Modifies the staging labels attached to a version of a secret. Staging labels are used to track a version as it progresses through the secret rotation process. You can attach a staging label to only one version of a secret at a time. If a staging label to be added is already attached to another version, then it is moved--removed from the other version first and then attached to this one. For more information about staging labels, see Staging Labels
in the AWS Secrets Manager User Guide
The staging labels that you specify in the
parameter are added to the existing list of staging labels--they don't replace it.
You can move the
staging label to this version by including it in this call.
Whenever you move
, Secrets Manager automatically moves the label
to the version that
was removed from.
If this action results in the last label being removed from a version, then the version is considered to be 'deprecated' and can be deleted by Secrets Manager. Minimum permissions
To run this command, you must have the following permissions:
- To get the list of staging labels that are currently associated with a version of a secret, use
DescribeSecret and examine the
SecretVersionsToStages response value.