ISecret

class aws_cdk.aws_secretsmanager.ISecret(*args, **kwargs)

Bases: aws_cdk.core.IResource, typing_extensions.Protocol

A secret in AWS Secrets Manager.

__init__(*args, **kwargs)

Methods

add_rotation_schedule(id, *, rotation_lambda, automatically_after=None)

Adds a rotation schedule to the secret.

Parameters
  • id (str) –

  • rotation_lambda (IFunction) – The Lambda function that can rotate the secret.

  • automatically_after (Optional[Duration]) – Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation. Default: Duration.days(30)

Return type

RotationSchedule

add_to_resource_policy(statement)

Adds a statement to the IAM resource policy associated with this secret.

If this secret was created in this stack, a resource policy will be automatically created upon the first call to addToResourcePolicy. If the secret is imported, then this is a no-op.

Parameters

statement (PolicyStatement) –

Return type

AddToResourcePolicyResult

deny_account_root_delete()

Denies the DeleteSecret action to all principals within the current account.

Return type

None

grant_read(grantee, version_stages=None)

Grants reading the secret value to some role.

Parameters
  • grantee (IGrantable) – the principal being granted permission.

  • version_stages (Optional[List[str]]) – the version stages the grant is limited to. If not specified, no restriction on the version stages is applied.

Return type

Grant

grant_write(grantee)

Grants writing and updating the secret value to some role.

Parameters

grantee (IGrantable) – the principal being granted permission.

Return type

Grant

secret_value_from_json(key)

Interpret the secret as a JSON object and return a field’s value from it as a SecretValue.

Parameters

key (str) –

Return type

SecretValue

Attributes

encryption_key

The customer-managed encryption key that is used to encrypt this secret, if any.

When not specified, the default KMS key for the account and region is being used.

Return type

Optional[IKey]

node

The construct tree node for this construct.

Return type

ConstructNode

secret_arn

The ARN of the secret in AWS Secrets Manager.

attribute: :attribute:: true

Return type

str

secret_value

Retrieve the value of the stored secret as a SecretValue.

attribute: :attribute:: true

Return type

SecretValue

stack

The stack in which this resource is defined.

Return type

Stack