AwsSecret

Bases: DuploTenantResourceV3

AWS Secrets Manager Secrets resource.

This resource allows you to create, find, update, and delete AWS Secrets Manager secrets.

Usage

duploctl aws_secret <cmd> [options]

Manages AWS Secrets Manager in the background.

`apply`

Apply a AwsSecret

Create or Update a AwsSecret resource with Duplocloud cli.

CLI Usage

duploctl awssecret apply -f 'awssecret.yaml'

Contents of the awssecret.yaml file

Name: duploctl
SecretString: '{"foo": "bar"}'

Parameters:

Name	Type	Description	Default
`body`	`BODY`	The resource to apply.	required
`wait`	`WAIT`	Wait for the resource to be created.	`False`
`patches`	`PATCHES`	The patches to apply to the resource.	`None`

Returns:

Name	Type	Description
`message`	`dict`	Success message.

`create`

Create an AWS Secretmanager Secret

Using DuploCloud's native support for AWS Secrets Manager, you can create a new secret. This method acts and feels like how the Kubernetes secrets work within this cli. Supports the secrets value as a string or a key/value JSON object where each value is a string. If you give a JSON object with any key that is not a string, the entire value will be simply a string with a JSON value. The examples below mostly include the --dry-run so you can see the output. Simply remove that to actually create the secret.

cli usage

duploctl aws_secret create <name> <args>

Create a secret from a datamap

duploctl aws_secret create mysecret --from-literal foo=bar --from-file some-config.json

Create a secret with a value

duploctl aws_secret create mysecret --value foobarbaz

Merge a body with new keys

Notice the the --file flag is set to - which means it will read a body file from stdin. Since a name is given, the name in the body file will be replaced with the name given in the command.

cat awssecret.yaml | duploctl aws_secret create mysecret --file - --from-file some-config.json --from-literal icecream=vanilla --dry-run

Here is what the file body within awssecret.yaml looks like

Name: duploctl
SecretString: '{"foo": "bar"}'

And then the some-config.json file looks like this

{
  "foo": {
    "bar": "baz",
    "qux": 42
  }
}

Parameters:

Name	Type	Description	Default
`name`	`NAME`	The name of the AWS Secret to create.	`None`
`body`	`BODY`	The full body of an AWS Secrets Manager secret for DuploCloud.	`None`
`data`	`DATAMAP`	A map of key-value pairs to be merged into the SecretString field of the AWS Secretmanager secret. Can't be used with the value argument. A datamap is a combination of all of the `--from-literal` and `--from-file` flags.	`None`
`value`	`CONTENT`	The value of the AWS Secretmanager secret. This overwrites the existing value! Can't be used with the data argument.	`None`
`dryrun`	`DRYRUN`	If true, returns the body that would be sent to the API without actually creating the resource.	`False`

Returns:

Name	Type	Description
`message`	`dict`	Either a succes message is returned or if --dry-run is passed then the body is what is returned.

Raises:

Type	Description
`DuploError`	If the AWS secret already exists.

`delete`

Delete an AWS Secretmanager secret.

Deletes an AWS Secretmanager secret by name.

cli

duploctl aws_secret delete <name>

Parameters:

Name	Type	Description	Default
`name`	`NAME`	The name of an AWS Secretmanager secret to delete. This can either be the short name or the full name including the tenant prefix.	required
`wait`		Wait for an AWS Secretmanager secret to be deleted.	required

Returns:

Name	Type	Description
`message`	`dict`	A success message.

`find`

Find as AWS Secretmanager secret by name and return its content

cli usage

duploctl aws_secret find <name>

Parameters:

Name	Type	Description	Default
`name`	`NAME`	The name of the AWS secret to find.	required
`show_sensitive`	`SHOW_SENSITIVE`	Display value of the secretstring field	`False`

Returns:

Name	Type	Description
`resource`	`dict`	The AWS secret object.

Raises:

Type	Description
`DuploError`	If the AWS secret could not be found.

`list`

Retrieve a List of AwsSecret resources

cli usage

duploctl awssecret list

Returns:

Name	Type	Description
`list`	`list`	A list of AwsSecret.

`update`

Update an AWS Secretmanager secret.

Follows all the same arguments and style of the create method. This requires the secret to already exist.

cli usage

duploctl aws_secret update <name> <args>

Parameters:

Name	Type	Description	Default
`name`	`NAME`	The name of the AWS Secret to create.	`None`
`body`	`BODY`	The full body of an AWS Secrets Manager secret for DuploCloud.	`None`
`data`	`DATAMAP`	A map of key-value pairs to be merged into the SecretString field of the AWS Secrets Manager secret. Cannot be used with the value argument. A datamap is a combination of all of the `--from-literal` and `--from-file` flags.	`None`
`value`	`CONTENT`	The value of the AWS Secrets Manager secret. OVERWRITES the existing value. Cannot be used with the data argument.	`None`
`dryrun`	`DRYRUN`	If true, returns the body that would be sent to the API without actually creating the resource.	`False`

Returns:

Name	Type	Description
`message`	`dict`	Either a succes message is returned or if --dry-run is passed then the body is what is returned.

Raises:

Type	Description
`DuploError`	If the AWS secret could not be found or doesn't exist.