Skip to main content

Aws Secrets Manager

This Integration is part of the AWS Secrets Manager Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

AWS Secrets Manager helps you to securely encrypt, store, and retrieve credentials for your databases and other services. This integration was integrated and tested with version 1.0 of AwsSecretsManager

Configure Aws Secrets Manager on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Aws Secrets Manager.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    AWS Default RegionTrue
    Role ArnFalse
    Role Session NameFalse
    Role Session DurationFalse
    Access KeyFalse
    Secret KeyFalse
    TimeoutThe time in seconds until a timeout exception is reached. You can specify just the read timeout (for example 60) or also the connect timeout separated from the read timeout with a comma (for example 60,10). If a connect timeout is not specified, a default of 10 second will be used.False
    RetriesThe maximum number of retry attempts when connection or throttling errors are encountered. Set to 0 to disable retries. The default value is 5 and the limit is 10. Note: Increasing the number of retries will increase the execution time.False
    Fetches credentialsFalse
    AWS STS Regional EndpointsSets the AWS_STS_REGIONAL_ENDPOINTS environment variable to specify the AWS STS endpoint resolution logic. By default, this option is set to “legacy” in AWS. Leave empty if the environment variable is already set using server configuration.False
    Use system proxy settingsFalse
    Trust any certificate (not secure)False
    Disable sensitive commandsDisables the following sensitive commands from running: aws-secrets-manager-secret–value-get.False
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

aws-secrets-manager-secret-list#


Retrieve all secrets.

Base Command#

aws-secrets-manager-secret-list

Input#

Argument NameDescriptionRequired
descriptionDescription field to filter by.Optional
nameSecret name.Optional
tag_keyTag key to filter by.Optional
tag_valueTag value to filter by.Optional
general_searchSearch in all possible fields.Optional
sortDirection by which to display the results. Possible values are: Asc, Desc.Optional
limitNumber of total results to query.Optional
pageSpecific page to query.Optional
page_sizeNumber of total results in each page.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.SecretsManager.Secret.ResponseMetadata.HTTPHeaders.content-lengthStringThe length of the HTTP header response content.
AWS.SecretsManager.Secret.ResponseMetadata.HTTPHeaders.content-typeStringThe type of the HTTP header response content.
AWS.SecretsManager.Secret.ResponseMetadata.HTTPHeaders.dateDateThe date of the HTTP header response.
AWS.SecretsManager.Secret.ResponseMetadata.HTTPHeaders.x-amzn-requestidStringThe ID of the HTTP header Amazon request.
AWS.SecretsManager.Secret.ResponseMetadata.HTTPStatusCodeNumberThe status code in the HTTP header.
AWS.SecretsManager.Secret.ResponseMetadata.RequestIdStringThe ID of the HTTP header response request.
AWS.SecretsManager.Secret.ResponseMetadata.RetryAttemptsNumberThe number of HTTP header response retry attempts.
AWS.SecretsManager.Secret.SecretList.ARNStringThe secret ARN.
AWS.SecretsManager.Secret.SecretList.CreatedDateDateThe date and time this version of the secret was created.
AWS.SecretsManager.Secret.SecretList.LastAccessedDateDateThe date the secret was last accessed.
AWS.SecretsManager.Secret.SecretList.LastChangedDateDateThe date the secret was last changed.
AWS.SecretsManager.Secret.SecretList.NameStringThe secret name.
AWS.SecretsManager.Secret.SecretList.SecretVersionsToStages.c88e2176-aca4-4776-a422-c3a0616079bcStringThe SecretVersionStage staging labels for the provided hash.
AWS.SecretsManager.Secret.SecretList.SecretVersionsToStages.5889c662-13a6-4318-bec3-b234fcae3826StringThe SecretVersionStage staging labels for the provided hash.
AWS.SecretsManager.Secret.SecretList.SecretVersionsToStages.f2a389e8-3860-47a0-b4a0-16424ad63a24StringThe SecretVersionStage staging labels for the provided hash.
AWS.SecretsManager.Secret.SecretList.DescriptionStringThe secret description.
AWS.SecretsManager.Secret.SecretList.SecretVersionsToStages.01cba660-28be-45d7-8597-d1ab295b0f35StringThe SecretVersionStage staging labels for the provided hash.
AWS.SecretsManager.Secret.SecretList.SecretVersionsToStages.ac32e535-79e7-4188-a732-7f02dbe399f0StringThe SecretVersionStage staging labels for the provided hash.

Command example#

!aws-secrets-manager-secret-list

Context Example#

{
"AWS": {
"SecretsManager": {
"Secret": {
"ResponseMetadata": {
"HTTPHeaders": {
"content-length": "1267",
"content-type": "application/x-amz-json-1.1",
"date": "Sun, 23 Oct 2022 13:41:30 GMT",
"x-amzn-requestid": "615f197f-c54c-4c45-be33-1064ae9652a5"
},
"HTTPStatusCode": 200,
"RequestId": "615f197f-c54c-4c45-be33-1064ae9652a5",
"RetryAttempts": 0
},
"SecretList": [
{
"ARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:fdff-vnNyyc",
"CreatedDate": "2022-09-04T09:10:12",
"LastAccessedDate": "2022-10-23T00:00:00",
"LastChangedDate": "2022-10-23T13:40:55",
"Name": "fdff",
"SecretVersionsToStages": {
"c88e2176-aca4-4776-a422-c3a0616079bc": [
"AWSCURRENT"
]
},
"Tags": []
},
{
"ARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:gmail-oF08mg",
"CreatedDate": "2022-08-31T09:47:24",
"LastAccessedDate": "2022-10-23T00:00:00",
"LastChangedDate": "2022-08-31T09:47:24",
"Name": "gmail",
"SecretVersionsToStages": {
"5889c662-13a6-4318-bec3-b234fcae3826": [
"AWSCURRENT"
]
},
"Tags": []
},
{
"ARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:DB_credentials-3ic9K7",
"CreatedDate": "2022-08-31T09:45:33",
"LastAccessedDate": "2022-10-23T00:00:00",
"LastChangedDate": "2022-08-31T09:45:33",
"Name": "DB_credentials",
"SecretVersionsToStages": {
"f2a389e8-3860-47a0-b4a0-16424ad63a24": [
"AWSCURRENT"
]
},
"Tags": []
},
{
"ARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:test_account",
"CreatedDate": "2022-08-21T13:54:05",
"Description": "new description",
"LastAccessedDate": "2022-10-23T00:00:00",
"LastChangedDate": "2022-09-08T07:14:13",
"Name": "test_for_moishy",
"SecretVersionsToStages": {
"01cba660-28be-45d7-8597-d1ab295b0f35": [
"AWSCURRENT"
],
"ac32e535-79e7-4188-a732-7f02dbe399f0": [
"AWSPREVIOUS"
]
},
"Tags": []
}
]
}
}
}
}

Human Readable Output#

AWS Secrets List#

ARNDescriptionLastAccessedDateName
arn:aws:secretsmanager:eu-central-1:123456789012㊙️fdff-vnNyyc2022-10-23T13:40:55fdff
arn:aws:secretsmanager:eu-central-1:123456789012㊙️gmail-oF08mg2022-08-31T09:47:24gmail
arn:aws:secretsmanager:eu-central-1:123456789012㊙️DB_credentials-3ic9K72022-08-31T09:45:33DB_credentials
arn:aws:secretsmanager:eu-central-1:123456789012㊙️test_accountnew description2022-09-08T07:14:13test_for_moishy

aws-secrets-manager-secret–value-get#


Retrieve a secret value by key.

Base Command#

aws-secrets-manager-secret–value-get

Input#

Argument NameDescriptionRequired
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
secret_idThe ID of the secret or ARN.Required
version_idThe version ID of the secret.Optional
version_stageThe version stage of the secret.Optional

Context Output#

PathTypeDescription
AWS.SecretsManager.Secret.SecretValue.ARNStringThe secret ARN.
AWS.SecretsManager.Secret.SecretValue.NameStringThe secret name.
AWS.SecretsManager.Secret.SecretValue.VersionIdStringThe secret version ID.
AWS.SecretsManager.Secret.SecretValue.SecretStringStringThe secret value.
AWS.SecretsManager.Secret.SecretValue.VersionStagesStringA list of all of the staging labels currently attached to this version of the secret.
AWS.SecretsManager.Secret.SecretValue.CreatedDateDateThe date and time this version of the secret was created.
AWS.SecretsManager.Secret.SecretValue.ResponseMetadata.RequestIdStringThe ID of the HTTP header response request.
AWS.SecretsManager.Secret.SecretValue.ResponseMetadata.HTTPStatusCodeNumberThe status code in the HTTP header.
AWS.SecretsManager.Secret.SecretValue.ResponseMetadata.HTTPHeaders.x-amzn-requestidStringThe ID of the HTTP header Amazon request.
AWS.SecretsManager.Secret.SecretValue.ResponseMetadata.HTTPHeaders.content-typeStringThe type of the HTTP header response content.
AWS.SecretsManager.Secret.SecretValue.ResponseMetadata.HTTPHeaders.content-lengthStringThe length of the HTTP header response content.
AWS.SecretsManager.Secret.SecretValue.ResponseMetadata.HTTPHeaders.dateDateThe date of the HTTP header response.
AWS.SecretsManager.Secret.SecretValue.ResponseMetadata.RetryAttemptsNumberThe number of HTTP header response retry attempts.

