Amazon Secrets Manager website screenshot

Amazon Secrets Manager

Amazon Secrets Manager helps you manage, retrieve, and rotate database credentials, API keys, and other secrets throughout their lifecycle. It provides centralized secrets management with built-in integration for Amazon RDS, Amazon Redshift, and Amazon DocumentDB, enabling automatic rotation of secrets without requiring application changes.

1 APIs 8 Features
ConfigurationCredentialsRotationSecretsSecurity

APIs

Amazon Secrets Manager API

The Amazon Secrets Manager API for creating, managing, retrieving, and rotating secrets including database credentials, API keys, and other sensitive configuration.

Collections

Arazzo Workflows

Amazon Secrets Manager Create and Read Secret

Create a new secret, then immediately retrieve its decrypted value to confirm it was stored.

ARAZZO

Amazon Secrets Manager Find and Delete Secret

List secrets filtered by name, branch on whether a match exists, then describe and schedule deletion of the matched secret.

ARAZZO

Amazon Secrets Manager Generate Password and Store Secret

Generate a random password, store it as a new secret, then read the secret value back to confirm it was saved.

ARAZZO

Amazon Secrets Manager Restore Deleted Secret

Cancel the scheduled deletion of a secret with RestoreSecret, then describe it to confirm the DeletedDate was cleared.

ARAZZO

Amazon Secrets Manager Rotate and Describe

Start rotation on a secret with a Lambda rotation function, then describe it to confirm rotation is configured.

ARAZZO

Amazon Secrets Manager Put New Version and Verify

Store a new encrypted version of a secret with PutSecretValue, then read the current value to confirm the update.

ARAZZO

Amazon Secrets Manager Tag Secret and Verify

Attach tags to a secret with TagResource, then describe the secret to confirm the tags are present in its metadata.

ARAZZO

Amazon Secrets Manager Update Metadata and Verify

Update a secret's description and KMS key with UpdateSecret, then describe it to confirm the new metadata was applied.

ARAZZO

Pricing Plans

Rate Limits

Amazon Secrets Manager Rate Limits

5 limits

RATE LIMITS

FinOps

Features

Automatic Secret Rotation

Automatically rotate secrets on a schedule using AWS Lambda rotation functions without changing application code.

Centralized Secret Storage

Store and manage all secrets in a single, centralized location with fine-grained access controls.

Native Database Integration

Built-in integration with Amazon RDS, Aurora, Redshift, and DocumentDB for automatic credential rotation.

Secret Versioning

Maintain multiple versions of a secret simultaneously to support zero-downtime rotation.

Audit and Compliance

Log all secret access and management actions via AWS CloudTrail for compliance and audit purposes.

Cross-Account Access

Share secrets across AWS accounts using resource-based policies.

Encryption at Rest

All secrets are encrypted at rest using AWS KMS keys you control.

Random Password Generation

Generate cryptographically secure random passwords with configurable complexity requirements.

Use Cases

Database Credential Management

Automatically rotate and manage database credentials for RDS, Aurora, and other databases.

API Key Storage

Securely store and retrieve API keys, OAuth tokens, and other third-party service credentials.

Application Configuration

Centralize sensitive application configuration such as connection strings and encryption keys.

Cross-Service Credentials

Share service-to-service credentials securely across microservices without embedding in code.

Compliance Secret Rotation

Meet compliance requirements like PCI DSS and SOC 2 by enforcing regular credential rotation.

Secrets Lifecycle Governance

Enforce organizational policies on secret creation, rotation schedules, and access patterns.

Semantic Vocabularies

Amazon Secrets Manager Context

6 classes · 27 properties

JSON-LD

API Governance Rules

Amazon Secrets Manager API Rules

20 rules · 9 errors 10 warnings 1 info

SPECTRAL

JSON Structure

Amazon Secrets Manager Secret Structure

16 properties

JSON STRUCTURE

Amazon Secrets Manager Secret Value Structure

7 properties

JSON STRUCTURE

Amazon Secrets Manager Tag Structure

2 properties

JSON STRUCTURE

Example Payloads

Resources

🔗
PostmanWorkspace
PostmanWorkspace
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🌐
Portal
Portal
🚀
GettingStarted
GettingStarted
🔗
Documentation
Documentation
🔗
APIReference
APIReference
🌐
Console
Console
📝
Signup
Signup
💰
Pricing
Pricing
💬
FAQ
FAQ
📰
Blog
Blog
🟢
StatusPage
StatusPage
💬
Support
Support
📜
TermsOfService
TermsOfService
📜
PrivacyPolicy
PrivacyPolicy
🔗
Security
Security
🔗
Compliance
Compliance
👥
GitHubOrganization
GitHubOrganization
👥
YouTube
YouTube
👥
StackOverflow
StackOverflow
🔗
KnowledgeCenter
KnowledgeCenter
🔗
CLI
CLI
🔗
SpectralRules
SpectralRules
🔗
Vocabulary
Vocabulary
🔗
JSONLD
JSONLD
🔗
JSONSchema
JSONSchema
🔗
JSONSchema
JSONSchema
🔗
JSONSchema
JSONSchema
🔗
JSONStructure
JSONStructure
🔗
JSONStructure
JSONStructure
🔗
JSONStructure
JSONStructure
🔗
JSONStructure
JSONStructure
🔗
JSONStructure
JSONStructure
🔗
JSONStructure
JSONStructure
💻
Examples
Examples
💻
Examples
Examples
💻
Examples
Examples
💻
Examples
Examples
💻
Examples
Examples
💻
Examples
Examples

Sources

Raw ↑
opencollection: 1.0.0
info:
  name: Amazon Secrets Manager API
  version: '2017-10-17'
items:
- info:
    name: Secrets
    type: folder
  items:
  - info:
      name: Amazon Secrets Manager Create Secret
      type: http
    http:
      method: POST
      url: https://secretsmanager.amazonaws.com/
      headers:
      - name: X-Amz-Target
        value: ''
      body:
        type: json
        data: '{}'
    docs: Creates a new secret. A secret can be a password, a set of credentials such as a user name and password, an OAuth
      token, or other secret information that you store in an encrypted form in Secrets Manager.
  - info:
      name: Amazon Secrets Manager Get Secret Value
      type: http
    http:
      method: POST
      url: https://secretsmanager.amazonaws.com/#GetSecretValue
      headers:
      - name: X-Amz-Target
        value: ''
      body:
        type: json
        data: '{}'
    docs: Retrieves the contents of the encrypted fields SecretString or SecretBinary from the specified version of a secret.
  - info:
      name: Amazon Secrets Manager Put Secret Value
      type: http
    http:
      method: POST
      url: https://secretsmanager.amazonaws.com/#PutSecretValue
      headers:
      - name: X-Amz-Target
        value: ''
      body:
        type: json
        data: '{}'
    docs: Creates a new version with a new encrypted secret value and attaches it to the secret. The version can contain a
      new SecretString value or a new SecretBinary value.
  - info:
      name: Amazon Secrets Manager Update Secret
      type: http
    http:
      method: POST
      url: https://secretsmanager.amazonaws.com/#UpdateSecret
      headers:
      - name: X-Amz-Target
        value: ''
      body:
        type: json
        data: '{}'
    docs: Modifies the details of a secret, including metadata and the secret value. To change the secret value, you can also
      use PutSecretValue.
  - info:
      name: Amazon Secrets Manager Delete Secret
      type: http
    http:
      method: POST
      url: https://secretsmanager.amazonaws.com/#DeleteSecret
      headers:
      - name: X-Amz-Target
        value: ''
      body:
        type: json
        data: '{}'
    docs: Deletes a secret and all of its versions. You can specify a recovery window during which you can restore the secret.
      The minimum recovery window is 7 days. The default recovery window is 30 days.
  - info:
      name: Amazon Secrets Manager List Secrets
      type: http
    http:
      method: POST
      url: https://secretsmanager.amazonaws.com/#ListSecrets
      headers:
      - name: X-Amz-Target
        value: ''
      body:
        type: json
        data: '{}'
    docs: Lists the secrets that are stored by Secrets Manager in the Amazon Web Services account, not including secrets that
      are marked for deletion.
  - info:
      name: Amazon Secrets Manager Describe Secret
      type: http
    http:
      method: POST
      url: https://secretsmanager.amazonaws.com/#DescribeSecret
      headers:
      - name: X-Amz-Target
        value: ''
      body:
        type: json
        data: '{}'
    docs: Retrieves the details of a secret. It does not include the encrypted secret value. Secrets Manager only returns
      fields that have a value in the response.
  - info:
      name: Amazon Secrets Manager Restore Secret
      type: http
    http:
      method: POST
      url: https://secretsmanager.amazonaws.com/#RestoreSecret
      headers:
      - name: X-Amz-Target
        value: ''
      body:
        type: json
        data: '{}'
    docs: Cancels the scheduled deletion of a secret by removing the DeletedDate time stamp. You can access a secret again
      after it has been restored.
- info:
    name: Rotation
    type: folder
  items:
  - info:
      name: Amazon Secrets Manager Rotate Secret
      type: http
    http:
      method: POST
      url: https://secretsmanager.amazonaws.com/#RotateSecret
      headers:
      - name: X-Amz-Target
        value: ''
      body:
        type: json
        data: '{}'
    docs: Configures and starts the asynchronous process of rotating the secret. If you include the configuration parameters,
      the operation sets the values for the secret and then immediately starts a rotation.
- info:
    name: Default
    type: folder
  items:
  - info:
      name: Amazon Secrets Manager Tag Resource
      type: http
    http:
      method: POST
      url: https://secretsmanager.amazonaws.com/#TagResource
      headers:
      - name: X-Amz-Target
        value: ''
      body:
        type: json
        data: '{}'
    docs: Attaches tags to a secret. Tags consist of a key name and a value. Tags are part of the secret's metadata and are
      not associated with specific versions of the secret.
  - info:
      name: Amazon Secrets Manager Untag Resource
      type: http
    http:
      method: POST
      url: https://secretsmanager.amazonaws.com/#UntagResource
      headers:
      - name: X-Amz-Target
        value: ''
      body:
        type: json
        data: '{}'
    docs: Removes specific tags from a secret. This operation is idempotent. If a requested tag is not attached to the secret,
      no error is returned.
- info:
    name: Passwords
    type: folder
  items:
  - info:
      name: Amazon Secrets Manager Get Random Password
      type: http
    http:
      method: POST
      url: https://secretsmanager.amazonaws.com/#GetRandomPassword
      headers:
      - name: X-Amz-Target
        value: ''
      body:
        type: json
        data: '{}'
    docs: Generates a random password. You can use this operation to generate a password for a new secret or to change the
      value of an existing secret.
bundled: true