Skip to content

AwsSecret

Bases: DuploResourceV3

AWS Secrets Manager Secrets resource.

This resource allows you to create, find, update, and delete AWS Secrets Manager secrets.

Usage 
duploctl aws_secret <cmd> [options]

Manages AWS Secrets Manager in the background.

Commands

apply

Apply an AWS Secrets Manager secret.

Create or update an AWS secret. If the secret exists it will be updated, otherwise a new secret is created.

CLI Usage 
duploctl aws_secret apply -f 'secret.yaml'

Returns:

Name Type Description
message dict

Success message.
Model: AwsSecret 
{
  "description": "AwsSecret",
  "properties": {
    "Name": {
      "anyOf": [
        {
          "type": "string"
        },
        {
          "type": "null"
        }
      ],
      "default": null,
      "title": "Name"
    },
    "ValueFrom": {
      "anyOf": [
        {
          "type": "string"
        },
        {
          "type": "null"
        }
      ],
      "default": null,
      "title": "Valuefrom"
    }
  },
  "title": "AwsSecret",
  "type": "object"
}

Parameters:

--file, -f, --cli-input
A file to read the input from
AwsSecret action: YamlAction

create

Create an AWS Secrets Manager Secret

Using DuploCloud's native support for AWS Secrets Manager, you can create a new secret. This method acts and feels like how the Kubernetes secrets work within this cli. Supports the secrets value as a string or a key/value JSON object where each value is a string. If you give a JSON object with any key that is not a string, the entire value will be simply a string with a JSON value. The examples below mostly include the --dry-run so you can see the output. Simply remove that to actually create the secret.

cli usage 
duploctl aws_secret create <name> <args>
Create a secret from a datamap 
duploctl aws_secret create mysecret --from-literal foo=bar --from-file some-config.json
Create a secret with a value 
duploctl aws_secret create mysecret --value foobarbaz
Merge a body with new keys

Notice the the --file flag is set to - which means it will read a body file from stdin. Since a name is given, the name in the body file will be replaced with the name given in the command. 

cat awssecret.yaml | duploctl aws_secret create mysecret --file - --from-file some-config.json --from-literal icecream=vanilla --dry-run
Here is what the file body within awssecret.yaml looks like 
Name: duploctl
SecretString: '{"foo": "bar"}'
And then the some-config.json file looks like this 
{
  "foo": {
    "bar": "baz",
    "qux": 42
  }
}

Returns:

Name Type Description
message dict

Either a success message is returned or if --dry-run is passed then the body is what is returned.

Raises:

Type Description
DuploError

If the AWS secret already exists.
Model: AwsSecret 
{
  "description": "AwsSecret",
  "properties": {
    "Name": {
      "anyOf": [
        {
          "type": "string"
        },
        {
          "type": "null"
        }
      ],
      "default": null,
      "title": "Name"
    },
    "ValueFrom": {
      "anyOf": [
        {
          "type": "string"
        },
        {
          "type": "null"
        }
      ],
      "default": null,
      "title": "Valuefrom"
    }
  },
  "title": "AwsSecret",
  "type": "object"
}

Parameters:

name positional
The resource name
str
--file, -f, --cli-input
A file to read the input from
AwsSecret action: YamlAction
--fromfile, --from-file, --from-literal
A file or literal value to add to the data map
str action: DataMapAction
--parametervalue, -pval, -val, --value
Arbitrary text to add as the content of some secret or configuration paramater.
str
--dryrun, --dry-run
Do not submit any changes to the server, just print the data to the console.
bool

delete

Delete an AWS Secrets Manager secret.

Deletes an AWS Secrets Manager secret by name.

cli 
duploctl aws_secret delete <name>

Returns:

Name Type Description
message dict

A success message.

Parameters:

name positional
The resource name
str

find

Find an AWS Secrets Manager secret by name and return its content

cli usage 
duploctl aws_secret find <name>

Returns:

Name Type Description
resource dict

The AWS secret object.

Raises:

Type Description
DuploError

If the AWS secret could not be found.

Parameters:

name positional
The resource name
str
--showsensitive, -show
Return sensitive values to output. WARNING - ENABLING THIS SETTING MAY DISPLAY SENSITIVE DATA TO STDOUT/LOG FILES
bool

list

Retrieve a List of AwsSecret resources

cli usage 
duploctl awssecret list

Returns:

Name Type Description
list list

A list of AwsSecret.

update

Update an AWS Secrets Manager secret.

Follows all the same arguments and style of the create method. This requires the secret to already exist.

cli usage 
duploctl aws_secret update <name> <args>

Returns:

Name Type Description
message dict

Either a success message is returned or if --dry-run is passed then the body is what is returned.

Raises:

Type Description
DuploError

If the AWS secret could not be found or doesn't exist.
Model: AwsSecret 
{
  "description": "AwsSecret",
  "properties": {
    "Name": {
      "anyOf": [
        {
          "type": "string"
        },
        {
          "type": "null"
        }
      ],
      "default": null,
      "title": "Name"
    },
    "ValueFrom": {
      "anyOf": [
        {
          "type": "string"
        },
        {
          "type": "null"
        }
      ],
      "default": null,
      "title": "Valuefrom"
    }
  },
  "title": "AwsSecret",
  "type": "object"
}

Parameters:

name positional
The resource name
str
--file, -f, --cli-input
A file to read the input from
AwsSecret action: YamlAction
--fromfile, --from-file, --from-literal
A file or literal value to add to the data map
str action: DataMapAction
--parametervalue, -pval, -val, --value
Arbitrary text to add as the content of some secret or configuration paramater.
str
--dryrun, --dry-run
Do not submit any changes to the server, just print the data to the console.
bool

Methods

name_from_body

prefixed_name

Override to handle slash-separated secret paths.