Command example#

!aws-secrets-manager-secret–value-get secret_id="fdff"

Context Example#

{
"AWS": {
"SecretsManager": {
"Secret": {
"SecretValue": {
"ARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:fdff-vnNyyc",
"CreatedDate": "2022-09-04T09:10:13",
"Name": "fdff",
"ResponseMetadata": {
"HTTPHeaders": {
"content-length": "271",
"content-type": "application/x-amz-json-1.1",
"date": "Sun, 23 Oct 2022 13:41:27 GMT",
"x-amzn-requestid": "cc592da7-198b-483c-a106-e91bdbe59e30"
},
"HTTPStatusCode": 200,
"RequestId": "cc592da7-198b-483c-a106-e91bdbe59e30",
"RetryAttempts": 0
},
"SecretString": "{\"password\":\"cvcvcv\",\"username\":\"cvcvcv\"}",
"VersionId": "c88e2176-aca4-4776-a422-c3a0616079bc",
"VersionStages": [
"AWSCURRENT"
]
}
}
}
}
}

Human Readable Output#

AWS Get Secret#

ARNCreatedDateNameSecretBinarySecretString
arn:aws:secretsmanager:eu-central-1:123456789012㊙️fdff-vnNyyc2022-09-04T09:10:13fdff{"password":"cvcvcv","username":"cvcvcv"}

aws-secrets-manager-secret–delete#


Delete a specific secret.

Base Command#

aws-secrets-manager-secret–delete

Input#

Argument NameDescriptionRequired
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
secret_idThe ID of the secret or ARN.Required
delete_immediatelyDelete with grace period.Optional
days_of_recoveryThe number of days allowed to restore the secret (default in AWS - 30 days).Optional

Context Output#

There is no context output for this command.

Command example#

!aws-secrets-manager-secret–delete secret_id="fdff"

Human Readable Output#

The Secret was Deleted

aws-secrets-manager-secret–restore#


Restore a specific secret after deletion.

Base Command#

aws-secrets-manager-secret–restore

Input#

Argument NameDescriptionRequired
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
secret_idThe ID of the secret or ARN.Required

Context Output#

There is no context output for this command.

Command example#

!aws-secrets-manager-secret–restore secret_id="fdff"

Human Readable Output#

the secret was restored successfully

aws-secrets-manager-secret–policy-get#


Get the Secret Manager policy for a specific secret.

Base Command#

aws-secrets-manager-secret–policy-get

Input#

Argument NameDescriptionRequired
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
secret_idThe ID of the secret or ARN.Required

Context Output#

PathTypeDescription
AWS.SecretsManager.Policy.ARNStringThe policy ARN.
AWS.SecretsManager.Policy.NameStringThe policy name.
AWS.SecretsManager.Policy.ResponseMetadata.RequestIdStringThe ID of the HTTP header response request.
AWS.SecretsManager.Policy.ResponseMetadata.HTTPStatusCodeNumberThe status code in the HTTP header.
AWS.SecretsManager.Policy.ResponseMetadata.HTTPHeaders.x-amzn-requestidStringThe ID of the HTTP header Amazon request.
AWS.SecretsManager.Policy.ResponseMetadata.HTTPHeaders.content-typeStringThe type of the HTTP header response content.
AWS.SecretsManager.Policy.ResponseMetadata.HTTPHeaders.content-lengthStringThe length of the HTTP header response content.
AWS.SecretsManager.Policy.ResponseMetadata.HTTPHeaders.dateDateThe date of the HTTP header response.
AWS.SecretsManager.Policy.ResponseMetadata.RetryAttemptsNumberThe number of HTTP header response retry attempts.

Command example#

!aws-secrets-manager-secret–policy-get secret_id="fdff"

Context Example#

{
"AWS": {
"SecretsManager": {
"Policy": {
"ARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:fdff-vnNyyc",
"Name": "fdff",
"ResponseMetadata": {
"HTTPHeaders": {
"content-length": "91",
"content-type": "application/x-amz-json-1.1",
"date": "Sun, 23 Oct 2022 13:41:28 GMT",
"x-amzn-requestid": "b49e5847-387f-44a8-b7c8-a37540e89ad1"
},
"HTTPStatusCode": 200,
"RequestId": "b49e5847-387f-44a8-b7c8-a37540e89ad1",
"RetryAttempts": 0
}
}
}
}
}

Human Readable Output#

AWS Secret Policy#

ARNNamePolicy
arn:aws:secretsmanager:eu-central-1:123456789012㊙️fdff-vnNyycfdff