Retrieve secrets from AWS Secrets Manager
You can retrieve your secrets by using the console (https://console.aws.amazon.com/secretsmanager/get-secret-value
).
In applications, you can retrieve your secrets by calling GetSecretValue
in any of the AWS SDKs. You can also call the HTTPS Query API directly. However, we recommend that you
cache your secret values by using client-side caching. Caching secrets improves speed and
reduces your costs.
-
For Java applications:
-
If you store database credentials in the secret, use the Secrets Manager SQL connection drivers to connect to a database using the credentials in the secret.
-
For other types of secrets, use the Secrets Manager Java-based caching component.
-
-
For Python applications, use the Secrets Manager Python-based caching component.
-
For .NET applications, use the Secrets Manager .NET-based caching component.
-
For Go applications, use the Secrets Manager Go-based caching component.
-
For JavaScript applications, call the SDK directly with
getSecretValue
. -
For PHP applications, call the SDK directly with
GetSecretValue
. -
For Ruby applications, call the SDK directly with
get_secret_value
. -
For GitHub Actions, see Use AWS Secrets Manager secrets in GitHub jobs.
Within other systems and AWS services
You can also retrieve secrets within the following:
-
For AWS Batch, you can reference secrets in a job definition.
-
For AWS CloudFormation, you can create secrets and reference secrets in a CloudFormation stack.
-
For Amazon ECS, you can reference secrets in a container definition.
-
For Amazon EKS, you can use AWS Secrets and Configuration Provider (ASCP) to mount secrets as files in Amazon EKS.
-
For GitHub, you can use the Secrets Manager GitHub action to add secrets as environment variables in your GitHub jobs.
-
For AWS IoT Greengrass, you can reference secrets in a Greengrass group.
-
For AWS Lambda, you can reference secrets in a Lambda function.
-
For Parameter Store, you can reference secrets in a parameter.
AWS CLI
Example Retrieve the encrypted secret value of a secret
The following get-secret-value
example gets the current secret value.
aws secretsmanager get-secret-value \ --secret-id MyTestSecret
Example Retrieve the previous secret value
The following get-secret-value
example gets the previous secret value.
aws secretsmanager get-secret-value \ --secret-id MyTestSecret --version-stage AWSPREVIOUS