1. Packages
  2. AWS
  3. API Docs
  4. secretsmanager
  5. getSecretVersion
AWS v6.78.0 published on Thursday, Apr 24, 2025 by Pulumi

aws.secretsmanager.getSecretVersion

Explore with Pulumi AI

Retrieve information about a Secrets Manager secret version, including its secret value. To retrieve secret metadata, see the aws.secretsmanager.Secret data source.

Example Usage

Retrieve Current Secret Version

By default, this data sources retrieves information based on the AWSCURRENT staging label.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const secret_version = aws.secretsmanager.getSecretVersion({
    secretId: example.id,
});
Copy
import pulumi
import pulumi_aws as aws

secret_version = aws.secretsmanager.get_secret_version(secret_id=example["id"])
Copy
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/secretsmanager"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.LookupSecretVersion(ctx, &secretsmanager.LookupSecretVersionArgs{
			SecretId: example.Id,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var secret_version = Aws.SecretsManager.GetSecretVersion.Invoke(new()
    {
        SecretId = example.Id,
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.secretsmanager.SecretsmanagerFunctions;
import com.pulumi.aws.secretsmanager.inputs.GetSecretVersionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var secret-version = SecretsmanagerFunctions.getSecretVersion(GetSecretVersionArgs.builder()
            .secretId(example.id())
            .build());

    }
}
Copy
variables:
  secret-version:
    fn::invoke:
      function: aws:secretsmanager:getSecretVersion
      arguments:
        secretId: ${example.id}
Copy

Retrieve Specific Secret Version

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const by_version_stage = aws.secretsmanager.getSecretVersion({
    secretId: example.id,
    versionStage: "example",
});
Copy
import pulumi
import pulumi_aws as aws

by_version_stage = aws.secretsmanager.get_secret_version(secret_id=example["id"],
    version_stage="example")
Copy
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/secretsmanager"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsmanager.LookupSecretVersion(ctx, &secretsmanager.LookupSecretVersionArgs{
			SecretId:     example.Id,
			VersionStage: pulumi.StringRef("example"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var by_version_stage = Aws.SecretsManager.GetSecretVersion.Invoke(new()
    {
        SecretId = example.Id,
        VersionStage = "example",
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.secretsmanager.SecretsmanagerFunctions;
import com.pulumi.aws.secretsmanager.inputs.GetSecretVersionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var by-version-stage = SecretsmanagerFunctions.getSecretVersion(GetSecretVersionArgs.builder()
            .secretId(example.id())
            .versionStage("example")
            .build());

    }
}
Copy
variables:
  by-version-stage:
    fn::invoke:
      function: aws:secretsmanager:getSecretVersion
      arguments:
        secretId: ${example.id}
        versionStage: example
Copy

Using getSecretVersion

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getSecretVersion(args: GetSecretVersionArgs, opts?: InvokeOptions): Promise<GetSecretVersionResult>
function getSecretVersionOutput(args: GetSecretVersionOutputArgs, opts?: InvokeOptions): Output<GetSecretVersionResult>
Copy
def get_secret_version(secret_id: Optional[str] = None,
                       version_id: Optional[str] = None,
                       version_stage: Optional[str] = None,
                       opts: Optional[InvokeOptions] = None) -> GetSecretVersionResult
def get_secret_version_output(secret_id: Optional[pulumi.Input[str]] = None,
                       version_id: Optional[pulumi.Input[str]] = None,
                       version_stage: Optional[pulumi.Input[str]] = None,
                       opts: Optional[InvokeOptions] = None) -> Output[GetSecretVersionResult]
Copy
func LookupSecretVersion(ctx *Context, args *LookupSecretVersionArgs, opts ...InvokeOption) (*LookupSecretVersionResult, error)
func LookupSecretVersionOutput(ctx *Context, args *LookupSecretVersionOutputArgs, opts ...InvokeOption) LookupSecretVersionResultOutput
Copy

> Note: This function is named LookupSecretVersion in the Go SDK.

public static class GetSecretVersion 
{
    public static Task<GetSecretVersionResult> InvokeAsync(GetSecretVersionArgs args, InvokeOptions? opts = null)
    public static Output<GetSecretVersionResult> Invoke(GetSecretVersionInvokeArgs args, InvokeOptions? opts = null)
}
Copy
public static CompletableFuture<GetSecretVersionResult> getSecretVersion(GetSecretVersionArgs args, InvokeOptions options)
public static Output<GetSecretVersionResult> getSecretVersion(GetSecretVersionArgs args, InvokeOptions options)
Copy
fn::invoke:
  function: aws:secretsmanager/getSecretVersion:getSecretVersion
  arguments:
    # arguments dictionary
Copy

The following arguments are supported:

SecretId This property is required. string
Specifies the secret containing the version that you want to retrieve. You can specify either the ARN or the friendly name of the secret.
VersionId string
Specifies the unique identifier of the version of the secret that you want to retrieve. Overrides version_stage.
VersionStage string
Specifies the secret version that you want to retrieve by the staging label attached to the version. Defaults to AWSCURRENT.
SecretId This property is required. string
Specifies the secret containing the version that you want to retrieve. You can specify either the ARN or the friendly name of the secret.
VersionId string
Specifies the unique identifier of the version of the secret that you want to retrieve. Overrides version_stage.
VersionStage string
Specifies the secret version that you want to retrieve by the staging label attached to the version. Defaults to AWSCURRENT.
secretId This property is required. String
Specifies the secret containing the version that you want to retrieve. You can specify either the ARN or the friendly name of the secret.
versionId String
Specifies the unique identifier of the version of the secret that you want to retrieve. Overrides version_stage.
versionStage String
Specifies the secret version that you want to retrieve by the staging label attached to the version. Defaults to AWSCURRENT.
secretId This property is required. string
Specifies the secret containing the version that you want to retrieve. You can specify either the ARN or the friendly name of the secret.
versionId string
Specifies the unique identifier of the version of the secret that you want to retrieve. Overrides version_stage.
versionStage string
Specifies the secret version that you want to retrieve by the staging label attached to the version. Defaults to AWSCURRENT.
secret_id This property is required. str
Specifies the secret containing the version that you want to retrieve. You can specify either the ARN or the friendly name of the secret.
version_id str
Specifies the unique identifier of the version of the secret that you want to retrieve. Overrides version_stage.
version_stage str
Specifies the secret version that you want to retrieve by the staging label attached to the version. Defaults to AWSCURRENT.
secretId This property is required. String
Specifies the secret containing the version that you want to retrieve. You can specify either the ARN or the friendly name of the secret.
versionId String
Specifies the unique identifier of the version of the secret that you want to retrieve. Overrides version_stage.
versionStage String
Specifies the secret version that you want to retrieve by the staging label attached to the version. Defaults to AWSCURRENT.

getSecretVersion Result

The following output properties are available:

Arn string
ARN of the secret.
CreatedDate string
Created date of the secret in UTC.
Id string
The provider-assigned unique ID for this managed resource.
SecretBinary string
Decrypted part of the protected secret information that was originally provided as a binary.
SecretId string
SecretString string
Decrypted part of the protected secret information that was originally provided as a string.
VersionId string
Unique identifier of this version of the secret.
VersionStages List<string>
VersionStage string
Arn string
ARN of the secret.
CreatedDate string
Created date of the secret in UTC.
Id string
The provider-assigned unique ID for this managed resource.
SecretBinary string
Decrypted part of the protected secret information that was originally provided as a binary.
SecretId string
SecretString string
Decrypted part of the protected secret information that was originally provided as a string.
VersionId string
Unique identifier of this version of the secret.
VersionStages []string
VersionStage string
arn String
ARN of the secret.
createdDate String
Created date of the secret in UTC.
id String
The provider-assigned unique ID for this managed resource.
secretBinary String
Decrypted part of the protected secret information that was originally provided as a binary.
secretId String
secretString String
Decrypted part of the protected secret information that was originally provided as a string.
versionId String
Unique identifier of this version of the secret.
versionStages List<String>
versionStage String
arn string
ARN of the secret.
createdDate string
Created date of the secret in UTC.
id string
The provider-assigned unique ID for this managed resource.
secretBinary string
Decrypted part of the protected secret information that was originally provided as a binary.
secretId string
secretString string
Decrypted part of the protected secret information that was originally provided as a string.
versionId string
Unique identifier of this version of the secret.
versionStages string[]
versionStage string
arn str
ARN of the secret.
created_date str
Created date of the secret in UTC.
id str
The provider-assigned unique ID for this managed resource.
secret_binary str
Decrypted part of the protected secret information that was originally provided as a binary.
secret_id str
secret_string str
Decrypted part of the protected secret information that was originally provided as a string.
version_id str
Unique identifier of this version of the secret.
version_stages Sequence[str]
version_stage str
arn String
ARN of the secret.
createdDate String
Created date of the secret in UTC.
id String
The provider-assigned unique ID for this managed resource.
secretBinary String
Decrypted part of the protected secret information that was originally provided as a binary.
secretId String
secretString String
Decrypted part of the protected secret information that was originally provided as a string.
versionId String
Unique identifier of this version of the secret.
versionStages List<String>
versionStage String

Package Details

Repository
AWS Classic pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.