replicateSecretToRegions
Replicates the secret to a new Regions. See Multi-Region secrets.
Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.
**Required permissions: **secretsmanager:ReplicateSecretToRegions
. If the primary secret is encrypted with a KMS key other than aws/secretsmanager
, you also need kms:Decrypt
permission to the key. To encrypt the replicated secret with a KMS key other than aws/secretsmanager
, you need kms:GenerateDataKey
and kms:Encrypt
to the key. For more information, see IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager.
Samples
import aws.sdk.kotlin.services.secretsmanager.model.ReplicaRegionType
fun main() {
//sampleStart
// The following example replicates a secret to eu west 3. The replica is encrypted with the AWS
// managed key aws secretsmanager.
val resp = secretsManagerClient.replicateSecretToRegions {
secretId = "MyTestSecret"
addReplicaRegions = listOf<ReplicaRegionType>(
ReplicaRegionType {
region = "eu-west-3"
}
)
forceOverwriteReplicaSecret = true
}
//sampleEnd
}