ToSecretRotationArrayOutputWithContext 

func (o SecretRotationArrayOutput) ToSecretRotationArrayOutputWithContext(ctx context.Context) SecretRotationArrayOutput

type SecretRotationInput 

type SecretRotationInput interface {
	pulumi.Input

	ToSecretRotationOutput() SecretRotationOutput
	ToSecretRotationOutputWithContext(ctx context.Context) SecretRotationOutput
}

type SecretRotationMap 

type SecretRotationMap map[string]SecretRotationInput

func (SecretRotationMap) ElementType 

func (SecretRotationMap) ElementType() reflect.Type

func (SecretRotationMap) ToSecretRotationMapOutput 

func (i SecretRotationMap) ToSecretRotationMapOutput() SecretRotationMapOutput

func (SecretRotationMap) ToSecretRotationMapOutputWithContext 

func (i SecretRotationMap) ToSecretRotationMapOutputWithContext(ctx context.Context) SecretRotationMapOutput

type SecretRotationMapInput 

type SecretRotationMapInput interface {
	pulumi.Input

	ToSecretRotationMapOutput() SecretRotationMapOutput
	ToSecretRotationMapOutputWithContext(context.Context) SecretRotationMapOutput
}

SecretRotationMapInput is an input type that accepts SecretRotationMap and SecretRotationMapOutput values. You can construct a concrete instance of `SecretRotationMapInput` via: 

SecretRotationMap{ "key": SecretRotationArgs{...} }

type SecretRotationMapOutput 

type SecretRotationMapOutput struct{ *pulumi.OutputState }

func (SecretRotationMapOutput) ElementType 

func (SecretRotationMapOutput) ElementType() reflect.Type

func (SecretRotationMapOutput) MapIndex 

func (o SecretRotationMapOutput) MapIndex(k pulumi.StringInput) SecretRotationOutput

func (SecretRotationMapOutput) ToSecretRotationMapOutput 

func (o SecretRotationMapOutput) ToSecretRotationMapOutput() SecretRotationMapOutput

func (SecretRotationMapOutput) ToSecretRotationMapOutputWithContext 

func (o SecretRotationMapOutput) ToSecretRotationMapOutputWithContext(ctx context.Context) SecretRotationMapOutput

type SecretRotationOutput 

type SecretRotationOutput struct{ *pulumi.OutputState }

func (SecretRotationOutput) ElementType 

func (SecretRotationOutput) ElementType() reflect.Type

func (SecretRotationOutput) Region 

func (o SecretRotationOutput) Region() pulumi.StringOutput

Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.

func (SecretRotationOutput) RotateImmediately 

func (o SecretRotationOutput) RotateImmediately() pulumi.BoolPtrOutput

Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. The rotation schedule is defined in `rotationRules`. For secrets that use a Lambda rotation function to rotate, if you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the testSecret step (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html) of the Lambda rotation function. The test creates an AWSPENDING version of the secret and then removes it. Defaults to `true`.

func (SecretRotationOutput) RotationEnabled 

func (o SecretRotationOutput) RotationEnabled() pulumi.BoolOutput

Specifies whether automatic rotation is enabled for this secret.

func (SecretRotationOutput) RotationLambdaArn 

func (o SecretRotationOutput) RotationLambdaArn() pulumi.StringPtrOutput

Specifies the ARN of the Lambda function that can rotate the secret. Must be supplied if the secret is not managed by AWS.

func (SecretRotationOutput) RotationRules 

func (o SecretRotationOutput) RotationRules() SecretRotationRotationRulesOutput

A structure that defines the rotation configuration for this secret. Defined below.

func (SecretRotationOutput) SecretId 

func (o SecretRotationOutput) SecretId() pulumi.StringOutput

Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.

func (SecretRotationOutput) ToSecretRotationOutput 

func (o SecretRotationOutput) ToSecretRotationOutput() SecretRotationOutput

func (SecretRotationOutput) ToSecretRotationOutputWithContext 

func (o SecretRotationOutput) ToSecretRotationOutputWithContext(ctx context.Context) SecretRotationOutput

type SecretRotationRotationRules 

type SecretRotationRotationRules struct {
	// Specifies the number of days between automatic scheduled rotations of the secret. Either `automaticallyAfterDays` or `scheduleExpression` must be specified.
	AutomaticallyAfterDays *int `pulumi:"automaticallyAfterDays"`
	// The length of the rotation window in hours. For example, `3h` for a three hour window.
	Duration *string `pulumi:"duration"`
	// A `cron()` or `rate()` expression that defines the schedule for rotating your secret. Either `automaticallyAfterDays` or `scheduleExpression` must be specified.
	ScheduleExpression *string `pulumi:"scheduleExpression"`
}

type SecretRotationRotationRulesArgs 

type SecretRotationRotationRulesArgs struct {
	// Specifies the number of days between automatic scheduled rotations of the secret. Either `automaticallyAfterDays` or `scheduleExpression` must be specified.
	AutomaticallyAfterDays pulumi.IntPtrInput `pulumi:"automaticallyAfterDays"`
	// The length of the rotation window in hours. For example, `3h` for a three hour window.
	Duration pulumi.StringPtrInput `pulumi:"duration"`
	// A `cron()` or `rate()` expression that defines the schedule for rotating your secret. Either `automaticallyAfterDays` or `scheduleExpression` must be specified.
	ScheduleExpression pulumi.StringPtrInput `pulumi:"scheduleExpression"`
}

func (SecretRotationRotationRulesArgs) ElementType 

func (SecretRotationRotationRulesArgs) ElementType() reflect.Type

func (SecretRotationRotationRulesArgs) ToSecretRotationRotationRulesOutput 

func (i SecretRotationRotationRulesArgs) ToSecretRotationRotationRulesOutput() SecretRotationRotationRulesOutput

func (SecretRotationRotationRulesArgs) ToSecretRotationRotationRulesOutputWithContext 

func (i SecretRotationRotationRulesArgs) ToSecretRotationRotationRulesOutputWithContext(ctx context.Context) SecretRotationRotationRulesOutput

func (SecretRotationRotationRulesArgs) ToSecretRotationRotationRulesPtrOutput 

func (i SecretRotationRotationRulesArgs) ToSecretRotationRotationRulesPtrOutput() SecretRotationRotationRulesPtrOutput

func (SecretRotationRotationRulesArgs) ToSecretRotationRotationRulesPtrOutputWithContext 

func (i SecretRotationRotationRulesArgs) ToSecretRotationRotationRulesPtrOutputWithContext(ctx context.Context) SecretRotationRotationRulesPtrOutput

type SecretRotationRotationRulesInput 

type SecretRotationRotationRulesInput interface {
	pulumi.Input

	ToSecretRotationRotationRulesOutput() SecretRotationRotationRulesOutput
	ToSecretRotationRotationRulesOutputWithContext(context.Context) SecretRotationRotationRulesOutput
}

SecretRotationRotationRulesInput is an input type that accepts SecretRotationRotationRulesArgs and SecretRotationRotationRulesOutput values. You can construct a concrete instance of `SecretRotationRotationRulesInput` via: 

SecretRotationRotationRulesArgs{...}

type SecretRotationRotationRulesOutput 

type SecretRotationRotationRulesOutput struct{ *pulumi.OutputState }

func (SecretRotationRotationRulesOutput) AutomaticallyAfterDays 

func (o SecretRotationRotationRulesOutput) AutomaticallyAfterDays() pulumi.IntPtrOutput

Specifies the number of days between automatic scheduled rotations of the secret. Either `automaticallyAfterDays` or `scheduleExpression` must be specified.

func (SecretRotationRotationRulesOutput) Duration 

func (o SecretRotationRotationRulesOutput) Duration() pulumi.StringPtrOutput

The length of the rotation window in hours. For example, `3h` for a three hour window.

func (SecretRotationRotationRulesOutput) ElementType 

func (SecretRotationRotationRulesOutput) ElementType() reflect.Type

func (SecretRotationRotationRulesOutput) ScheduleExpression 

func (o SecretRotationRotationRulesOutput) ScheduleExpression() pulumi.StringPtrOutput

A `cron()` or `rate()` expression that defines the schedule for rotating your secret. Either `automaticallyAfterDays` or `scheduleExpression` must be specified.

func (SecretRotationRotationRulesOutput) ToSecretRotationRotationRulesOutput 

func (o SecretRotationRotationRulesOutput) ToSecretRotationRotationRulesOutput() SecretRotationRotationRulesOutput

func (SecretRotationRotationRulesOutput) ToSecretRotationRotationRulesOutputWithContext 

func (o SecretRotationRotationRulesOutput) ToSecretRotationRotationRulesOutputWithContext(ctx context.Context) SecretRotationRotationRulesOutput

func (SecretRotationRotationRulesOutput) ToSecretRotationRotationRulesPtrOutput 

func (o SecretRotationRotationRulesOutput) ToSecretRotationRotationRulesPtrOutput() SecretRotationRotationRulesPtrOutput

func (SecretRotationRotationRulesOutput) ToSecretRotationRotationRulesPtrOutputWithContext 

func (o SecretRotationRotationRulesOutput) ToSecretRotationRotationRulesPtrOutputWithContext(ctx context.Context) SecretRotationRotationRulesPtrOutput

type SecretRotationRotationRulesPtrInput 

type SecretRotationRotationRulesPtrInput interface {
	pulumi.Input

	ToSecretRotationRotationRulesPtrOutput() SecretRotationRotationRulesPtrOutput
	ToSecretRotationRotationRulesPtrOutputWithContext(context.Context) SecretRotationRotationRulesPtrOutput
}

SecretRotationRotationRulesPtrInput is an input type that accepts SecretRotationRotationRulesArgs, SecretRotationRotationRulesPtr and SecretRotationRotationRulesPtrOutput values. You can construct a concrete instance of `SecretRotationRotationRulesPtrInput` via: 

        SecretRotationRotationRulesArgs{...}

or:

        nil

func SecretRotationRotationRulesPtr 

func SecretRotationRotationRulesPtr(v *SecretRotationRotationRulesArgs) SecretRotationRotationRulesPtrInput

type SecretRotationRotationRulesPtrOutput 

type SecretRotationRotationRulesPtrOutput struct{ *pulumi.OutputState }

func (SecretRotationRotationRulesPtrOutput) AutomaticallyAfterDays 

func (o SecretRotationRotationRulesPtrOutput) AutomaticallyAfterDays() pulumi.IntPtrOutput

Specifies the number of days between automatic scheduled rotations of the secret. Either `automaticallyAfterDays` or `scheduleExpression` must be specified.

func (SecretRotationRotationRulesPtrOutput) Duration 

func (o SecretRotationRotationRulesPtrOutput) Duration() pulumi.StringPtrOutput

The length of the rotation window in hours. For example, `3h` for a three hour window.

func (SecretRotationRotationRulesPtrOutput) Elem 

func (o SecretRotationRotationRulesPtrOutput) Elem() SecretRotationRotationRulesOutput

func (SecretRotationRotationRulesPtrOutput) ElementType 

func (SecretRotationRotationRulesPtrOutput) ElementType() reflect.Type

func (SecretRotationRotationRulesPtrOutput) ScheduleExpression 

func (o SecretRotationRotationRulesPtrOutput) ScheduleExpression() pulumi.StringPtrOutput

A `cron()` or `rate()` expression that defines the schedule for rotating your secret. Either `automaticallyAfterDays` or `scheduleExpression` must be specified.

func (SecretRotationRotationRulesPtrOutput) ToSecretRotationRotationRulesPtrOutput 

func (o SecretRotationRotationRulesPtrOutput) ToSecretRotationRotationRulesPtrOutput() SecretRotationRotationRulesPtrOutput

func (SecretRotationRotationRulesPtrOutput) ToSecretRotationRotationRulesPtrOutputWithContext 

func (o SecretRotationRotationRulesPtrOutput) ToSecretRotationRotationRulesPtrOutputWithContext(ctx context.Context) SecretRotationRotationRulesPtrOutput

type SecretRotationState 

type SecretRotationState struct {
	// Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
	Region pulumi.StringPtrInput
	// Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. The rotation schedule is defined in `rotationRules`. For secrets that use a Lambda rotation function to rotate, if you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the testSecret step (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html) of the Lambda rotation function. The test creates an AWSPENDING version of the secret and then removes it. Defaults to `true`.
	RotateImmediately pulumi.BoolPtrInput
	// Specifies whether automatic rotation is enabled for this secret.
	RotationEnabled pulumi.BoolPtrInput
	// Specifies the ARN of the Lambda function that can rotate the secret. Must be supplied if the secret is not managed by AWS.
	RotationLambdaArn pulumi.StringPtrInput
	// A structure that defines the rotation configuration for this secret. Defined below.
	RotationRules SecretRotationRotationRulesPtrInput
	// Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.
	SecretId pulumi.StringPtrInput
}

func (SecretRotationState) ElementType 

func (SecretRotationState) ElementType() reflect.Type

type SecretState 

type SecretState struct {
	// ARN of the secret.
	Arn pulumi.StringPtrInput
	// Description of the secret.
	Description pulumi.StringPtrInput
	// Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.
	ForceOverwriteReplicaSecret pulumi.BoolPtrInput
	// ARN or Id of the AWS KMS key to be used to encrypt the secret values in the versions stored in this secret. If you need to reference a CMK in a different account, you can use only the key ARN. If you don't specify this value, then Secrets Manager defaults to using the AWS account's default KMS key (the one named `aws/secretsmanager`). If the default KMS key with that name doesn't yet exist, then AWS Secrets Manager creates it for you automatically the first time.
	KmsKeyId pulumi.StringPtrInput
	// Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: `/_+=.@-` Conflicts with `namePrefix`.
	Name pulumi.StringPtrInput
	// Creates a unique name beginning with the specified prefix. Conflicts with `name`.
	NamePrefix pulumi.StringPtrInput
	// Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Removing `policy` from your configuration or setting `policy` to null or an empty string (i.e., `policy = ""`) _will not_ delete the policy since it could have been set by `secretsmanager.SecretPolicy`. To delete the `policy`, set it to `"{}"` (an empty JSON document).
	Policy pulumi.StringPtrInput
	// Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be `0` to force deletion without recovery or range from `7` to `30` days. The default value is `30`.
	RecoveryWindowInDays pulumi.IntPtrInput
	// Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
	Region pulumi.StringPtrInput
	// Configuration block to support secret replication. See details below.
	Replicas SecretReplicaArrayInput
	// Key-value map of user-defined tags that are attached to the secret. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapInput
	// Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
	TagsAll pulumi.StringMapInput
}

func (SecretState) ElementType 

func (SecretState) ElementType() reflect.Type

type SecretVersion 

type SecretVersion struct {
	pulumi.CustomResourceState

	// The ARN of the secret.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
	Region pulumi.StringOutput `pulumi:"region"`
	// Specifies binary data that you want to encrypt and store in this version of the secret. This is required if `secretString` or `secretStringWo` is not set. Needs to be encoded to base64.
	SecretBinary pulumi.StringPtrOutput `pulumi:"secretBinary"`
	// Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.
	SecretId pulumi.StringOutput `pulumi:"secretId"`
	// Specifies text data that you want to encrypt and store in this version of the secret. This is required if `secretBinary` or `secretStringWo` is not set.
	SecretString pulumi.StringPtrOutput `pulumi:"secretString"`
	// The unique identifier of the version of the secret.
	VersionId pulumi.StringOutput `pulumi:"versionId"`
	// Specifies a list of staging labels that are attached to this version of the secret. A staging label must be unique to a single version of the secret. If you specify a staging label that's already associated with a different version of the same secret then that staging label is automatically removed from the other version and attached to this version. If you do not specify a value, then AWS Secrets Manager automatically moves the staging label `AWSCURRENT` to this new version on creation.
	//
	// > **NOTE:** If `versionStages` is configured, you must include the `AWSCURRENT` staging label if this secret version is the only version or if the label is currently present on this secret version, otherwise this provider will show a perpetual difference.
	VersionStages pulumi.StringArrayOutput `pulumi:"versionStages"`
}

Provides a resource to manage AWS Secrets Manager secret version including its secret value. To manage secret metadata, see the `secretsmanager.Secret` resource.

> **NOTE:** If the `AWSCURRENT` staging label is present on this version during resource deletion, that label cannot be removed and will be skipped to prevent errors when fully deleting the secret. That label will leave this secret version active even after the resource is deleted from this provider unless the secret itself is deleted. Move the `AWSCURRENT` staging label before or after deleting this resource from this provider to fully trigger version deprecation if necessary.

## Example Usage

### Simple String Value

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.NewSecretVersion(ctx, "example", &secretsmanager.SecretVersionArgs{
			SecretId:     pulumi.Any(exampleAwsSecretsmanagerSecret.Id),
			SecretString: pulumi.String("example-string-to-protect"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

### Key-Value Pairs

Secrets Manager also accepts key-value pairs in JSON.

```go package main

import ( 

"encoding/json"

"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		cfg := config.New(ctx, "")
		example := map[string]interface{}{
			"key1": "value1",
			"key2": "value2",
		}
		if param := cfg.GetObject("example"); param != nil {
			example = param
		}
		tmpJSON0, err := json.Marshal(example)
		if err != nil {
			return err
		}
		json0 := string(tmpJSON0)
		_, err = secretsmanager.NewSecretVersion(ctx, "example", &secretsmanager.SecretVersionArgs{
			SecretId:     pulumi.Any(exampleAwsSecretsmanagerSecret.Id),
			SecretString: pulumi.String(json0),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

Reading key-value pairs from JSON back into a native map

## Import

Using `pulumi import`, import `aws_secretsmanager_secret_version` using the secret ID and version ID. For example:

```sh $ pulumi import aws:secretsmanager/secretVersion:SecretVersion example 'arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456|xxxxx-xxxxxxx-xxxxxxx-xxxxx' ```

func GetSecretVersion 

func GetSecretVersion(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretVersionState, opts ...pulumi.ResourceOption) (*SecretVersion, error)

GetSecretVersion gets an existing SecretVersion resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretVersion 

func NewSecretVersion(ctx *pulumi.Context,
	name string, args *SecretVersionArgs, opts ...pulumi.ResourceOption) (*SecretVersion, error)

NewSecretVersion registers a new resource with the given unique name, arguments, and options.

func (*SecretVersion) ElementType 

func (*SecretVersion) ElementType() reflect.Type

func (*SecretVersion) ToSecretVersionOutput 

func (i *SecretVersion) ToSecretVersionOutput() SecretVersionOutput

func (*SecretVersion) ToSecretVersionOutputWithContext 

func (i *SecretVersion) ToSecretVersionOutputWithContext(ctx context.Context) SecretVersionOutput

type SecretVersionArgs 

type SecretVersionArgs struct {
	// Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
	Region pulumi.StringPtrInput
	// Specifies binary data that you want to encrypt and store in this version of the secret. This is required if `secretString` or `secretStringWo` is not set. Needs to be encoded to base64.
	SecretBinary pulumi.StringPtrInput
	// Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.
	SecretId pulumi.StringInput
	// Specifies text data that you want to encrypt and store in this version of the secret. This is required if `secretBinary` or `secretStringWo` is not set.
	SecretString pulumi.StringPtrInput
	// Specifies a list of staging labels that are attached to this version of the secret. A staging label must be unique to a single version of the secret. If you specify a staging label that's already associated with a different version of the same secret then that staging label is automatically removed from the other version and attached to this version. If you do not specify a value, then AWS Secrets Manager automatically moves the staging label `AWSCURRENT` to this new version on creation.
	//
	// > **NOTE:** If `versionStages` is configured, you must include the `AWSCURRENT` staging label if this secret version is the only version or if the label is currently present on this secret version, otherwise this provider will show a perpetual difference.
	VersionStages pulumi.StringArrayInput
}

The set of arguments for constructing a SecretVersion resource.

func (SecretVersionArgs) ElementType 

func (SecretVersionArgs) ElementType() reflect.Type

type SecretVersionArray 

type SecretVersionArray []SecretVersionInput

func (SecretVersionArray) ElementType 

func (SecretVersionArray) ElementType() reflect.Type

func (SecretVersionArray) ToSecretVersionArrayOutput 

func (i SecretVersionArray) ToSecretVersionArrayOutput() SecretVersionArrayOutput

func (SecretVersionArray) ToSecretVersionArrayOutputWithContext 

func (i SecretVersionArray) ToSecretVersionArrayOutputWithContext(ctx context.Context) SecretVersionArrayOutput

type SecretVersionArrayInput 

type SecretVersionArrayInput interface {
	pulumi.Input

	ToSecretVersionArrayOutput() SecretVersionArrayOutput
	ToSecretVersionArrayOutputWithContext(context.Context) SecretVersionArrayOutput
}

SecretVersionArrayInput is an input type that accepts SecretVersionArray and SecretVersionArrayOutput values. You can construct a concrete instance of `SecretVersionArrayInput` via: 

SecretVersionArray{ SecretVersionArgs{...} }

type SecretVersionArrayOutput 

type SecretVersionArrayOutput struct{ *pulumi.OutputState }

func (SecretVersionArrayOutput) ElementType 

func (SecretVersionArrayOutput) ElementType() reflect.Type

func (SecretVersionArrayOutput) Index 

func (o SecretVersionArrayOutput) Index(i pulumi.IntInput) SecretVersionOutput

func (SecretVersionArrayOutput) ToSecretVersionArrayOutput 

func (o SecretVersionArrayOutput) ToSecretVersionArrayOutput() SecretVersionArrayOutput

func (SecretVersionArrayOutput) ToSecretVersionArrayOutputWithContext 

func (o SecretVersionArrayOutput) ToSecretVersionArrayOutputWithContext(ctx context.Context) SecretVersionArrayOutput

type SecretVersionInput 

type SecretVersionInput interface {
	pulumi.Input

	ToSecretVersionOutput() SecretVersionOutput
	ToSecretVersionOutputWithContext(ctx context.Context) SecretVersionOutput
}

type SecretVersionMap 

type SecretVersionMap map[string]SecretVersionInput

func (SecretVersionMap) ElementType 

func (SecretVersionMap) ElementType() reflect.Type

func (SecretVersionMap) ToSecretVersionMapOutput 

func (i SecretVersionMap) ToSecretVersionMapOutput() SecretVersionMapOutput

func (SecretVersionMap) ToSecretVersionMapOutputWithContext 

func (i SecretVersionMap) ToSecretVersionMapOutputWithContext(ctx context.Context) SecretVersionMapOutput

type SecretVersionMapInput 

type SecretVersionMapInput interface {
	pulumi.Input

	ToSecretVersionMapOutput() SecretVersionMapOutput
	ToSecretVersionMapOutputWithContext(context.Context) SecretVersionMapOutput
}

SecretVersionMapInput is an input type that accepts SecretVersionMap and SecretVersionMapOutput values. You can construct a concrete instance of `SecretVersionMapInput` via: 

