W3cubDocs

/Terraform

aws_secretsmanager_secret_version

Provides a resource to manage AWS Secrets Manager secret version including its secret value. To manage secret metadata, see the aws_secretsmanager_secret resource.

Example Usage

Simple String Value

resource "aws_secretsmanager_secret_version" "example" {
  secret_id     = "${aws_secretsmanager_secret.example.id}"
  secret_string = "example-string-to-protect"
}

Key-Value Pairs

Secrets Manager also accepts key-value pairs in JSON.

# The map here can come from other supported configurations
# like locals, resource attribute, map() built-in, etc.
variable "example" {
  default = {
    key1 = "value1"
    key2 = "value2"
  }

  type = "map"
}

resource "aws_secretsmanager_secret_version" "example" {
  secret_id     = "${aws_secretsmanager_secret.example.id}"
  secret_string = "${jsonencode(var.example)}"
}

Argument Reference

The following arguments are supported:

  • secret_id - (Required) Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.
  • secret_string - (Required) Specifies text data that you want to encrypt and store in this version of the secret.
  • version_stages - (Optional) Specifies a list of staging labels that are attached to this version of the secret. A staging label must be unique to a single version of the secret. If you specify a staging label that's already associated with a different version of the same secret then that staging label is automatically removed from the other version and attached to this version. If you do not specify a value, then AWS Secrets Manager automatically moves the staging label AWSCURRENT to this new version on creation.

Attribute Reference

  • id - A pipe delimited combination of secret ID and version ID
  • version_id - The unique identifier of the version of the secret.

Import

aws_secretsmanager_secret_version can be imported by using the secret ID and version ID, e.g.

$ terraform import aws_secretsmanager_secret.example arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456|xxxxx-xxxxxxx-xxxxxxx-xxxxx

© 2018 HashiCorpLicensed under the MPL 2.0 License.
https://www.terraform.io/docs/providers/aws/r/secretsmanager_secret_version.html