Aws Secrets Manager
AWS Secrets Manager Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.5.0 and later.
AWS Secrets Manager helps you to securely encrypt, store, and retrieve credentials for your databases and other services. This integration was integrated and tested with version 1.0 of AwsSecretsManager
#
Configure Aws Secrets Manager on Cortex XSOARNavigate to Settings > Integrations > Servers & Services.
Search for Aws Secrets Manager.
Click Add instance to create and configure a new integration instance.
Parameter Description Required AWS Default Region True Role Arn False Role Session Name False Role Session Duration False Access Key False Secret Key False Timeout The time in seconds until a timeout exception is reached. You can specify just the read timeout (for example 60) or also the connect timeout separated from the read timeout with a comma (for example 60,10). If a connect timeout is not specified, a default of 10 second will be used. False Retries The maximum number of retry attempts when connection or throttling errors are encountered. Set to 0 to disable retries. The default value is 5 and the limit is 10. Note: Increasing the number of retries will increase the execution time. False Fetches credentials False Use system proxy settings False Trust any certificate (not secure) False Click Test to validate the URLs, token, and connection.
#
CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
aws-secrets-manager-secret-listRetrieve all secrets.
#
Base Commandaws-secrets-manager-secret-list
#
InputArgument Name | Description | Required |
---|---|---|
description | Description field to filter by. | Optional |
name | Secret name. | Optional |
tag_key | Tag key to filter by. | Optional |
tag_value | Tag value to filter by. | Optional |
general_search | Search in all possible fields. | Optional |
sort | Direction by which to display the results. Possible values are: Asc, Desc. | Optional |
limit | Number of total results to query. | Optional |
page | Specific page to query. | Optional |
page_size | Number of total results in each page. | Optional |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.SecretsManager.Secret.ResponseMetadata.HTTPHeaders.content-length | String | The length of the HTTP header response content. |
AWS.SecretsManager.Secret.ResponseMetadata.HTTPHeaders.content-type | String | The type of the HTTP header response content. |
AWS.SecretsManager.Secret.ResponseMetadata.HTTPHeaders.date | Date | The date of the HTTP header response. |
AWS.SecretsManager.Secret.ResponseMetadata.HTTPHeaders.x-amzn-requestid | String | The ID of the HTTP header Amazon request. |
AWS.SecretsManager.Secret.ResponseMetadata.HTTPStatusCode | Number | The status code in the HTTP header. |
AWS.SecretsManager.Secret.ResponseMetadata.RequestId | String | The ID of the HTTP header response request. |
AWS.SecretsManager.Secret.ResponseMetadata.RetryAttempts | Number | The number of HTTP header response retry attempts. |
AWS.SecretsManager.Secret.SecretList.ARN | String | The secret ARN. |
AWS.SecretsManager.Secret.SecretList.CreatedDate | Date | The date and time this version of the secret was created. |
AWS.SecretsManager.Secret.SecretList.LastAccessedDate | Date | The date the secret was last accessed. |
AWS.SecretsManager.Secret.SecretList.LastChangedDate | Date | The date the secret was last changed. |
AWS.SecretsManager.Secret.SecretList.Name | String | The secret name. |
AWS.SecretsManager.Secret.SecretList.SecretVersionsToStages.c88e2176-aca4-4776-a422-c3a0616079bc | String | The SecretVersionStage staging labels for the provided hash. |
AWS.SecretsManager.Secret.SecretList.SecretVersionsToStages.5889c662-13a6-4318-bec3-b234fcae3826 | String | The SecretVersionStage staging labels for the provided hash. |
AWS.SecretsManager.Secret.SecretList.SecretVersionsToStages.f2a389e8-3860-47a0-b4a0-16424ad63a24 | String | The SecretVersionStage staging labels for the provided hash. |
AWS.SecretsManager.Secret.SecretList.Description | String | The secret description. |
AWS.SecretsManager.Secret.SecretList.SecretVersionsToStages.01cba660-28be-45d7-8597-d1ab295b0f35 | String | The SecretVersionStage staging labels for the provided hash. |
AWS.SecretsManager.Secret.SecretList.SecretVersionsToStages.ac32e535-79e7-4188-a732-7f02dbe399f0 | String | The SecretVersionStage staging labels for the provided hash. |
#
Command example!aws-secrets-manager-secret-list
#
Context Example#
Human Readable Output#
AWS Secrets List
ARN Description LastAccessedDate Name arn:aws:secretsmanager:eu-central-1:123456789012㊙️fdff-vnNyyc 2022-10-23T13:40:55 fdff arn:aws:secretsmanager:eu-central-1:123456789012㊙️gmail-oF08mg 2022-08-31T09:47:24 gmail arn:aws:secretsmanager:eu-central-1:123456789012㊙️DB_credentials-3ic9K7 2022-08-31T09:45:33 DB_credentials arn:aws:secretsmanager:eu-central-1:123456789012㊙️test_account new description 2022-09-08T07:14:13 test_for_moishy
#
aws-secrets-manager-secret–value-getRetrieve a secret value by key.
