ISecret

class aws_cdk.aws_secretsmanager.ISecret(*args, **kwds)

Bases: aws_cdk.core.IResource, typing_extensions.Protocol

A secret in AWS Secrets Manager.

Methods

add_rotation_schedule(id, *, automatically_after=None, hosted_rotation=None, rotation_lambda=None)

Adds a rotation schedule to the secret.

Parameters
  • id (str) –

  • automatically_after (Optional[Duration]) – Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation. Default: Duration.days(30)

  • hosted_rotation (Optional[HostedRotation]) – Hosted rotation. Default: - either rotationLambda or hostedRotation must be specified

  • rotation_lambda (Optional[IFunction]) – A Lambda function that can rotate the secret. Default: - either rotationLambda or hostedRotation must be specified

Return type

RotationSchedule

add_to_resource_policy(statement)

Adds a statement to the IAM resource policy associated with this secret.

If this secret was created in this stack, a resource policy will be automatically created upon the first call to addToResourcePolicy. If the secret is imported, then this is a no-op.

Parameters

statement (PolicyStatement) –

Return type

AddToResourcePolicyResult

deny_account_root_delete()

Denies the DeleteSecret action to all principals within the current account.

Return type

None

grant_read(grantee, version_stages=None)

Grants reading the secret value to some role.

Parameters
  • grantee (IGrantable) – the principal being granted permission.

  • version_stages (Optional[List[str]]) – the version stages the grant is limited to. If not specified, no restriction on the version stages is applied.

Return type

Grant

grant_write(grantee)

Grants writing and updating the secret value to some role.

Parameters

grantee (IGrantable) – the principal being granted permission.

Return type

Grant

secret_value_from_json(key)

Interpret the secret as a JSON object and return a field’s value from it as a SecretValue.

Parameters

key (str) –

Return type

SecretValue

Attributes

encryption_key

The customer-managed encryption key that is used to encrypt this secret, if any.

When not specified, the default KMS key for the account and region is being used.

Return type

Optional[IKey]

env

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

Return type

ResourceEnvironment

node

The construct tree node for this construct.

Return type

ConstructNode

secret_arn

The ARN of the secret in AWS Secrets Manager.

Attribute

true

Return type

str

secret_name

The name of the secret.

Return type

str

secret_value

Retrieve the value of the stored secret as a SecretValue.

Attribute

true

Return type

SecretValue

stack

The stack in which this resource is defined.

Return type

Stack