Interface SecretRotationProps

All Superinterfaces:
All Known Implementing Classes:

@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)", date="2023-06-19T16:30:41.312Z") @Stability(Stable) public interface SecretRotationProps extends
Construction properties for a SecretRotation.


 Secret mySecret;
 IConnectable myDatabase;
 Vpc myVpc;
 SecretRotation.Builder.create(this, "SecretRotation")
         .application(SecretRotationApplication.MYSQL_ROTATION_SINGLE_USER) // MySQL single user scheme
         .target(myDatabase) // a Connectable
         .vpc(myVpc) // The VPC where the secret rotation application will be deployed
         .excludeCharacters(" %+:;{}")
  • Method Details

    • getApplication

      @Stability(Stable) @NotNull SecretRotationApplication getApplication()
      The serverless application for the rotation.
    • getSecret

      @Stability(Stable) @NotNull ISecret getSecret()
      The secret to rotate. It must be a JSON string with the following format:.

          "engine": <required: database engine>,
          "host": <required: instance host name>,
          "username": <required: username>,
          "password": <required: password>,
          "dbname": <optional: database name>,
          "port": <optional: if not specified, default port will be used>,
          "masterarn": <required for multi user rotation: the arn of the master secret which will be used to create users/change passwords>

      This is typically the case for a secret referenced from an AWS::SecretsManager::SecretTargetAttachment or an ISecret returned by the attach() method of Secret.

      See Also:
    • getTarget

      @Stability(Stable) @NotNull IConnectable getTarget()
      The target service or database.
    • getVpc

      @Stability(Stable) @NotNull IVpc getVpc()
      The VPC where the Lambda rotation function will run.
    • getAutomaticallyAfter

      @Stability(Stable) @Nullable default Duration getAutomaticallyAfter()
      Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation.

      Default: Duration.days(30)

    • getEndpoint

      @Stability(Stable) @Nullable default IInterfaceVpcEndpoint getEndpoint()
      The VPC interface endpoint to use for the Secrets Manager API.

      If you enable private DNS hostnames for your VPC private endpoint (the default), you don't need to specify an endpoint. The standard Secrets Manager DNS hostname the Secrets Manager CLI and SDKs use by default ( automatically resolves to your VPC endpoint.


    • getExcludeCharacters

      @Stability(Stable) @Nullable default String getExcludeCharacters()
      Characters which should not appear in the generated password.

      Default: - no additional characters are explicitly excluded

    • getMasterSecret

      @Stability(Stable) @Nullable default ISecret getMasterSecret()
      The master secret for a multi user rotation scheme.

      Default: - single user rotation scheme

    • getSecurityGroup

      @Stability(Stable) @Nullable default ISecurityGroup getSecurityGroup()
      The security group for the Lambda rotation function.

      Default: - a new security group is created

    • getVpcSubnets

      @Stability(Stable) @Nullable default SubnetSelection getVpcSubnets()
      The type of subnets in the VPC where the Lambda rotation function will run.

      Default: - the Vpc default strategy if not specified.

    • builder

      @Stability(Stable) static SecretRotationProps.Builder builder()
      a SecretRotationProps.Builder of SecretRotationProps