Learn R Programming

paws.security.identity (version 0.7.0)

secretsmanager: AWS Secrets Manager

Description

Amazon Web Services Secrets Manager

Amazon Web Services Secrets Manager provides a service to enable you to store, manage, and retrieve, secrets.

This guide provides descriptions of the Secrets Manager API. For more information about using this service, see the Amazon Web Services Secrets Manager User Guide.

API Version

This version of the Secrets Manager API Reference documents the Secrets Manager API version 2017-10-17.

For a list of endpoints, see Amazon Web Services Secrets Manager endpoints.

Support and Feedback for Amazon Web Services Secrets Manager

We welcome your feedback. Send your comments to awssecretsmanager-feedback@amazon.com, or post your feedback and questions in the Amazon Web Services Secrets Manager Discussion Forum. For more information about the Amazon Web Services Discussion Forums, see Forums Help.

Logging API Requests

Amazon Web Services Secrets Manager supports Amazon Web Services CloudTrail, a service that records Amazon Web Services API calls for your Amazon Web Services account and delivers log files to an Amazon S3 bucket. By using information that's collected by Amazon Web Services CloudTrail, you can determine the requests successfully made to Secrets Manager, who made the request, when it was made, and so on. For more about Amazon Web Services Secrets Manager and support for Amazon Web Services CloudTrail, see Logging Amazon Web Services Secrets Manager Events with Amazon Web Services CloudTrail in the Amazon Web Services Secrets Manager User Guide. To learn more about CloudTrail, including enabling it and find your log files, see the Amazon Web Services CloudTrail User Guide.

Usage

secretsmanager(
  config = list(),
  credentials = list(),
  endpoint = NULL,
  region = NULL
)

Value

A client for the service. You can call the service's operations using syntax like svc$operation(...), where svc is the name you've assigned to the client. The available operations are listed in the Operations section.

Arguments

config

Optional configuration of credentials, endpoint, and/or region.

  • credentials:

    • creds:

      • access_key_id: AWS access key ID

      • secret_access_key: AWS secret access key

      • session_token: AWS temporary session token

    • profile: The name of a profile to use. If not given, then the default profile is used.

    • anonymous: Set anonymous credentials.

  • endpoint: The complete URL to use for the constructed client.

  • region: The AWS Region used in instantiating the client.

  • close_connection: Immediately close all HTTP connections.

  • timeout: The time in seconds till a timeout exception is thrown when attempting to make a connection. The default is 60 seconds.

  • s3_force_path_style: Set this to true to force the request to use path-style addressing, i.e. http://s3.amazonaws.com/BUCKET/KEY.

  • sts_regional_endpoint: Set sts regional endpoint resolver to regional or legacy https://docs.aws.amazon.com/sdkref/latest/guide/feature-sts-regionalized-endpoints.html

credentials

Optional credentials shorthand for the config parameter

  • creds:

    • access_key_id: AWS access key ID

    • secret_access_key: AWS secret access key

    • session_token: AWS temporary session token

  • profile: The name of a profile to use. If not given, then the default profile is used.

  • anonymous: Set anonymous credentials.

endpoint

Optional shorthand for complete URL to use for the constructed client.

region

Optional shorthand for AWS Region used in instantiating the client.

Service syntax

svc <- secretsmanager(
  config = list(
    credentials = list(
      creds = list(
        access_key_id = "string",
        secret_access_key = "string",
        session_token = "string"
      ),
      profile = "string",
      anonymous = "logical"
    ),
    endpoint = "string",
    region = "string",
    close_connection = "logical",
    timeout = "numeric",
    s3_force_path_style = "logical",
    sts_regional_endpoint = "string"
  ),
  credentials = list(
    creds = list(
      access_key_id = "string",
      secret_access_key = "string",
      session_token = "string"
    ),
    profile = "string",
    anonymous = "logical"
  ),
  endpoint = "string",
  region = "string"
)

Operations

batch_get_secret_valueRetrieves the contents of the encrypted fields SecretString or SecretBinary for up to 20 secrets
cancel_rotate_secretTurns off automatic rotation, and if a rotation is currently in progress, cancels the rotation
create_secretCreates a new secret
delete_resource_policyDeletes the resource-based permission policy attached to the secret
delete_secretDeletes a secret and all of its versions
describe_secretRetrieves the details of a secret
get_random_passwordGenerates a random password
get_resource_policyRetrieves the JSON text of the resource-based policy document attached to the secret
get_secret_valueRetrieves the contents of the encrypted fields SecretString or SecretBinary from the specified version of a secret, whichever contains content
list_secretsLists the secrets that are stored by Secrets Manager in the Amazon Web Services account, not including secrets that are marked for deletion
list_secret_version_idsLists the versions of a secret
put_resource_policyAttaches a resource-based permission policy to a secret
put_secret_valueCreates a new version with a new encrypted secret value and attaches it to the secret
remove_regions_from_replicationFor a secret that is replicated to other Regions, deletes the secret replicas from the Regions you specify
replicate_secret_to_regionsReplicates the secret to a new Regions
restore_secretCancels the scheduled deletion of a secret by removing the DeletedDate time stamp
rotate_secretConfigures and starts the asynchronous process of rotating the secret
stop_replication_to_replicaRemoves the link between the replica secret and the primary secret and promotes the replica to a primary secret in the replica Region
tag_resourceAttaches tags to a secret
untag_resourceRemoves specific tags from a secret
update_secretModifies the details of a secret, including metadata and the secret value
update_secret_version_stageModifies the staging labels attached to a version of a secret
validate_resource_policyValidates that a resource policy does not grant a wide range of principals access to your secret

Examples

Run this code
if (FALSE) {
svc <- secretsmanager()
# The following example gets the values for three secrets.
svc$batch_get_secret_value(
  SecretIdList = list(
    "MySecret1",
    "MySecret2",
    "MySecret3"
  )
)
}

Run the code above in your browser using DataLab