2 Respuestas
- Más nuevo
- Más votos
- Más comentarios
0
When you mention cache any secret, does it include ListSecretVersionIds cache?
respondido hace 4 meses
0
If you want to Cache in lambda you should use this layer which doesnt require/use the SDK. It should cache any secret or SSM parameter it retrieves.
https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets_lambda.html
Theres only 3 version stages per secret and you can pull each one of them using this method. Secrets Manager doesn't store a linear history of secrets with versions. Instead, it keeps track of three specific versions by labelling them:
- The current version - AWSCURRENT
- The previous version - AWSPREVIOUS
- The pending version (during rotation) - AWSPENDING
Just call which ever version you require such as GET: /secretsmanager/get?secretId=secretId&versionStage=AWSCURRENT
Contenido relevante
- OFICIAL DE AWSActualizada hace 7 meses
- OFICIAL DE AWSActualizada hace 2 años
Curious why would you need a list of secret version ids? Theres only 3 version stages per secret and you can pull each one of them using this method. Secrets Manager doesn't store a linear history of secrets with versions. Instead, it keeps track of three specific versions by labelling them:
Just call GET: /secretsmanager/get?secretId=secretId&versionStage=AWSCURRENT
our client keeps the value for up to some time. and the key rotations on the server are set every few months. we want to cover the possibility of forcing key rotations that might be sooner than the client update on the secret value, so we at least need to support up to 3 versions. AWSCURRENT and AWSPREVIOUS are just not enough and AWSPENDING is out of the question since we do not use the AWS key rotation feature and instead implement our own key rotation on schedule.
You can get any verison stage you wish and cache it.. That was just an example