CmkSecretConfig - Amazon DataSync
ContentsSee Also
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

CmkSecretConfig

Specifies configuration information for a DataSync-managed secret, such as an authentication token or secret key that DataSync uses to access a specific storage location, with a customer-managed Amazon KMS key.

Note

You can use either CmkSecretConfig or CustomSecretConfig to provide credentials for a CreateLocation request. Do not provide both parameters for the same request.

Contents

KmsKeyArn

Specifies the ARN for the customer-managed Amazon KMS key that DataSync uses to encrypt the DataSync-managed secret stored for SecretArn. DataSync provides this key to Amazon Secrets Manager.

Type: String

Length Constraints: Maximum length of 2048.

Pattern: ^(arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):kms:[a-z\-0-9]+:[0-9]{12}:key/.*|)$

Required: No

SecretArn

Specifies the ARN for the DataSync-managed Amazon Secrets Manager secret that that is used to access a specific storage location. This property is generated by DataSync and is read-only. DataSync encrypts this secret with the KMS key that you specify for KmsKeyArn.

Type: String

Length Constraints: Maximum length of 2048.

Pattern: ^(arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):secretsmanager:[a-z\-0-9]+:[0-9]{12}:secret:.*|)$

Required: No

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: