Access Amazon Secrets Manager
You can work with Secrets Manager in any of the following ways:
Secrets Manager console
You can manage your secrets using the browser-based Secrets Manager console
Command line tools
The Amazon command line tools allows you to issue commands at your system command line to perform Secrets Manager and other Amazon tasks. This can be faster and more convenient than using the console. The command line tools can be useful if you want to build scripts to perform Amazon tasks.
When you enter commands in a command shell, there is a risk of the command history being accessed or utilities having access to your command parameters. See Mitigate the risks of using the Amazon CLI to store your Amazon Secrets Manager secrets.
The command line tools automatically use the default endpoint for the service in an Amazon Region. You can specify a different endpoint for your API requests. See Amazon Secrets Manager endpoints.
Amazon provides two sets of command line tools:
Amazon SDKs
The Amazon SDKs consist of libraries and sample code for various programming languages
and platforms. The SDKs include tasks such as
cryptographically signing requests, managing errors, and retrying requests
automatically. To download and install any of the SDKs, see Tools
for Amazon Web Services
The Amazon SDKs automatically use the default endpoint for the service in an Amazon Region. You can specify a different endpoint for your API requests. See Amazon Secrets Manager endpoints.
For SDK documentation, see:
HTTPS Query API
The HTTPS Query API gives you programmatic access to Secrets Manager and Amazon. The HTTPS Query API allows you to issue HTTPS requests directly to the service.
Although you can make direct calls to the Secrets Manager HTTPS Query API, we recommend that you use one of the SDKs instead. The SDK performs many useful tasks you otherwise must perform manually. For example, the SDKs automatically sign your requests and convert responses into a structure syntactically appropriate to your language.
To make HTTPS calls to Secrets Manager, you connect to Amazon Secrets Manager endpoints.
Amazon Secrets Manager endpoints
To connect programmatically to Secrets Manager, you use an endpoint, the URL of the entry point for the service. Secrets Manager endpoints are dual-stack endpoints, which means they support both IPv4 and IPv6.
Secrets Manager offers endpoints that support Federal Information Processing Standard (FIPS) 140-2
Secrets Manager supports TLS 1.2 and 1.3. Secrets Manager supports PQTLS in all regions except China Regions.
Note
The Python Amazon SDK and the Amazon CLI attempt to call IPv6 and then IPv4 in sequence, so if you don't have IPv6 enabled, it can take some time before the call times out and retries with IPv4. To work around this issue, you can disable IPv6 completely or migrate to IPv6.
The following are the service endpoints for Secrets Manager. Note that the naming differs from the typical dual-stack naming convention.
| Region Name | Region | Endpoint | Protocol |
|---|---|---|---|
| US East (Ohio) | us-east-2 |
secretsmanager.us-east-2.amazonaws.com secretsmanager-fips.us-east-2.amazonaws.com |
HTTPS HTTPS |
| US East (N. Virginia) | us-east-1 |
secretsmanager.us-east-1.amazonaws.com secretsmanager-fips.us-east-1.amazonaws.com |
HTTPS HTTPS |
| US West (N. California) | us-west-1 |
secretsmanager.us-west-1.amazonaws.com secretsmanager-fips.us-west-1.amazonaws.com |
HTTPS HTTPS |
| US West (Oregon) | us-west-2 |
secretsmanager.us-west-2.amazonaws.com secretsmanager-fips.us-west-2.amazonaws.com |
HTTPS HTTPS |
| Africa (Cape Town) | af-south-1 | secretsmanager.af-south-1.amazonaws.com | HTTPS |
| Asia Pacific (Hong Kong) | ap-east-1 | secretsmanager.ap-east-1.amazonaws.com | HTTPS |
| Asia Pacific (Hyderabad) | ap-south-2 | secretsmanager.ap-south-2.amazonaws.com | HTTPS |
| Asia Pacific (Jakarta) | ap-southeast-3 | secretsmanager.ap-southeast-3.amazonaws.com | HTTPS |
| Asia Pacific (Melbourne) | ap-southeast-4 | secretsmanager.ap-southeast-4.amazonaws.com | HTTPS |
| Asia Pacific (Mumbai) | ap-south-1 | secretsmanager.ap-south-1.amazonaws.com | HTTPS |
| Asia Pacific (Osaka) | ap-northeast-3 | secretsmanager.ap-northeast-3.amazonaws.com | HTTPS |
| Asia Pacific (Seoul) | ap-northeast-2 | secretsmanager.ap-northeast-2.amazonaws.com | HTTPS |
| Asia Pacific (Singapore) | ap-southeast-1 | secretsmanager.ap-southeast-1.amazonaws.com | HTTPS |
| Asia Pacific (Sydney) | ap-southeast-2 | secretsmanager.ap-southeast-2.amazonaws.com | HTTPS |
| Asia Pacific (Tokyo) | ap-northeast-1 | secretsmanager.ap-northeast-1.amazonaws.com | HTTPS |
| Canada (Central) | ca-central-1 |
secretsmanager.ca-central-1.amazonaws.com secretsmanager-fips.ca-central-1.amazonaws.com |
HTTPS HTTPS |
| Canada West (Calgary) | ca-west-1 |
secretsmanager.ca-west-1.amazonaws.com secretsmanager-fips.ca-west-1.amazonaws.com |
HTTPS HTTPS |
| China (Beijing) | cn-north-1 | secretsmanager.cn-north-1.amazonaws.com.cn | HTTPS |
| China (Ningxia) | cn-northwest-1 | secretsmanager.cn-northwest-1.amazonaws.com.cn | HTTPS |
| Europe (Frankfurt) | eu-central-1 | secretsmanager.eu-central-1.amazonaws.com | HTTPS |
| Europe (Ireland) | eu-west-1 | secretsmanager.eu-west-1.amazonaws.com | HTTPS |
| Europe (London) | eu-west-2 | secretsmanager.eu-west-2.amazonaws.com | HTTPS |
| Europe (Milan) | eu-south-1 | secretsmanager.eu-south-1.amazonaws.com | HTTPS |
| Europe (Paris) | eu-west-3 | secretsmanager.eu-west-3.amazonaws.com | HTTPS |
| Europe (Spain) | eu-south-2 | secretsmanager.eu-south-2.amazonaws.com | HTTPS |
| Europe (Stockholm) | eu-north-1 | secretsmanager.eu-north-1.amazonaws.com | HTTPS |
| Europe (Zurich) | eu-central-2 | secretsmanager.eu-central-2.amazonaws.com | HTTPS |
| Israel (Tel Aviv) | il-central-1 | secretsmanager.il-central-1.amazonaws.com | HTTPS |
| Middle East (Bahrain) | me-south-1 | secretsmanager.me-south-1.amazonaws.com | HTTPS |
| Middle East (UAE) | me-central-1 | secretsmanager.me-central-1.amazonaws.com | HTTPS |
| South America (São Paulo) | sa-east-1 | secretsmanager.sa-east-1.amazonaws.com | HTTPS |