Getting "Could not find a value associated with JSONKey in SecretString" after updating secret
See original GitHub issueDescription
Our SAM template references some secrets, as follow:
FOO_VAR: {{resolve:secretsmanager:FOO_SECRET:SecretString:foo}}
This morning we added a new key in the secret FOO (from console), and we wanted to update our SAM application to use this new key. Also, we removed an unused key. Though, stack deployment fails with the following error:
Could not find a value associated with JSONKey in SecretString
Steps to reproduce
- Create a Secret in SecretManager from AWS Console (
FOO_SECRET) and put one key/value in the secret (foo:bar) - Create a stack using SAM application default template
- Within the template, reference the secret key created in step 1 as follow:
{{resolve:secretsmanager:FOO_SECRET:SecretString:foo}} - Deploy your stack
- Go in SecretsManager from the AWS Console and edit
FOO_SECRETadding the following key:willFail: trueand removing the old one (foo) - Within the template, remove the reference to
fooand add the reference to the newly created secret key from step 5, as follow:{{resolve:secretsmanager:FOO_SECRET:SecretString:willFail}} - Deploy your stack
Observed result
You’ll get Could not find a value associated with JSONKey in SecretString, that (presumably) means that CloudFormation is trying to resolve foo which doesn’t exist anymore.
Expected result
Deployment should work as no more references to foo exist in the template.
Additional environment details (Ex: Windows, Mac, Amazon Linux etc)
- OS: Mac OS 10.15.5
sam --version: SAM CLI, version 0.53.0
Issue Analytics
- State:
- Created 3 years ago
- Reactions:9
- Comments:11
Top Results From Across the Web
Could not find a value associated with JSONKey in SecretString
I want to make RDS and proxy with credential. However, I bumped into this error. 14:32:32 | CREATE_FAILED | AWS::RDS::DBCluster ...
Read more >Getting "Could not find a value associated with JSONKey in ...
Observed result. You'll get Could not find a value associated with JSONKey in SecretString , that (presumably) means that CloudFormation is ...
Read more >Resolve Secrets Manager secret access errors after ... - AWS
"You can't access a secret from a different AWS account if you ... Run the AWS CLI command get-secret-value similar to the following:....
Read more >awslabs/aws-cdk - Gitter
right, ok, so I haven't generated secrets that way... what is the result of ... in which case I don't know how it...
Read more >put-secret-value — AWS CLI 2.9.6 Command Reference
When you update the secret value, Secrets Manager creates a new version of the ... versions when there are more than 100, but...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Found the problem. It was on my secret key. From the console I could clearly see my keys there in the “Secret/Key” tab. So far, so good. When I switched to the “Plaintext” view, this is what I found:
(*) Notice that beautiful and invisible
\tI am facing a similar issue. Had a deployed stack with two keys I then added a prefix to those keys and added two additional keys
Stack fails with
Could not find a value associated with JSONKey in SecretStringA workaround is to temporarily add the old key back, it doesn’t matter what the value is, the key just needs to be there for the stack to update successfully.