Access Amazon Secrets Manager - Amazon Secrets Manager
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Access Amazon Secrets Manager

Secrets Manager console

You can manage your secrets using the browser-based Secrets Manager console and perform almost any task related to your secrets by using the console.

Command line tools

The Amazon command line tools allows you to issue commands at your system command line to perform Secrets Manager and other Amazon tasks. This can be faster and more convenient than using the console. The command line tools can be useful if you want to build scripts to perform Amazon tasks.

When you enter commands in a command shell, there is a risk of the command history being accessed or utilities having access to your command parameters. See Mitigate the risks of using the Amazon CLI to store your Amazon Secrets Manager secrets.

The command line tools automatically use the default endpoint for the service in an Amazon Region. You can specify a different endpoint for your API requests. See Amazon Secrets Manager endpoints.

Amazon provides two sets of command line tools:

Amazon SDKs

The Amazon SDKs consist of libraries and sample code for various programming languages and platforms. The SDKs include tasks such as cryptographically signing requests, managing errors, and retrying requests automatically. To download and install any of the SDKs, see Tools for Amazon Web Services.

The Amazon SDKs automatically use the default endpoint for the service in an Amazon Region. You can specify a different endpoint for your API requests. See Amazon Secrets Manager endpoints.

For SDK documentation, see:


The HTTPS Query API gives you programmatic access to Secrets Manager and Amazon. The HTTPS Query API allows you to issue HTTPS requests directly to the service.

Although you can make direct calls to the Secrets Manager HTTPS Query API, we recommend that you use one of the SDKs instead. The SDK performs many useful tasks you otherwise must perform manually. For example, the SDKs automatically sign your requests and convert responses into a structure syntactically appropriate to your language.

To make HTTPS calls to Secrets Manager, you connect to Amazon Secrets Manager endpoints.

Amazon Secrets Manager endpoints

To connect programmatically to Secrets Manager, you use an endpoint, the URL of the entry point for the service. Secrets Manager endpoints are dual-stack endpoints, which means they support both IPv4 and IPv6.

Secrets Manager offers endpoints that support Federal Information Processing Standard (FIPS) 140-2 in some Regions.

Secrets Manager supports TLS 1.2 and 1.3. Secrets Manager supports PQTLS in all regions except China Regions.


The Python Amazon SDK and the Amazon CLI attempt to call IPv6 and then IPv4 in sequence, so if you don't have IPv6 enabled, it can take some time before the call times out and retries with IPv4. To work around this issue, you can disable IPv6 completely or migrate to IPv6.

The following are the service endpoints for Secrets Manager. Note that the naming differs from the typical dual-stack naming convention.

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2



US East (N. Virginia) us-east-1



US West (N. California) us-west-1



US West (Oregon) us-west-2



Africa (Cape Town) af-south-1 HTTPS
Asia Pacific (Hong Kong) ap-east-1 HTTPS
Asia Pacific (Hyderabad) ap-south-2 HTTPS
Asia Pacific (Jakarta) ap-southeast-3 HTTPS
Asia Pacific (Melbourne) ap-southeast-4 HTTPS
Asia Pacific (Mumbai) ap-south-1 HTTPS
Asia Pacific (Osaka) ap-northeast-3 HTTPS
Asia Pacific (Seoul) ap-northeast-2 HTTPS
Asia Pacific (Singapore) ap-southeast-1 HTTPS
Asia Pacific (Sydney) ap-southeast-2 HTTPS
Asia Pacific (Tokyo) ap-northeast-1 HTTPS
Canada (Central) ca-central-1



Canada West (Calgary) ca-west-1



China (Beijing) cn-north-1 HTTPS
China (Ningxia) cn-northwest-1 HTTPS
Europe (Frankfurt) eu-central-1 HTTPS
Europe (Ireland) eu-west-1 HTTPS
Europe (London) eu-west-2 HTTPS
Europe (Milan) eu-south-1 HTTPS
Europe (Paris) eu-west-3 HTTPS
Europe (Spain) eu-south-2 HTTPS
Europe (Stockholm) eu-north-1 HTTPS
Europe (Zurich) eu-central-2 HTTPS
Israel (Tel Aviv) il-central-1 HTTPS
Middle East (Bahrain) me-south-1 HTTPS
Middle East (UAE) me-central-1 HTTPS
South America (São Paulo) sa-east-1 HTTPS