HashiTalks 2025 Learn about unique use cases, homelab setups, and best practices at scale at our 24-hour virtual knowledge sharing event. Register
Vault
Vault Home

AWS secret import source

Use the AWS source to import secret data from AWS Secret Manager into your Vault instance.

Argument reference

Refer to the HCL syntax for arguments common to all source types.

Additional arguments

  • credentials_profile (string: "") - The name of the profile in your credentials file to authenticate with. If not set, Vault uses the default credential provider mechanisms.

Example

Define and configure the my-aws-source-1 AWS source:

source_aws {
  name = "my-aws-source-1"
}

Permissions

To use AWS import, you must grant the associated AWS identity permissions to read secrets:

"secretsmanager:DescribeSecret",
"secretsmanager:GetSecretValue",
"secretsmanager:BatchGetSecretValue",
"secretsmanager:ListSecrets",
Edit this page on GitHub