Copyright	(c) 2013-2023 Brendan Hay
License	Mozilla Public License, v. 2.0.
Maintainer	Brendan Hay
Stability	auto-generated
Portability	non-portable (GHC extensions)
Safe Haskell	Safe-Inferred
Language	Haskell2010

Amazonka.SecretsManager.GetSecretValue

Contents

Creating a Request
Request Lenses
Destructuring the Response
Response Lenses

Description

Retrieves the contents of the encrypted fields SecretString or SecretBinary from the specified version of a secret, whichever contains content.

We recommend that you cache your secret values by using client-side caching. Caching secrets improves speed and reduces your costs. For more information, see Cache secrets for your applications.

To retrieve the previous version of a secret, use VersionStage and specify AWSPREVIOUS. To revert to the previous version of a secret, call UpdateSecretVersionStage.

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.

Required permissions: secretsmanager:GetSecretValue. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key aws/secretsmanager, then you also need kms:Decrypt permissions for that key. For more information, see IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager.

Synopsis

data GetSecretValue = GetSecretValue' {
- versionId :: Maybe Text
- versionStage :: Maybe Text
- secretId :: Text
}
newGetSecretValue :: Text -> GetSecretValue
getSecretValue_versionId :: Lens' GetSecretValue (Maybe Text)
getSecretValue_versionStage :: Lens' GetSecretValue (Maybe Text)
getSecretValue_secretId :: Lens' GetSecretValue Text
data GetSecretValueResponse = GetSecretValueResponse' {
- arn :: Maybe Text
- createdDate :: Maybe POSIX
- name :: Maybe Text
- secretBinary :: Maybe (Sensitive Base64)
- secretString :: Maybe (Sensitive Text)
- versionId :: Maybe Text
- versionStages :: Maybe (NonEmpty Text)
- httpStatus :: Int
}
newGetSecretValueResponse :: Int -> GetSecretValueResponse
getSecretValueResponse_arn :: Lens' GetSecretValueResponse (Maybe Text)
getSecretValueResponse_createdDate :: Lens' GetSecretValueResponse (Maybe UTCTime)
getSecretValueResponse_name :: Lens' GetSecretValueResponse (Maybe Text)
getSecretValueResponse_secretBinary :: Lens' GetSecretValueResponse (Maybe ByteString)
getSecretValueResponse_secretString :: Lens' GetSecretValueResponse (Maybe Text)
getSecretValueResponse_versionId :: Lens' GetSecretValueResponse (Maybe Text)
getSecretValueResponse_versionStages :: Lens' GetSecretValueResponse (Maybe (NonEmpty Text))
getSecretValueResponse_httpStatus :: Lens' GetSecretValueResponse Int

Creating a Request

data GetSecretValue Source #

See: newGetSecretValue smart constructor.

Constructors

GetSecretValue'

Fields

versionId :: Maybe Text
The unique identifier of the version of the secret to retrieve. If you include both this parameter and VersionStage, the two parameters must refer to the same secret version. If you don't specify either a VersionStage or VersionId, then Secrets Manager returns the AWSCURRENT version.
This value is typically a UUID-type value with 32 hexadecimal digits.
versionStage :: Maybe Text
The staging label of the version of the secret to retrieve.
Secrets Manager uses staging labels to keep track of different versions during the rotation process. If you include both this parameter and VersionId, the two parameters must refer to the same secret version. If you don't specify either a VersionStage or VersionId, Secrets Manager returns the AWSCURRENT version.
secretId :: Text
The ARN or name of the secret to retrieve.
For an ARN, we recommend that you specify a complete ARN rather than a partial ARN. See Finding a secret from a partial ARN.

