AWS Code Sample
Catalog

CreateSecretRotation.php

CreateSecretRotation.php demonstrates how to configure a rotation for a secret value in AWS Secrets Manager using an existing Lambda Function. This example will automatically rotate the secret every 30 days.

<?php /** * Copyright 2010-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. * * This file is licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. A copy of * the License is located at * * http://aws.amazon.com/apache2.0/ * * This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR * CONDITIONS OF ANY KIND, either express or implied. See the License for the * specific language governing permissions and limitations under the License. * * ABOUT THIS PHP SAMPLE: This sample is part of the KMS Developer Guide topic at * https://docs.aws.amazon.com/kms/latest/developerguide/programming-key-policies.html * */ require 'vendor/autoload.php'; use Aws\SecretsManager\SecretsManagerClient; use Aws\Exception\AwsException; /** * Create a secret rotation in AWS Secret Manager Secret that automatically * rotates the secret every 30 days. * * Rotation Lambda Templates are available at https://docs.aws.amazon.com/code-samples/latest/catalog/code-catalog-lambda_functions-secretsmanager.html * * This code expects that you have AWS credentials set up per: * https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials.html */ //Create a Secrets Manager Client $client = new SecretsManagerClient([ 'profile' => 'default', 'version' => '2017-10-17', 'region' => 'us-west-2' ]); $secretName = '<<{{MySecretName}}>>'; $lambda_ARN = 'arn:aws:lambda:us-west-2:123456789012:function:MyTestDatabaseRotationLambda'; $rules = ['AutomaticallyAfterDays' => 30]; try { $result = $client->rotateSecret([ 'RotationLambdaARN' => $lambda_ARN, 'RotationRules' => $rules, 'SecretId' => $secretName, ]); var_dump($result); } catch (AwsException $e) { // output error message if fails echo $e->getMessage(); echo "\n"; }

Sample Details

Service: secretsmanager

Last tested: 2018-11-08

Author: jschwarzwalder (AWS)

Type: full-example

On this page: