**Example 1: To configure and start automatic rotation for a secret**
The following ``rotate-secret`` example configures and starts automatic rotation for a secret. Secrets Manager rotates the secret once immediately, and then every eight hours in a two hour window. The output shows the ``VersionId`` of the new secret version created by rotation. ::
aws secretsmanager rotate-secret \
--secret-id MyTestDatabaseSecret \
--rotation-lambda-arn arn:aws:lambda:us-west-2:1234566789012:function:SecretsManagerTestRotationLambda \
--rotation-rules "{\"ScheduleExpression\": \"cron(0 8/8 * * ? *)\", \"Duration\": \"2h\"}"
Output::
{
"ARN": "aws:arn:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3",
"Name": "MyTestDatabaseSecret",
"VersionId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
}
For more information, see `Rotate secrets <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html>`__ in the *Secrets Manager User Guide*.
**Example 2: To configure and start automatic rotation on a rotation interval**
The following ``rotate-secret`` example configures and starts automatic rotation for a secret. Secrets Manager rotates the secret once immediately, and then every 10 days. The output shows the ``VersionId`` of the new secret version created by rotation. ::
aws secretsmanager rotate-secret \
--secret-id MyTestDatabaseSecret \
--rotation-lambda-arn arn:aws:lambda:us-west-2:1234566789012:function:SecretsManagerTestRotationLambda \
--rotation-rules "{\"ScheduleExpression\": \"rate(10 days)\"}"
Output::
{
"ARN": "aws:arn:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3",
"Name": "MyTestDatabaseSecret",
"VersionId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
}
For more information, see `Rotate secrets <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html>`__ in the *Secrets Manager User Guide*.
**Example 3: To rotate a secret immediately**
The following ``rotate-secret`` example starts an immediate rotation. The output shows the ``VersionId`` of the new secret version created by rotation. The secret must already have rotation configured. ::
aws secretsmanager rotate-secret \
--secret-id MyTestDatabaseSecret
Output::
{
"ARN": "aws:arn:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3",
"Name": "MyTestDatabaseSecret",
"VersionId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
}
For more information, see `Rotate secrets <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html>`__ in the *Secrets Manager User Guide*.| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| cancel-rotate-secret.rst | File | 588 B | 0755 |
|
| create-secret.rst | File | 1.8 KB | 0755 |
|
| delete-resource-policy.rst | File | 595 B | 0755 |
|
| delete-secret.rst | File | 1.48 KB | 0755 |
|
| describe-secret.rst | File | 1.99 KB | 0755 |
|
| get-random-password.rst | File | 592 B | 0755 |
|
| get-resource-policy.rst | File | 854 B | 0755 |
|
| get-secret-value.rst | File | 1.61 KB | 0755 |
|
| list-secret-version-ids.rst | File | 1.23 KB | 0755 |
|
| list-secrets.rst | File | 4.17 KB | 0755 |
|
| put-resource-policy.rst | File | 1.32 KB | 0755 |
|
| put-secret-value.rst | File | 1.95 KB | 0755 |
|
| remove-regions-from-replication.rst | File | 725 B | 0644 |
|
| replicate-secret-to-regions.rst | File | 881 B | 0644 |
|
| restore-secret.rst | File | 555 B | 0755 |
|
| rotate-secret.rst | File | 2.74 KB | 0755 |
|
| stop-replication-to-replica.rst | File | 703 B | 0644 |
|
| tag-resource.rst | File | 987 B | 0755 |
|
| untag-resource.rst | File | 496 B | 0755 |
|
| update-secret-version-stage.rst | File | 3.04 KB | 0755 |
|
| update-secret.rst | File | 1.3 KB | 0755 |
|
| validate-resource-policy.rst | File | 1.16 KB | 0644 |
|