# Access AWS Secrets Manager
<a name="asm_access"></a>

**Topics**
+ [Secrets Manager console](#asm-console)
+ [Command line tools](#asm-cli)
+ [AWS SDKs](#asm-sdks)
+ [HTTPS Query API](#asm-sdks_query-api)
+ [AWS Secrets Manager endpoints](#endpoints)

## Secrets Manager console
<a name="asm-console"></a>

You can manage your secrets using the browser-based [Secrets Manager console](https://console.aws.amazon.com/secretsmanager/) and perform almost any task related to your secrets by using the console.

## Command line tools
<a name="asm-cli"></a>

The AWS command line tools allows you to issue commands at your system command line to perform Secrets Manager and other AWS tasks. This can be faster and more convenient than using the console. The command line tools can be useful if you want to build scripts to perform AWS tasks.

When you enter commands in a command shell, there is a risk of the command history being accessed or utilities having access to your command parameters. See [Mitigate the risks of using the AWS CLI to store your AWS Secrets Manager secrets](security_cli-exposure-risks.md).

The command line tools automatically use the default endpoint for the service in an AWS Region. You can specify a different endpoint for your API requests. See [AWS Secrets Manager endpoints](#endpoints).

AWS provides two sets of command line tools: 
+ [AWS Command Line Interface (AWS CLI)](https://docs.aws.amazon.com//cli/latest/reference/secretsmanager/index.html) 
+ [AWS Tools for Windows PowerShell](https://docs.aws.amazon.com//powershell/latest/reference/)

## AWS SDKs
<a name="asm-sdks"></a>

The AWS SDKs consist of libraries and sample code for various programming languages and platforms. The SDKs include tasks such as cryptographically signing requests, managing errors, and retrying requests automatically. To download and install any of the SDKs, see [Tools for Amazon Web Services](https://aws.amazon.com/tools/#sdk).

The AWS SDKs automatically use the default endpoint for the service in an AWS Region. You can specify a different endpoint for your API requests. See [AWS Secrets Manager endpoints](#endpoints).

For SDK documentation, see:
+ [C\$1\$1](http://sdk.amazonaws.com/cpp/api/LATEST/namespace_aws_1_1_secrets_manager.html)
+ [Go](https://docs.aws.amazon.com/sdk-for-go/api/service/secretsmanager/)
+ [Java](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/secretsmanager/package-summary.html)
+ [JavaScript](https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/SecretsManager.html)
+ [Kotlin](https://sdk.amazonaws.com/kotlin/api/latest/secretsmanager/index.html)
+ [.NET](https://docs.aws.amazon.com/sdkfornet/v3/apidocs/items/SecretsManager/NSecretsManagerModel.html)
+ [PHP](https://docs.aws.amazon.com/aws-sdk-php/v3/api/namespace-Aws.SecretsManager.html)
+ [Python (Boto3)](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager.html)
+ [Ruby](https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/SecretsManager.html)
+ [Rust](https://crates.io/crates/aws-sdk-secretsmanager)
+ [SAP ABAP](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/smr/index.html)
+ [Swift](https://awslabs.github.io/aws-sdk-swift/reference/0.x/AWSSecretsManager/Home)

## HTTPS Query API
<a name="asm-sdks_query-api"></a>

The HTTPS Query API gives you [programmatic access](https://docs.aws.amazon.com/secretsmanager/latest/apireference/Welcome.html) to Secrets Manager and AWS. The HTTPS Query API allows you to issue HTTPS requests directly to the service. 

Although you can make direct calls to the Secrets Manager HTTPS Query API, we recommend that you use one of the SDKs instead. The SDK performs many useful tasks you otherwise must perform manually. For example, the SDKs automatically sign your requests and convert responses into a structure syntactically appropriate to your language.

To make HTTPS calls to Secrets Manager, you connect to [AWS Secrets Manager endpoints](#endpoints).

## AWS Secrets Manager endpoints
<a name="endpoints"></a>

To connect programmatically to Secrets Manager, you use an *endpoint*, the URL of the entry point for the service. Secrets Manager endpoints are dual-stack endpoints, which means they support both IPv4 and IPv6. 

Secrets Manager offers endpoints that support [Federal Information Processing Standard (FIPS) 140-2](http://aws.amazon.com/compliance/fips/) in some Regions.

Secrets Manager supports TLS 1.2 and 1.3. Secrets Manager supports [PQTLS](pqtls.md) in all regions except China Regions.

**Note**  
The Python AWS SDK and the AWS CLI attempt to call IPv6 and then IPv4 in sequence, so if you don't have IPv6 enabled, it can take some time before the call times out and retries with IPv4. To work around this issue, you can disable IPv6 completely or [migrate to IPv6](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-migrate-ipv6.html). 

The following are the service endpoints for Secrets Manager. Note that the naming differs from the [typical dual-stack naming convention](https://docs.aws.amazon.com/general/latest/gr/rande.html#dual-stack-endpoints). For information about using dual-stack addressing in Secrets Manager, see [IPv4 and IPv6 access](ip-access.md).

[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/secretsmanager/latest/userguide/asm_access.html)