SecretVersionMap{ "key": SecretVersionArgs{...} }

type SecretVersionMapOutput 

type SecretVersionMapOutput struct{ *pulumi.OutputState }

func (SecretVersionMapOutput) ElementType 

func (SecretVersionMapOutput) ElementType() reflect.Type

func (SecretVersionMapOutput) MapIndex 

func (o SecretVersionMapOutput) MapIndex(k pulumi.StringInput) SecretVersionOutput

func (SecretVersionMapOutput) ToSecretVersionMapOutput 

func (o SecretVersionMapOutput) ToSecretVersionMapOutput() SecretVersionMapOutput

func (SecretVersionMapOutput) ToSecretVersionMapOutputWithContext 

func (o SecretVersionMapOutput) ToSecretVersionMapOutputWithContext(ctx context.Context) SecretVersionMapOutput

type SecretVersionOutput 

type SecretVersionOutput struct{ *pulumi.OutputState }

func (SecretVersionOutput) Arn 

func (o SecretVersionOutput) Arn() pulumi.StringOutput

The ARN of the secret.

func (SecretVersionOutput) ElementType 

func (SecretVersionOutput) ElementType() reflect.Type

func (SecretVersionOutput) Region 

func (o SecretVersionOutput) Region() pulumi.StringOutput

Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.

func (SecretVersionOutput) SecretBinary 

func (o SecretVersionOutput) SecretBinary() pulumi.StringPtrOutput

Specifies binary data that you want to encrypt and store in this version of the secret. This is required if `secretString` or `secretStringWo` is not set. Needs to be encoded to base64.

func (SecretVersionOutput) SecretId 

func (o SecretVersionOutput) SecretId() pulumi.StringOutput

Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.

func (SecretVersionOutput) SecretString 

func (o SecretVersionOutput) SecretString() pulumi.StringPtrOutput

Specifies text data that you want to encrypt and store in this version of the secret. This is required if `secretBinary` or `secretStringWo` is not set.

func (SecretVersionOutput) ToSecretVersionOutput 

func (o SecretVersionOutput) ToSecretVersionOutput() SecretVersionOutput

func (SecretVersionOutput) ToSecretVersionOutputWithContext 

func (o SecretVersionOutput) ToSecretVersionOutputWithContext(ctx context.Context) SecretVersionOutput

func (SecretVersionOutput) VersionId 

func (o SecretVersionOutput) VersionId() pulumi.StringOutput

The unique identifier of the version of the secret.

func (SecretVersionOutput) VersionStages 

func (o SecretVersionOutput) VersionStages() pulumi.StringArrayOutput

Specifies a list of staging labels that are attached to this version of the secret. A staging label must be unique to a single version of the secret. If you specify a staging label that's already associated with a different version of the same secret then that staging label is automatically removed from the other version and attached to this version. If you do not specify a value, then AWS Secrets Manager automatically moves the staging label `AWSCURRENT` to this new version on creation.

> **NOTE:** If `versionStages` is configured, you must include the `AWSCURRENT` staging label if this secret version is the only version or if the label is currently present on this secret version, otherwise this provider will show a perpetual difference.

type SecretVersionState 

type SecretVersionState struct {
	// The ARN of the secret.
	Arn pulumi.StringPtrInput
	// Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
	Region pulumi.StringPtrInput
	// Specifies binary data that you want to encrypt and store in this version of the secret. This is required if `secretString` or `secretStringWo` is not set. Needs to be encoded to base64.
	SecretBinary pulumi.StringPtrInput
	// Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.
	SecretId pulumi.StringPtrInput
	// Specifies text data that you want to encrypt and store in this version of the secret. This is required if `secretBinary` or `secretStringWo` is not set.
	SecretString pulumi.StringPtrInput
	// The unique identifier of the version of the secret.
	VersionId pulumi.StringPtrInput
	// Specifies a list of staging labels that are attached to this version of the secret. A staging label must be unique to a single version of the secret. If you specify a staging label that's already associated with a different version of the same secret then that staging label is automatically removed from the other version and attached to this version. If you do not specify a value, then AWS Secrets Manager automatically moves the staging label `AWSCURRENT` to this new version on creation.
	//
	// > **NOTE:** If `versionStages` is configured, you must include the `AWSCURRENT` staging label if this secret version is the only version or if the label is currently present on this secret version, otherwise this provider will show a perpetual difference.
	VersionStages pulumi.StringArrayInput
}

func (SecretVersionState) ElementType 

func (SecretVersionState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.