This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html).

# AWS::DataSync::LocationObjectStorage CmkSecretConfig
<a name="aws-properties-datasync-locationobjectstorage-cmksecretconfig"></a>

Specifies configuration information for a DataSync-managed secret, such as an authentication token, secret key, password, or Kerberos keytab that DataSync uses to access a specific storage location, with a customer-managed AWS KMS key.

**Note**  
You can use either `CmkSecretConfig` or `CustomSecretConfig` to provide credentials for a `CreateLocation` request. Do not provide both parameters for the same request.

## Syntax
<a name="aws-properties-datasync-locationobjectstorage-cmksecretconfig-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-datasync-locationobjectstorage-cmksecretconfig-syntax.json"></a>

```
{
  "[KmsKeyArn](#cfn-datasync-locationobjectstorage-cmksecretconfig-kmskeyarn)" : String,
  "[SecretArn](#cfn-datasync-locationobjectstorage-cmksecretconfig-secretarn)" : String
}
```

### YAML
<a name="aws-properties-datasync-locationobjectstorage-cmksecretconfig-syntax.yaml"></a>

```
  [KmsKeyArn](#cfn-datasync-locationobjectstorage-cmksecretconfig-kmskeyarn): String
  [SecretArn](#cfn-datasync-locationobjectstorage-cmksecretconfig-secretarn): String
```

## Properties
<a name="aws-properties-datasync-locationobjectstorage-cmksecretconfig-properties"></a>

`KmsKeyArn`  <a name="cfn-datasync-locationobjectstorage-cmksecretconfig-kmskeyarn"></a>
Specifies the ARN for the customer-managed AWS KMS key that DataSync uses to encrypt the DataSync-managed secret stored for `SecretArn`. DataSync provides this key to AWS Secrets Manager.  
*Required*: No  
*Type*: String  
*Pattern*: `^(arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):kms:[a-z-0-9]+:[0-9]{12}:key/.*|)$`  
*Maximum*: `2048`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`SecretArn`  <a name="cfn-datasync-locationobjectstorage-cmksecretconfig-secretarn"></a>
Specifies the ARN for the DataSync-managed AWS Secrets Manager secret that that is used to access a specific storage location. This property is generated by DataSync and is read-only. DataSync encrypts this secret with the KMS key that you specify for `KmsKeyArn`.  
*Required*: No  
*Type*: String  
*Pattern*: `^(arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):secretsmanager:[a-z-0-9]+:[0-9]{12}:secret:.*|)$`  
*Maximum*: `2048`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)