aws-get-secret () {
  local secret_id="${1}"

  if [[ -z "$secret_id" ]]; then
    secret_id=$(aws secretsmanager list-secrets \
      # build a tsv w/ name and date
      | jq -r '.SecretList | sort_by(.Name) | .[] | [.Name,.LastChangedDate] | @tsv' \
      # convert to tsv w/ full name, truncated name, date (no timestamp)
      | awk -F'\t' '{
          full_name = $1;
          truncated_name = substr($1,1,30);
          split($2, date_parts, "T");
          # Output: full_name (for return), truncated_name (for display), date (for display)
          printf "%s\t%-30s\t%s\n", full_name, truncated_name, date_parts[1]
        }' \
      # select via fzf, fields 2 & 3
      | fzf \
        --header="$(printf '%-30s\t%s\n' 'NAME' 'LAST_CHANGED_DATE')" \
        --delimiter='\t' \
        --with-nth=2,3 \
      | awk '{print $1}') \

    [[ -z "$secret_id" ]] && return 1
  fi

  echo "Retrieving secret: $secret_id" >&2
  aws secretsmanager get-secret-value --secret-id "$secret_id" --query SecretString --output text
}
