software.amazon.awscdk.services.secretsmanager

Interface ISecret.Jsii$Default

All Superinterfaces:

software.constructs.IConstruct, software.constructs.IConstruct.Jsii$Default, IDependable, IDependable.Jsii$Default, IResource, IResource.Jsii$Default, ISecret, software.amazon.jsii.JsiiSerializable

All Known Subinterfaces:

ISecretTargetAttachment.Jsii$Default

All Known Implementing Classes:

ISecret.Jsii$Proxy, ISecretTargetAttachment.Jsii$Proxy

Enclosing interface:

ISecret

@Internal
public static interface ISecret.Jsii$Default
extends ISecret, IResource.Jsii$Default

Internal default implementation for ISecret.

Nested Class Summary

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.secretsmanager.ISecret

ISecret.Jsii$Default, ISecret.Jsii$Proxy

Method Summary

Modifier and Type	Method and Description
default RotationSchedule	addRotationSchedule(String id, RotationScheduleOptions options) Adds a rotation schedule to the secret.
default AddToResourcePolicyResult	addToResourcePolicy(PolicyStatement statement) Adds a statement to the IAM resource policy associated with this secret.
default void	applyRemovalPolicy(RemovalPolicy policy) Apply the given removal policy to this resource.
default ISecret	attach(ISecretAttachmentTarget target) Attach a target to this secret.
default void	denyAccountRootDelete() Denies the `DeleteSecret` action to all principals within the current account.
default IKey	getEncryptionKey() The customer-managed encryption key that is used to encrypt this secret, if any.
default ResourceEnvironment	getEnv() The environment this resource belongs to.
default ConstructNode	getNode() The construct tree node for this construct.
default String	getSecretArn() The ARN of the secret in AWS Secrets Manager.
default String	getSecretFullArn() The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.
default String	getSecretName() The name of the secret.
default SecretValue	getSecretValue() Retrieve the value of the stored secret as a `SecretValue`.
default Stack	getStack() The stack in which this resource is defined.
default Grant	grantRead(IGrantable grantee, List<String> versionStages) Grants reading the secret value to some role.
default Grant	grantWrite(IGrantable grantee) Grants writing and updating the secret value to some role.
default SecretValue	secretValueFromJson(String key) Interpret the secret as a JSON object and return a field's value from it as a `SecretValue`.

Methods inherited from interface software.amazon.awscdk.services.secretsmanager.ISecret

grantRead

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Detail

getNode

@Stability(value=Stable)
 @NotNull
default ConstructNode getNode()

The construct tree node for this construct.

Specified by:

getNode in interface IResource.Jsii$Default

getEnv

@Stability(value=Stable)
 @NotNull
default ResourceEnvironment getEnv()

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

Specified by:

getEnv in interface IResource

Specified by:

getEnv in interface IResource.Jsii$Default

getStack

@Stability(value=Stable)
 @NotNull
default Stack getStack()

The stack in which this resource is defined.

Specified by:

getStack in interface IResource

Specified by:

getStack in interface IResource.Jsii$Default

getSecretArn

@Stability(value=Stable)
 @NotNull
default String getSecretArn()

The ARN of the secret in AWS Secrets Manager.

Will return the full ARN if available, otherwise a partial arn. For secrets imported by the deprecated fromSecretName, it will return the secretName.

Specified by:

getSecretArn in interface ISecret

getSecretName

@Stability(value=Stable)
 @NotNull
default String getSecretName()

The name of the secret.

For "owned" secrets, this will be the full resource name (secret name + suffix), unless the '@aws-cdk/aws-secretsmanager:parseOwnedSecretName' feature flag is set.

Specified by:

getSecretName in interface ISecret

getSecretValue

@Stability(value=Stable)
 @NotNull
default SecretValue getSecretValue()

Retrieve the value of the stored secret as a `SecretValue`.

Specified by:

getSecretValue in interface ISecret

getEncryptionKey

@Stability(value=Stable)
 @Nullable
default IKey getEncryptionKey()

The customer-managed encryption key that is used to encrypt this secret, if any.

When not specified, the default KMS key for the account and region is being used.

Specified by:

getEncryptionKey in interface ISecret

getSecretFullArn

@Stability(value=Stable)
 @Nullable
default String getSecretFullArn()

The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.

This is equal to secretArn in most cases, but is undefined when a full ARN is not available (e.g., secrets imported by name).

Specified by:

getSecretFullArn in interface ISecret

applyRemovalPolicy

@Stability(value=Stable)
default void applyRemovalPolicy(@NotNull
                                                         RemovalPolicy policy)

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

Specified by:

applyRemovalPolicy in interface IResource

Specified by:

applyRemovalPolicy in interface IResource.Jsii$Default

Parameters:

policy - This parameter is required.

addRotationSchedule

@Stability(value=Stable)
 @NotNull
default RotationSchedule addRotationSchedule(@NotNull
                                                                                String id,
                                                                                @NotNull
                                                                                RotationScheduleOptions options)

Adds a rotation schedule to the secret.

Specified by:

addRotationSchedule in interface ISecret

Parameters:

id - This parameter is required.

options - This parameter is required.

addToResourcePolicy

@Stability(value=Stable)
 @NotNull
default AddToResourcePolicyResult addToResourcePolicy(@NotNull
                                                                                         PolicyStatement statement)

Adds a statement to the IAM resource policy associated with this secret.

If this secret was created in this stack, a resource policy will be automatically created upon the first call to addToResourcePolicy. If the secret is imported, then this is a no-op.

Specified by:

addToResourcePolicy in interface ISecret

Parameters:

statement - This parameter is required.

attach

@Stability(value=Stable)
 @NotNull
default ISecret attach(@NotNull
                                                          ISecretAttachmentTarget target)

Attach a target to this secret.

Specified by:

attach in interface ISecret

Parameters:

target - The target to attach. This parameter is required.

Returns:

An attached secret

denyAccountRootDelete

@Stability(value=Stable)
default void denyAccountRootDelete()

Denies the `DeleteSecret` action to all principals within the current account.

Specified by:

denyAccountRootDelete in interface ISecret

grantRead

@Stability(value=Stable)
 @NotNull
default Grant grantRead(@NotNull
                                                           IGrantable grantee,
                                                           @Nullable
                                                           List<String> versionStages)

Grants reading the secret value to some role.

Specified by:

grantRead in interface ISecret

Parameters:

grantee - the principal being granted permission. This parameter is required.

versionStages - the version stages the grant is limited to.

grantWrite

@Stability(value=Stable)
 @NotNull
default Grant grantWrite(@NotNull
                                                            IGrantable grantee)

Grants writing and updating the secret value to some role.

Specified by:

grantWrite in interface ISecret

Parameters:

grantee - the principal being granted permission. This parameter is required.

secretValueFromJson

@Stability(value=Stable)
 @NotNull
default SecretValue secretValueFromJson(@NotNull
                                                                           String key)

Interpret the secret as a JSON object and return a field's value from it as a `SecretValue`.

Specified by:

secretValueFromJson in interface ISecret

Parameters:

key - This parameter is required.