ISecret (software.amazon.awscdk:aws-cdk-lib 2.0.0-rc.10 API)

All Superinterfaces:

software.constructs.IConstruct, software.constructs.IDependable, IResource, software.amazon.jsii.JsiiSerializable

All Known Subinterfaces:

ISecret.Jsii$Default, ISecretTargetAttachment, ISecretTargetAttachment.Jsii$Default

All Known Implementing Classes:

DatabaseSecret, DatabaseSecret, ISecret.Jsii$Proxy, ISecretTargetAttachment.Jsii$Proxy, Secret, SecretTargetAttachment
```
@Generated(value="jsii-pacmak/1.30.0 (build adae23f)",
           date="2021-06-30T10:01:38.269Z")
 @Stability(value=Experimental)
public interface ISecret
extends software.amazon.jsii.JsiiSerializable, IResource
```
(experimental) A secret in AWS Secrets Manager.

Nested Class Summary

Nested Classes
Modifier and Type	Interface and Description
`static interface`	`ISecret.Jsii$Default` Internal default implementation for `ISecret`.
`static class`	`ISecret.Jsii$Proxy` A proxy class which represents a concrete javascript instance of this type.

Method Summary

All Methods Instance Methods Abstract Methods Default Methods
Modifier and Type	Method and Description
`RotationSchedule`	`addRotationSchedule(String id, RotationScheduleOptions options)` (experimental) Adds a rotation schedule to the secret.
`AddToResourcePolicyResult`	`addToResourcePolicy(PolicyStatement statement)` (experimental) Adds a statement to the IAM resource policy associated with this secret.
`ISecret`	`attach(ISecretAttachmentTarget target)` (experimental) Attach a target to this secret.
`void`	`denyAccountRootDelete()` (experimental) Denies the `DeleteSecret` action to all principals within the current account.
`default IKey`	`getEncryptionKey()` (experimental) The customer-managed encryption key that is used to encrypt this secret, if any.
`String`	`getSecretArn()` (experimental) The ARN of the secret in AWS Secrets Manager.
`default String`	`getSecretFullArn()` (experimental) The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.
`String`	`getSecretName()` (experimental) The name of the secret.
`SecretValue`	`getSecretValue()` (experimental) Retrieve the value of the stored secret as a `SecretValue`.
`Grant`	`grantRead(IGrantable grantee)` (experimental) Grants reading the secret value to some role.
`Grant`	`grantRead(IGrantable grantee, List<String> versionStages)` (experimental) Grants reading the secret value to some role.
`Grant`	`grantWrite(IGrantable grantee)` (experimental) Grants writing and updating the secret value to some role.
`SecretValue`	`secretValueFromJson(String key)` (experimental) Interpret the secret as a JSON object and return a field's value from it as a `SecretValue`.

Methods inherited from interface software.amazon.awscdk.IResource
getEnv, getStack

Methods inherited from interface software.constructs.IConstruct
getNode

Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson

Method Detail

getSecretArn
```
@Stability(value=Experimental)
 @NotNull
String getSecretArn()
```
(experimental) The ARN of the secret in AWS Secrets Manager.
Will return the full ARN if available, otherwise a partial arn. For secrets imported by the deprecated fromSecretName, it will return the secretName.

getSecretName
```
@Stability(value=Experimental)
 @NotNull
String getSecretName()
```
(experimental) The name of the secret.
For "owned" secrets, this will be the full resource name (secret name + suffix), unless the '@aws-cdk/aws-secretsmanager:parseOwnedSecretName' feature flag is set.

getSecretValue
```
@Stability(value=Experimental)
 @NotNull
SecretValue getSecretValue()
```
(experimental) Retrieve the value of the stored secret as a `SecretValue`.

getEncryptionKey
```
@Stability(value=Experimental)
 @Nullable
default IKey getEncryptionKey()
```
(experimental) The customer-managed encryption key that is used to encrypt this secret, if any.
When not specified, the default KMS key for the account and region is being used.

getSecretFullArn
```
@Stability(value=Experimental)
 @Nullable
default String getSecretFullArn()
```
(experimental) The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.
This is equal to secretArn in most cases, but is undefined when a full ARN is not available (e.g., secrets imported by name).

addRotationSchedule

@Stability(value=Experimental)
 @NotNull
RotationSchedule addRotationSchedule(@NotNull
                                                                              String id,
                                                                              @NotNull
                                                                              RotationScheduleOptions options)

(experimental) Adds a rotation schedule to the secret.

Parameters:: id - This parameter is required.; options - This parameter is required.

addToResourcePolicy
```
@Stability(value=Experimental)
 @NotNull
AddToResourcePolicyResult addToResourcePolicy(@NotNull
                                                                                       PolicyStatement statement)
```
(experimental) Adds a statement to the IAM resource policy associated with this secret.
If this secret was created in this stack, a resource policy will be automatically created upon the first call to addToResourcePolicy. If the secret is imported, then this is a no-op.

Parameters:

statement - This parameter is required.

attach

@Stability(value=Experimental)
 @NotNull
ISecret attach(@NotNull
                                                        ISecretAttachmentTarget target)

(experimental) Attach a target to this secret.

Parameters:: target - The target to attach. This parameter is required.
Returns:: An attached secret

denyAccountRootDelete
```
@Stability(value=Experimental)
void denyAccountRootDelete()
```
(experimental) Denies the `DeleteSecret` action to all principals within the current account.

grantRead

@Stability(value=Experimental)
 @NotNull
Grant grantRead(@NotNull
                                                         IGrantable grantee,
                                                         @Nullable
                                                         List<String> versionStages)

(experimental) Grants reading the secret value to some role.

Parameters:: grantee - the principal being granted permission. This parameter is required.; versionStages - the version stages the grant is limited to.

grantRead

@Stability(value=Experimental)
 @NotNull
Grant grantRead(@NotNull
                                                         IGrantable grantee)

(experimental) Grants reading the secret value to some role.

Parameters:: grantee - the principal being granted permission. This parameter is required.

grantWrite

@Stability(value=Experimental)
 @NotNull
Grant grantWrite(@NotNull
                                                          IGrantable grantee)

(experimental) Grants writing and updating the secret value to some role.

Parameters:: grantee - the principal being granted permission. This parameter is required.

secretValueFromJson

@Stability(value=Experimental)
 @NotNull
SecretValue secretValueFromJson(@NotNull
                                                                         String key)

(experimental) Interpret the secret as a JSON object and return a field's value from it as a `SecretValue`.

Parameters:: key - This parameter is required.

Interface ISecret

Nested Class Summary

Method Summary

Methods inherited from interface software.amazon.awscdk.IResource

Methods inherited from interface software.constructs.IConstruct

Methods inherited from interface software.amazon.jsii.JsiiSerializable

Method Detail

getSecretArn

getSecretName

getSecretValue

getEncryptionKey

getSecretFullArn

addRotationSchedule

addToResourcePolicy

attach

denyAccountRootDelete

grantRead

grantRead

grantWrite

secretValueFromJson