Instances

Instances details

ToJSON GetSecretValue Source #
Instance details Defined in Amazonka.SecretsManager.GetSecretValue Methods toJSON :: GetSecretValue -> Value # toEncoding :: GetSecretValue -> Encoding # toJSONList :: [GetSecretValue] -> Value # toEncodingList :: [GetSecretValue] -> Encoding #
ToHeaders GetSecretValue Source #
Instance details Defined in Amazonka.SecretsManager.GetSecretValue Methods toHeaders :: GetSecretValue -> [Header] #
ToPath GetSecretValue Source #
Instance details Defined in Amazonka.SecretsManager.GetSecretValue Methods toPath :: GetSecretValue -> ByteString #
ToQuery GetSecretValue Source #
Instance details Defined in Amazonka.SecretsManager.GetSecretValue Methods toQuery :: GetSecretValue -> QueryString #
AWSRequest GetSecretValue Source #
Instance details Defined in Amazonka.SecretsManager.GetSecretValue Associated Types type AWSResponse GetSecretValue # Methods request :: (Service -> Service) -> GetSecretValue -> Request GetSecretValue # response :: MonadResource m => (ByteStringLazy -> IO ByteStringLazy) -> Service -> Proxy GetSecretValue -> ClientResponse ClientBody -> m (Either Error (ClientResponse (AWSResponse GetSecretValue))) #
Generic GetSecretValue Source #
Instance details Defined in Amazonka.SecretsManager.GetSecretValue Associated Types type Rep GetSecretValue :: Type -> Type # Methods from :: GetSecretValue -> Rep GetSecretValue x # to :: Rep GetSecretValue x -> GetSecretValue #
Read GetSecretValue Source #
Instance details Defined in Amazonka.SecretsManager.GetSecretValue Methods readsPrec :: Int -> ReadS GetSecretValue # readList :: ReadS [GetSecretValue] # readPrec :: ReadPrec GetSecretValue # readListPrec :: ReadPrec [GetSecretValue] #
Show GetSecretValue Source #
Instance details Defined in Amazonka.SecretsManager.GetSecretValue Methods showsPrec :: Int -> GetSecretValue -> ShowS # show :: GetSecretValue -> String # showList :: [GetSecretValue] -> ShowS #
NFData GetSecretValue Source #
Instance details Defined in Amazonka.SecretsManager.GetSecretValue Methods rnf :: GetSecretValue -> () #
Eq GetSecretValue Source #
Instance details Defined in Amazonka.SecretsManager.GetSecretValue Methods (==) :: GetSecretValue -> GetSecretValue -> Bool # (/=) :: GetSecretValue -> GetSecretValue -> Bool #
Hashable GetSecretValue Source #
Instance details Defined in Amazonka.SecretsManager.GetSecretValue Methods hashWithSalt :: Int -> GetSecretValue -> Int # hash :: GetSecretValue -> Int #
type AWSResponse GetSecretValue Source #
Instance details Defined in Amazonka.SecretsManager.GetSecretValue type AWSResponse GetSecretValue = GetSecretValueResponse
type Rep GetSecretValue Source #
Instance details Defined in Amazonka.SecretsManager.GetSecretValue type Rep GetSecretValue = D1 ('MetaData "GetSecretValue" "Amazonka.SecretsManager.GetSecretValue" "amazonka-secretsmanager-2.0-8tljeZ4CwL92E7JavkDb0o" 'False) (C1 ('MetaCons "GetSecretValue'" 'PrefixI 'True) (S1 ('MetaSel ('Just "versionId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :: (S1 ('MetaSel ('Just "versionStage") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :: S1 ('MetaSel ('Just "secretId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))))

newGetSecretValue Source #

Arguments

:: Text	`$sel:secretId:GetSecretValue'`
-> GetSecretValue

Create a value of GetSecretValue with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

GetSecretValue, getSecretValue_versionId - The unique identifier of the version of the secret to retrieve. If you include both this parameter and VersionStage, the two parameters must refer to the same secret version. If you don't specify either a VersionStage or VersionId, then Secrets Manager returns the AWSCURRENT version.

This value is typically a UUID-type value with 32 hexadecimal digits.

$sel:versionStage:GetSecretValue', getSecretValue_versionStage - The staging label of the version of the secret to retrieve.

Secrets Manager uses staging labels to keep track of different versions during the rotation process. If you include both this parameter and VersionId, the two parameters must refer to the same secret version. If you don't specify either a VersionStage or VersionId, Secrets Manager returns the AWSCURRENT version.

$sel:secretId:GetSecretValue', getSecretValue_secretId - The ARN or name of the secret to retrieve.

