The Custom::SecretsManagerSecret resource creates a secret in the new AWS Secret Manager.
To declare this resource in your AWS CloudFormation template, use the following syntax:
{
"Type" : "Custom::SecretsManagerSecret",
"Properties" : {
"Name" : String,
"Description" : String,
"KmsKeyId" : String,
"SecretBinary" : String,
"SecretString" : String, Array or Object,
"RecoveryWindowInDays": Integer,
"ClientRequestToken": String,
"ServiceToken" : String,
"NoEcho" : Boolean,
"Tags": [ { "Key", String, "Value": String}, ...]
}
}You can specify the following properties:
Name- the name of the secret in the Secrets Manager (required)Description- for the secret. (Default '')KmsKeyId- to use to encrypt the secret (Default 'alias/aws/secretsmanager')SecretBinary- Base64 encoded binary secret.SecretString- secret string or object to store as secret.Tags- array of tags for the secret.RecoveryWindowInDays- number of days a deleted secret can be restored (>= 7 and <= 30).NoEcho- indicate whether output of the return values is replaced by*****, default True.ClientRequestToken- a unique identifier for the new version to ensure idempotency.ServiceToken- ARN pointing to the lambda function implementing this resource
On successful completion, the ARN of the secret is returned.
With 'Fn::GetAtt' the following values are available:
VersionId- of the secret.
For more information about using Fn::GetAtt, see Fn::GetAtt.