linuxamazon-web-servicesaws-cliaws-secrets-manager

Parsing secrets from AWS secrets manager using AWS cli


I am retrieving secrets I have stored in AWS secrets manager with the AWS cli like this:

aws secretsmanager get-secret-value --secret-id secrets

Which returns

arn:aws:secretsmanager<ID>:secret:my_secrets <number> my_secrets {"API_KEY":"ABCDEFGHI"}       <UUID string>
VERSIONSTAGES   AWSCURRENT

Does anyone know how I only get the secret ("API_KEY": "ABCDEFGHI")? I need to move these secrets to my register-task-definition environment variables. The best way would be to store them in a file and delete it after us or store them in variable. It is running on a linux machine.


Solution

  • Use the --query option of the CLI to extract just the secret.

    aws secretsmanager get-secret-value --secret-id secrets --query SecretString --output text