tessl/npm-pulumi--aws

A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources with infrastructure-as-code.

—

Pending

Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Overview

Eval results

Files

Secrets Manager - Secrets Storage and Rotation

Name: tessl/npm-pulumi--aws
Author: tessl

AWS Secrets Manager helps protect secrets needed to access applications, services, and IT resources.

Common Tasks

Store database credentials as JSON secret

const secret = new aws.secretsmanager.Secret("db-password", {
    description: "Database password",
});
new aws.secretsmanager.SecretVersion("db-password-value", {
    secretId: secret.id,
    secretString: JSON.stringify({
        username: "admin",
        password: "MySecurePassword123!",
    }),
});

Create encrypted secret with KMS key

const secret = new aws.secretsmanager.Secret("encrypted-secret", {
    description: "Encrypted secret",
    kmsKeyId: kmsKey.id,
});

Configure secret with recovery window

const secret = new aws.secretsmanager.Secret("api-key", {
    description: "API key for external service",
    recoveryWindowInDays: 30,
});

Core Resources

Secret

Store secrets with automatic rotation.

class Secret extends pulumi.CustomResource {
    constructor(name: string, args?: SecretArgs, opts?: pulumi.CustomResourceOptions);

    readonly arn: pulumi.Output<string>;
    readonly id: pulumi.Output<string>;
}

interface SecretArgs {
    name?: pulumi.Input<string>;
    description?: pulumi.Input<string>;
    kmsKeyId?: pulumi.Input<string>;
    recoveryWindowInDays?: pulumi.Input<number>;
    tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
}

Example: Create secret with KMS encryption

const secret = new aws.secretsmanager.Secret("db-password", {
    description: "Database password",
    kmsKeyId: kmsKey.id,
    recoveryWindowInDays: 7,
    tags: {
        Environment: "production",
        Application: "my-app",
    },
});

SecretVersion

Store secret values.

class SecretVersion extends pulumi.CustomResource {
    constructor(name: string, args: SecretVersionArgs, opts?: pulumi.CustomResourceOptions);
}

interface SecretVersionArgs {
    secretId: pulumi.Input<string>;
    secretString?: pulumi.Input<string>;
    secretBinary?: pulumi.Input<string>;
}

Example: Store secret value

new aws.secretsmanager.SecretVersion("db-password-value", {
    secretId: secret.id,
    secretString: JSON.stringify({
        username: "admin",
        password: dbPassword,
        host: dbInstance.endpoint,
        port: 5432,
    }),
});

Usage Example

const secret = new aws.secretsmanager.Secret("db-password", {
    description: "Database password",
});

new aws.secretsmanager.SecretVersion("db-password-value", {
    secretId: secret.id,
    secretString: JSON.stringify({
        username: "admin",
        password: dbPassword,
    }),
});

export const secretArn = secret.arn;

Related Services

RDS - Store database credentials securely
Lambda - Access secrets from Lambda functions
ECS - Inject secrets into container environment
KMS - Encrypt secrets with customer-managed keys
IAM - Control access to secrets with policies

Install with Tessl CLI

npx tessl i tessl/npm-pulumi--aws@7.16.0

docs

analytics

compute

core

database

guides

migration

monitoring

networking

reference

security

storage

tessl/npm-pulumi--aws

secretsmanager.md.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}docs/security/

Secrets Manager - Secrets Storage and Rotation

Common Tasks

Core Resources

Secret

SecretVersion

Usage Example

Related Services

secretsmanager.mddocs/security/