Skip to content

aws.secretsmanager-secret-version resource

Description

SecretVersion manages one immutable Secrets Manager value version. The secret id and payload create the version through PutSecretValue and cannot change in place; only the version-stages label set reconciles after creation with UpdateSecretVersionStage. A binary payload can be supplied inline as bytes in a string. With no explicit version stages, Secrets Manager applies its default labels and unobin leaves them service-managed. An explicit empty list manages labels and removes every removable label on update.

Source: internal/service/secretsmanager/secret_version_rsrc.go:29

Example usage:

imports: {
  aws: 'github.com/cloudboss/unobin-library-aws'
}

resources: {
  example: aws.secretsmanager-secret-version {
    # Set input fields here.
  }
}

Inputs

secret-id

string

required

secret-binary-content

optional(string)

sensitive

secret-string

optional(string)

sensitive

version-stages

optional(list(string))

Input Constraints

Field combinations

At most one of secret-binary-content or secret-string.

Outputs

secret-id

string

arn

string

version-id

string

version-stages

list(string)