Package software.amazon.awscdk.services.secretsmanager

Class Secret.Builder

java.lang.Object
software.amazon.awscdk.services.secretsmanager.Secret.Builder
All Implemented Interfaces:
software.amazon.jsii.Builder<Secret>
Enclosing class:
Secret
@Stability(Stable) public static final class Secret.Builder extends Object implements software.amazon.jsii.Builder<Secret>
A fluent builder for Secret.

  • Method Details

    • create

      @Stability(Stable) public static Secret.Builder create(software.constructs.Construct scope, String id)
      Parameters:
      scope - This parameter is required.
      id - This parameter is required.
      Returns:
      a new instance of Secret.Builder.

    • description

      @Stability(Stable) public Secret.Builder description(String description)
      An optional, human-friendly description of the secret.

      Default: - No description.

      Parameters:
      description - An optional, human-friendly description of the secret. This parameter is required.
      Returns:
      this

    • encryptionKey

      @Stability(Stable) public Secret.Builder encryptionKey(IKey encryptionKey)
      The customer-managed encryption key to use for encrypting the secret value.

      Default: - A default KMS key for the account and region is used.

      Parameters:
      encryptionKey - The customer-managed encryption key to use for encrypting the secret value. This parameter is required.
      Returns:
      this

    • generateSecretString

      @Stability(Stable) public Secret.Builder generateSecretString(SecretStringGenerator generateSecretString)
      Configuration for how to generate a secret value.

      Only one of secretString and generateSecretString can be provided.

      Default: - 32 characters with upper-case letters, lower-case letters, punctuation and numbers (at least one from each category), per the default values of ``SecretStringGenerator``.

      Parameters:
      generateSecretString - Configuration for how to generate a secret value. This parameter is required.
      Returns:
      this

    • removalPolicy

      @Stability(Stable) public Secret.Builder removalPolicy(RemovalPolicy removalPolicy)
      Policy to apply when the secret is removed from this stack.

      Default: - Not set.

      Parameters:
      removalPolicy - Policy to apply when the secret is removed from this stack. This parameter is required.
      Returns:
      this

    • replicaRegions

      @Stability(Stable) public Secret.Builder replicaRegions(List<? extends ReplicaRegion> replicaRegions)
      A list of regions where to replicate this secret.

      Default: - Secret is not replicated

      Parameters:
      replicaRegions - A list of regions where to replicate this secret. This parameter is required.
      Returns:
      this

    • secretName

      @Stability(Stable) public Secret.Builder secretName(String secretName)
      A name for the secret.

      Note that deleting secrets from SecretsManager does not happen immediately, but after a 7 to 30 days blackout period. During that period, it is not possible to create another secret that shares the same name.

      Default: - A name is generated by CloudFormation.

      Parameters:
      secretName - A name for the secret. This parameter is required.
      Returns:
      this

    • secretStringBeta1

      @Stability(Deprecated) @Deprecated public Secret.Builder secretStringBeta1(SecretStringValueBeta1 secretStringBeta1)
      Deprecated.
      Use secretStringValue instead.
      (deprecated) Initial value for the secret.

      NOTE: *It is highly encouraged to leave this field undefined and allow SecretsManager to create the secret value. The secret string -- if provided -- will be included in the output of the cdk as part of synthesis, and will appear in the CloudFormation template in the console. This can be secure(-ish) if that value is merely reference to another resource (or one of its attributes), but if the value is a plaintext string, it will be visible to anyone with access to the CloudFormation template (via the AWS Console, SDKs, or CLI).

      Specifies text data that you want to encrypt and store in this new version of the secret. May be a simple string value, or a string representation of a JSON structure.

      Only one of secretStringBeta1, secretStringValue, and generateSecretString can be provided.

      Default: - SecretsManager generates a new secret value.

      Parameters:
      secretStringBeta1 - Initial value for the secret. This parameter is required.
      Returns:
      this

    • secretStringValue

      @Stability(Stable) public Secret.Builder secretStringValue(SecretValue secretStringValue)
      Initial value for the secret.

      NOTE: *It is highly encouraged to leave this field undefined and allow SecretsManager to create the secret value. The secret string -- if provided -- will be included in the output of the cdk as part of synthesis, and will appear in the CloudFormation template in the console. This can be secure(-ish) if that value is merely reference to another resource (or one of its attributes), but if the value is a plaintext string, it will be visible to anyone with access to the CloudFormation template (via the AWS Console, SDKs, or CLI).

      Specifies text data that you want to encrypt and store in this new version of the secret. May be a simple string value, or a string representation of a JSON structure.

      Only one of secretStringBeta1, secretStringValue, and generateSecretString can be provided.

      Default: - SecretsManager generates a new secret value.

      Parameters:
      secretStringValue - Initial value for the secret. This parameter is required.
      Returns:
      this

    • build

      @Stability(Stable) public Secret build()
      Specified by:
      build in interface software.amazon.jsii.Builder<Secret>
      Returns:
      a newly built instance of Secret.