Aws Secrets Manager
AWS Secrets Manager Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.5.0 and later.
AWS Secrets Manager helps you to securely encrypt, store, and retrieve credentials for your databases and other services. This integration was integrated and tested with version 1.0 of AwsSecretsManager
#
Configure Aws Secrets Manager in CortexParameter | Description | Required |
---|---|---|
AWS Default Region | True | |
Role Arn | False | |
Role Session Name | False | |
Role Session Duration | False | |
Access Key | False | |
Secret Key | False | |
Timeout | The time in seconds until a timeout exception is reached. You can specify just the read timeout (for example 60) or also the connect timeout separated from the read timeout with a comma (for example 60,10). If a connect timeout is not specified, a default of 10 second will be used. | False |
Retries | The maximum number of retry attempts when connection or throttling errors are encountered. Set to 0 to disable retries. The default value is 5 and the limit is 10. Note: Increasing the number of retries will increase the execution time. | False |
Fetches credentials | False | |
AWS STS Regional Endpoints | Sets the AWS_STS_REGIONAL_ENDPOINTS environment variable to specify the AWS STS endpoint resolution logic. By default, this option is set to “legacy” in AWS. Leave empty if the environment variable is already set using server configuration. | False |
Use system proxy settings | False | |
Trust any certificate (not secure) | False | |
Disable sensitive commands | Disables the following sensitive commands from running: aws-secrets-manager-secret–value-get. | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
aws-secrets-manager-secret-listRetrieve all secrets.
#
Base Commandaws-secrets-manager-secret-list
#
InputArgument Name | Description | Required |
---|---|---|
description | Description field to filter by. | Optional |
name | Secret name. | Optional |
tag_key | Tag key to filter by. | Optional |
tag_value | Tag value to filter by. | Optional |
general_search | Search in all possible fields. | Optional |
sort | Direction by which to display the results. Possible values are: Asc, Desc. | Optional |
limit | Number of total results to query. | Optional |
page | Specific page to query. | Optional |
page_size | Number of total results in each page. | Optional |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.SecretsManager.Secret.ResponseMetadata.HTTPHeaders.content-length | String | The length of the HTTP header response content. |
AWS.SecretsManager.Secret.ResponseMetadata.HTTPHeaders.content-type | String | The type of the HTTP header response content. |
AWS.SecretsManager.Secret.ResponseMetadata.HTTPHeaders.date | Date | The date of the HTTP header response. |
AWS.SecretsManager.Secret.ResponseMetadata.HTTPHeaders.x-amzn-requestid | String | The ID of the HTTP header Amazon request. |
AWS.SecretsManager.Secret.ResponseMetadata.HTTPStatusCode | Number | The status code in the HTTP header. |
AWS.SecretsManager.Secret.ResponseMetadata.RequestId | String | The ID of the HTTP header response request. |
AWS.SecretsManager.Secret.ResponseMetadata.RetryAttempts | Number | The number of HTTP header response retry attempts. |
AWS.SecretsManager.Secret.SecretList.ARN | String | The secret ARN. |
AWS.SecretsManager.Secret.SecretList.CreatedDate | Date | The date and time this version of the secret was created. |
AWS.SecretsManager.Secret.SecretList.LastAccessedDate | Date | The date the secret was last accessed. |
AWS.SecretsManager.Secret.SecretList.LastChangedDate | Date | The date the secret was last changed. |
AWS.SecretsManager.Secret.SecretList.Name | String | The secret name. |
AWS.SecretsManager.Secret.SecretList.SecretVersionsToStages.c88e2176-aca4-4776-a422-c3a0616079bc | String | The SecretVersionStage staging labels for the provided hash. |
AWS.SecretsManager.Secret.SecretList.SecretVersionsToStages.5889c662-13a6-4318-bec3-b234fcae3826 | String | The SecretVersionStage staging labels for the provided hash. |
AWS.SecretsManager.Secret.SecretList.SecretVersionsToStages.f2a389e8-3860-47a0-b4a0-16424ad63a24 | String | The SecretVersionStage staging labels for the provided hash. |
AWS.SecretsManager.Secret.SecretList.Description | String | The secret description. |
AWS.SecretsManager.Secret.SecretList.SecretVersionsToStages.01cba660-28be-45d7-8597-d1ab295b0f35 | String | The SecretVersionStage staging labels for the provided hash. |
AWS.SecretsManager.Secret.SecretList.SecretVersionsToStages.ac32e535-79e7-4188-a732-7f02dbe399f0 | String | The SecretVersionStage staging labels for the provided hash. |
#
Command example!aws-secrets-manager-secret-list
#
Context Example#
Human Readable Output#
AWS Secrets List
ARN Description LastAccessedDate Name arn:aws:secretsmanager:eu-central-1:123456789012㊙️fdff-vnNyyc 2022-10-23T13:40:55 fdff arn:aws:secretsmanager:eu-central-1:123456789012㊙️gmail-oF08mg 2022-08-31T09:47:24 gmail arn:aws:secretsmanager:eu-central-1:123456789012㊙️DB_credentials-3ic9K7 2022-08-31T09:45:33 DB_credentials arn:aws:secretsmanager:eu-central-1:123456789012㊙️test_account new description 2022-09-08T07:14:13 test_for_moishy
#
aws-secrets-manager-secret–value-getRetrieve a secret value by key.
