@karmaniverous/aws-secrets-manager-tools
    Preparing search index...

    Class AwsSecretsManagerTools

    Tools-style AWS Secrets Manager wrapper for env-map secrets.

    The secret payload is always a JSON object map of environment variables: ProcessEnv.

    Consumers should typically use the convenience methods on this class, and use AwsSecretsManagerTools.client as an escape hatch when they need AWS SDK operations not wrapped here.

    Index

    Constructors

    constructor

    Properties

    client clientConfig logger xray

    Methods

    createEnvSecret deleteSecret readEnvSecret updateEnvSecret upsertEnvSecret

    Constructors

    Properties

    client: SecretsManagerClient

    The effective SDK client (captured when X-Ray is enabled).

    Import AWS SDK *Command classes as needed and call tools.client.send(...).

    clientConfig: SecretsManagerClientConfig

    The effective client config used to construct the base client.

    Note: this may contain functions/providers (e.g., credential providers).

    logger: Logger

    The logger used by this wrapper and (when applicable) by the AWS client.

    xray: XrayState

    Materialized X-Ray state (mode + enabled + daemonAddress when relevant).

    Methods

    • Create a new secret containing an env-map.

      Parameters

      • opts: {
            description?: string;
            forceOverwriteReplicaSecret?: boolean;
            secretId: string;
            value: ProcessEnv;
            versionId?: string;
        }

        Options:

        • secretId: Secret name (or ARN in some contexts).
        • value: Env-map payload to store (JSON object map).
        • description: Optional AWS secret description.
        • forceOverwriteReplicaSecret: See AWS CreateSecret behavior for replicas.
        • versionId: Optional client request token (idempotency).

      Returns Promise<void>

    • Delete a secret.

      By default, deletion is recoverable (AWS default recovery window) unless forceDeleteWithoutRecovery is set.

      Parameters

      • opts: {
            forceDeleteWithoutRecovery?: boolean;
            recoveryWindowInDays?: number;
            secretId: string;
        }

        Options:

        • secretId: Secret name or ARN.
        • recoveryWindowInDays: Explicit recovery window to use.
        • forceDeleteWithoutRecovery: Dangerous: delete without recovery.

      Returns Promise<void>

      If both recoveryWindowInDays and forceDeleteWithoutRecovery are provided.

    • Read a Secrets Manager secret and parse it as an env-map secret.

      Parameters

      • opts: { secretId: string; versionId?: string }

        Options:

        • secretId: Secret name or ARN.
        • versionId: Optional version id to read.

      Returns Promise<ProcessEnv>

      If the secret is missing, binary, invalid JSON, or not an object map.

    • Write a new version value for an existing secret.

      This does not create the secret if it does not exist.

      Parameters

      • opts: { secretId: string; value: ProcessEnv; versionId?: string }

        Options:

        • secretId: Secret name or ARN.
        • value: Env-map payload to store (JSON object map).
        • versionId: Optional client request token (idempotency).

      Returns Promise<void>

    • Put a secret value, creating the secret only when it does not exist.

      This creates only when the update fails with ResourceNotFoundException; other errors are re-thrown.

      Parameters

      • __namedParameters: { secretId: string; value: ProcessEnv }

      Returns Promise<"updated" | "created">

      'updated' if updated; 'created' if the secret was created.

      Re-throws any non-ResourceNotFound AWS errors.

    Settings

    Member Visibility

    On This Page

    Constructors
    Properties
    Methods