CODEWITHSUNDEEP
aws-secrets-manager
Ken J
Ken J

Reputation: 937

AWS CLI Secrets Manager Create Secret

I want to create a new secret in Secrets Manager. The secret needs to be a key/value pair. When I create the secret using the CLI it is stored as plaintext instead of as a key/value pair:

aws secretsmanager create-secret --name github/oauthtoken \
    --description "GitHub OAuth Token" \
    --secret-string file:///tmp/github_oauth.json

github_oauth.json

[
  {
    "Key": "oauth_token",
    "Value": "MYOAUTHTOKEN"
  }
]

When I attempt to resolve the secret in CloudFormation I'm getting an error:

Secrets Manager can?t find the specified secret.

When I access the secret in the Secrets Manager UI the secret is in plaintext with an error under Secret key/value:

The secret value can't be converted to key name and value pairs

How can I create a secret in Secrets Manager stored as a key/value pair?

Upvotes: 4

Views: 10612

Answers (2)

Dharmesh Purohit
Dharmesh Purohit

Reputation: 226

I have tried in this way:

aws secretsmanager create-secret --name github/oauthtoken
--description "GitHub OAuth Token"
--secret-string '{"oauth_token":"MYOAUTHTOKEN"}' --region us-east-1

Upvotes: 6

Parimal
Parimal

Reputation: 326

The SecretsManager console and the SecretsManager-CloudFormation integration default to treating the SecretString as a JSON object, as you correctly discovered.

The console parses this JSON and shows you key/value pairs. In CloudFormation, you can use dynamic reference to fetch individual JSON values when the SecretString is a JSON object.

This, of course, does not force you to use key/value pairs in your SecretString. You can have any freetext in there and view it in the console under the "Plaintext" tab. In CloudFormation, you can use dynamic references to reference the entire SecretString and avoid parsing it as JSON.

You can also create secrets through CloudFormation that are key/value pairs or free text, along with setting up resource policies, rotation, etc.

Refs -

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html#dynamic-references-secretsmanager

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secret.html

Upvotes: 3

Related Questions