DatabaseSecretProps

class aws_cdk.aws_rds.DatabaseSecretProps(*, username, encryption_key=None, exclude_characters=None, master_secret=None, replace_on_password_criteria_changes=None, secret_name=None)

Bases: object

Construction properties for a DatabaseSecret.

Parameters
  • username (str) – The username.

  • encryption_key (Optional[IKey]) – The KMS key to use to encrypt the secret. Default: default master key

  • exclude_characters (Optional[str]) – Characters to not include in the generated password. Default: ” %+~`#$&*()|[]{}:;<>?!’/

  • master_secret (Optional[ISecret]) – The master secret which will be used to rotate this secret. Default: - no master secret information will be included

  • replace_on_password_criteria_changes (Optional[bool]) – Whether to replace this secret when the criteria for the password change. This is achieved by overriding the logical id of the AWS::SecretsManager::Secret with a hash of the options that influence the password generation. This way a new secret will be created when the password is regenerated and the cluster or instance consuming this secret will have its credentials updated. Default: false

  • secret_name (Optional[str]) – A name for the secret. Default: - A name is generated by CloudFormation.

Attributes

encryption_key

The KMS key to use to encrypt the secret.

Default

default master key

Return type

Optional[IKey]

exclude_characters

Characters to not include in the generated password.

Default

” %+~`#$&*()|[]{}:;<>?!’/

:: “"

Return type

Optional[str]

master_secret

The master secret which will be used to rotate this secret.

Default
  • no master secret information will be included

Return type

Optional[ISecret]

replace_on_password_criteria_changes

Whether to replace this secret when the criteria for the password change.

This is achieved by overriding the logical id of the AWS::SecretsManager::Secret with a hash of the options that influence the password generation. This way a new secret will be created when the password is regenerated and the cluster or instance consuming this secret will have its credentials updated.

Default

false

Return type

Optional[bool]

secret_name

A name for the secret.

Default
  • A name is generated by CloudFormation.

Return type

Optional[str]

username

The username.

Return type

str