#!/bin/bash

# A script to create and retrieve a secret in AWS Secrets Manager using AWS CLI.

# --- Configuration ---
REGION="us-east-1"
SECRET_NAME="MyCLIAppSecret"
SECRET_VALUE="MySuperSecretValue123!"
SECRET_DESCRIPTION="Secret for my CLI application"

# --- 1. Create Secret ---
echo "--- Creating Secrets Manager secret: $SECRET_NAME ---"
SECRET_ARN=$(aws secretsmanager create-secret \
  --name $SECRET_NAME \
  --secret-string "$SECRET_VALUE" \
  --description "$SECRET_DESCRIPTION" \
  --region $REGION \
  --query 'ARN' --output text)

echo "Secret '$SECRET_NAME' created with ARN: $SECRET_ARN"

# --- 2. Get Secret Value ---
echo -e "\n--- Getting secret value for: $SECRET_NAME ---"
SECRET_RETRIEVED_VALUE=$(aws secretsmanager get-secret-value \
  --secret-id $SECRET_NAME \
  --region $REGION \
  --query 'SecretString' --output text)

echo "Retrieved secret value: $SECRET_RETRIEVED_VALUE"

echo -e "\n--- Secrets Manager demonstration complete! ---"
read -p "Press Enter to delete the secret..."

# --- Clean Up ---
echo -e "\n--- Cleaning up resources ---"

# Delete Secret
echo "Deleting secret '$SECRET_NAME' நான"
aws secretsmanager delete-secret \
  --secret-id $SECRET_NAME \
  --force-delete-without-recovery \
  --region $REGION

echo "Secret deleted."

echo -e "\n--- Secrets Manager demonstration and cleanup complete ---"