ยปaws_secretsmanager_key Function

Secrets can be read from the AWS Secrets Manager and used within your template as locals.

Note: Support for AWS secrets will always obtain the latest version of a secret, essentially AWSCURRENT. Support for previous versions of a secret is not supported.

When key is not set (null or empty: "") then aws_secretsmanager returns the first secret key stored in secret name.

You can either use this function in a locals block or directly inline where you want to use the value.

This will load the key stored behind my_secret from aws secrets manager.

The retrieval of single key secrets or plaintext secrets can be obtained by specifying (null or empty: "") as the key.

When obtaining secrets that have multiple keys you can set key to the specific key you would like to fetch. For example, given the following secret with two keys if key is set to "shell" aws_secretsmanager will return only its value.

This will load the value "powershell" stored in the key "shell" behind multikey/secret.

In order to use this function you have to configure valid AWS credentials using one of the following methods:

  • Environment Variables
  • CLI Configuration Files
  • Container Credentials
  • Instance Profile Credentials