Minimum permissions required to retrive credentials for secret manager for particular prefix in AWS
Specific prefix based permissions
To retrieve a secret in the console, you must have these permissions:
secretsmanager:ListSecrets– Use to navigate to the secret to retrieve.
secretsmanager:DescribeSecret— Use to retrieve the non-encrypted parts of the secret.
secretsmanager:GetSecretValue– Use to retrieve the encrypted part of the secret.
kms:Decrypt– Required only if you used a custom AWS KMS customer master key (CMK) to encrypt your secret.