packer-cn/website/pages/docs/from-1.5/functions/contextual/aws_secretsmanager.mdx

---
layout: docs
page_title: aws_secretsmanager - Functions - Configuration Language
sidebar_title: aws_secretsmanager
description: The aws_secretsmanager function retrieves secrets from Amazon secretsmanager stores.
---


# `aws_secretsmanager_key` Function

Secrets can be read from the [AWS Secrets
Manager](https://aws.amazon.com/secrets-manager/) and used within your template
as locals.

```hcl
aws_secretsmanager(name, key)
```

When key is not set (`null` or empty: `""`) then `aws_secretsmanager` returns
the first secret key stored in secret `name` using the `AWSCURRENT`.

You can either use this function in a `locals` block or directly inline where
you want to use the value.

```hcl
locals {
  // null is equivalent to "AWSCURRENT"
  current_version = aws_secretsmanager("my_secret", null)
}

source "null" "first-example" {
  communicator = "none"
}

build {
  name = "my-build-name"
  sources = ["null.first-example"]

  provisioner "shell-local" {
    environment_vars = ["TESTVAR=${build.PackerRunUUID}"]
    inline = ["echo current version is '${local.current_version}'",
              "echo previous version is '${aws_secretsmanager("my_secret", "AWSPREVIOUS")}'."]
  }
}
```

This will load the key stored at behind `my_secret` from aws secrets manager.


In order to use this function you have to configure valid AWS credentials using
one of the following methods:

- [Environment Variables](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html)
- [CLI Configuration Files](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html)
- [Container Credentials](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html)
- [Instance Profile Credentials](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html)