ListSecrets - AWS Secrets Manager

ListSecrets

Lists the secrets that are stored by Secrets Manager in the AWS account.

To list the versions of a secret, use ListSecretVersionIds.

To get the secret value from SecretString or SecretBinary, call GetSecretValue.

For information about finding secrets in the console, see Enhanced search capabilities for secrets in Secrets Manager.

Required permissions: secretsmanager:ListSecrets. For more information, see IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager.

Request Syntax

{ "Filters": [ { "Key": "string", "Values": [ "string" ] } ], "MaxResults": number, "NextToken": "string", "SortOrder": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

Filters

The filters to apply to the list of secrets.

Type: Array of Filter objects

Array Members: Maximum number of 10 items.

Required: No

MaxResults

The number of results to include in the response.

If there are more results available, in the response, Secrets Manager includes NextToken. To get the next results, call ListSecrets again with the value from NextToken.

Type: Integer

Valid Range: Minimum value of 1. Maximum value of 100.

Required: No

NextToken

A token that indicates where the output should continue from, if a previous call did not show all results. To get the next results, call ListSecrets again with this value.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 4096.

Required: No

SortOrder

Lists secrets in the requested order.

Type: String

Valid Values: asc | desc

Required: No

Response Syntax

{ "NextToken": "string", "SecretList": [ { "ARN": "string", "CreatedDate": number, "DeletedDate": number, "Description": "string", "KmsKeyId": "string", "LastAccessedDate": number, "LastChangedDate": number, "LastRotatedDate": number, "Name": "string", "OwningService": "string", "PrimaryRegion": "string", "RotationEnabled": boolean, "RotationLambdaARN": "string", "RotationRules": { "AutomaticallyAfterDays": number, "Duration": "string", "ScheduleExpression": "string" }, "SecretVersionsToStages": { "string" : [ "string" ] }, "Tags": [ { "Key": "string", "Value": "string" } ] } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

NextToken

Secrets Manager includes this value if there's more output available than what is included in the current response. This can occur even when the response includes no values at all, such as when you ask for a filtered view of a long list. To get the next results, call ListSecrets again with this value.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 4096.

SecretList

A list of the secrets in the account.

Type: Array of SecretListEntry objects

Errors

For information about the errors that are common to all actions, see Common Errors.

InternalServiceError

An error occurred on the server side.

HTTP Status Code: 500

InvalidNextTokenException

The NextToken value is invalid.

HTTP Status Code: 400

InvalidParameterException

The parameter name or value is invalid.

HTTP Status Code: 400

Examples

Example

The following example shows how to list the secrets in the account. The JSON request string input and response output displays formatted code with white space and line breaks for better readability. Submit your input as a single line JSON string.

Sample Request

POST / HTTP/1.1 Host: secretsmanager.region.domain Accept-Encoding: identity X-Amz-Target: secretsmanager.ListSecrets Content-Type: application/x-amz-json-1.1 User-Agent: <user-agent-string> X-Amz-Date: <date> Authorization: AWS4-HMAC-SHA256 Credential=<credentials>,SignedHeaders=<headers>, Signature=<signature> Content-Length: <payload-size-bytes> {}

Sample Response

HTTP/1.1 200 OK Date: <date> Content-Type: application/x-amz-json-1.1 Content-Length: <response-size-bytes> Connection: keep-alive x-amzn-RequestId: <request-id-guid> { "SecretList":[ { "ARN":"arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3", "Description":"My test database secret", "LastChangedDate":1.523477145729E9, "Name":"MyTestDatabaseSecret", "SecretVersionsToStages":{ "EXAMPLE2-90ab-cdef-fedc-ba987EXAMPLE":["AWSCURRENT"] } }, { "ARN":"arn:aws:secretsmanager:us-west-2:123456789012:secret:AnotherDatabaseSecret-d4e5f6", "Description":"Another secret created for a different database", "LastChangedDate":1.523482025685E9, "Name":"AnotherDatabaseSecret", "SecretVersionsToStages":{ "EXAMPLE3-90ab-cdef-fedc-ba987EXAMPLE":["AWSCURRENT"] } } ] }

Example

The following example shows how to list the secrets in the account that are tagged with costcenter 12345. The JSON request string input and response output displays formatted code with white space and line breaks for better readability. Submit your input as a single line JSON string.

Sample Request

POST / HTTP/1.1 Host: secretsmanager.region.domain Accept-Encoding: identity X-Amz-Target: secretsmanager.ListSecrets &Filter.1.Name=costcenter &Filter.1.Value.1=12345 Content-Type: application/x-amz-json-1.1 User-Agent: <user-agent-string> X-Amz-Date: <date> Authorization: AWS4-HMAC-SHA256 Credential=<credentials>,SignedHeaders=<headers>, Signature=<signature> Content-Length: <payload-size-bytes> {}

Sample Response

HTTP/1.1 200 OK Date: <date> Content-Type: application/x-amz-json-1.1 Content-Length: <response-size-bytes> Connection: keep-alive x-amzn-RequestId: <request-id-guid> { "SecretList":[ { "ARN":"arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3", "Description":"My test database secret", "LastChangedDate":1.523477145729E9, "Name":"MyTestDatabaseSecret", "SecretVersionsToStages":{ "EXAMPLE2-90ab-cdef-fedc-ba987EXAMPLE":["AWSCURRENT"] } }, { "ARN":"arn:aws:secretsmanager:us-west-2:123456789012:secret:AnotherDatabaseSecret-d4e5f6", "Description":"Another secret created for a different database", "LastChangedDate":1.523482025685E9, "Name":"AnotherDatabaseSecret", "SecretVersionsToStages":{ "EXAMPLE3-90ab-cdef-fedc-ba987EXAMPLE":["AWSCURRENT"] } } ] }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: