SecretsManager class

AWS Secrets Manager provides a service to enable you to store, manage, and retrieve, secrets.

Constructors

SecretsManager({required String region, AwsClientCredentials? credentials, AwsClientCredentialsProvider? credentialsProvider, Client? client, String? endpointUrl})

Properties

hashCode → int

The hash code for this object.

no setter, inherited

runtimeType → Type

A representation of the runtime type of the object.

no setter, inherited

Methods

cancelRotateSecret({required String secretId}) → Future<CancelRotateSecretResponse>

Disables automatic scheduled rotation and cancels the rotation of a secret if currently in progress.

close() → void

Closes the internal HTTP client if none was provided at creation. If a client was passed as a constructor argument, this becomes a noop.

createSecret({required String name, String? clientRequestToken, String? description, String? kmsKeyId, Uint8List? secretBinary, String? secretString, List<Tag>? tags}) → Future<CreateSecretResponse>

Creates a new secret. A secret in Secrets Manager consists of both the protected secret data and the important information needed to manage the secret.

deleteResourcePolicy({required String secretId}) → Future<DeleteResourcePolicyResponse>

Deletes the resource-based permission policy attached to the secret.

deleteSecret({required String secretId, bool? forceDeleteWithoutRecovery, int? recoveryWindowInDays}) → Future<DeleteSecretResponse>

Deletes an entire secret and all of its versions. You can optionally include a recovery window during which you can restore the secret. If you don't specify a recovery window value, the operation defaults to 30 days. Secrets Manager attaches a DeletionDate stamp to the secret that specifies the end of the recovery window. At the end of the recovery window, Secrets Manager deletes the secret permanently.

describeSecret({required String secretId}) → Future<DescribeSecretResponse>

Retrieves the details of a secret. It does not include the encrypted fields. Secrets Manager only returns fields populated with a value in the response.

getRandomPassword({String? excludeCharacters, bool? excludeLowercase, bool? excludeNumbers, bool? excludePunctuation, bool? excludeUppercase, bool? includeSpace, int? passwordLength, bool? requireEachIncludedType}) → Future<GetRandomPasswordResponse>

Generates a random password of the specified complexity. This operation is intended for use in the Lambda rotation function. Per best practice, we recommend that you specify the maximum length and include every character type that the system you are generating a password for can support.

getResourcePolicy({required String secretId}) → Future<GetResourcePolicyResponse>

Retrieves the JSON text of the resource-based policy document attached to the specified secret. The JSON request string input and response output displays formatted code with white space and line breaks for better readability. Submit your input as a single line JSON string.

getSecretValue({required String secretId, String? versionId, String? versionStage}) → Future<GetSecretValueResponse>

Retrieves the contents of the encrypted fields SecretString or SecretBinary from the specified version of a secret, whichever contains content.

listSecrets({List<Filter>? filters, int? maxResults, String? nextToken, SortOrderType? sortOrder}) → Future<ListSecretsResponse>

Lists all of the secrets that are stored by Secrets Manager in the AWS account. To list the versions currently stored for a specific secret, use ListSecretVersionIds. The encrypted fields SecretString and SecretBinary are not included in the output. To get that information, call the GetSecretValue operation. Minimum permissions

listSecretVersionIds({required String secretId, bool? includeDeprecated, int? maxResults, String? nextToken}) → Future<ListSecretVersionIdsResponse>

Lists all of the versions attached to the specified secret. The output does not include the SecretString or SecretBinary fields. By default, the list includes only versions that have at least one staging label in VersionStage attached. Minimum permissions

noSuchMethod(Invocation invocation) → dynamic

Invoked when a nonexistent method or property is accessed.

inherited

putResourcePolicy({required String resourcePolicy, required String secretId, bool? blockPublicPolicy}) → Future<PutResourcePolicyResponse>

Attaches the contents of the specified resource-based permission policy to a secret. A resource-based policy is optional. Alternatively, you can use IAM identity-based policies that specify the secret's Amazon Resource Name (ARN) in the policy statement's Resources element. You can also use a combination of both identity-based and resource-based policies. The affected users and roles receive the permissions that are permitted by all of the relevant policies. For more information, see Using Resource-Based Policies for AWS Secrets Manager. For the complete description of the AWS policy syntax and grammar, see IAM JSON Policy Reference in the IAM User Guide.

putSecretValue({required String secretId, String? clientRequestToken, Uint8List? secretBinary, String? secretString, List<String>? versionStages}) → Future<PutSecretValueResponse>

Stores a new encrypted secret value in the specified secret. To do this, the operation creates a new version and attaches it to the secret. The version can contain a new SecretString value or a new SecretBinary value. You can also specify the staging labels that are initially attached to the new version.

restoreSecret({required String secretId}) → Future<RestoreSecretResponse>

Cancels the scheduled deletion of a secret by removing the DeletedDate time stamp. This makes the secret accessible to query once again.

rotateSecret({required String secretId, String? clientRequestToken, String? rotationLambdaARN, RotationRulesType? rotationRules}) → Future<RotateSecretResponse>

Configures and starts the asynchronous process of rotating this secret. If you include the configuration parameters, the operation sets those values for the secret and then immediately starts a rotation. If you do not include the configuration parameters, the operation starts a rotation with the values already stored in the secret. After the rotation completes, the protected service and its clients all use the new version of the secret.

tagResource({required String secretId, required List<Tag> tags}) → Future<void>

Attaches one or more tags, each consisting of a key name and a value, to the specified secret. Tags are part of the secret's overall metadata, and are not associated with any specific version of the secret. This operation only appends tags to the existing list of tags. To remove tags, you must use UntagResource.

toString() → String

A string representation of this object.

inherited

untagResource({required String secretId, required List<String> tagKeys}) → Future<void>

Removes one or more tags from the specified secret.

updateSecret({required String secretId, String? clientRequestToken, String? description, String? kmsKeyId, Uint8List? secretBinary, String? secretString}) → Future<UpdateSecretResponse>

Modifies many of the details of the specified secret. If you include a ClientRequestToken and either SecretString or SecretBinary then it also creates a new version attached to the secret.

updateSecretVersionStage({required String secretId, required String versionStage, String? moveToVersionId, String? removeFromVersionId}) → Future<UpdateSecretVersionStageResponse>

Modifies the staging labels attached to a version of a secret. Staging labels are used to track a version as it progresses through the secret rotation process. You can attach a staging label to only one version of a secret at a time. If a staging label to be added is already attached to another version, then it is moved--removed from the other version first and then attached to this one. For more information about staging labels, see Staging Labels in the AWS Secrets Manager User Guide.

validateResourcePolicy({required String resourcePolicy, String? secretId}) → Future<ValidateResourcePolicyResponse>

Validates the JSON text of the resource-based policy document attached to the specified secret. The JSON request string input and response output displays formatted code with white space and line breaks for better readability. Submit your input as a single line JSON string. A resource-based policy is optional.

Operators

operator ==(Object other) → bool

The equality operator.

inherited