ListSecrets - AWS Secrets Manager

ListSecrets

Lists the secrets that are stored by Secrets Manager in the AWS account, not including secrets that are marked for deletion. To see secrets marked for deletion, use the Secrets Manager console.

All Secrets Manager operations are eventually consistent. ListSecrets might not reflect changes from the last five minutes. You can get more recent information for a specific secret by calling DescribeSecret.

To list the versions of a secret, use ListSecretVersionIds.

To retrieve the values for the secrets, call BatchGetSecretValue or GetSecretValue.

For information about finding secrets in the console, see Find secrets in Secrets Manager.

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with AWS CloudTrail.

Required permissions: secretsmanager:ListSecrets. For more information, see IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager.

Request Syntax

{ "Filters": [ { "Key": "string", "Values": [ "string" ] } ], "IncludePlannedDeletion": boolean, "MaxResults": number, "NextToken": "string", "SortOrder": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

Filters

The filters to apply to the list of secrets.

Type: Array of Filter objects

Array Members: Maximum number of 10 items.

Required: No

IncludePlannedDeletion

Specifies whether to include secrets scheduled for deletion. By default, secrets scheduled for deletion aren't included.

Type: Boolean

Required: No

MaxResults

The number of results to include in the response.

If there are more results available, in the response, Secrets Manager includes NextToken. To get the next results, call ListSecrets again with the value from NextToken.

Type: Integer

Valid Range: Minimum value of 1. Maximum value of 100.

Required: No

NextToken

A token that indicates where the output should continue from, if a previous call did not show all results. To get the next results, call ListSecrets again with this value.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 4096.

Required: No

SortOrder

Secrets are listed by CreatedDate.

Type: String

Valid Values: asc | desc

Required: No

Response Syntax

{ "NextToken": "string", "SecretList": [ { "ARN": "string", "CreatedDate": number, "DeletedDate": number, "Description": "string", "KmsKeyId": "string", "LastAccessedDate": number, "LastChangedDate": number, "LastRotatedDate": number, "Name": "string", "NextRotationDate": number, "OwningService": "string", "PrimaryRegion": "string", "RotationEnabled": boolean, "RotationLambdaARN": "string", "RotationRules": { "AutomaticallyAfterDays": number, "Duration": "string", "ScheduleExpression": "string" }, "SecretVersionsToStages": { "string" : [ "string" ] }, "Tags": [ { "Key": "string", "Value": "string" } ] } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

NextToken

Secrets Manager includes this value if there's more output available than what is included in the current response. This can occur even when the response includes no values at all, such as when you ask for a filtered view of a long list. To get the next results, call ListSecrets again with this value.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 4096.

SecretList

A list of the secrets in the account.

Type: Array of SecretListEntry objects

Errors

For information about the errors that are common to all actions, see Common Errors.

InternalServiceError

An error occurred on the server side.

HTTP Status Code: 500

InvalidNextTokenException

The NextToken value is invalid.

HTTP Status Code: 400

InvalidParameterException

The parameter name or value is invalid.

HTTP Status Code: 400

InvalidRequestException

A parameter value is not valid for the current state of the resource.

Possible causes:

  • The secret is scheduled for deletion.

  • You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call.

  • The secret is managed by another service, and you must use that service to update it. For more information, see Secrets managed by other AWS services.

HTTP Status Code: 400

Examples

Example

The following example shows how to list the secrets in the account. The JSON request string input and response output displays formatted code with white space and line breaks for better readability. Submit your input as a single line JSON string.

Sample Request

POST / HTTP/1.1 Host: secretsmanager.region.domain Accept-Encoding: identity X-Amz-Target: secretsmanager.ListSecrets Content-Type: application/x-amz-json-1.1 User-Agent: <user-agent-string> X-Amz-Date: <date> Authorization: AWS4-HMAC-SHA256 Credential=<credentials>,SignedHeaders=<headers>, Signature=<signature> Content-Length: <payload-size-bytes> {}

Sample Response

HTTP/1.1 200 OK Date: <date> Content-Type: application/x-amz-json-1.1 Content-Length: <response-size-bytes> Connection: keep-alive x-amzn-RequestId: <request-id-guid> { "SecretList":[ { "ARN":"arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3", "Description":"My test database secret", "LastChangedDate":1.523477145729E9, "Name":"MyTestDatabaseSecret", "SecretVersionsToStages":{ "EXAMPLE2-90ab-cdef-fedc-ba987EXAMPLE":["AWSCURRENT"] } }, { "ARN":"arn:aws:secretsmanager:us-west-2:123456789012:secret:AnotherDatabaseSecret-d4e5f6", "Description":"Another secret created for a different database", "LastChangedDate":1.523482025685E9, "Name":"AnotherDatabaseSecret", "SecretVersionsToStages":{ "EXAMPLE3-90ab-cdef-fedc-ba987EXAMPLE":["AWSCURRENT"] } } ] }

Example

The following example shows how to list the secrets in the account that are tagged with costcenter 12345. The JSON request string input and response output displays formatted code with white space and line breaks for better readability. Submit your input as a single line JSON string.

Sample Request

POST / HTTP/1.1 Host: secretsmanager.region.domain Accept-Encoding: identity X-Amz-Target: secretsmanager.ListSecrets &Filter.1.Name=costcenter &Filter.1.Value.1=12345 Content-Type: application/x-amz-json-1.1 User-Agent: <user-agent-string> X-Amz-Date: <date> Authorization: AWS4-HMAC-SHA256 Credential=<credentials>,SignedHeaders=<headers>, Signature=<signature> Content-Length: <payload-size-bytes> {}

Sample Response

HTTP/1.1 200 OK Date: <date> Content-Type: application/x-amz-json-1.1 Content-Length: <response-size-bytes> Connection: keep-alive x-amzn-RequestId: <request-id-guid> { "SecretList":[ { "ARN":"arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3", "Description":"My test database secret", "LastChangedDate":1.523477145729E9, "Name":"MyTestDatabaseSecret", "SecretVersionsToStages":{ "EXAMPLE2-90ab-cdef-fedc-ba987EXAMPLE":["AWSCURRENT"] } }, { "ARN":"arn:aws:secretsmanager:us-west-2:123456789012:secret:AnotherDatabaseSecret-d4e5f6", "Description":"Another secret created for a different database", "LastChangedDate":1.523482025685E9, "Name":"AnotherDatabaseSecret", "SecretVersionsToStages":{ "EXAMPLE3-90ab-cdef-fedc-ba987EXAMPLE":["AWSCURRENT"] } } ] }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: