Generic secrets are basic secrets that are supported by Secrets Manager. You can use generic secrets to store sensitive data such as account passwords, AccessKey secrets, OAuth secrets and tokens, and API keys. A generic secret can have multiple versions so that you can update the secret value.
Understand generic secrets
A generic secret consists of the metadata, secret versions, and stage labels that mark the secret versions.
|Metadata||The metadata of a secret contains the following parts:
|Secret versions||Each secret value that you write into a secret is stored as a secret version. The secret value is sensitive data. You can read the secret value of a secret version based on the secret name and version number. Each secret version that is identified by the version number can be written into a secret only once and cannot be modified.|
|Stage labels||Secret versions are marked with stage labels and can be referenced by using stage
labels. Secrets Manager has two built-in stage labels: ACSCurrent and ACSPrevious. By default, you can call the PutSecretValue operation to mark the newly stored secret version with ACSCurrent. Then, you can call the GetSecretValue operation to read the secret version that is marked with ACSCurrent. You can also customize stage labels.
Note A stage label is similar to a pointer and follows these principles:
Use generic secrets
You can use generic secrets in the following way: