Secrets Manager

Create, rotate, and version secrets. Secrets can be strings or binary blobs, with staging labels.

JSON-RPC (X-Amz-Target) multi-tenant 20 operations

Quick start

import boto3
sm = boto3.client("secretsmanager", endpoint_url="http://localhost:4566",
                  region_name="us-east-1",
                  aws_access_key_id="test", aws_secret_access_key="test")
sm.create_secret(Name="db-pass", SecretString="hunter2")
print(sm.get_secret_value(SecretId="db-pass")["SecretString"])

Supported operations

20 operations exposed by this service as of MiniStack 1.3.14. Extracted directly from the handler dispatch in the source module.

BatchGetSecretValue CreateSecret DeleteResourcePolicy DeleteSecret DescribeSecret GetRandomPassword GetResourcePolicy GetSecretValue ListSecrets ListSecretVersionIds PutResourcePolicy PutSecretValue ReplicateSecretToRegions RestoreSecret RotateSecret TagResource UntagResource UpdateSecret UpdateSecretVersionStage ValidateResourcePolicy

CloudFormation

The CloudFormation engine provisions these resource types via this service:

AWS::SecretsManager::Secret

See CloudFormation engine for intrinsic support and lifecycle details.

Known limitations

Rotation schedules are stored but the rotation Lambda is not invoked.

Source

ministack/services/secretsmanager.py:176-236

Read the source to verify the ops list above — dispatch tables and handler functions are the ground truth.

See also: all services · configuration · limitations.