1. Answers
  2. Building AWS Secrets Manager Secrets

How Do I Build an AWS Secrets Manager Secret?

Introduction

AWS Secrets Manager is a service that helps you protect access to your applications, services, and IT resources without the upfront investment and on-going maintenance costs of operating your own infrastructure. It allows you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.

Step-by-Step Process

To create an AWS Secrets Manager secret, follow these steps using Pulumi and AWS SDK:

  1. Define the Secret Metadata: Use the aws_secretsmanager_secret resource to set up the metadata for your secret. This includes naming your secret and providing a description.

  2. Create the Secret Version: Utilize the aws_secretsmanager_secret_version resource to store the actual secret data. This involves specifying the secret ID and encoding the secret data in a JSON string format.

  3. Export the Secret ARN: Finally, output the ARN (Amazon Resource Name) of the secret for easy reference and use in your applications.

Here is the code example demonstrating these steps:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.secretsmanager.Secret("example", {
    name: "example-secret",
    description: "An example secret created with Pulumi",
});
const exampleSecretVersion = new aws.secretsmanager.SecretVersion("example", {
    secretId: example.id,
    secretString: JSON.stringify({
        username: "example_user",
        password: "example_password",
    }),
});
export const secretArn = example.arn;

Key Points

  • The aws_secretsmanager_secret resource is used to define the secret’s metadata.
  • The aws_secretsmanager_secret_version resource stores the actual secret data.
  • The secret data is encoded in JSON format using the jsonencode function.
  • The ARN of the secret is exported for easy access and reference.

Conclusion

In this guide, we’ve demonstrated how to create an AWS Secrets Manager secret using Pulumi. By defining the secret’s metadata and version, you can securely store and manage sensitive information. The ability to export the secret’s ARN simplifies integration with other AWS services and applications, enhancing your infrastructure’s security and efficiency.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up