**Example 1: To configure and start automatic rotation for a secret** The following ``rotate-secret`` example configures and starts automatic rotation for a secret. Secrets Manager rotates the secret once immediately, and then every eight hours in a two hour window. The output shows the ``VersionId`` of the new secret version created by rotation. :: aws secretsmanager rotate-secret \ --secret-id MyTestDatabaseSecret \ --rotation-lambda-arn arn:aws:lambda:us-west-2:1234566789012:function:SecretsManagerTestRotationLambda \ --rotation-rules "{\"ScheduleExpression\": \"cron(0 8/8 * * ? *)\", \"Duration\": \"2h\"}" Output:: { "ARN": "aws:arn:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3", "Name": "MyTestDatabaseSecret", "VersionId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" } For more information, see `Rotate secrets <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html>`__ in the *Secrets Manager User Guide*. **Example 2: To configure and start automatic rotation on a rotation interval** The following ``rotate-secret`` example configures and starts automatic rotation for a secret. Secrets Manager rotates the secret once immediately, and then every 10 days. The output shows the ``VersionId`` of the new secret version created by rotation. :: aws secretsmanager rotate-secret \ --secret-id MyTestDatabaseSecret \ --rotation-lambda-arn arn:aws:lambda:us-west-2:1234566789012:function:SecretsManagerTestRotationLambda \ --rotation-rules "{\"ScheduleExpression\": \"rate(10 days)\"}" Output:: { "ARN": "aws:arn:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3", "Name": "MyTestDatabaseSecret", "VersionId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" } For more information, see `Rotate secrets <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html>`__ in the *Secrets Manager User Guide*. **Example 3: To rotate a secret immediately** The following ``rotate-secret`` example starts an immediate rotation. The output shows the ``VersionId`` of the new secret version created by rotation. The secret must already have rotation configured. :: aws secretsmanager rotate-secret \ --secret-id MyTestDatabaseSecret Output:: { "ARN": "aws:arn:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3", "Name": "MyTestDatabaseSecret", "VersionId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" } For more information, see `Rotate secrets <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html>`__ in the *Secrets Manager User Guide*.
Name | Type | Size | Permission | Actions |
---|---|---|---|---|
cancel-rotate-secret.rst | File | 588 B | 0755 |
|
create-secret.rst | File | 1.8 KB | 0755 |
|
delete-resource-policy.rst | File | 595 B | 0755 |
|
delete-secret.rst | File | 1.48 KB | 0755 |
|
describe-secret.rst | File | 1.99 KB | 0755 |
|
get-random-password.rst | File | 592 B | 0755 |
|
get-resource-policy.rst | File | 854 B | 0755 |
|
get-secret-value.rst | File | 1.61 KB | 0755 |
|
list-secret-version-ids.rst | File | 1.23 KB | 0755 |
|
list-secrets.rst | File | 4.17 KB | 0755 |
|
put-resource-policy.rst | File | 1.32 KB | 0755 |
|
put-secret-value.rst | File | 1.95 KB | 0755 |
|
remove-regions-from-replication.rst | File | 725 B | 0644 |
|
replicate-secret-to-regions.rst | File | 881 B | 0644 |
|
restore-secret.rst | File | 555 B | 0755 |
|
rotate-secret.rst | File | 2.74 KB | 0755 |
|
stop-replication-to-replica.rst | File | 703 B | 0644 |
|
tag-resource.rst | File | 987 B | 0755 |
|
untag-resource.rst | File | 496 B | 0755 |
|
update-secret-version-stage.rst | File | 3.04 KB | 0755 |
|
update-secret.rst | File | 1.3 KB | 0755 |
|
validate-resource-policy.rst | File | 1.16 KB | 0644 |
|