package awssecretsmanager

gocloud.dev – gocloud.dev/runtimevar/awssecretsmanager Index | Examples | Files

package awssecretsmanager

import "gocloud.dev/runtimevar/awssecretsmanager"

Package awssecretsmanager provides a runtimevar implementation with variables read from AWS Secrets Manager (https://aws.amazon.com/secrets-manager) Use OpenVariable to construct a *runtimevar.Variable.

URLs

For runtimevar.OpenVariable, awssecretsmanager registers for the scheme "awssecretsmanager". The default URL opener will use an AWS session with the default credentials and configuration.

To customize the URL opener, or for more details on the URL format, see URLOpener. See https://gocloud.dev/concepts/urls/ for background information.

As

awssecretsmanager exposes the following types for As:

Snapshot: *secretsmanager.GetSecretValueOutput, *secretsmanager.DescribeSecretOutput
Error: any error type returned by the service, notably smithy.APIError

Example (OpenVariableFromURL)¶

Code:play

package main

import (
	"context"
	"log"

	"gocloud.dev/runtimevar"
)

func main() {
	// PRAGMA: This example is used on gocloud.dev; PRAGMA comments adjust how it is shown and can be ignored.
	// PRAGMA: On gocloud.dev, add a blank import: _ "gocloud.dev/runtimevar/awssecretsmanager"
	// PRAGMA: On gocloud.dev, hide lines until the next blank line.
	ctx := context.Background()

	// runtimevar.OpenVariable creates a *runtimevar.Variable from a URL.
	// `secret-variable-name` must be a friendly name of the secret, NOT the Amazon Resource Name (ARN).
	v, err := runtimevar.OpenVariable(ctx, "awssecretsmanager://secret-variable-name?region=us-east-2&decoder=string")
	if err != nil {
		log.Fatal(err)
	}
	defer v.Close()
}

Index ¶

Constants
Variables
func Dial(cfg aws.Config) *secretsmanager.Client
func OpenVariable(client *secretsmanager.Client, name string, decoder *runtimevar.Decoder, opts *Options) (*runtimevar.Variable, error)
type Options
type URLOpener

func (o *URLOpener) OpenVariableURL(ctx context.Context, u *url.URL) (*runtimevar.Variable, error)

Constants ¶

const Scheme = "awssecretsmanager"

Scheme is the URL scheme awssecretsmanager registers its URLOpener under on runtimevar.DefaultMux.

Variables ¶

var OpenVariableV2 = OpenVariable

var Set = wire.NewSet(
	Dial,
)

Set holds Wire providers for this package.

Functions ¶

func Dial ¶

func Dial(cfg aws.Config) *secretsmanager.Client

Dial gets an AWS secretsmanager service client using the AWS SDK V2.

func OpenVariable ¶

func OpenVariable(client *secretsmanager.Client, name string, decoder *runtimevar.Decoder, opts *Options) (*runtimevar.Variable, error)

OpenVariable constructs a *runtimevar.Variable backed by the variable name in AWS Secrets Manager, using AWS SDK V2. A friendly name of the secret must be specified. You can NOT specify the Amazon Resource Name (ARN). Secrets Manager returns raw bytes; provide a decoder to decode the raw bytes into the appropriate type for runtimevar.Snapshot.Value. See the runtimevar package documentation for examples of decoders.

Example¶

Code:play

package main

import (
	"context"
	"log"

	"github.com/aws/aws-sdk-go-v2/config"
	"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
	"gocloud.dev/runtimevar"
	"gocloud.dev/runtimevar/awssecretsmanager"
)

func main() {
	// PRAGMA: This example is used on gocloud.dev; PRAGMA comments adjust how it is shown and can be ignored.

	// Establish a AWS V2 Config.
	// See https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/ for more info.
	ctx := context.Background()
	cfg, err := config.LoadDefaultConfig(ctx)
	if err != nil {
		log.Fatal(err)
	}

	// Construct a *runtimevar.Variable that watches the variable.
	// `secret-variable-name` must be a friendly name of the secret, NOT the Amazon Resource Name (ARN).
	client := secretsmanager.NewFromConfig(cfg)
	v, err := awssecretsmanager.OpenVariable(client, "secret-variable-name", runtimevar.StringDecoder, nil)
	if err != nil {
		log.Fatal(err)
	}
	defer v.Close()
}

Types ¶

type Options ¶

type Options struct {
	// WaitDuration controls the rate at which AWS Secrets Manager is polled.
	// Defaults to 30 seconds.
	WaitDuration time.Duration
}

Options sets options.

type URLOpener ¶

type URLOpener struct {
	// Decoder specifies the decoder to use if one is not specified in the URL.
	// Defaults to runtimevar.BytesDecoder.
	Decoder *runtimevar.Decoder

	// Options specifies the options to pass to New.
	Options Options
}

URLOpener opens AWS Secrets Manager URLs like "awssecretsmanager://my-secret-var-name". A friendly name of the secret must be specified. You can NOT specify the Amazon Resource Name (ARN).

See https://pkg.go.dev/gocloud.dev/aws#V2ConfigFromURLParams.

In addition, the following URL parameters are supported:

decoder: The decoder to use. Defaults to URLOpener.Decoder, or runtimevar.BytesDecoder if URLOpener.Decoder is nil. See runtimevar.DecoderByName for supported values.
wait: The poll interval, in time.ParseDuration formats. Defaults to 30s.

func (*URLOpener) OpenVariableURL ¶

func (o *URLOpener) OpenVariableURL(ctx context.Context, u *url.URL) (*runtimevar.Variable, error)

OpenVariableURL opens the variable at the URL's path. See the package doc for more details.

Source Files ¶

awssecretsmanager.go

Version: v0.42.0 (latest)
Published: Jun 28, 2025
Platform: linux/amd64
Imports: 17 packages
Last checked: 4 hours ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples