»Amazon Secrets Manager Data Source

The Secrets Manager data source provides information about a Secrets Manager secret version, including its secret value.

Basic examples of usage:

data "amazon-secretsmanager" "basic-example" {
  name = "packer_test_secret"
  key  = "packer_test_key"
  version_stage = "example"
}

# usage example of the data source output
locals {
  value         = data.amazon-secretsmanager.basic-example.value
  secret_string = data.amazon-secretsmanager.basic-example.secret_string
  version_id    = data.amazon-secretsmanager.basic-example.version_id
  secret_value  = jsondecode(data.amazon-secretsmanager.basic-example.secret_string)["packer_test_key"]
}

Reading key-value pairs from JSON back into a native Packer map can be accomplished with the jsondecode() function.

»Configuration Reference

»Required

  • name (string) - Specifies the secret containing the version that you want to retrieve. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.

»Optional

  • key (string) - Optional key for JSON secrets that contain more than one value. When set, the value output will contain the value for the provided key.

  • version_id (string) - Specifies the unique identifier of the version of the secret that you want to retrieve. Overrides version_stage.

  • version_stage (string) - Specifies the secret version that you want to retrieve by the staging label attached to the version. Defaults to AWSCURRENT.

»Output Data

  • value (string) - When a key is provided, this will be the value for that key. If a key is not provided, value will contain the first value found in the secret string.

  • secret_string (string) - The decrypted part of the protected secret information that was originally provided as a string.

  • secret_binary (string) - The decrypted part of the protected secret information that was originally provided as a binary. Base64 encoded.

  • version_id (string) - The unique identifier of this version of the secret.