AmazonSecrets Class

Properties   Methods   Events   Configuration Settings   Errors  

The AmazonSecrets class provides an easy-to-use interface for Amazon's Secrets Manager service.

Class Name


Procedural Interface

 cloudkeys_amazonsecrets_register_callback($res, $id, $function);
 cloudkeys_amazonsecrets_set($res, $id, $index, $value);
 cloudkeys_amazonsecrets_get($res, $id, $index);
 cloudkeys_amazonsecrets_do_addqueryparam($res, $name, $value);
 cloudkeys_amazonsecrets_do_canceldeletion($res, $secretid);
 cloudkeys_amazonsecrets_do_config($res, $configurationstring);
 cloudkeys_amazonsecrets_do_createsecret($res, $secretname, $description);
 cloudkeys_amazonsecrets_do_createversion($res, $secretid, $staginglabels);
 cloudkeys_amazonsecrets_do_deletesecret($res, $secretid, $daystowait);
 cloudkeys_amazonsecrets_do_genrandompassword($res, $length, $lowercase, $uppercase, $numbers, $punctuation, $spaces, $excludechars, $requireeach);
 cloudkeys_amazonsecrets_do_getsecret($res, $secretid, $versionid, $staginglabel);
 cloudkeys_amazonsecrets_do_getsecretinfo($res, $secretid);
 cloudkeys_amazonsecrets_do_listversions($res, $secretid);
 cloudkeys_amazonsecrets_do_movestaginglabel($res, $secretid, $staginglabel, $fromversionid, $toversionid);
 cloudkeys_amazonsecrets_do_sendcustomrequest($res, $action, $body);
 cloudkeys_amazonsecrets_do_updatesecret($res, $secretid, $description);


The AmazonSecrets class makes it easy to work with the Amazon Secrets Manager service in a secure manner using TLS. Amazon Secrets Manager allows you to securely store secrets (e.g., passwords, symmetric keys, etc.) in the cloud so that the aren't persisted locally. This class helps you to create, manage, and access those secrets.

To begin, register for an AWS account and obtain an AccessKey and SecretKey to use for authentication.

Resource Terminology

A secret in Amazon Secrets Manager is a container for one or more secret versions, which is where secret data is actually stored. Each secret version can have between zero and 20 staging labels attached to it at any given time.

A staging label is a simple string that can be used instead of a version Id to refer to a particular secret version when retrieving secret data. A staging label can only be attached to one version of a secret at any given time. The server ensures that there is always exactly one version of a secret with the special staging label AWSCURRENT, but otherwise you are free to apply any staging labels to any secret versions you choose.

Secret versions that do not have any staging labels attached to them are considered deprecated, and the server may delete them at any time without warning. Deprecated secret versions are not shown in a secret's version list unless explicitly asked for.

Using the Class

The CreateSecret method will create a new secret with an initial secret version that holds the specified secret data. To change a secret's data, create a new version of it using the CreateVersion method.

To retrieve a secret's data, call the GetSecret method, and specify the specific version (either by Id or using a staging label) whose data should be retrieved. If no particular version is specified, the version with the AWSCURRENT staging label is used.

Secrets that will no longer be used can be deleted using the DeleteSecret method, either immediately or after a waiting period. If a secret is scheduled for deletion later, then during said waiting period the deletion can be canceled using CancelDeletion.

// Creates a new secret with the textual data "Test123" named MySecret.
// The initial secret version will have only the "AWSCURRENT" staging label.
amazonsecrets.SecretString = "Test123";
amazonsecrets.CreateSecret("MySecret", "A description of my secret.");

// Creates a new secret version with the textual data "Cats456" and 
// attaches the staging labels "AWSCURRENT" (which gets moved from the previous version)
// and "best-version" to it.
amazonsecrets.SecretString = "Cats456";
amazonsecrets.CreateVersion("MySecret", "AWSCURRENT,best-version");

// Downloads the latest secret version's data to a local file.
amazonsecrets.LocalFile = "C:\temp\secret.txt";
amazonsecrets.GetSecret("MySecret", "", "");

// Schedules the secret, and all its versions, for deletion after 10 days.
amazonsecrets.DeleteSecret("MySecret", 10);

// Cancels the scheduled deletion.

To list secrets, use the ListSecrets method. To list a secret's versions, use the ListVersions method.

// If there are many secrets to list, there may be multiple pages of results. This will
// cause all pages of results to be accumulated into the Secrets collection property.
do {
} while (!string.IsNullOrEmpty(amazonsecrets.SecretMarker));

// A similar thing applies to secret versions as well.
do {
} while (!string.IsNullOrEmpty(amazonsecrets.VersionMarker));

The class also supports other functionality, including:

Property List

The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

AccessKeyThe access key to use for authentication.
FirewallAutoDetectThis property tells the class whether or not to automatically detect and use firewall system settings, if available.
FirewallTypeThis property determines the type of firewall to connect through.
FirewallHostThis property contains the name or IP address of firewall (optional).
FirewallPasswordThis property contains a password if authentication is to be used when connecting through the firewall.
FirewallPortThis property contains the TCP port for the firewall Host .
FirewallUserThis property contains a user name if authentication is to be used connecting through a firewall.
IdleThe current status of the class.
LocalFileThe local file to write data to, or whose data should be sent.
LocalHostThe name of the local host or user-assigned IP interface through which connections are initiated or accepted.
OtherHeadersOther headers as determined by the user (optional).
OverwriteWhether the local file should be overwritten if necessary.
ParsedHeaderCountThe number of records in the ParsedHeader arrays.
ParsedHeaderFieldThis property contains the name of the HTTP header (same case as it is delivered).
ParsedHeaderValueThis property contains the header contents.
ProxyAuthSchemeThis property is used to tell the class which type of authorization to perform when connecting to the proxy.
ProxyAutoDetectThis property tells the class whether or not to automatically detect and use proxy system settings, if available.
ProxyPasswordThis property contains a password if authentication is to be used for the proxy.
ProxyPortThis property contains the TCP port for the proxy Server (default 80).
ProxyServerIf a proxy Server is given, then the HTTP request is sent to the proxy instead of the server otherwise specified.
ProxySSLThis property determines when to use SSL for the connection to the proxy.
ProxyUserThis property contains a user name, if authentication is to be used for the proxy.
QueryParamCountThe number of records in the QueryParam arrays.
QueryParamNameThe name of the query parameter.
QueryParamValueThe value of the query parameter.
RegionThe region that the class will make requests against.
SecretDataThe binary secret data that was retrieved or that should be sent.
SecretKeyThe secret key to use for authentication.
SecretMarkerA marker indicating what page of secrets to return next.
SecretCountThe number of records in the Secret arrays.
SecretARNThe Amazon resource name (ARN) of the secret.
SecretCreationDateThe creation date of the secret.
SecretDeletionDateThe deletion date of the secret.
SecretDescriptionThe secret's description.
SecretKMSKeyIdThe ARN or alias of the Amazon KMS CMK used to encrypt the secret.
SecretLastAccessDateThe last access date of the secret.
SecretLastChangeDateThe last change date of the secret.
SecretNameThe name of the secret.
SecretOwningServiceThe name of the service that created the secret.
SecretStringThe textual secret data that was retrieved or that should be sent.
SSLAcceptServerCertEncodedThe certificate (PEM/base64 encoded).
SSLCertEncodedThe certificate (PEM/base64 encoded).
SSLCertStoreThe name of the certificate store for the client certificate.
SSLCertStorePasswordIf the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store.
SSLCertStoreTypeThe type of certificate store for this certificate.
SSLCertSubjectThe subject of the certificate used for client authentication.
SSLServerCertEncodedThe certificate (PEM/base64 encoded).
TimeoutA timeout for the class.
VersionMarkerA marker indicating what page of secret versions to return next.
VersionCountThe number of records in the Version arrays.
VersionCreationDateThe creation date of the secret version.
VersionLastAccessDateThe last access date of the secret version.
VersionSecretARNThe Amazon resource name (ARN) of the secret this is a version of.
VersionSecretNameThe name of the secret that this is a version of.
VersionStagingLabelsThe staging labels attached to the secret version.
VersionVersionIdThe Id of the secret version.

Method List

The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

AddQueryParamAdds a query parameter to the QueryParams properties.
CancelDeletionCancels the deletion of a secret.
ConfigSets or retrieves a configuration setting.
CreateSecretCreates a new secret.
CreateVersionCreates a new secret version.
DeleteSecretDeletes a secret and all of its versions.
DoEventsProcesses events from the internal message queue.
GenRandomPasswordReturns a server-generated random password that complies with the given criteria.
GetSecretRetrieves a secret version's data.
GetSecretInfoGets information about a secret.
ListSecretsLists secrets in the current account and region.
ListVersionsList the secret versions for the specified secret.
MoveStagingLabelAdds, removes, or moves a staging label.
ResetResets the class to its initial state.
SendCustomRequestSends a custom request to the server.
UpdateSecretUpdates a secret's information.

Event List

The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

EndTransferFired when a document finishes transferring.
ErrorInformation about errors during data delivery.
HeaderFired every time a header line comes in.
LogFires once for each log message.
SecretListFires once for each secret when listing secrets.
SSLServerAuthenticationFired after the server presents its certificate to the client.
SSLStatusShows the progress of the secure connection.
StartTransferFired when a document starts transferring (after the headers).
TransferFired while a document transfers (delivers document).
VersionListFires once for each secret version when listing secret versions.

Configuration Settings

The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.

AccumulatePagesWhether the class should accumulate subsequent pages of results when listing them.
AlwaysParseVersionsWhether to parse version information when listing secrets.
AWSProfileThe name of the AWS CLI profile that the class should use to obtain authentication and region information.
AWSProfileDirThe location of the AWS CLI credentials and config files.
IncludeDeletedWhether to include secrets scheduled for deletion when listing secrets.
IncludeDeprecatedWhether to include deprecated version when listing versions.
KMSKeyIdThe Id of the Amazon KMS CMK that should be used to encrypt a secret.
MaxSecretsThe maximum number of results to return when listing secrets.
PreferBinaryWhether the class should treat secret data as binary or textual in ambiguous situations.
RawRequestReturns the data that was sent to the server.
RawResponseReturns the data that was received from the server.
SessionTokenThe session token to send in the request when using temporary credentials.
UseEC2RoleCredentialsWhether to authenticate requests with credentials obtained from the IAM role attached to the EC2 instance.
UseFIPSEndpointWhether to use the FIPs endpoint to communicate with the server.
XChildCountThe number of child elements of the current element.
XChildName[i]The name of the child element.
XChildXText[i]The inner text of the child element.
XElementThe name of the current element.
XParentThe parent of the current element.
XPathProvides a way to point to a specific element in the returned XML or JSON response.
XSubTreeA snapshot of the current element in the document.
XTextThe text of the current element.
AcceptEncodingUsed to tell the server which types of content encodings the client supports.
AllowHTTPCompressionThis property enables HTTP compression for receiving data.
AllowHTTPFallbackWhether HTTP/2 connections are permitted to fallback to HTTP/1.1.
AppendWhether to append data to LocalFile.
AuthorizationThe Authorization string to be sent to the server.
BytesTransferredContains the number of bytes transferred in the response data.
ChunkSizeSpecifies the chunk size in bytes when using chunked encoding.
CompressHTTPRequestSet to true to compress the body of a PUT or POST request.
EncodeURLIf set to true the URL will be encoded by the class.
FollowRedirectsDetermines what happens when the server issues a redirect.
GetOn302RedirectIf set to true the class will perform a GET on the new location.
HTTP2HeadersWithoutIndexingHTTP2 headers that should not update the dynamic header table with incremental indexing.
HTTPVersionThe version of HTTP used by the class.
IfModifiedSinceA date determining the maximum age of the desired document.
KeepAliveDetermines whether the HTTP connection is closed after completion of the request.
KerberosSPNThe Service Principal Name for the Kerberos Domain Controller.
LogLevelThe level of detail that is logged.
MaxRedirectAttemptsLimits the number of redirects that are followed in a request.
NegotiatedHTTPVersionThe negotiated HTTP version.
OtherHeadersOther headers as determined by the user (optional).
ProxyAuthorizationThe authorization string to be sent to the proxy server.
ProxyAuthSchemeThe authorization scheme to be used for the proxy.
ProxyPasswordA password if authentication is to be used for the proxy.
ProxyPortPort for the proxy server (default 80).
ProxyServerName or IP address of a proxy server (optional).
ProxyUserA user name if authentication is to be used for the proxy.
SentHeadersThe full set of headers as sent by the client.
StatusLineThe first line of the last response from the server.
TransferredDataThe contents of the last response from the server.
TransferredDataLimitThe maximum number of incoming bytes to be stored by the class.
TransferredHeadersThe full set of headers as received from the server.
TransferredRequestThe full request as sent by the client.
UseChunkedEncodingEnables or Disables HTTP chunked encoding for transfers.
UseIDNsWhether to encode hostnames to internationalized domain names.
UsePlatformHTTPClientWhether or not to use the platform HTTP client.
UserAgentInformation about the user agent (browser).
ConnectionTimeoutSets a separate timeout value for establishing a connection.
FirewallAutoDetectTells the class whether or not to automatically detect and use firewall system settings, if available.
FirewallHostName or IP address of firewall (optional).
FirewallPasswordPassword to be used if authentication is to be used when connecting through the firewall.
FirewallPortThe TCP port for the FirewallHost;.
FirewallTypeDetermines the type of firewall to connect through.
FirewallUserA user name if authentication is to be used connecting through a firewall.
KeepAliveIntervalThe retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received.
KeepAliveTimeThe inactivity time in milliseconds before a TCP keep-alive packet is sent.
LingerWhen set to True, connections are terminated gracefully.
LingerTimeTime in seconds to have the connection linger.
LocalHostThe name of the local host through which connections are initiated or accepted.
LocalPortThe port in the local host where the class binds.
MaxLineLengthThe maximum amount of data to accumulate when no EOL is found.
MaxTransferRateThe transfer rate limit in bytes per second.
ProxyExceptionsListA semicolon separated list of hosts and IPs to bypass when using a proxy.
TCPKeepAliveDetermines whether or not the keep alive socket option is enabled.
TcpNoDelayWhether or not to delay when sending packets.
UseIPv6Whether to use IPv6.
LogSSLPacketsControls whether SSL packets are logged when using the internal security API.
OpenSSLCADirThe path to a directory containing CA certificates.
OpenSSLCAFileName of the file containing the list of CA's trusted by your application.
OpenSSLCipherListA string that controls the ciphers to be used by SSL.
OpenSSLPrngSeedDataThe data to seed the pseudo random number generator (PRNG).
ReuseSSLSessionDetermines if the SSL session is reused.
SSLCACertFilePathsThe paths to CA certificate files on Unix/Linux.
SSLCACertsA newline separated list of CA certificate to use during SSL client authentication.
SSLCheckCRLWhether to check the Certificate Revocation List for the server certificate.
SSLCipherStrengthThe minimum cipher strength used for bulk encryption.
SSLEnabledCipherSuitesThe cipher suite to be used in an SSL negotiation.
SSLEnabledProtocolsUsed to enable/disable the supported security protocols.
SSLEnableRenegotiationWhether the renegotiation_info SSL extension is supported.
SSLIncludeCertChainWhether the entire certificate chain is included in the SSLServerAuthentication event.
SSLNegotiatedCipherReturns the negotiated ciphersuite.
SSLNegotiatedCipherStrengthReturns the negotiated ciphersuite strength.
SSLNegotiatedCipherSuiteReturns the negotiated ciphersuite.
SSLNegotiatedKeyExchangeReturns the negotiated key exchange algorithm.
SSLNegotiatedKeyExchangeStrengthReturns the negotiated key exchange algorithm strength.
SSLNegotiatedProtocolReturns the negotiated protocol version.
SSLProviderThe name of the security provider to use.
SSLSecurityFlagsFlags that control certificate verification.
SSLServerCACertsA newline separated list of CA certificate to use during SSL server certificate validation.
TLS12SignatureAlgorithmsDefines the allowed TLS 1.2 signature algorithms when UseInternalSecurityAPI is True.
TLS12SupportedGroupsThe supported groups for ECC.
TLS13KeyShareGroupsThe groups for which to pregenerate key shares.
TLS13SignatureAlgorithmsThe allowed certificate signature algorithms.
TLS13SupportedGroupsThe supported groups for (EC)DHE key exchange.
AbsoluteTimeoutDetermines whether timeouts are inactivity timeouts or absolute timeouts.
FirewallDataUsed to send extra data to the firewall.
InBufferSizeThe size in bytes of the incoming queue of the socket.
OutBufferSizeThe size in bytes of the outgoing queue of the socket.
BuildInfoInformation about the product's build.
CodePageThe system code page used for Unicode to Multibyte translations.
LicenseInfoInformation about the current license.
ProcessIdleEventsWhether the class uses its internal event loop to process events when the main thread is idle.
SelectWaitMillisThe length of time in milliseconds the class will wait when DoEvents is called if there are no events to process.
UseInternalSecurityAPITells the class whether or not to use the system security libraries or an internal implementation.

Copyright (c) 2022 /n software inc. - All rights reserved.
Cloud Keys 2020 PHP Edition - Version 20.0 [Build 8157]