#
Base Commandaws-secrets-manager-secret–value-get
#
InputArgument Name | Description | Required |
---|---|---|
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
secret_id | The ID of the secret or ARN. | Required |
version_id | The version ID of the secret. | Optional |
version_stage | The version stage of the secret. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.SecretsManager.Secret.SecretValue.ARN | String | The secret ARN. |
AWS.SecretsManager.Secret.SecretValue.Name | String | The secret name. |
AWS.SecretsManager.Secret.SecretValue.VersionId | String | The secret version ID. |
AWS.SecretsManager.Secret.SecretValue.SecretString | String | The secret value. |
AWS.SecretsManager.Secret.SecretValue.VersionStages | String | A list of all of the staging labels currently attached to this version of the secret. |
AWS.SecretsManager.Secret.SecretValue.CreatedDate | Date | The date and time this version of the secret was created. |
AWS.SecretsManager.Secret.SecretValue.ResponseMetadata.RequestId | String | The ID of the HTTP header response request. |
AWS.SecretsManager.Secret.SecretValue.ResponseMetadata.HTTPStatusCode | Number | The status code in the HTTP header. |
AWS.SecretsManager.Secret.SecretValue.ResponseMetadata.HTTPHeaders.x-amzn-requestid | String | The ID of the HTTP header Amazon request. |
AWS.SecretsManager.Secret.SecretValue.ResponseMetadata.HTTPHeaders.content-type | String | The type of the HTTP header response content. |
AWS.SecretsManager.Secret.SecretValue.ResponseMetadata.HTTPHeaders.content-length | String | The length of the HTTP header response content. |
AWS.SecretsManager.Secret.SecretValue.ResponseMetadata.HTTPHeaders.date | Date | The date of the HTTP header response. |
AWS.SecretsManager.Secret.SecretValue.ResponseMetadata.RetryAttempts | Number | The number of HTTP header response retry attempts. |
#
Command example!aws-secrets-manager-secret–value-get secret_id="fdff"
#
Context Example#
Human Readable Output#
AWS Get Secret
ARN CreatedDate Name SecretBinary SecretString arn:aws:secretsmanager:eu-central-1:123456789012㊙️fdff-vnNyyc 2022-09-04T09:10:13 fdff {"password":"cvcvcv","username":"cvcvcv"}
#
aws-secrets-manager-secret–deleteDelete a specific secret.
#
Base Commandaws-secrets-manager-secret–delete
#
InputArgument Name | Description | Required |
---|---|---|
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
secret_id | The ID of the secret or ARN. | Required |
delete_immediately | Delete with grace period. | Optional |
days_of_recovery | The number of days allowed to restore the secret (default in AWS - 30 days). | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!aws-secrets-manager-secret–delete secret_id="fdff"
#
Human Readable OutputThe Secret was Deleted
#
aws-secrets-manager-secret–restoreRestore a specific secret after deletion.
#
Base Commandaws-secrets-manager-secret–restore
#
InputArgument Name | Description | Required |
---|---|---|
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
secret_id | The ID of the secret or ARN. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!aws-secrets-manager-secret–restore secret_id="fdff"
#
Human Readable Outputthe secret was restored successfully
#
aws-secrets-manager-secret–policy-getGet the Secret Manager policy for a specific secret.
#
Base Commandaws-secrets-manager-secret–policy-get
#
InputArgument Name | Description | Required |
---|---|---|
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
secret_id | The ID of the secret or ARN. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.SecretsManager.Policy.ARN | String | The policy ARN. |
AWS.SecretsManager.Policy.Name | String | The policy name. |
AWS.SecretsManager.Policy.ResponseMetadata.RequestId | String | The ID of the HTTP header response request. |
AWS.SecretsManager.Policy.ResponseMetadata.HTTPStatusCode | Number | The status code in the HTTP header. |
AWS.SecretsManager.Policy.ResponseMetadata.HTTPHeaders.x-amzn-requestid | String | The ID of the HTTP header Amazon request. |
AWS.SecretsManager.Policy.ResponseMetadata.HTTPHeaders.content-type | String | The type of the HTTP header response content. |
AWS.SecretsManager.Policy.ResponseMetadata.HTTPHeaders.content-length | String | The length of the HTTP header response content. |
AWS.SecretsManager.Policy.ResponseMetadata.HTTPHeaders.date | Date | The date of the HTTP header response. |
AWS.SecretsManager.Policy.ResponseMetadata.RetryAttempts | Number | The number of HTTP header response retry attempts. |
#
Command example!aws-secrets-manager-secret–policy-get secret_id="fdff"
#
Context Example#
Human Readable Output#
AWS Secret Policy
ARN Name Policy arn:aws:secretsmanager:eu-central-1:123456789012㊙️fdff-vnNyyc fdff