AWS Secrets Manager API Reference
AWS Secrets Manager API Reference Guide (API Version 2017-10-17)

ListSecrets

Lists all of the secrets that are stored by Secrets Manager in the AWS account. To list the versions currently stored for a specific secret, use ListSecretVersionIds. The encrypted fields SecretString and SecretBinary are not included in the output. To get that information, call the GetSecretValue operation.

Note

Always check the NextToken response parameter when calling any of the List* operations. These operations can occasionally return an empty or shorter than expected list of results even when there are more results available. When this happens, the NextToken response parameter contains a value to pass to the next call to the same API to request the next part of the list.

Minimum permissions

To run this command, you must have the following permissions:

  • secretsmanager:ListSecrets

Related operations

Request Syntax

{ "MaxResults": number, "NextToken": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

MaxResults

(Optional) Limits the number of results that you want to include in the response. If you don't include this parameter, it defaults to a value that's specific to the operation. If additional items exist beyond the maximum you specify, the NextToken response element is present and has a value (isn't null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that Secrets Manager might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

Type: Integer

Valid Range: Minimum value of 1. Maximum value of 100.

Required: No

NextToken

(Optional) Use this parameter in a request if you receive a NextToken response in a previous request that indicates that there's more output available. In a subsequent call, set it to the value of the previous call's NextToken response to indicate where the output should continue from.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 4096.

Required: No

Response Syntax

{ "NextToken": "string", "SecretList": [ { "ARN": "string", "DeletedDate": number, "Description": "string", "KmsKeyId": "string", "LastAccessedDate": number, "LastChangedDate": number, "LastRotatedDate": number, "Name": "string", "RotationEnabled": boolean, "RotationLambdaARN": "string", "RotationRules": { "AutomaticallyAfterDays": number }, "SecretVersionsToStages": { "string" : [ "string" ] }, "Tags": [ { "Key": "string", "Value": "string" } ] } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

NextToken

If present in the response, this value indicates that there's more output available than what's included in the current response. This can occur even when the response includes no values at all, such as when you ask for a filtered view of a very long list. Use this value in the NextToken request parameter in a subsequent call to the operation to continue processing and get the next part of the output. You should repeat this until the NextToken response element comes back empty (as null).

Type: String

Length Constraints: Minimum length of 1. Maximum length of 4096.

SecretList

A list of the secrets in the account.

Type: Array of SecretListEntry objects

Errors

For information about the errors that are common to all actions, see Common Errors.

InternalServiceError

An error occurred on the server side.

HTTP Status Code: 500

InvalidNextTokenException

You provided an invalid NextToken value.

HTTP Status Code: 400

InvalidParameterException

You provided an invalid value for a parameter.

HTTP Status Code: 400

Example

The following example shows how to list all of the secrets in the account. The JSON request string input and response output are shown formatted with white space and line breaks for better readability. Submit your input as a single line JSON string.

Sample Request

POST / HTTP/1.1 Host: secretsmanager.region.domain Accept-Encoding: identity X-Amz-Target: secretsmanager.ListSecrets Content-Type: application/x-amz-json-1.1 User-Agent: <user-agent-string> X-Amz-Date: <date> Authorization: AWS4-HMAC-SHA256 Credential=<credentials>,SignedHeaders=<headers>, Signature=<signature> Content-Length: <payload-size-bytes> {}

Sample Response

HTTP/1.1 200 OK Date: <date> Content-Type: application/x-amz-json-1.1 Content-Length: <response-size-bytes> Connection: keep-alive x-amzn-RequestId: <request-id-guid> { "SecretList":[ { "ARN":"arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3", "Description":"My test database secret", "LastChangedDate":1.523477145729E9, "Name":"MyTestDatabaseSecret", "SecretVersionsToStages":{ "EXAMPLE2-90ab-cdef-fedc-ba987EXAMPLE":["AWSCURRENT"] } }, { "ARN":"arn:aws:secretsmanager:us-west-2:123456789012:secret:AnotherDatabaseSecret-d4e5f6", "Description":"Another secret created for a different database", "LastChangedDate":1.523482025685E9, "Name":"AnotherDatabaseSecret", "SecretVersionsToStages":{ "EXAMPLE3-90ab-cdef-fedc-ba987EXAMPLE":["AWSCURRENT"] } } ] }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: