SecretAttributes

class aws_cdk.aws_secretsmanager.SecretAttributes(*, encryption_key=None, secret_arn=None, secret_complete_arn=None, secret_partial_arn=None)

Bases: object

Attributes required to import an existing secret into the Stack.

One ARN format (secretArn, secretCompleteArn, secretPartialArn) must be provided.

Parameters:

  • encryption_key (Optional[IKey]) – The encryption key that is used to encrypt the secret, unless the default SecretsManager key is used.

  • secret_arn (Optional[str]) – (deprecated) The ARN of the secret in SecretsManager. Cannot be used with secretCompleteArn or secretPartialArn.

  • secret_complete_arn (Optional[str]) – The complete ARN of the secret in SecretsManager. This is the ARN including the Secrets Manager 6-character suffix. Cannot be used with secretArn or secretPartialArn.

  • secret_partial_arn (Optional[str]) – The partial ARN of the secret in SecretsManager. This is the ARN without the Secrets Manager 6-character suffix. Cannot be used with secretArn or secretCompleteArn.

ExampleMetadata:

infused

Example:

# encryption_key: kms.Key

secret = secretsmanager.Secret.from_secret_attributes(self, "ImportedSecret",
    secret_arn="arn:aws:secretsmanager:<region>:<account-id-number>:secret:<secret-name>-<random-6-characters>",
    # If the secret is encrypted using a KMS-hosted CMK, either import or reference that key:
    encryption_key=encryption_key
)

Attributes

encryption_key

The encryption key that is used to encrypt the secret, unless the default SecretsManager key is used.

secret_arn

(deprecated) The ARN of the secret in SecretsManager.

Cannot be used with secretCompleteArn or secretPartialArn.

Deprecated:

use secretCompleteArn or secretPartialArn instead.

Stability:

deprecated

secret_complete_arn

The complete ARN of the secret in SecretsManager.

This is the ARN including the Secrets Manager 6-character suffix. Cannot be used with secretArn or secretPartialArn.

secret_partial_arn

The partial ARN of the secret in SecretsManager.

This is the ARN without the Secrets Manager 6-character suffix. Cannot be used with secretArn or secretCompleteArn.