Secrets Manager

Secrets, versioning, rotation via Lambda, replication.

fakecloud implements 23 of 23 Secrets Manager operations at 100% Smithy conformance.

Supported features

Secrets — CRUD, tags, resource-based policies
Versioning — stages (AWSCURRENT, AWSPREVIOUS, AWSPENDING), version IDs, explicit version retrieval
Soft delete — DeleteSecret with recovery window, RestoreSecret
Rotation — RotateSecret invokes a Lambda function through all 4 steps (createSecret, setSecret, testSecret, finishSecret)
Automatic rotation scheduling — via /_fakecloud/secretsmanager/rotation-scheduler/tick
Replication — replica regions tracked in state, not actually replicated
Random password generation — GetRandomPassword with full character class support

JSON protocol. X-Amz-Target header, JSON body, JSON responses.

POST /_fakecloud/secretsmanager/rotation-scheduler/tick — trigger rotation for secrets whose schedule is due

Secrets Manager -> Lambda — Rotation invokes the configured Lambda for all 4 rotation steps