Comment on page
Secret resolver
The secret parameter resolver reads parameter values from secrets stored in Secrets Manager.
Here are the properties of the secret parameter resolver:
Key | Required | Type | Description |
|---|---|---|---|
resolver | yes | string | Resolver name, this must be secret. |
secretId | yes | string | Secret id. |
versionId | no | string | Secret version id. |
versionStage | no | string | Secret version stage. |
commandRole | no | string | IAM role used to access the secret from Secrets Manager. Command role is optional. By default, credentials associated with the current stack are used. |
region | no | string | Region where the secret resides. By default, Takomo uses the region of the stack where the parameter resolver is used. |
confidential | no | boolean | Conceal the resolved parameter value from logs, defaults to false |
immutable | no | boolean | Mark the parameter as immutable, defaults to false |
Read the parameter value from a secret with id "my-secret-password":
parameters:
Password:
resolver: secret
secretId: my-secret-password
Read the parameter value from a secret in a different region:
parameters:
MyParam:
resolver: secret
secretId: my-secret-password
region: eu-west-1
Read the parameter value from a different account
parameters:
MyParam:
resolver: secret
secretId: arn:aws:secretsmanager:us-west-2:123456789012:secret:MySecret
commandRole: arn:aws:iam::123456789012:role/SecretReader
Last modified 2yr ago