Data Source: awsSecretsmanagerSecretVersion
Retrieve information about a Secrets Manager secret version, including its secret value. To retrieve secret metadata, see the awsSecretsmanagerSecret
data source.
Example Usage
Retrieve Current Secret Version
By default, this data sources retrieves information based on the awscurrent
staging label.
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.dataAwsSecretsmanagerSecretVersion.DataAwsSecretsmanagerSecretVersion(
this,
"secret-version",
{
secretId: "${data.aws_secretsmanager_secret.example.id}",
}
);
Retrieve Specific Secret Version
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.dataAwsSecretsmanagerSecretVersion.DataAwsSecretsmanagerSecretVersion(
this,
"by-version-stage",
{
secretId: "${data.aws_secretsmanager_secret.example.id}",
versionStage: "example",
}
);
Handling Key-Value Secret Strings in JSON
Reading key-value pairs from JSON back into a native Terraform map can be accomplished in Terraform 0.12 and later with the jsondecode()
function:
import * as cdktf from "cdktf";
new cdktf.TerraformOutput(this, "example", {
value:
'${jsondecode(data.aws_secretsmanager_secret_version.example.secret_string)["key1"]}',
});
Argument Reference
secretId
- (Required) Specifies the secret containing the version that you want to retrieve. You can specify either the ARN or the friendly name of the secret.versionId
- (Optional) Specifies the unique identifier of the version of the secret that you want to retrieve. OverridesversionStage
.versionStage
- (Optional) Specifies the secret version that you want to retrieve by the staging label attached to the version. Defaults toawscurrent
.
Attributes Reference
arn
- ARN of the secret.id
- Unique identifier of this version of the secret.secretString
- Decrypted part of the protected secret information that was originally provided as a string.secretBinary
- Decrypted part of the protected secret information that was originally provided as a binary.versionId
- Unique identifier of this version of the secret.