software.amazon.awscdk.services.secretsmanager

Interface ISecretTargetAttachment.Jsii$Default

All Superinterfaces:

IConstruct, IConstruct.Jsii$Default, IDependable, IDependable.Jsii$Default, IResource, IResource.Jsii$Default, ISecret, ISecret.Jsii$Default, ISecretTargetAttachment

All Known Implementing Classes:

ISecretTargetAttachment.Jsii$Proxy

Enclosing interface:

ISecretTargetAttachment

public static interface ISecretTargetAttachment.Jsii$Default
extends ISecretTargetAttachment, ISecret.Jsii$Default

Internal default implementation for ISecretTargetAttachment.

Nested Class Summary

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.secretsmanager.ISecretTargetAttachment

ISecretTargetAttachment.Jsii$Default, ISecretTargetAttachment.Jsii$Proxy

Method Summary

Modifier and Type	Method and Description
default RotationSchedule	addRotationSchedule(java.lang.String id, RotationScheduleOptions options) Adds a rotation schedule to the secret.
default AddToResourcePolicyResult	addToResourcePolicy(PolicyStatement statement) Adds a statement to the IAM resource policy associated with this secret.
default void	applyRemovalPolicy(RemovalPolicy policy) Apply the given removal policy to this resource.
default ISecret	attach(ISecretAttachmentTarget target) Attach a target to this secret.
default void	denyAccountRootDelete() Denies the `DeleteSecret` action to all principals within the current account.
default IKey	getEncryptionKey() The customer-managed encryption key that is used to encrypt this secret, if any.
default ResourceEnvironment	getEnv() The environment this resource belongs to.
default ConstructNode	getNode() The construct tree node for this construct.
default java.lang.String	getSecretArn() The ARN of the secret in AWS Secrets Manager.
default java.lang.String	getSecretFullArn() The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.
default java.lang.String	getSecretName() The name of the secret.
default java.lang.String	getSecretTargetAttachmentSecretArn() Same as `secretArn`.
default SecretValue	getSecretValue() Retrieve the value of the stored secret as a `SecretValue`.
default Stack	getStack() The stack in which this resource is defined.
default Grant	grantRead(IGrantable grantee, java.util.List<java.lang.String> versionStages) Grants reading the secret value to some role.
default Grant	grantWrite(IGrantable grantee) Grants writing and updating the secret value to some role.
default SecretValue	secretValueFromJson(java.lang.String key) Interpret the secret as a JSON object and return a field's value from it as a `SecretValue`.

Methods inherited from interface software.amazon.awscdk.services.secretsmanager.ISecret

grantRead

Method Detail

getNode

default ConstructNode getNode()

The construct tree node for this construct.

Specified by:

getNode in interface IConstruct

Specified by:

getNode in interface IConstruct.Jsii$Default

Specified by:

getNode in interface IResource.Jsii$Default

Specified by:

getNode in interface ISecret.Jsii$Default

getEnv

default ResourceEnvironment getEnv()

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

Specified by:

getEnv in interface IResource

Specified by:

getEnv in interface IResource.Jsii$Default

Specified by:

getEnv in interface ISecret.Jsii$Default

getStack

default Stack getStack()

The stack in which this resource is defined.

Specified by:

getStack in interface IResource

Specified by:

getStack in interface IResource.Jsii$Default

Specified by:

getStack in interface ISecret.Jsii$Default

getSecretArn

default java.lang.String getSecretArn()

The ARN of the secret in AWS Secrets Manager.

Will return the full ARN if available, otherwise a partial arn. For secrets imported by the deprecated fromSecretName, it will return the secretName.

Specified by:

getSecretArn in interface ISecret

Specified by:

getSecretArn in interface ISecret.Jsii$Default

getSecretName

default java.lang.String getSecretName()

The name of the secret.

For "owned" secrets, this will be the full resource name (secret name + suffix), unless the '@aws-cdk/aws-secretsmanager:parseOwnedSecretName' feature flag is set.

Specified by:

getSecretName in interface ISecret

Specified by:

getSecretName in interface ISecret.Jsii$Default

getSecretValue

default SecretValue getSecretValue()

Retrieve the value of the stored secret as a `SecretValue`.

Specified by:

getSecretValue in interface ISecret

Specified by:

getSecretValue in interface ISecret.Jsii$Default

getEncryptionKey

default IKey getEncryptionKey()

The customer-managed encryption key that is used to encrypt this secret, if any.

When not specified, the default KMS key for the account and region is being used.

Specified by:

getEncryptionKey in interface ISecret

Specified by:

getEncryptionKey in interface ISecret.Jsii$Default

getSecretFullArn

default java.lang.String getSecretFullArn()

The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.

This is equal to secretArn in most cases, but is undefined when a full ARN is not available (e.g., secrets imported by name).

Specified by:

getSecretFullArn in interface ISecret

Specified by:

getSecretFullArn in interface ISecret.Jsii$Default

getSecretTargetAttachmentSecretArn

default java.lang.String getSecretTargetAttachmentSecretArn()

Same as `secretArn`.

Specified by:

getSecretTargetAttachmentSecretArn in interface ISecretTargetAttachment

applyRemovalPolicy

default void applyRemovalPolicy(RemovalPolicy policy)

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

Specified by:

applyRemovalPolicy in interface IResource

Specified by:

applyRemovalPolicy in interface IResource.Jsii$Default

Specified by:

applyRemovalPolicy in interface ISecret.Jsii$Default

Parameters:

policy - This parameter is required.

addRotationSchedule

default RotationSchedule addRotationSchedule(java.lang.String id,
                                             RotationScheduleOptions options)

Adds a rotation schedule to the secret.

Specified by:

addRotationSchedule in interface ISecret

Specified by:

addRotationSchedule in interface ISecret.Jsii$Default

Parameters:

id - This parameter is required.

options - This parameter is required.

addToResourcePolicy

default AddToResourcePolicyResult addToResourcePolicy(PolicyStatement statement)

Adds a statement to the IAM resource policy associated with this secret.

If this secret was created in this stack, a resource policy will be automatically created upon the first call to addToResourcePolicy. If the secret is imported, then this is a no-op.

Specified by:

addToResourcePolicy in interface ISecret

Specified by:

addToResourcePolicy in interface ISecret.Jsii$Default

Parameters:

statement - This parameter is required.

attach

default ISecret attach(ISecretAttachmentTarget target)

Attach a target to this secret.

Specified by:

attach in interface ISecret

Specified by:

attach in interface ISecret.Jsii$Default

Parameters:

target - The target to attach. This parameter is required.

Returns:

An attached secret

denyAccountRootDelete

default void denyAccountRootDelete()

Denies the `DeleteSecret` action to all principals within the current account.

Specified by:

denyAccountRootDelete in interface ISecret

Specified by:

denyAccountRootDelete in interface ISecret.Jsii$Default

grantRead

default Grant grantRead(IGrantable grantee,
                        java.util.List<java.lang.String> versionStages)

Grants reading the secret value to some role.

Specified by:

grantRead in interface ISecret

Specified by:

grantRead in interface ISecret.Jsii$Default

Parameters:

grantee - the principal being granted permission. This parameter is required.

versionStages - the version stages the grant is limited to.

grantWrite

default Grant grantWrite(IGrantable grantee)

Grants writing and updating the secret value to some role.

Specified by:

grantWrite in interface ISecret

Specified by:

grantWrite in interface ISecret.Jsii$Default

Parameters:

grantee - the principal being granted permission. This parameter is required.

secretValueFromJson

default SecretValue secretValueFromJson(java.lang.String key)

Interpret the secret as a JSON object and return a field's value from it as a `SecretValue`.

Specified by:

secretValueFromJson in interface ISecret

Specified by:

secretValueFromJson in interface ISecret.Jsii$Default

Parameters:

key - This parameter is required.