| description | page_title | nav_title |
|---|---|---|
The Amazon Secrets Manager data source provides information about a Secrets Manager secret version,
including its secret value.
|
Secrets Manager - Data Source |
Secrets Manager |
The Secrets Manager data source provides information about a Secrets Manager secret version, including its secret value.
-> Note: Data sources is a feature exclusively available to HCL2 templates.
Basic examples of usage:
data "amazon-secretsmanager" "basic-example" {
name = "packer_test_secret"
key = "packer_test_key"
version_stage = "example"
}
# usage example of the data source output
locals {
value = data.amazon-secretsmanager.basic-example.value
secret_string = data.amazon-secretsmanager.basic-example.secret_string
version_id = data.amazon-secretsmanager.basic-example.version_id
secret_value = jsondecode(data.amazon-secretsmanager.basic-example.secret_string)["packer_test_key"]
}Reading key-value pairs from JSON back into a native Packer map can be accomplished with the jsondecode() function.
@include 'datasource/secretsmanager/Config-required.mdx'
@include 'datasource/secretsmanager/Config-not-required.mdx'
@include 'datasource/secretsmanager/DatasourceOutput.mdx'
The Amazon Data Sources authentication works just like for the Amazon Builders. Both have the same authentication options, and you can refer to the Amazon Builders authentication to learn the options to authenticate for data sources.
-> Note: A data source will start and execute in your own authentication session. The authentication in the data source doesn't relate with the authentication on Amazon Builders.
Basic example of an Amazon data source authentication using assume_role:
data "amazon-secretsmanager" "basic-example" {
name = "packer_test_secret"
key = "packer_test_key"
assume_role {
role_arn = "arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME"
session_name = "SESSION_NAME"
external_id = "EXTERNAL_ID"
}
}