software.amazon.awscdk.services.secretsmanager

Class Secret

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.Resource

software.amazon.awscdk.services.secretsmanager.Secret

All Implemented Interfaces:

IResource, ISecret, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

Direct Known Subclasses:

DatabaseSecret, DatabaseSecret

@Generated(value="jsii-pacmak/1.30.0 (build adae23f)",
           date="2021-06-30T10:01:38.285Z")
 @Stability(value=Experimental)
public class Secret
extends Resource
implements ISecret

(experimental) Creates a new secret in AWS SecretsManager.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	Secret.Builder (experimental) A fluent builder for Secret.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.secretsmanager.ISecret

ISecret.Jsii$Default, ISecret.Jsii$Proxy

Constructor Summary

Constructors

Modifier	Constructor and Description
	Secret(software.constructs.Construct scope, String id)
	Secret(software.constructs.Construct scope, String id, SecretProps props)
protected	Secret(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	Secret(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method and Description
void	addReplicaRegion(String region) (experimental) Adds a replica region for the secret.
void	addReplicaRegion(String region, IKey encryptionKey) (experimental) Adds a replica region for the secret.
RotationSchedule	addRotationSchedule(String id, RotationScheduleOptions options) (experimental) Adds a rotation schedule to the secret.
AddToResourcePolicyResult	addToResourcePolicy(PolicyStatement statement) (experimental) Adds a statement to the IAM resource policy associated with this secret.
ISecret	attach(ISecretAttachmentTarget target) (experimental) Attach a target to this secret.
void	denyAccountRootDelete() (experimental) Denies the `DeleteSecret` action to all principals within the current account.
static ISecret	fromSecretAttributes(software.constructs.Construct scope, String id, SecretAttributes attrs) (experimental) Import an existing secret into the Stack.
static ISecret	fromSecretCompleteArn(software.constructs.Construct scope, String id, String secretCompleteArn) (experimental) Imports a secret by complete ARN.
static ISecret	fromSecretNameV2(software.constructs.Construct scope, String id, String secretName) (experimental) Imports a secret by secret name.
static ISecret	fromSecretPartialArn(software.constructs.Construct scope, String id, String secretPartialArn) (experimental) Imports a secret by partial ARN.
protected String	getArnForPolicies() (experimental) Provides an identifier for this secret for use in IAM policies.
protected Boolean	getAutoCreatePolicy()
IKey	getEncryptionKey() (experimental) The customer-managed encryption key that is used to encrypt this secret, if any.
String	getSecretArn() (experimental) The ARN of the secret in AWS Secrets Manager.
String	getSecretFullArn() (experimental) The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.
String	getSecretName() (experimental) The name of the secret.
SecretValue	getSecretValue() (experimental) Retrieve the value of the stored secret as a `SecretValue`.
Grant	grantRead(IGrantable grantee) (experimental) Grants reading the secret value to some role.
Grant	grantRead(IGrantable grantee, List<String> versionStages) (experimental) Grants reading the secret value to some role.
Grant	grantWrite(IGrantable grantee) (experimental) Grants writing and updating the secret value to some role.
SecretValue	secretValueFromJson(String jsonField) (experimental) Interpret the secret as a JSON object and return a field's value from it as a `SecretValue`.

Methods inherited from class software.amazon.awscdk.Resource

applyRemovalPolicy, generatePhysicalName, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isResource

Methods inherited from class software.constructs.Construct

getNode, isConstruct, toString

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.awscdk.IResource

getEnv, getStack

Methods inherited from interface software.constructs.IConstruct

getNode

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Constructor Detail

Secret

protected Secret(software.amazon.jsii.JsiiObjectRef objRef)

Secret

protected Secret(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

Secret

@Stability(value=Experimental)
public Secret(@NotNull
                                             software.constructs.Construct scope,
                                             @NotNull
                                             String id,
                                             @Nullable
                                             SecretProps props)

Parameters:

scope - This parameter is required.

id - This parameter is required.

props -

Secret

@Stability(value=Experimental)
public Secret(@NotNull
                                             software.constructs.Construct scope,
                                             @NotNull
                                             String id)

Parameters:

scope - This parameter is required.

id - This parameter is required.

Method Detail

fromSecretAttributes

@Stability(value=Experimental)
 @NotNull
public static ISecret fromSecretAttributes(@NotNull
                                                                                    software.constructs.Construct scope,
                                                                                    @NotNull
                                                                                    String id,
                                                                                    @NotNull
                                                                                    SecretAttributes attrs)

(experimental) Import an existing secret into the Stack.

Parameters:

scope - the scope of the import. This parameter is required.

id - the ID of the imported Secret in the construct tree. This parameter is required.

attrs - the attributes of the imported secret. This parameter is required.

fromSecretCompleteArn

@Stability(value=Experimental)
 @NotNull
public static ISecret fromSecretCompleteArn(@NotNull
                                                                                     software.constructs.Construct scope,
                                                                                     @NotNull
                                                                                     String id,
                                                                                     @NotNull
                                                                                     String secretCompleteArn)

(experimental) Imports a secret by complete ARN.

The complete ARN is the ARN with the Secrets Manager-supplied suffix.

Parameters:

scope - This parameter is required.

id - This parameter is required.

secretCompleteArn - This parameter is required.

fromSecretNameV2

@Stability(value=Experimental)
 @NotNull
public static ISecret fromSecretNameV2(@NotNull
                                                                                software.constructs.Construct scope,
                                                                                @NotNull
                                                                                String id,
                                                                                @NotNull
                                                                                String secretName)

(experimental) Imports a secret by secret name.

A secret with this name must exist in the same account & region. Replaces the deprecated fromSecretName.

Parameters:

scope - This parameter is required.

id - This parameter is required.

secretName - This parameter is required.

fromSecretPartialArn

@Stability(value=Experimental)
 @NotNull
public static ISecret fromSecretPartialArn(@NotNull
                                                                                    software.constructs.Construct scope,
                                                                                    @NotNull
                                                                                    String id,
                                                                                    @NotNull
                                                                                    String secretPartialArn)

(experimental) Imports a secret by partial ARN.

The partial ARN is the ARN without the Secrets Manager-supplied suffix.

Parameters:

scope - This parameter is required.

id - This parameter is required.

secretPartialArn - This parameter is required.

addReplicaRegion

@Stability(value=Experimental)
public void addReplicaRegion(@NotNull
                                                            String region,
                                                            @Nullable
                                                            IKey encryptionKey)

(experimental) Adds a replica region for the secret.

Parameters:

region - The name of the region. This parameter is required.

encryptionKey - The customer-managed encryption key to use for encrypting the secret value.

addReplicaRegion

@Stability(value=Experimental)
public void addReplicaRegion(@NotNull
                                                            String region)

(experimental) Adds a replica region for the secret.

Parameters:

region - The name of the region. This parameter is required.

addRotationSchedule

@Stability(value=Experimental)
 @NotNull
public RotationSchedule addRotationSchedule(@NotNull
                                                                                     String id,
                                                                                     @NotNull
                                                                                     RotationScheduleOptions options)

(experimental) Adds a rotation schedule to the secret.

Specified by:

addRotationSchedule in interface ISecret

Parameters:

id - This parameter is required.

options - This parameter is required.

addToResourcePolicy

@Stability(value=Experimental)
 @NotNull
public AddToResourcePolicyResult addToResourcePolicy(@NotNull
                                                                                              PolicyStatement statement)

(experimental) Adds a statement to the IAM resource policy associated with this secret.

If this secret was created in this stack, a resource policy will be automatically created upon the first call to addToResourcePolicy. If the secret is imported, then this is a no-op.

Specified by:

addToResourcePolicy in interface ISecret

Parameters:

statement - This parameter is required.

attach

@Stability(value=Experimental)
 @NotNull
public ISecret attach(@NotNull
                                                               ISecretAttachmentTarget target)

(experimental) Attach a target to this secret.

Specified by:

attach in interface ISecret

Parameters:

target - The target to attach. This parameter is required.

Returns:

An attached secret

denyAccountRootDelete

@Stability(value=Experimental)
public void denyAccountRootDelete()

(experimental) Denies the `DeleteSecret` action to all principals within the current account.

Specified by:

denyAccountRootDelete in interface ISecret

grantRead

@Stability(value=Experimental)
 @NotNull
public Grant grantRead(@NotNull
                                                                IGrantable grantee,
                                                                @Nullable
                                                                List<String> versionStages)

(experimental) Grants reading the secret value to some role.

Specified by:

grantRead in interface ISecret

Parameters:

grantee - This parameter is required.

versionStages -

grantRead

@Stability(value=Experimental)
 @NotNull
public Grant grantRead(@NotNull
                                                                IGrantable grantee)

(experimental) Grants reading the secret value to some role.

Specified by:

grantRead in interface ISecret

Parameters:

grantee - This parameter is required.

grantWrite

@Stability(value=Experimental)
 @NotNull
public Grant grantWrite(@NotNull
                                                                 IGrantable grantee)

(experimental) Grants writing and updating the secret value to some role.

Specified by:

grantWrite in interface ISecret

Parameters:

grantee - This parameter is required.

secretValueFromJson

@Stability(value=Experimental)
 @NotNull
public SecretValue secretValueFromJson(@NotNull
                                                                                String jsonField)

(experimental) Interpret the secret as a JSON object and return a field's value from it as a `SecretValue`.

Specified by:

secretValueFromJson in interface ISecret

Parameters:

jsonField - This parameter is required.

getArnForPolicies

@Stability(value=Experimental)
 @NotNull
protected String getArnForPolicies()

(experimental) Provides an identifier for this secret for use in IAM policies.

If there is a full ARN, this is just the ARN; if we have a partial ARN -- due to either importing by secret name or partial ARN -- then we need to add a suffix to capture the full ARN's format.

getAutoCreatePolicy

@Stability(value=Experimental)
 @NotNull
protected Boolean getAutoCreatePolicy()

getSecretArn

@Stability(value=Experimental)
 @NotNull
public String getSecretArn()

(experimental) The ARN of the secret in AWS Secrets Manager.

Will return the full ARN if available, otherwise a partial arn. For secrets imported by the deprecated fromSecretName, it will return the secretName.

Specified by:

getSecretArn in interface ISecret

getSecretName

@Stability(value=Experimental)
 @NotNull
public String getSecretName()

(experimental) The name of the secret.

For "owned" secrets, this will be the full resource name (secret name + suffix), unless the '@aws-cdk/aws-secretsmanager:parseOwnedSecretName' feature flag is set.

Specified by:

getSecretName in interface ISecret

getSecretValue

@Stability(value=Experimental)
 @NotNull
public SecretValue getSecretValue()

(experimental) Retrieve the value of the stored secret as a `SecretValue`.

Specified by:

getSecretValue in interface ISecret

getEncryptionKey

@Stability(value=Experimental)
 @Nullable
public IKey getEncryptionKey()

(experimental) The customer-managed encryption key that is used to encrypt this secret, if any.

When not specified, the default KMS key for the account and region is being used.

Specified by:

getEncryptionKey in interface ISecret

getSecretFullArn

@Stability(value=Experimental)
 @Nullable
public String getSecretFullArn()

(experimental) The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.

This is equal to secretArn in most cases, but is undefined when a full ARN is not available (e.g., secrets imported by name).

Specified by:

getSecretFullArn in interface ISecret