如何在AWS Secret Manager中重命名/更新密钥的阶段标签-Java

时间:2019-06-20 13:56:06

标签: amazon-web-services aws-secrets-manager

我将密钥存储在AWS Key Manager中。 旋转后有两个阶段标签AWSCURRENT和AWSPREVIOUS

我们可以将AWSPREVIOUS更新/重命名为TESTJK吗?我尝试下面的代码,但是我没有抛出任何错误,但是它没有达到我的期望

我期望的是

将AWSPREVIOUS重命名为TESTJK并保持秘密值

        GetSecretValueRequest getSecretValueRequest = new GetSecretValueRequest().withSecretId(secretKey)
            .withVersionStage("AWSPREVIOUS");
        GetSecretValueResult getSecretValueResult = client.getSecretValue(getSecretValueRequest);

        log.info("jkdata ww {}", getSecretValueResult.getSecretString());
        log.info("verison id{}", getSecretValueResult.getVersionId());

        UpdateSecretVersionStageRequest updateSecretVersionStageRequest = new UpdateSecretVersionStageRequest()
            .withSecretId(secretKey)
            .withMoveToVersionId(getSecretValueResult.getVersionId())
            .withRemoveFromVersionId(getSecretValueResult.getVersionId());
        client.updateSecretVersionStage(updateSecretVersionStageRequest).setName("TESTJK");

期望的是:

它将把AWSPREVIOUS重命名为TESTJK,因此下次如果我使用AWSPREVIOUS查询,我将得到错误,如果我使用TESTJK查询,我应该获得秘密值。

当前:我正在为AWSPREVIOUS获得价值,但为TESTJK报错

com.amazonaws.services.secretsmanager.model.ResourceNotFoundException: Secrets Manager can’t find the specified secret value for staging label: TESTJK (Service: AWSSecretsManager; Status Code: 400; Error Code: ResourceNotFoundException; Request ID: 4c15706e-e1bd-424a-ba03-4914e6523a34)

1 个答案:

答案 0 :(得分:1)

这将需要两个api请求。第一个采用AWSPREVIOUS的版本ID,并将其分配给'TESTJK':

GetSecretValueRequest getSecretValueRequest = new GetSecretValueRequest()
.withSecretId(secretKey)
.withVersionStage("AWSPREVIOUS");

GetSecretValueResult getSecretValueResult = client.getSecretValue(getSecretValueRequest);

UpdateSecretVersionStageRequest updateSecretVersionStageRequest = new UpdateSecretVersionStageRequest()
            .withSecretId(secretKey)
            .withVersionStage("TESTJK")
            .withMoveToVersionId(getSecretValueResult.getVersionId())
        client.updateSecretVersionStage(updateSecretVersionStageRequest);

这时,您可以将两个阶段都与相同的versionId关联,或者可以删除AWSPREVIOUS版本阶段:

UpdateSecretVersionStageRequest updateSecretVersionStageRequest = new UpdateSecretVersionStageRequest()
            .withSecretId(secretKey)
            .withVersionStage("AWSPREVIOUS")
            .withRemoveFromVersionId(getSecretValueResult.getVersionId())
        client.updateSecretVersionStage(updateSecretVersionStageRequest);
相关问题
最新问题