Package software.amazon.awscdk.services.secretsmanager

Interface ISecret.Jsii$Default

All Superinterfaces:
software.constructs.IConstruct, software.constructs.IConstruct.Jsii$Default, software.constructs.IDependable, software.constructs.IDependable.Jsii$Default, IResource, IResource.Jsii$Default, ISecret, software.amazon.jsii.JsiiSerializable
All Known Subinterfaces:
ISecretTargetAttachment.Jsii$Default
All Known Implementing Classes:
ISecret.Jsii$Proxy, ISecretTargetAttachment.Jsii$Proxy
Enclosing interface:
ISecret
@Internal public static interface ISecret.Jsii$Default extends ISecret, IResource.Jsii$Default
Internal default implementation for ISecret.

  • Method Details

    • getNode

      @Stability(Stable) @NotNull default software.constructs.Node getNode()
      The tree node.
      Specified by:
      getNode in interface software.constructs.IConstruct
      Specified by:
      getNode in interface software.constructs.IConstruct.Jsii$Default
      Specified by:
      getNode in interface IResource.Jsii$Default

    • getEnv

      @Stability(Stable) @NotNull default ResourceEnvironment getEnv()
      The environment this resource belongs to.

      For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

      Specified by:
      getEnv in interface IResource
      Specified by:
      getEnv in interface IResource.Jsii$Default

    • getStack

      @Stability(Stable) @NotNull default Stack getStack()
      The stack in which this resource is defined.
      Specified by:
      getStack in interface IResource
      Specified by:
      getStack in interface IResource.Jsii$Default

    • getSecretArn

      @Stability(Stable) @NotNull default String getSecretArn()
      The ARN of the secret in AWS Secrets Manager.

      Will return the full ARN if available, otherwise a partial arn. For secrets imported by the deprecated fromSecretName, it will return the secretName.

      Specified by:
      getSecretArn in interface ISecret

    • getSecretName

      @Stability(Stable) @NotNull default String getSecretName()
      The name of the secret.

      For "owned" secrets, this will be the full resource name (secret name + suffix), unless the '@aws-cdk/aws-secretsmanager:parseOwnedSecretName' feature flag is set.

      Specified by:
      getSecretName in interface ISecret

    • getSecretValue

      @Stability(Stable) @NotNull default SecretValue getSecretValue()
      Retrieve the value of the stored secret as a SecretValue.
      Specified by:
      getSecretValue in interface ISecret

    • getEncryptionKey

      @Stability(Stable) @Nullable default IKey getEncryptionKey()
      The customer-managed encryption key that is used to encrypt this secret, if any.

      When not specified, the default KMS key for the account and region is being used.

      Specified by:
      getEncryptionKey in interface ISecret

    • getSecretFullArn

      @Stability(Stable) @Nullable default String getSecretFullArn()
      The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.

      This is equal to secretArn in most cases, but is undefined when a full ARN is not available (e.g., secrets imported by name).

      Specified by:
      getSecretFullArn in interface ISecret

    • applyRemovalPolicy

      @Stability(Stable) default void applyRemovalPolicy(@NotNull RemovalPolicy policy)
      Apply the given removal policy to this resource.

      The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

      The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

      Specified by:
      applyRemovalPolicy in interface IResource
      Specified by:
      applyRemovalPolicy in interface IResource.Jsii$Default
      Parameters:
      policy - This parameter is required.

    • addRotationSchedule

      @Stability(Stable) @NotNull default RotationSchedule addRotationSchedule(@NotNull String id, @NotNull RotationScheduleOptions options)
      Adds a rotation schedule to the secret.

      Specified by:
      addRotationSchedule in interface ISecret
      Parameters:
      id - This parameter is required.
      options - This parameter is required.

    • addToResourcePolicy

      @Stability(Stable) @NotNull default AddToResourcePolicyResult addToResourcePolicy(@NotNull PolicyStatement statement)
      Adds a statement to the IAM resource policy associated with this secret.

      If this secret was created in this stack, a resource policy will be automatically created upon the first call to addToResourcePolicy. If the secret is imported, then this is a no-op.

      Specified by:
      addToResourcePolicy in interface ISecret
      Parameters:
      statement - This parameter is required.

    • attach

      @Stability(Stable) @NotNull default ISecret attach(@NotNull ISecretAttachmentTarget target)
      Attach a target to this secret.

      Specified by:
      attach in interface ISecret
      Parameters:
      target - The target to attach. This parameter is required.
      Returns:
      An attached secret

    • denyAccountRootDelete

      @Stability(Stable) default void denyAccountRootDelete()
      Denies the DeleteSecret action to all principals within the current account.
      Specified by:
      denyAccountRootDelete in interface ISecret

    • grantRead

      @Stability(Stable) @NotNull default Grant grantRead(@NotNull IGrantable grantee, @Nullable List<String> versionStages)
      Grants reading the secret value to some role.

      Specified by:
      grantRead in interface ISecret
      Parameters:
      grantee - the principal being granted permission. This parameter is required.
      versionStages - the version stages the grant is limited to.

    • grantWrite

      @Stability(Stable) @NotNull default Grant grantWrite(@NotNull IGrantable grantee)
      Grants writing and updating the secret value to some role.

      Specified by:
      grantWrite in interface ISecret
      Parameters:
      grantee - the principal being granted permission. This parameter is required.

    • secretValueFromJson

      @Stability(Stable) @NotNull default SecretValue secretValueFromJson(@NotNull String key)
      Interpret the secret as a JSON object and return a field's value from it as a SecretValue.

      Specified by:
      secretValueFromJson in interface ISecret
      Parameters:
      key - This parameter is required.