hot.dev logo
Light Dark

hot.dev/aws-secrets-manager / ::aws::secrets-manager::secrets

Functions

create-secret

fn (name: Str, secret_string: Str, description: Str, kms_key_id: Str, tags: Vec): CreateSecretResponse | AwsError
fn (name: Str, secret_string: Str, description: Str): CreateSecretResponse | AwsError
fn (name: Str, secret_string: Str): CreateSecretResponse | AwsError

Create a new secret in AWS Secrets Manager.

Example

// Create a simple string secret
result ::aws::secrets-manager::secrets/create-secret("my-app/api-key", "sk-abc123")
result.arn  // => "arn:aws:secretsmanager:us-east-1:123456:secret:my-app/api-key-AbCdEf"

// Create a JSON secret with description
json-value to-json({username: "admin", password: "secret", host: "db.example.com", port: 5432})
result ::aws::secrets-manager::secrets/create-secret("my-app/db-config", json-value, "Database credentials")

delete-secret

fn (secret_id: Str, recovery_window_in_days: Int, force_delete_without_recovery: Bool): DeleteSecretResponse | AwsError
fn (secret_id: Str, recovery_window_in_days: Int): DeleteSecretResponse | AwsError
fn (secret_id: Str): DeleteSecretResponse | AwsError

Delete a secret. Can optionally force immediate deletion or schedule deletion.

By default, secrets are scheduled for deletion after 30 days. Use force_delete_without_recovery to delete immediately.

Example

// Schedule deletion (30-day recovery window)
::aws::secrets-manager::secrets/delete-secret("my-app/old-key")

// Force immediate deletion (no recovery)
::aws::secrets-manager::secrets/delete-secret("my-app/test-key", null, true)

// Custom recovery window (7 days)
::aws::secrets-manager::secrets/delete-secret("my-app/key", 7)

describe-secret

fn (secret_id: Str): DescribeSecretResponse | AwsError

Get metadata about a secret without retrieving the secret value.

Example

result ::aws::secrets-manager::secrets/describe-secret("my-app/api-key")
result.name              // => "my-app/api-key"
result.description       // => "API key for external service"
result.rotation_enabled  // => false

get-secret-value

fn (secret_id: Str, version_id: Str, version_stage: Str): SecretValue | AwsError
fn (secret_id: Str, version_stage: Str): SecretValue | AwsError
fn (secret_id: Str): SecretValue | AwsError

Retrieve the value of a secret from AWS Secrets Manager.

Example

// Get a string secret
result ::aws::secrets-manager::secrets/get-secret-value("my-app/api-key")
result.secret_string  // => "sk-abc123..."

// Get a JSON secret
result ::aws::secrets-manager::secrets/get-secret-value("my-app/db-config")
config from-json(result.secret_string)
config.username  // => "admin"
config.password  // => "secret"
config.port      // => 5432

list-secrets

fn (max_results: Int, next_token: Str, filters: Vec): ListSecretsResponse | AwsError
fn (max_results: Int): ListSecretsResponse | AwsError
fn (): ListSecretsResponse | AwsError

List all secrets in the account.

Example

result ::aws::secrets-manager::secrets/list-secrets(10)
result.secrets
// => [{name: "my-app/api-key", arn: "arn:aws:...", ...}, ...]

put-secret-value

fn (secret_id: Str, secret_string: Str, version_stages: Vec): PutSecretValueResponse | AwsError
fn (secret_id: Str, secret_string: Str): PutSecretValueResponse | AwsError

Store a new version of the secret value.

Example

::aws::secrets-manager::secrets/put-secret-value("my-app/api-key", "sk-new-key-456")

restore-secret

fn (secret_id: Str): CreateSecretResponse | AwsError

Restore a previously deleted secret (within the recovery window).

Example

::aws::secrets-manager::secrets/restore-secret("my-app/api-key")

rotate-secret

fn (secret_id: Str, rotation_lambda_arn: Str, rotation_rules: Map): CreateSecretResponse | AwsError
fn (secret_id: Str): CreateSecretResponse | AwsError

Trigger rotation of a secret using its configured rotation Lambda.

Example

::aws::secrets-manager::secrets/rotate-secret("my-app/db-password")

update-secret

fn (secret_id: Str, description: Str, kms_key_id: Str): CreateSecretResponse | AwsError

Update the metadata of a secret (description, KMS key).

Example

::aws::secrets-manager::secrets/update-secret("my-app/api-key", "Updated API key for production", null)

Types

CreateSecretResponse

CreateSecretResponse type {
    arn: Str?,
    name: Str?,
    version_id: Str?
}

DeleteSecretResponse

DeleteSecretResponse type {
    arn: Str?,
    name: Str?,
    deletion_date: Str?
}

DescribeSecretResponse

DescribeSecretResponse type {
    arn: Str?,
    name: Str?,
    description: Str?,
    kms_key_id: Str?,
    rotation_enabled: Bool?,
    rotation_lambda_arn: Str?,
    rotation_rules: Map?,
    last_rotated_date: Str?,
    last_changed_date: Str?,
    last_accessed_date: Str?,
    deleted_date: Str?,
    tags: Vec?,
    version_ids_to_stages: Map?,
    primary_region: Str?,
    created_date: Str?
}

ListSecretsResponse

ListSecretsResponse type {
    secrets: Vec,
    next_token: Str?
}

PutSecretValueResponse

PutSecretValueResponse type {
    arn: Str?,
    name: Str?,
    version_id: Str?,
    version_stages: Vec?
}

SecretMetadata

SecretMetadata type {
    arn: Str?,
    name: Str?,
    description: Str?,
    kms_key_id: Str?,
    rotation_enabled: Bool?,
    rotation_lambda_arn: Str?,
    rotation_rules: Map?,
    last_rotated_date: Str?,
    last_changed_date: Str?,
    last_accessed_date: Str?,
    deleted_date: Str?,
    tags: Vec?,
    primary_region: Str?,
    created_date: Str?
}

SecretValue

SecretValue type {
    arn: Str?,
    name: Str?,
    version_id: Str?,
    secret_string: Str?,
    secret_binary: Str?,
    version_stages: Vec?,
    created_date: Str?
}
hot.dev/aws-secrets-manager