ISecret

class aws_cdk.aws_secretsmanager.ISecret(*args, **kwargs)

Bases: aws_cdk.core.IResource, typing_extensions.Protocol

A secret in AWS Secrets Manager.

__init__(*args, **kwargs)

Methods

add_rotation_schedule(id, *, rotation_lambda, automatically_after=None)

Adds a rotation schedule to the secret.

Parameters
  • id (str) –

  • options

  • rotation_lambda (IFunction) – THe Lambda function that can rotate the secret.

  • automatically_after (Optional[Duration]) – Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation. Default: Duration.days(30)

Return type

RotationSchedule

grant_read(grantee, version_stages=None)

Grants reading the secret value to some role.

Parameters
  • grantee (IGrantable) – the principal being granted permission.

  • version_stages (Optional[List[str]]) – the version stages the grant is limited to. If not specified, no restriction on the version stages is applied.

Return type

Grant

secret_value_from_json(key)

Interpret the secret as a JSON object and return a field’s value from it as a SecretValue.

Parameters

key (str) –

Return type

SecretValue

Attributes

encryption_key

The customer-managed encryption key that is used to encrypt this secret, if any.

When not specified, the default KMS key for the account and region is being used.

Return type

Optional[IKey]

node

The construct node in the tree.

Return type

ConstructNode

secret_arn

The ARN of the secret in AWS Secrets Manager.

attribute: :attribute:: true

Return type

str

secret_value

Retrieve the value of the stored secret as a SecretValue.

attribute: :attribute:: true

Return type

SecretValue

stack

The stack in which this resource is defined.

Return type

Stack