AWS CLI Secrets Manager Create Secret

Question

I want to create a new secret in Secrets Manager. The secret needs to be a key/value pair. When I create the secret using the CLI it is stored as plaintext instead of as a key/value pair:

aws secretsmanager create-secret --name github/oauthtoken \
    --description "GitHub OAuth Token" \
    --secret-string file:///tmp/github_oauth.json

github_oauth.json

[
  {
    "Key": "oauth_token",
    "Value": "MYOAUTHTOKEN"
  }
]

When I attempt to resolve the secret in CloudFormation I'm getting an error:

Secrets Manager can?t find the specified secret.

When I access the secret in the Secrets Manager UI the secret is in plaintext with an error under Secret key/value:

The secret value can't be converted to key name and value pairs

How can I create a secret in Secrets Manager stored as a key/value pair?

I needed to simplify the string with the key/value pair {"oauth_token": "MYOAUTHTOKEN"} — Ken J, May 01 '19 at 02:00

score 6 · Answer 1 · answered Sep 29 '20 at 05:58

6

I have tried in this way:

aws secretsmanager create-secret --name github/oauthtoken
--description "GitHub OAuth Token"
--secret-string '{"oauth_token":"MYOAUTHTOKEN"}' --region us-east-1

answered Sep 29 '20 at 05:58

Dharmesh Purohit

216
2
3

Parimal · Answer 2 · 2019-05-01T18:02:21.873

The SecretsManager console and the SecretsManager-CloudFormation integration default to treating the SecretString as a JSON object, as you correctly discovered.

The console parses this JSON and shows you key/value pairs. In CloudFormation, you can use dynamic reference to fetch individual JSON values when the SecretString is a JSON object.

This, of course, does not force you to use key/value pairs in your SecretString. You can have any freetext in there and view it in the console under the "Plaintext" tab. In CloudFormation, you can use dynamic references to reference the entire SecretString and avoid parsing it as JSON.

You can also create secrets through CloudFormation that are key/value pairs or free text, along with setting up resource policies, rotation, etc.

Refs -

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html#dynamic-references-secretsmanager

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secret.html

AWS CLI Secrets Manager Create Secret

2 Answers2