SecretValue¶
-
class
aws_cdk.core.
SecretValue
(value, *, stack_trace=None)¶ Bases:
aws_cdk.core.Intrinsic
Work with secret values in the CDK.
Secret values in the CDK (such as those retrieved from SecretsManager) are represented as regular strings, just like other values that are only available at deployment time.
To help you avoid accidental mistakes which would lead to you putting your secret values directly into a CloudFormation template, constructs that take secret values will not allow you to pass in a literal secret value. They do so by calling
Secret.assertSafeSecret()
.You can escape the check by calling
Secret.plainText()
, but doing so is highly discouraged.- Parameters
value (
Any
) –stack_trace (
Optional
[bool
]) – (experimental) Capture the stack trace of where this token is created. Default: true
- Stability
experimental
Methods
-
resolve
(_context)¶ (experimental) Produce the Token’s value at resolution time.
- Parameters
_context (
IResolveContext
) –- Stability
experimental
- Return type
Any
-
to_json
()¶ (experimental) Turn this Token into JSON.
Called automatically when JSON.stringify() is called on a Token.
- Stability
experimental
- Return type
Any
-
to_string
()¶ (experimental) Convert an instance of this Token to a string.
This method will be called implicitly by language runtimes if the object is embedded into a string. We treat it the same as an explicit stringification.
- Stability
experimental
- Return type
str
Attributes
-
creation_stack
¶ (experimental) The captured stack trace which represents the location in which this token was created.
- Stability
experimental
- Return type
List
[str
]
Static Methods
-
classmethod
cfn_dynamic_reference
(ref)¶ Obtain the secret value through a CloudFormation dynamic reference.
If possible, use
SecretValue.ssmSecure
orSecretValue.secretsManager
directly.- Parameters
ref (
CfnDynamicReference
) – The dynamic reference to use.- Return type
-
classmethod
cfn_parameter
(param)¶ Obtain the secret value through a CloudFormation parameter.
Generally, this is not a recommended approach. AWS Secrets Manager is the recommended way to reference secrets.
- Parameters
param (
CfnParameter
) – The CloudFormation parameter to use.- Return type
-
classmethod
plain_text
(secret)¶ Construct a literal secret value for use with secret-aware constructs.
Do not use this method for any secrets that you care about.
The only reasonable use case for using this method is when you are testing.
- Parameters
secret (
str
) –- Return type
-
classmethod
secrets_manager
(secret_id, *, json_field=None, version_id=None, version_stage=None)¶ Creates a
SecretValue
with a value which is dynamically loaded from AWS Secrets Manager.- Parameters
secret_id (
str
) – The ID or ARN of the secret.json_field (
Optional
[str
]) – The key of a JSON field to retrieve. This can only be used if the secret stores a JSON object. Default: - returns all the content stored in the Secrets Manager secret.version_id (
Optional
[str
]) – Specifies the unique identifier of the version of the secret you want to use. Can specify at most one ofversionId
andversionStage
. Default: AWSCURRENTversion_stage (
Optional
[str
]) – Specified the secret version that you want to retrieve by the staging label attached to the version. Can specify at most one ofversionId
andversionStage
. Default: AWSCURRENT
- Return type
-
classmethod
ssm_secure
(parameter_name, version)¶ Use a secret value stored from a Systems Manager (SSM) parameter.
- Parameters
parameter_name (
str
) – The name of the parameter in the Systems Manager Parameter Store. The parameter name is case-sensitive.version (
str
) – An integer that specifies the version of the parameter to use. You must specify the exact version. You cannot currently specify that AWS CloudFormation use the latest version of a parameter.
- Return type