Credentials

class aws_cdk.aws_rds.Credentials

Bases: object

Username and password combination.

Attributes

encryption_key

KMS encryption key to encrypt the generated secret.

Default
  • default master key

Return type

Optional[IKey]

exclude_characters

The characters to exclude from the generated password.

Only used if {@link password} has not been set.

Default
  • the DatabaseSecret default exclude character set (” %+~`#$&*()|[]{}:;<>?!’/

:: “")

Return type

Optional[str]

password

Password.

Do not put passwords in your CDK code directly.

Default
  • a Secrets Manager generated password

Return type

Optional[SecretValue]

secret

Secret used to instantiate this Login.

Default
  • none

Return type

Optional[ISecret]

username

Username.

Return type

str

username_as_string

Whether the username should be referenced as a string and not as a dynamic reference to the username in the secret.

Default

false

Return type

Optional[bool]

Static Methods

classmethod from_generated_secret(username, *, encryption_key=None, exclude_characters=None)

Creates Credentials with a password generated and stored in Secrets Manager.

Parameters
  • username (str) –

  • encryption_key (Optional[IKey]) – KMS encryption key to encrypt the generated secret. Default: - default master key

  • exclude_characters (Optional[str]) – The characters to exclude from the generated password. Has no effect if {@link password} has been provided. Default: - the DatabaseSecret default exclude character set (” %+~`#$&*()|[]{}:;<>?!’/

Return type

Credentials

classmethod from_password(username, password)

Creates Credentials from a password.

Do not put passwords in your CDK code directly.

Parameters
Return type

Credentials

classmethod from_secret(secret, username=None)

Creates Credentials from an existing Secrets Manager Secret (or DatabaseSecret).

The Secret must be a JSON string with a username and password field:

{
   ...
   "username": <required: username>,
   "password": <required: password>,
}
Parameters
  • secret (ISecret) – The secret where the credentials are stored.

  • username (Optional[str]) – The username defined in the secret. If specified the username will be referenced as a string and not a dynamic reference to the username field in the secret. This allows to replace the secret without replacing the instance or cluster.

Return type

Credentials

classmethod from_username(username, *, password=None, encryption_key=None, exclude_characters=None)

(deprecated) Creates Credentials for the given username, and optional password and key.

If no password is provided, one will be generated and stored in Secrets Manager.

Parameters
  • username (str) –

  • password (Optional[SecretValue]) – Password. Do not put passwords in your CDK code directly. Default: - a Secrets Manager generated password

  • encryption_key (Optional[IKey]) – KMS encryption key to encrypt the generated secret. Default: - default master key

  • exclude_characters (Optional[str]) – The characters to exclude from the generated password. Has no effect if {@link password} has been provided. Default: - the DatabaseSecret default exclude character set (” %+~`#$&*()|[]{}:;<>?!’/

Deprecated

use fromGeneratedSecret() or fromPassword() for new Clusters and Instances. Note that switching from fromUsername() to fromGeneratedSecret() or fromPassword() for already deployed Clusters or Instances will result in their replacement!

Stability

deprecated

Return type

Credentials