#
Base Commandaws-secrets-manager-secret–value-get
#
InputArgument Name | Description | Required |
---|---|---|
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
secret_id | The ID of the secret or ARN. | Required |
version_id | The version ID of the secret. | Optional |
version_stage | The version stage of the secret. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.SecretsManager.Secret.SecretValue.ARN | String | The secret ARN. |
AWS.SecretsManager.Secret.SecretValue.Name | String | The secret name. |
AWS.SecretsManager.Secret.SecretValue.VersionId | String | The secret version ID. |
AWS.SecretsManager.Secret.SecretValue.SecretString | String | The secret value. |
AWS.SecretsManager.Secret.SecretValue.VersionStages | String | A list of all of the staging labels currently attached to this version of the secret. |
AWS.SecretsManager.Secret.SecretValue.CreatedDate | Date | The date and time this version of the secret was created. |
AWS.SecretsManager.Secret.SecretValue.ResponseMetadata.RequestId | String | The ID of the HTTP header response request. |
AWS.SecretsManager.Secret.SecretValue.ResponseMetadata.HTTPStatusCode | Number | The status code in the HTTP header. |
AWS.SecretsManager.Secret.SecretValue.ResponseMetadata.HTTPHeaders.x-amzn-requestid | String | The ID of the HTTP header Amazon request. |
AWS.SecretsManager.Secret.SecretValue.ResponseMetadata.HTTPHeaders.content-type | String | The type of the HTTP header response content. |
AWS.SecretsManager.Secret.SecretValue.ResponseMetadata.HTTPHeaders.content-length | String | The length of the HTTP header response content. |
AWS.SecretsManager.Secret.SecretValue.ResponseMetadata.HTTPHeaders.date | Date | The date of the HTTP header response. |
AWS.SecretsManager.Secret.SecretValue.ResponseMetadata.RetryAttempts | Number | The number of HTTP header response retry attempts. |
#
Command example!aws-secrets-manager-secret–value-get secret_id="fdff"
#
Context Example#
Human Readable Output#
AWS Get Secret
ARN CreatedDate Name SecretBinary SecretString arn:aws:secretsmanager:eu-central-1:123456789012㊙️fdff-vnNyyc 2022-09-04T09:10:13 fdff {"password":"cvcvcv","username":"cvcvcv"}
#
aws-secrets-manager-secret–deleteDelete a specific secret.
#
Base Commandaws-secrets-manager-secret–delete
#
InputArgument Name | Description | Required |
---|---|---|
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
secret_id | The ID of the secret or ARN. | Required |
delete_immediately | Delete with grace period. | Optional |
days_of_recovery | The number of days allowed to restore the secret (default in AWS - 30 days). | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!aws-secrets-manager-secret–delete secret_id="fdff"
#
Human Readable OutputThe Secret was Deleted
#
aws-secrets-manager-secret–restoreRestore a specific secret after deletion.
#
Base Commandaws-secrets-manager-secret–restore
#
InputArgument Name | Description | Required |
---|---|---|
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
secret_id | The ID of the secret or ARN. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!aws-secrets-manager-secret–restore secret_id="fdff"
#
Human Readable Outputthe secret was restored successfully
#
aws-secrets-manager-secret–policy-getGet the Secret Manager policy for a specific secret.
#
Base Commandaws-secrets-manager-secret–policy-get
#
InputArgument Name | Description | Required |
---|---|---|
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
secret_id | The ID of the secret or ARN. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.SecretsManager.Policy.ARN | String | The policy ARN. |
AWS.SecretsManager.Policy.Name | String | The policy name. |
AWS.SecretsManager.Policy.ResponseMetadata.RequestId | String | The ID of the HTTP header response request. |
AWS.SecretsManager.Policy.ResponseMetadata.HTTPStatusCode | Number | The status code in the HTTP header. |
AWS.SecretsManager.Policy.ResponseMetadata.HTTPHeaders.x-amzn-requestid | String | The ID of the HTTP header Amazon request. |
AWS.SecretsManager.Policy.ResponseMetadata.HTTPHeaders.content-type | String | The type of the HTTP header response content. |
AWS.SecretsManager.Policy.ResponseMetadata.HTTPHeaders.content-length | String | The length of the HTTP header response content. |
AWS.SecretsManager.Policy.ResponseMetadata.HTTPHeaders.date | Date | The date of the HTTP header response. |
AWS.SecretsManager.Policy.ResponseMetadata.RetryAttempts | Number | The number of HTTP header response retry attempts. |
#
Command example!aws-secrets-manager-secret–policy-get secret_id="fdff"
#
Context Example#
Human Readable Output#
AWS Secret Policy
ARN Name Policy arn:aws:secretsmanager:eu-central-1:123456789012㊙️fdff-vnNyyc fdff