SecretProps

class aws_cdk.aws_secretsmanager.SecretProps(*, description=None, encryption_key=None, generate_secret_string=None, removal_policy=None, secret_name=None)

Bases: object

__init__(*, description=None, encryption_key=None, generate_secret_string=None, removal_policy=None, secret_name=None)

The properties required to create a new secret in AWS Secrets Manager.

Parameters

  • description (Optional[str]) – An optional, human-friendly description of the secret. Default: - No description.

  • encryption_key (Optional[IKey]) – The customer-managed encryption key to use for encrypting the secret value. Default: - A default KMS key for the account and region is used.

  • generate_secret_string (Optional[SecretStringGenerator]) – Configuration for how to generate a secret value. Default: - 32 characters with upper-case letters, lower-case letters, punctuation and numbers (at least one from each category), per the default values of SecretStringGenerator.

  • removal_policy (Optional[RemovalPolicy]) – Policy to apply when the secret is removed from this stack. Default: - Not set.

  • secret_name (Optional[str]) – A name for the secret. Note that deleting secrets from SecretsManager does not happen immediately, but after a 7 to 30 days blackout period. During that period, it is not possible to create another secret that shares the same name. Default: - A name is generated by CloudFormation.

Return type

None

Attributes

description

An optional, human-friendly description of the secret.

default :default: - No description.

Return type

Optional[str]

encryption_key

The customer-managed encryption key to use for encrypting the secret value.

default :default: - A default KMS key for the account and region is used.

Return type

Optional[IKey]

generate_secret_string

Configuration for how to generate a secret value.

default :default:

  • 32 characters with upper-case letters, lower-case letters, punctuation and numbers (at least one from each category), per the default values of SecretStringGenerator.

Return type

Optional[SecretStringGenerator]

removal_policy

Policy to apply when the secret is removed from this stack.

default :default: - Not set.

Return type

Optional[RemovalPolicy]

secret_name

A name for the secret.

Note that deleting secrets from SecretsManager does not happen immediately, but after a 7 to 30 days blackout period. During that period, it is not possible to create another secret that shares the same name.

default :default: - A name is generated by CloudFormation.

Return type

Optional[str]