In code Within other systems and AWS services AWS CLI AWS console

Retrieve secrets from AWS Secrets Manager

You can retrieve your secrets:

In code
In other services
In the AWS CLI
In the AWS console

Secrets Manager generates a CloudTrail log entry when you retrieve a secret. For more information, see Log AWS Secrets Manager events with AWS CloudTrail.

In code

In applications, you can retrieve your secrets by calling GetSecretValue or BatchGetSecretValuein any of the AWS SDKs. For examples, see Get a secret value in the AWS SDK Code Examples Library. However, we recommend that you cache your secret values by using client-side caching. Caching secrets improves speed and reduces your costs.

For Java applications:
- If you store database credentials in the secret, use the Secrets Manager SQL connection drivers to connect to a database using the credentials in the secret.
- For other types of secrets, use the Secrets Manager Java-based caching component or call the SDK directly with GetSecretValue.
For Python applications, use the Secrets Manager Python-based caching component or call the SDK directly with get_secret_value or batch_get_secret_value.
For .NET applications, use the Secrets Manager .NET-based caching component or call the SDK directly with GetSecretValue or BatchGetSecretValue.
For Go applications, use the Secrets Manager Go-based caching component or call the SDK directly with GetSecretValue or BatchGetSecretValue.
For JavaScript applications, call the SDK directly with getSecretValue or batchGetSecretValue.
For PHP applications, call the SDK directly with GetSecretValue or BatchGetSecretValue.
For Ruby applications, call the SDK directly with get_secret_value or batch_get_secret_value.
For GitHub Actions, see Use AWS Secrets Manager secrets in GitHub jobs.

Within other systems and AWS services

You can also retrieve secrets within the following:

For AWS Batch, you can reference secrets in a job definition.
For AWS CloudFormation, you can create secrets and reference secrets in a CloudFormation stack.
For Amazon ECS, you can reference secrets in a container definition.
For Amazon EKS, you can use AWS Secrets and Configuration Provider (ASCP) to mount secrets as files in Amazon EKS.
For GitHub, you can use the Secrets Manager GitHub action to add secrets as environment variables in your GitHub jobs.
For AWS IoT Greengrass, you can reference secrets in a Greengrass group.
For AWS Lambda, you can reference secrets in a Lambda function.
For Parameter Store, you can reference secrets in a parameter.

AWS CLI

Example Retrieve the encrypted secret value of a secret

The following get-secret-value example gets the current secret value.


aws secretsmanager get-secret-value \
    --secret-id MyTestSecret

Example Retrieve the previous secret value

The following get-secret-value example gets the previous secret value.


aws secretsmanager get-secret-value \
        --secret-id MyTestSecret
        --version-stage AWSPREVIOUS

AWS console

To retrieve a secret (console)

Open the Secrets Manager console at https://console.aws.amazon.com/secretsmanager/.
In the list of secrets, choose the secret you want to retrieve.
In the Secret value section, choose Retrieve secret value.

Secrets Manager displays the current version (AWSCURRENT) of the secret. To see other versions of the secret, such as AWSPREVIOUS or custom labeled versions, use the AWS CLI.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Tag secrets

Retrieve secrets in a batch