Within other systems and AWS services AWS CLI

Retrieve secrets from AWS Secrets Manager

You can retrieve your secrets by using the console (https://console.aws.amazon.com/secretsmanager/) or the AWS CLI (get-secret-value).

In applications, you can retrieve your secrets by calling GetSecretValue in any of the AWS SDKs. You can also call the HTTPS Query API directly. However, we recommend that you cache your secret values by using client-side caching. Caching secrets improves speed and reduces your costs.

For Java applications:
- If you store database credentials in the secret, use the Secrets Manager SQL connection drivers to connect to a database using the credentials in the secret.
- For other types of secrets, use the Secrets Manager Java-based caching component.
For Python applications, use the Secrets Manager Python-based caching component.
For .NET applications, use the Secrets Manager .NET-based caching component.
For Go applications, use the Secrets Manager Go-based caching component.
For JavaScript applications, call the SDK directly with getSecretValue.
For PHP applications, call the SDK directly with GetSecretValue.
For Ruby applications, call the SDK directly with get_secret_value.
For GitHub Actions, see Use AWS Secrets Manager secrets in GitHub jobs.

Within other systems and AWS services

You can also retrieve secrets within the following:

For AWS Batch, you can reference secrets in a job definition.
For AWS CloudFormation, you can create secrets and reference secrets in a CloudFormation stack.
For Amazon ECS, you can reference secrets in a container definition.
For Amazon EKS, you can use AWS Secrets and Configuration Provider (ASCP) to mount secrets as files in Amazon EKS.
For GitHub, you can use the Secrets Manager GitHub action to add secrets as environment variables in your GitHub jobs.
For AWS IoT Greengrass, you can reference secrets in a Greengrass group.
For AWS Lambda, you can reference secrets in a Lambda function.
For Parameter Store, you can reference secrets in a parameter.

AWS CLI

Example Retrieve the encrypted secret value of a secret

The following get-secret-value example gets the current secret value.


aws secretsmanager get-secret-value \
    --secret-id MyTestSecret

Example Retrieve the previous secret value

The following get-secret-value example gets the previous secret value.


aws secretsmanager get-secret-value \
        --secret-id MyTestSecret
        --version-stage AWSPREVIOUS

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Tag secrets

Connect to a SQL database