MasterUserSecret - Amazon Relational Database Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Contains the secret managed by RDS in Amazon Secrets Manager for the master user password.

For more information, see Password management with Amazon Secrets Manager in the Amazon RDS User Guide and Password management with Amazon Secrets Manager in the Amazon Aurora User Guide.



In the following list, the required parameters are described first.


The Amazon KMS key identifier that is used to encrypt the secret.

Type: String

Required: No


The Amazon Resource Name (ARN) of the secret.

Type: String

Required: No


The status of the secret.

The possible status values include the following:

  • creating - The secret is being created.

  • active - The secret is available for normal use and rotation.

  • rotating - The secret is being rotated.

  • impaired - The secret can be used to access database credentials, but it can't be rotated. A secret might have this status if, for example, permissions are changed so that RDS can no longer access either the secret or the KMS key for the secret.

    When a secret has this status, you can correct the condition that caused the status. Alternatively, modify the DB instance to turn off automatic management of database credentials, and then modify the DB instance again to turn on automatic management of database credentials.

Type: String

Required: No

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: