Resource: aws_secretsmanager_secret_version

Provides a resource to manage AWS Secrets Manager secret version including its secret value. To manage secret metadata, see the aws_secretsmanager_secret resource.

Example Usage

Simple String Value

resource "aws_secretsmanager_secret_version" "example" {
  secret_id     = aws_secretsmanager_secret.example.id
  secret_string = "example-string-to-protect"
}

Key-Value Pairs

Secrets Manager also accepts key-value pairs in JSON.

# The map here can come from other supported configurations
# like locals, resource attribute, map() built-in, etc.
variable "example" {
  default = {
    key1 = "value1"
    key2 = "value2"
  }

  type = map(string)
}

resource "aws_secretsmanager_secret_version" "example" {
  secret_id     = aws_secretsmanager_secret.example.id
  secret_string = jsonencode(var.example)
}

Reading key-value pairs from JSON back into a native Terraform map can be accomplished in Terraform 0.12 and later with the jsondecode() function:

output "example" {
  value = jsondecode(aws_secretsmanager_secret_version.example.secret_string)["key1"]
}

Argument Reference

This resource supports the following arguments:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Import

In Terraform v1.5.0 and later, use an import block to import aws_secretsmanager_secret_version using the secret ID and version ID. For example:

import {
  to = aws_secretsmanager_secret_version.example
  id = "arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456|xxxxx-xxxxxxx-xxxxxxx-xxxxx"
}

Using terraform import, import aws_secretsmanager_secret_version using the secret ID and version ID. For example:

% terraform import aws_secretsmanager_secret_version.example 'arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456|xxxxx-xxxxxxx-xxxxxxx-xxxxx'