AWS Secrets Manager Secret Version

This page shows how to write Terraform and CloudFormation for Secrets Manager Secret Version and write them securely.

code-icon

Fix issues in your cloud & app configurations

Test for misconfigurations of this resource in your cloud.

get-started-button

Terraform Example (aws_secretsmanager_secret_version)

Provides a resource to manage AWS Secrets Manager secret version including its secret value. To manage secret metadata, see the aws_secretsmanager_secret resource.

NOTE: If the AWSCURRENT staging label is present on this version during resource deletion, that label cannot be removed and will be skipped to prevent errors when fully deleting the secret. That label will leave this secret version active even after the resource is deleted from Terraform unless the secret itself is deleted. Move the AWSCURRENT staging label before or after deleting this resource from Terraform to fully trigger version deprecation if necessary.

Parameters

Example Usage (from GitHub)

github-iconcommitdev/terraform-aws-zero
resource "aws_secretsmanager_secret_version" "string_secret" {
  count         = var.type == "string" ? 1 : 0
  secret_id     = aws_secretsmanager_secret.secret.id
  secret_string = var.value
}

CloudFormation Example (AWS::SecretsManager::Secret GenerateSecretString)

Generates a random password. We recommend that you specify the maximum length and include every character type that the system you are generating a password for can support.

Parameters

ExcludeCharacters A string of the characters that you don't want in the password.
Required: No
Type: String
Minimum: 0
Maximum: 4096
Update requires: No interruption

ExcludeLowercase Specifies whether to exclude lowercase letters from the password. If you don't include this switch, the password can contain lowercase letters.
Required: No
Type: Boolean
Update requires: No interruption

ExcludeNumbers Specifies whether to exclude numbers from the password. If you don't include this switch, the password can contain numbers.
Required: No
Type: Boolean
Update requires: No interruption

ExcludePunctuation Specifies whether to exclude the following punctuation characters from the password: ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ { | } ~`. If you don't include this switch, the password can contain punctuation.
Required: No
Type: Boolean
Update requires: No interruption

ExcludeUppercase Specifies whether to exclude uppercase letters from the password. If you don't include this switch, the password can contain uppercase letters.
Required: No
Type: Boolean
Update requires: No interruption

GenerateStringKey The JSON key name for the key/value pair, where the value is the generated password. This pair is added to the JSON structure specified by the SecretStringTemplate parameter. If you specify this parameter, then you must also specify SecretStringTemplate.
Required: No
Type: String
Update requires: No interruption

IncludeSpace Specifies whether to exclude the space character. If you don't include this switch, the password can contain space characters.
Required: No
Type: Boolean
Update requires: No interruption

PasswordLength The length of the password. If you don't include this parameter, the default length is 32 characters.
Required: No
Type: Integer
Update requires: No interruption

RequireEachIncludedType Specifies whether to include at least one of every allowed character type. If you don't include this switch, the password contains at least one of every character type.
Required: No
Type: Boolean
Update requires: No interruption

SecretStringTemplate A template that the generated string must match.
Required: No
Type: String
Update requires: No interruption

Frequently asked questions

What is AWS Secrets Manager Secret Version?

AWS Secrets Manager Secret Version is a resource for Secrets Manager of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Secrets Manager Secret Version?

For Terraform, the commitdev/terraform-aws-zero source code example is useful. See the Terraform Example section for further details.