Linux command
aws-secrets 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Create a new secret
aws secretsmanager create-secret --name [secret_name] --secret-string "[secret_value]"
Retrieve a secret value
aws secretsmanager get-secret-value --secret-id [secret_name]
List all secrets
aws secretsmanager list-secrets
Update a secret value
aws secretsmanager put-secret-value --secret-id [secret_name] --secret-string "[new_value]"
Delete a secret
aws secretsmanager delete-secret --secret-id [secret_name] --recovery-window-in-days [30]
Delete immediately
aws secretsmanager delete-secret --secret-id [secret_name] --force-delete-without-recovery
Restore a deleted secret
aws secretsmanager restore-secret --secret-id [secret_name]
Rotate a secret
aws secretsmanager rotate-secret --secret-id [secret_name]
说明
AWS Secrets Manager is a service for securely storing and managing sensitive information like database credentials, API keys, and passwords. The aws secretsmanager commands provide CLI access to create, retrieve, rotate, and manage secrets. Secrets are encrypted at rest using AWS KMS and can be automatically rotated on a schedule using Lambda functions. Access is controlled through IAM policies, and all access is logged to CloudTrail for auditing. Secrets can store strings up to 64KB, supporting JSON for structured data like database credentials. Applications retrieve secrets at runtime, eliminating hardcoded credentials in code or configuration files.
参数
- create-secret
- Create a new secret.
- get-secret-value
- Retrieve the encrypted value of a secret.
- list-secrets
- List secrets in the account.
- put-secret-value
- Store a new value for an existing secret.
- update-secret
- Update secret metadata or value.
- delete-secret
- Mark a secret for deletion.
- restore-secret
- Restore a previously deleted secret.
- rotate-secret
- Trigger secret rotation.
- describe-secret
- Get metadata about a secret.
- batch-get-secret-value
- Retrieve values for multiple secrets in a single call.
- tag-resource
- Add tags to a secret.
- --secret-id _id_
- Secret name or ARN.
- --secret-string _value_
- Secret value as a string.
- --secret-binary _blob_
- Secret value as base64-encoded binary.
- --kms-key-id _key_
- KMS key for encryption (optional).
- --recovery-window-in-days _days_
- Waiting period before permanent deletion (7-30 days).
FAQ
What is the aws-secrets command used for?
AWS Secrets Manager is a service for securely storing and managing sensitive information like database credentials, API keys, and passwords. The aws secretsmanager commands provide CLI access to create, retrieve, rotate, and manage secrets. Secrets are encrypted at rest using AWS KMS and can be automatically rotated on a schedule using Lambda functions. Access is controlled through IAM policies, and all access is logged to CloudTrail for auditing. Secrets can store strings up to 64KB, supporting JSON for structured data like database credentials. Applications retrieve secrets at runtime, eliminating hardcoded credentials in code or configuration files.
How do I run a basic aws-secrets example?
Run `aws secretsmanager create-secret --name [secret_name] --secret-string "[secret_value]"` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does create-secret do in aws-secrets?
Create a new secret.