SecretProps

class aws_cdk.aws_secretsmanager.SecretProps(*, description=None, encryption_key=None, generate_secret_string=None, removal_policy=None, replica_regions=None, secret_name=None)

Bases: object

The properties required to create a new secret in AWS Secrets Manager.

Parameters
  • description (Optional[str]) – An optional, human-friendly description of the secret. Default: - No description.

  • encryption_key (Optional[IKey]) – The customer-managed encryption key to use for encrypting the secret value. Default: - A default KMS key for the account and region is used.

  • generate_secret_string (Optional[SecretStringGenerator]) – Configuration for how to generate a secret value. Default: - 32 characters with upper-case letters, lower-case letters, punctuation and numbers (at least one from each category), per the default values of SecretStringGenerator.

  • removal_policy (Optional[RemovalPolicy]) – Policy to apply when the secret is removed from this stack. Default: - Not set.

  • replica_regions (Optional[Sequence[ReplicaRegion]]) – A list of regions where to replicate this secret. Default: - Secret is not replicated

  • secret_name (Optional[str]) – A name for the secret. Note that deleting secrets from SecretsManager does not happen immediately, but after a 7 to 30 days blackout period. During that period, it is not possible to create another secret that shares the same name. Default: - A name is generated by CloudFormation.

Attributes

description

An optional, human-friendly description of the secret.

Default
  • No description.

Return type

Optional[str]

encryption_key

The customer-managed encryption key to use for encrypting the secret value.

Default
  • A default KMS key for the account and region is used.

Return type

Optional[IKey]

generate_secret_string

Configuration for how to generate a secret value.

Default

  • 32 characters with upper-case letters, lower-case letters, punctuation and numbers (at least one from each

category), per the default values of SecretStringGenerator.

Return type

Optional[SecretStringGenerator]

removal_policy

Policy to apply when the secret is removed from this stack.

Default
  • Not set.

Return type

Optional[RemovalPolicy]

replica_regions

A list of regions where to replicate this secret.

Default
  • Secret is not replicated

Return type

Optional[List[ReplicaRegion]]

secret_name

A name for the secret.

Note that deleting secrets from SecretsManager does not happen immediately, but after a 7 to 30 days blackout period. During that period, it is not possible to create another secret that shares the same name.

Default
  • A name is generated by CloudFormation.

Return type

Optional[str]