ListSecrets - Amazon Secrets Manager
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.


Lists all of the secrets that are stored by Secrets Manager in the Amazon account. To list the versions currently stored for a specific secret, use ListSecretVersionIds . The encrypted fields SecretString and SecretBinary are not included in the output. To get that information, call the GetSecretValue operation.


Always check the NextToken response parameter when calling any of the List* operations. These operations can occasionally return an empty or shorter than expected list of results even when there more results become available. When this happens, the NextToken response parameter contains a value to pass to the next call to the same API to request the next part of the list.

Minimum permissions

To run this command, you must have the following permissions:

  • secretsmanager:ListSecrets

Related operations

Request Syntax

{ "Filters": [ { "Key": "string", "Values": [ "string" ] } ], "MaxResults": number, "NextToken": "string", "SortOrder": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.


Lists the secret request filters.

Type: Array of Filter objects

Array Members: Maximum number of 10 items.

Required: No


(Optional) Limits the number of results you want to include in the response. If you don't include this parameter, it defaults to a value that's specific to the operation. If additional items exist beyond the maximum you specify, the NextToken response element is present and has a value (isn't null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that Secrets Manager might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

Type: Integer

Valid Range: Minimum value of 1. Maximum value of 100.

Required: No


(Optional) Use this parameter in a request if you receive a NextToken response in a previous request indicating there's more output available. In a subsequent call, set it to the value of the previous call NextToken response to indicate where the output should continue from.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 4096.

Required: No


Lists secrets in the requested order.

Type: String

Valid Values: asc | desc

Required: No

Response Syntax

{ "NextToken": "string", "SecretList": [ { "ARN": "string", "CreatedDate": number, "DeletedDate": number, "Description": "string", "KmsKeyId": "string", "LastAccessedDate": number, "LastChangedDate": number, "LastRotatedDate": number, "Name": "string", "OwningService": "string", "PrimaryRegion": "string", "RotationEnabled": boolean, "RotationLambdaARN": "string", "RotationRules": { "AutomaticallyAfterDays": number }, "SecretVersionsToStages": { "string" : [ "string" ] }, "Tags": [ { "Key": "string", "Value": "string" } ] } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


If present in the response, this value indicates that there's more output available than included in the current response. This can occur even when the response includes no values at all, such as when you ask for a filtered view of a very long list. Use this value in the NextToken request parameter in a subsequent call to the operation to continue processing and get the next part of the output. You should repeat this until the NextToken response element comes back empty (as null).

Type: String

Length Constraints: Minimum length of 1. Maximum length of 4096.


A list of the secrets in the account.

Type: Array of SecretListEntry objects


For information about the errors that are common to all actions, see Common Errors.


An error occurred on the server side.

HTTP Status Code: 500


You provided an invalid NextToken value.

HTTP Status Code: 400


You provided an invalid value for a parameter.

HTTP Status Code: 400



The following example shows how to list all of the secrets in the account. The JSON request string input and response output displays formatted code with white space and line breaks for better readability. Submit your input as a single line JSON string.

Sample Request

POST / HTTP/1.1 Host: secretsmanager.region.domain Accept-Encoding: identity X-Amz-Target: secretsmanager.ListSecrets Content-Type: application/x-amz-json-1.1 User-Agent: <user-agent-string> X-Amz-Date: <date> Authorization: AWS4-HMAC-SHA256 Credential=<credentials>,SignedHeaders=<headers>, Signature=<signature> Content-Length: <payload-size-bytes> {}

Sample Response

HTTP/1.1 200 OK Date: <date> Content-Type: application/x-amz-json-1.1 Content-Length: <response-size-bytes> Connection: keep-alive x-amzn-RequestId: <request-id-guid> { "SecretList":[ { "ARN":"arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3", "Description":"My test database secret", "LastChangedDate":1.523477145729E9, "Name":"MyTestDatabaseSecret", "SecretVersionsToStages":{ "EXAMPLE2-90ab-cdef-fedc-ba987EXAMPLE":["AWSCURRENT"] } }, { "ARN":"arn:aws:secretsmanager:us-west-2:123456789012:secret:AnotherDatabaseSecret-d4e5f6", "Description":"Another secret created for a different database", "LastChangedDate":1.523482025685E9, "Name":"AnotherDatabaseSecret", "SecretVersionsToStages":{ "EXAMPLE3-90ab-cdef-fedc-ba987EXAMPLE":["AWSCURRENT"] } } ] }

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: