Docs Home
AWS v6.78.0 published on Thursday, Apr 24, 2025 by Pulumi
aws.secretsmanager.getSecretVersion
Explore with Pulumi AI
Retrieve information about a Secrets Manager secret version, including its secret value. To retrieve secret metadata, see the aws.secretsmanager.Secret data source.
Example Usage
Retrieve Current Secret Version
By default, this data sources retrieves information based on the AWSCURRENT staging label.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const secret_version = aws.secretsmanager.getSecretVersion({
secretId: example.id,
});
import pulumi
import pulumi_aws as aws
secret_version = aws.secretsmanager.get_secret_version(secret_id=example["id"])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := secretsmanager.LookupSecretVersion(ctx, &secretsmanager.LookupSecretVersionArgs{
SecretId: example.Id,
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var secret_version = Aws.SecretsManager.GetSecretVersion.Invoke(new()
{
SecretId = example.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.secretsmanager.SecretsmanagerFunctions;
import com.pulumi.aws.secretsmanager.inputs.GetSecretVersionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var secret-version = SecretsmanagerFunctions.getSecretVersion(GetSecretVersionArgs.builder()
.secretId(example.id())
.build());
}
}
variables:
secret-version:
fn::invoke:
function: aws:secretsmanager:getSecretVersion
arguments:
secretId: ${example.id}
Retrieve Specific Secret Version
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const by_version_stage = aws.secretsmanager.getSecretVersion({
secretId: example.id,
versionStage: "example",
});
import pulumi
import pulumi_aws as aws
by_version_stage = aws.secretsmanager.get_secret_version(secret_id=example["id"],
version_stage="example")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := secretsmanager.LookupSecretVersion(ctx, &secretsmanager.LookupSecretVersionArgs{
SecretId: example.Id,
VersionStage: pulumi.StringRef("example"),
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var by_version_stage = Aws.SecretsManager.GetSecretVersion.Invoke(new()
{
SecretId = example.Id,
VersionStage = "example",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.secretsmanager.SecretsmanagerFunctions;
import com.pulumi.aws.secretsmanager.inputs.GetSecretVersionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var by-version-stage = SecretsmanagerFunctions.getSecretVersion(GetSecretVersionArgs.builder()
.secretId(example.id())
.versionStage("example")
.build());
}
}
variables:
by-version-stage:
fn::invoke:
function: aws:secretsmanager:getSecretVersion
arguments:
secretId: ${example.id}
versionStage: example
Using getSecretVersion
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getSecretVersion(args: GetSecretVersionArgs, opts?: InvokeOptions): Promise<GetSecretVersionResult>
function getSecretVersionOutput(args: GetSecretVersionOutputArgs, opts?: InvokeOptions): Output<GetSecretVersionResult>def get_secret_version(secret_id: Optional[str] = None,
version_id: Optional[str] = None,
version_stage: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetSecretVersionResult
def get_secret_version_output(secret_id: Optional[pulumi.Input[str]] = None,
version_id: Optional[pulumi.Input[str]] = None,
version_stage: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetSecretVersionResult]func LookupSecretVersion(ctx *Context, args *LookupSecretVersionArgs, opts ...InvokeOption) (*LookupSecretVersionResult, error)
func LookupSecretVersionOutput(ctx *Context, args *LookupSecretVersionOutputArgs, opts ...InvokeOption) LookupSecretVersionResultOutput> Note: This function is named LookupSecretVersion in the Go SDK.
public static class GetSecretVersion
{
public static Task<GetSecretVersionResult> InvokeAsync(GetSecretVersionArgs args, InvokeOptions? opts = null)
public static Output<GetSecretVersionResult> Invoke(GetSecretVersionInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetSecretVersionResult> getSecretVersion(GetSecretVersionArgs args, InvokeOptions options)
public static Output<GetSecretVersionResult> getSecretVersion(GetSecretVersionArgs args, InvokeOptions options)
fn::invoke:
function: aws:secretsmanager/getSecretVersion:getSecretVersion
arguments:
# arguments dictionaryThe following arguments are supported:
- Secret
Id This property is required. string - Specifies the secret containing the version that you want to retrieve. You can specify either the ARN or the friendly name of the secret.
- Version
Id string - Specifies the unique identifier of the version of the secret that you want to retrieve. Overrides
version_stage. - Version
Stage string - Specifies the secret version that you want to retrieve by the staging label attached to the version. Defaults to
AWSCURRENT.
- Secret
Id This property is required. string - Specifies the secret containing the version that you want to retrieve. You can specify either the ARN or the friendly name of the secret.
- Version
Id string - Specifies the unique identifier of the version of the secret that you want to retrieve. Overrides
version_stage. - Version
Stage string - Specifies the secret version that you want to retrieve by the staging label attached to the version. Defaults to
AWSCURRENT.
- secret
Id This property is required. String - Specifies the secret containing the version that you want to retrieve. You can specify either the ARN or the friendly name of the secret.
- version
Id String - Specifies the unique identifier of the version of the secret that you want to retrieve. Overrides
version_stage. - version
Stage String - Specifies the secret version that you want to retrieve by the staging label attached to the version. Defaults to
AWSCURRENT.
- secret
Id This property is required. string - Specifies the secret containing the version that you want to retrieve. You can specify either the ARN or the friendly name of the secret.
- version
Id string - Specifies the unique identifier of the version of the secret that you want to retrieve. Overrides
version_stage. - version
Stage string - Specifies the secret version that you want to retrieve by the staging label attached to the version. Defaults to
AWSCURRENT.
- secret_
id This property is required. str - Specifies the secret containing the version that you want to retrieve. You can specify either the ARN or the friendly name of the secret.
- version_
id str - Specifies the unique identifier of the version of the secret that you want to retrieve. Overrides
version_stage. - version_
stage str - Specifies the secret version that you want to retrieve by the staging label attached to the version. Defaults to
AWSCURRENT.
- secret
Id This property is required. String - Specifies the secret containing the version that you want to retrieve. You can specify either the ARN or the friendly name of the secret.
- version
Id String - Specifies the unique identifier of the version of the secret that you want to retrieve. Overrides
version_stage. - version
Stage String - Specifies the secret version that you want to retrieve by the staging label attached to the version. Defaults to
AWSCURRENT.
getSecretVersion Result
The following output properties are available:
- Arn string
- ARN of the secret.
- Created
Date string - Created date of the secret in UTC.
- Id string
- The provider-assigned unique ID for this managed resource.
- Secret
Binary string - Decrypted part of the protected secret information that was originally provided as a binary.
- Secret
Id string - Secret
String string - Decrypted part of the protected secret information that was originally provided as a string.
- Version
Id string - Unique identifier of this version of the secret.
- Version
Stages List<string> - Version
Stage string
- Arn string
- ARN of the secret.
- Created
Date string - Created date of the secret in UTC.
- Id string
- The provider-assigned unique ID for this managed resource.
- Secret
Binary string - Decrypted part of the protected secret information that was originally provided as a binary.
- Secret
Id string - Secret
String string - Decrypted part of the protected secret information that was originally provided as a string.
- Version
Id string - Unique identifier of this version of the secret.
- Version
Stages []string - Version
Stage string
- arn String
- ARN of the secret.
- created
Date String - Created date of the secret in UTC.
- id String
- The provider-assigned unique ID for this managed resource.
- secret
Binary String - Decrypted part of the protected secret information that was originally provided as a binary.
- secret
Id String - secret
String String - Decrypted part of the protected secret information that was originally provided as a string.
- version
Id String - Unique identifier of this version of the secret.
- version
Stages List<String> - version
Stage String
- arn string
- ARN of the secret.
- created
Date string - Created date of the secret in UTC.
- id string
- The provider-assigned unique ID for this managed resource.
- secret
Binary string - Decrypted part of the protected secret information that was originally provided as a binary.
- secret
Id string - secret
String string - Decrypted part of the protected secret information that was originally provided as a string.
- version
Id string - Unique identifier of this version of the secret.
- version
Stages string[] - version
Stage string
- arn str
- ARN of the secret.
- created_
date str - Created date of the secret in UTC.
- id str
- The provider-assigned unique ID for this managed resource.
- secret_
binary str - Decrypted part of the protected secret information that was originally provided as a binary.
- secret_
id str - secret_
string str - Decrypted part of the protected secret information that was originally provided as a string.
- version_
id str - Unique identifier of this version of the secret.
- version_
stages Sequence[str] - version_
stage str
- arn String
- ARN of the secret.
- created
Date String - Created date of the secret in UTC.
- id String
- The provider-assigned unique ID for this managed resource.
- secret
Binary String - Decrypted part of the protected secret information that was originally provided as a binary.
- secret
Id String - secret
String String - Decrypted part of the protected secret information that was originally provided as a string.
- version
Id String - Unique identifier of this version of the secret.
- version
Stages List<String> - version
Stage String
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.