ReplicateSecretToRegions - AWS Secrets Manager


Converts an existing secret to a multi-Region secret and begins replication the secret to a list of new regions.

Request Syntax

{ "AddReplicaRegions": [ { "KmsKeyId": "string", "Region": "string" } ], "ForceOverwriteReplicaSecret": boolean, "SecretId": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.


Add Regions to replicate the secret.

Type: Array of ReplicaRegionType objects

Array Members: Minimum number of 1 item.

Required: Yes


(Optional) If set, Secrets Manager replication overwrites a secret with the same name in the destination region.

Type: Boolean

Required: No


Use the Secret Id to replicate a secret to regions.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2048.

Required: Yes

Response Syntax

{ "ARN": "string", "ReplicationStatus": [ { "KmsKeyId": "string", "LastAccessedDate": number, "Region": "string", "Status": "string", "StatusMessage": "string" } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


Replicate a secret based on the ReplicaRegionType> consisting of a Region(required) and a KMSKeyId (optional) which can be the ARN, KeyID, or Alias.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.


Describes the secret replication status as PENDING, SUCCESS or FAIL.

Type: Array of ReplicationStatusType objects


For information about the errors that are common to all actions, see Common Errors.


An error occurred on the server side.

HTTP Status Code: 500


You provided an invalid value for a parameter.

HTTP Status Code: 400


You provided a parameter value that is not valid for the current state of the resource.

Possible causes:

  • You tried to perform the operation on a secret that's currently marked deleted.

  • You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call.

HTTP Status Code: 400


We can't find the resource that you asked for.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: