diff --git a/moto/secretsmanager/models.py b/moto/secretsmanager/models.py index 82989a904..68d561acb 100644 --- a/moto/secretsmanager/models.py +++ b/moto/secretsmanager/models.py @@ -522,9 +522,14 @@ class SecretsManagerBackend(BaseBackend): # We add the new secret version as "pending". The previous version remains # as "current" for now. Once we've passed the new secret through the lambda # rotation function (if provided) we can then update the status to "current". + old_secret_version_secret_string = ( + old_secret_version["secret_string"] + if "secret_string" in old_secret_version + else None + ) self._add_secret( secret_id, - old_secret_version["secret_string"], + old_secret_version_secret_string, description=secret.description, tags=secret.tags, version_id=new_version_id, diff --git a/tests/test_secretsmanager/test_secretsmanager.py b/tests/test_secretsmanager/test_secretsmanager.py index 2017350d1..579b0dcf1 100644 --- a/tests/test_secretsmanager/test_secretsmanager.py +++ b/tests/test_secretsmanager/test_secretsmanager.py @@ -644,6 +644,22 @@ def test_rotate_secret(): assert describe_secret["Description"] == "foodescription" +@mock_secretsmanager +def test_rotate_secret_without_secretstring(): + conn = boto3.client("secretsmanager", region_name="us-west-2") + conn.create_secret(Name=DEFAULT_SECRET_NAME, Description="foodescription") + + rotated_secret = conn.rotate_secret(SecretId=DEFAULT_SECRET_NAME) + + assert rotated_secret + assert rotated_secret["ARN"] == rotated_secret["ARN"] + assert rotated_secret["Name"] == DEFAULT_SECRET_NAME + assert rotated_secret["VersionId"] == rotated_secret["VersionId"] + + describe_secret = conn.describe_secret(SecretId=DEFAULT_SECRET_NAME) + assert describe_secret["Description"] == "foodescription" + + @mock_secretsmanager def test_rotate_secret_enable_rotation(): conn = boto3.client("secretsmanager", region_name="us-west-2")