For an ARN, we recommend that you specify a complete ARN rather than a partial ARN. See Finding a secret from a partial ARN.

Request Lenses

getSecretValue_versionId :: Lens' GetSecretValue (Maybe Text) Source #

The unique identifier of the version of the secret to retrieve. If you include both this parameter and VersionStage, the two parameters must refer to the same secret version. If you don't specify either a VersionStage or VersionId, then Secrets Manager returns the AWSCURRENT version.

This value is typically a UUID-type value with 32 hexadecimal digits.

getSecretValue_versionStage :: Lens' GetSecretValue (Maybe Text) Source #

The staging label of the version of the secret to retrieve.

Secrets Manager uses staging labels to keep track of different versions during the rotation process. If you include both this parameter and VersionId, the two parameters must refer to the same secret version. If you don't specify either a VersionStage or VersionId, Secrets Manager returns the AWSCURRENT version.

getSecretValue_secretId :: Lens' GetSecretValue Text Source #

The ARN or name of the secret to retrieve.

For an ARN, we recommend that you specify a complete ARN rather than a partial ARN. See Finding a secret from a partial ARN.

Destructuring the Response

data GetSecretValueResponse Source #

See: newGetSecretValueResponse smart constructor.

Constructors

GetSecretValueResponse'

Fields

arn :: Maybe Text
The ARN of the secret.
createdDate :: Maybe POSIX
The date and time that this version of the secret was created. If you don't specify which version in VersionId or VersionStage, then Secrets Manager uses the AWSCURRENT version.
name :: Maybe Text
The friendly name of the secret.
secretBinary :: Maybe (Sensitive Base64)
The decrypted secret value, if the secret value was originally provided as binary data in the form of a byte array. The response parameter represents the binary data as a base64-encoded string.
If the secret was created by using the Secrets Manager console, or if the secret value was originally provided as a string, then this field is omitted. The secret value appears in SecretString instead.
secretString :: Maybe (Sensitive Text)
The decrypted secret value, if the secret value was originally provided as a string or through the Secrets Manager console.
If this secret was created by using the console, then Secrets Manager stores the information as a JSON structure of key/value pairs.
versionId :: Maybe Text
The unique identifier of this version of the secret.
versionStages :: Maybe (NonEmpty Text)
A list of all of the staging labels currently attached to this version of the secret.
httpStatus :: Int
The response's http status code.

Instances

Instances details

Generic GetSecretValueResponse Source #
Instance details Defined in Amazonka.SecretsManager.GetSecretValue Associated Types type Rep GetSecretValueResponse :: Type -> Type # Methods from :: GetSecretValueResponse -> Rep GetSecretValueResponse x # to :: Rep GetSecretValueResponse x -> GetSecretValueResponse #
Show GetSecretValueResponse Source #
Instance details Defined in Amazonka.SecretsManager.GetSecretValue Methods showsPrec :: Int -> GetSecretValueResponse -> ShowS # show :: GetSecretValueResponse -> String # showList :: [GetSecretValueResponse] -> ShowS #
NFData GetSecretValueResponse Source #
Instance details Defined in Amazonka.SecretsManager.GetSecretValue Methods rnf :: GetSecretValueResponse -> () #
Eq GetSecretValueResponse Source #
Instance details Defined in Amazonka.SecretsManager.GetSecretValue Methods (==) :: GetSecretValueResponse -> GetSecretValueResponse -> Bool # (/=) :: GetSecretValueResponse -> GetSecretValueResponse -> Bool #
type Rep GetSecretValueResponse Source #
Instance details Defined in Amazonka.SecretsManager.GetSecretValue type Rep GetSecretValueResponse = D1 ('MetaData "GetSecretValueResponse" "Amazonka.SecretsManager.GetSecretValue" "amazonka-secretsmanager-2.0-8tljeZ4CwL92E7JavkDb0o" 'False) (C1 ('MetaCons "GetSecretValueResponse'" 'PrefixI 'True) (((S1 ('MetaSel ('Just "arn") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :: S1 ('MetaSel ('Just "createdDate") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe POSIX))) :: (S1 ('MetaSel ('Just "name") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :: S1 ('MetaSel ('Just "secretBinary") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe (Sensitive Base64))))) :: ((S1 ('MetaSel ('Just "secretString") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe (Sensitive Text))) :: S1 ('MetaSel ('Just "versionId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text))) :: (S1 ('MetaSel ('Just "versionStages") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe (NonEmpty Text))) :*: S1 ('MetaSel ('Just "httpStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Int)))))

newGetSecretValueResponse Source #

Arguments

:: Int	`$sel:httpStatus:GetSecretValueResponse'`
-> GetSecretValueResponse

Create a value of GetSecretValueResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

GetSecretValueResponse, getSecretValueResponse_arn - The ARN of the secret.

GetSecretValueResponse, getSecretValueResponse_createdDate - The date and time that this version of the secret was created. If you don't specify which version in VersionId or VersionStage, then Secrets Manager uses the AWSCURRENT version.

GetSecretValueResponse, getSecretValueResponse_name - The friendly name of the secret.

$sel:secretBinary:GetSecretValueResponse', getSecretValueResponse_secretBinary - The decrypted secret value, if the secret value was originally provided as binary data in the form of a byte array. The response parameter represents the binary data as a base64-encoded string.

If the secret was created by using the Secrets Manager console, or if the secret value was originally provided as a string, then this field is omitted. The secret value appears in SecretString instead.-- -- Note: This Lens automatically encodes and decodes Base64 data. -- The underlying isomorphism will encode to Base64 representation during -- serialisation, and decode from Base64 representation during deserialisation. -- This Lens accepts and returns only raw unencoded data.

$sel:secretString:GetSecretValueResponse', getSecretValueResponse_secretString - The decrypted secret value, if the secret value was originally provided as a string or through the Secrets Manager console.

If this secret was created by using the console, then Secrets Manager stores the information as a JSON structure of key/value pairs.

GetSecretValue, getSecretValueResponse_versionId - The unique identifier of this version of the secret.

GetSecretValueResponse, getSecretValueResponse_versionStages - A list of all of the staging labels currently attached to this version of the secret.

$sel:httpStatus:GetSecretValueResponse', getSecretValueResponse_httpStatus - The response's http status code.

Response Lenses

getSecretValueResponse_arn :: Lens' GetSecretValueResponse (Maybe Text) Source #

The ARN of the secret.

getSecretValueResponse_createdDate :: Lens' GetSecretValueResponse (Maybe UTCTime) Source #

The date and time that this version of the secret was created. If you don't specify which version in VersionId or VersionStage, then Secrets Manager uses the AWSCURRENT version.

getSecretValueResponse_name :: Lens' GetSecretValueResponse (Maybe Text) Source #

The friendly name of the secret.

getSecretValueResponse_secretBinary :: Lens' GetSecretValueResponse (Maybe ByteString) Source #

The decrypted secret value, if the secret value was originally provided as binary data in the form of a byte array. The response parameter represents the binary data as a base64-encoded string.

If the secret was created by using the Secrets Manager console, or if the secret value was originally provided as a string, then this field is omitted. The secret value appears in SecretString instead.-- -- Note: This Lens automatically encodes and decodes Base64 data. -- The underlying isomorphism will encode to Base64 representation during -- serialisation, and decode from Base64 representation during deserialisation. -- This Lens accepts and returns only raw unencoded data.

getSecretValueResponse_secretString :: Lens' GetSecretValueResponse (Maybe Text) Source #

The decrypted secret value, if the secret value was originally provided as a string or through the Secrets Manager console.

If this secret was created by using the console, then Secrets Manager stores the information as a JSON structure of key/value pairs.

getSecretValueResponse_versionId :: Lens' GetSecretValueResponse (Maybe Text) Source #

The unique identifier of this version of the secret.

getSecretValueResponse_versionStages :: Lens' GetSecretValueResponse (Maybe (NonEmpty Text)) Source #

A list of all of the staging labels currently attached to this version of the secret.

getSecretValueResponse_httpStatus :: Lens' GetSecretValueResponse Int Source #

The response's http status code.