replicateSecretToRegions method
Replicates the secret to a new Regions. See Multi-Region secrets.
Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.
Required permissions:
secretsmanager:ReplicateSecretToRegions. If the primary
secret is encrypted with a KMS key other than
aws/secretsmanager, you also need kms:Decrypt
permission to the key. To encrypt the replicated secret with a KMS key
other than aws/secretsmanager, you need
kms:GenerateDataKey and kms:Encrypt to the key.
For more information, see
IAM policy actions for Secrets Manager and Authentication
and access control in Secrets Manager.
May throw InternalServiceError.
May throw InvalidParameterException.
May throw InvalidRequestException.
May throw ResourceNotFoundException.
Parameter addReplicaRegions :
A list of Regions in which to replicate the secret.
Parameter secretId :
The ARN or name of the secret to replicate.
Parameter forceOverwriteReplicaSecret :
Specifies whether to overwrite a secret with the same name in the
destination Region. By default, secrets aren't overwritten.
Implementation
Future<ReplicateSecretToRegionsResponse> replicateSecretToRegions({
required List<ReplicaRegionType> addReplicaRegions,
required String secretId,
bool? forceOverwriteReplicaSecret,
}) async {
final headers = <String, String>{
'Content-Type': 'application/x-amz-json-1.1',
'X-Amz-Target': 'secretsmanager.ReplicateSecretToRegions'
};
final jsonResponse = await _protocol.send(
method: 'POST',
requestUri: '/',
exceptionFnMap: _exceptionFns,
// TODO queryParams
headers: headers,
payload: {
'AddReplicaRegions': addReplicaRegions,
'SecretId': secretId,
if (forceOverwriteReplicaSecret != null)
'ForceOverwriteReplicaSecret': forceOverwriteReplicaSecret,
},
);
return ReplicateSecretToRegionsResponse.fromJson(jsonResponse.body);
}