Skip to content

Client

secretsmanager R Documentation

AWS Secrets Manager

Description

Amazon Web Services Secrets Manager

Amazon Web Services Secrets Manager provides a service to enable you to store, manage, and retrieve, secrets.

This guide provides descriptions of the Secrets Manager API. For more information about using this service, see the Amazon Web Services Secrets Manager User Guide.

API Version

This version of the Secrets Manager API Reference documents the Secrets Manager API version 2017-10-17.

For a list of endpoints, see Amazon Web Services Secrets Manager endpoints.

Support and Feedback for Amazon Web Services Secrets Manager

We welcome your feedback. Send your comments to awssecretsmanager-feedback@amazon.com, or post your feedback and questions in the Amazon Web Services Secrets Manager Discussion Forum. For more information about the Amazon Web Services Discussion Forums, see Forums Help.

Logging API Requests

Amazon Web Services Secrets Manager supports Amazon Web Services CloudTrail, a service that records Amazon Web Services API calls for your Amazon Web Services account and delivers log files to an Amazon S3 bucket. By using information that's collected by Amazon Web Services CloudTrail, you can determine the requests successfully made to Secrets Manager, who made the request, when it was made, and so on. For more about Amazon Web Services Secrets Manager and support for Amazon Web Services CloudTrail, see Logging Amazon Web Services Secrets Manager Events with Amazon Web Services CloudTrail in the Amazon Web Services Secrets Manager User Guide. To learn more about CloudTrail, including enabling it and find your log files, see the Amazon Web Services CloudTrail User Guide.

Usage

secretsmanager(
  config = list(),
  credentials = list(),
  endpoint = NULL,
  region = NULL
)

Arguments

config

Optional configuration of credentials, endpoint, and/or region.

  • credentials:

    • creds:

      • access_key_id: AWS access key ID

      • secret_access_key: AWS secret access key

      • session_token: AWS temporary session token

    • profile: The name of a profile to use. If not given, then the default profile is used.

    • anonymous: Set anonymous credentials.

  • endpoint: The complete URL to use for the constructed client.

  • region: The AWS Region used in instantiating the client.

  • close_connection: Immediately close all HTTP connections.

  • timeout: The time in seconds till a timeout exception is thrown when attempting to make a connection. The default is 60 seconds.

  • s3_force_path_style: Set this to true to force the request to use path-style addressing, i.e. ⁠http://s3.amazonaws.com/BUCKET/KEY⁠.

  • sts_regional_endpoint: Set sts regional endpoint resolver to regional or legacy https://docs.aws.amazon.com/sdkref/latest/guide/feature-sts-regionalized-endpoints.html

credentials

Optional credentials shorthand for the config parameter

  • creds:

    • access_key_id: AWS access key ID

    • secret_access_key: AWS secret access key

    • session_token: AWS temporary session token

  • profile: The name of a profile to use. If not given, then the default profile is used.

  • anonymous: Set anonymous credentials.

endpoint

Optional shorthand for complete URL to use for the constructed client.

region

Optional shorthand for AWS Region used in instantiating the client.

Value

A client for the service. You can call the service's operations using syntax like svc$operation(...), where svc is the name you've assigned to the client. The available operations are listed in the Operations section.

Service syntax

svc <- secretsmanager(
  config = list(
    credentials = list(
      creds = list(
        access_key_id = "string",
        secret_access_key = "string",
        session_token = "string"
      ),
      profile = "string",
      anonymous = "logical"
    ),
    endpoint = "string",
    region = "string",
    close_connection = "logical",
    timeout = "numeric",
    s3_force_path_style = "logical",
    sts_regional_endpoint = "string"
  ),
  credentials = list(
    creds = list(
      access_key_id = "string",
      secret_access_key = "string",
      session_token = "string"
    ),
    profile = "string",
    anonymous = "logical"
  ),
  endpoint = "string",
  region = "string"
)

Operations

batch_get_secret_value
Retrieves the contents of the encrypted fields SecretString or SecretBinary for up to 20 secrets
cancel_rotate_secret
Turns off automatic rotation, and if a rotation is currently in progress, cancels the rotation
create_secret
Creates a new secret
delete_resource_policy
Deletes the resource-based permission policy attached to the secret
delete_secret
Deletes a secret and all of its versions
describe_secret
Retrieves the details of a secret
get_random_password
Generates a random password
get_resource_policy
Retrieves the JSON text of the resource-based policy document attached to the secret
get_secret_value
Retrieves the contents of the encrypted fields SecretString or SecretBinary from the specified version of a secret, whichever contains content
list_secrets
Lists the secrets that are stored by Secrets Manager in the Amazon Web Services account, not including secrets that are marked for deletion
list_secret_version_ids
Lists the versions of a secret
put_resource_policy
Attaches a resource-based permission policy to a secret
put_secret_value
Creates a new version with a new encrypted secret value and attaches it to the secret
remove_regions_from_replication
For a secret that is replicated to other Regions, deletes the secret replicas from the Regions you specify
replicate_secret_to_regions
Replicates the secret to a new Regions
restore_secret
Cancels the scheduled deletion of a secret by removing the DeletedDate time stamp
rotate_secret
Configures and starts the asynchronous process of rotating the secret
stop_replication_to_replica
Removes the link between the replica secret and the primary secret and promotes the replica to a primary secret in the replica Region
tag_resource
Attaches tags to a secret
untag_resource
Removes specific tags from a secret
update_secret
Modifies the details of a secret, including metadata and the secret value
update_secret_version_stage
Modifies the staging labels attached to a version of a secret
validate_resource_policy
Validates that a resource policy does not grant a wide range of principals access to your secret

Examples

## Not run: 
svc <- secretsmanager()
# The following example gets the values for three secrets.
svc$batch_get_secret_value(
  SecretIdList = list(
    "MySecret1",
    "MySecret2",
    "MySecret3"
  )
)

## End(Not run)