Interface ISecret

A secret in AWS Secrets Manager.

Inherited Members

IResource.ApplyRemovalPolicy(RemovalPolicy)

IResource.Stack

ISecretRef.SecretRef

IEnvironmentAware.Env

Namespace: Amazon.CDK.AWS.SecretsManager

Assembly: Amazon.CDK.Lib.dll

Syntax (csharp)

public interface ISecret : IResource, ISecretRef, IConstruct, IDependable, IEnvironmentAware

Syntax (vb)

Public Interface ISecret Inherits IResource, ISecretRef, IConstruct, IDependable, IEnvironmentAware

Synopsis

Properties

EncryptionKey	The customer-managed encryption key that is used to encrypt this secret, if any.
SecretArn	The ARN of the secret in AWS Secrets Manager.
SecretFullArn	The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.
SecretName	The name of the secret.
SecretValue	Retrieve the value of the stored secret as a SecretValue.

Methods

AddRotationSchedule(string, IRotationScheduleOptions)	Adds a rotation schedule to the secret.
AddToResourcePolicy(PolicyStatement)	Adds a statement to the IAM resource policy associated with this secret.
Attach(ISecretAttachmentTarget)	Attach a target to this secret.
CfnDynamicReferenceKey(ISecretsManagerSecretOptions?)	Returns a key which can be used within an AWS CloudFormation dynamic reference to dynamically load this secret from AWS Secrets Manager.
DenyAccountRootDelete()	Denies the DeleteSecret action to all principals within the current account.
GrantRead(IGrantable, string[]?)	Grants reading the secret value to some role.
GrantWrite(IGrantable)	Grants writing and updating the secret value to some role.
SecretValueFromJson(string)	Interpret the secret as a JSON object and return a field's value from it as a SecretValue.

Properties

EncryptionKey

The customer-managed encryption key that is used to encrypt this secret, if any.

IKey? EncryptionKey { get; }

Property Value

IKey

Remarks

When not specified, the default KMS key for the account and region is being used.

SecretArn

The ARN of the secret in AWS Secrets Manager.

string SecretArn { get; }

Property Value

string

Remarks

Will return the full ARN if available, otherwise a partial arn. For secrets imported by the deprecated fromSecretName, it will return the secretName.

Attribute: true

SecretFullArn

The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.

string? SecretFullArn { get; }

Property Value

string

Remarks

This is equal to secretArn in most cases, but is undefined when a full ARN is not available (e.g., secrets imported by name).

SecretName

The name of the secret.

string SecretName { get; }

Property Value

string

Remarks

For "owned" secrets, this will be the full resource name (secret name + suffix), unless the '@aws-cdk/aws-secretsmanager:parseOwnedSecretName' feature flag is set.

SecretValue

Retrieve the value of the stored secret as a SecretValue.

SecretValue SecretValue { get; }

Property Value

SecretValue

Remarks

Attribute: true

Methods

AddRotationSchedule(string, IRotationScheduleOptions)

Adds a rotation schedule to the secret.

RotationSchedule AddRotationSchedule(string id, IRotationScheduleOptions options)

Parameters

id string

options IRotationScheduleOptions

Returns

RotationSchedule

AddToResourcePolicy(PolicyStatement)

Adds a statement to the IAM resource policy associated with this secret.

IAddToResourcePolicyResult AddToResourcePolicy(PolicyStatement statement)

Parameters

statement PolicyStatement

Returns

IAddToResourcePolicyResult

Remarks

If this secret was created in this stack, a resource policy will be automatically created upon the first call to addToResourcePolicy. If the secret is imported, then this is a no-op.

Attach(ISecretAttachmentTarget)

Attach a target to this secret.

ISecret Attach(ISecretAttachmentTarget target)

Parameters

target ISecretAttachmentTarget

The target to attach.

Returns

ISecret

An attached secret

CfnDynamicReferenceKey(ISecretsManagerSecretOptions?)

Returns a key which can be used within an AWS CloudFormation dynamic reference to dynamically load this secret from AWS Secrets Manager.

string CfnDynamicReferenceKey(ISecretsManagerSecretOptions? options = null)

Parameters

options ISecretsManagerSecretOptions

Options.

Returns

string

Remarks

See: https://docs.aws.amazon.com/secretsmanager/latest/userguide/cfn-example_reference-secret.html

DenyAccountRootDelete()

Denies the DeleteSecret action to all principals within the current account.

void DenyAccountRootDelete()

GrantRead(IGrantable, string[]?)

Grants reading the secret value to some role.

Grant GrantRead(IGrantable grantee, string[]? versionStages = null)

Parameters

grantee IGrantable

the principal being granted permission.

versionStages string[]

the version stages the grant is limited to.

Returns

Grant

GrantWrite(IGrantable)

Grants writing and updating the secret value to some role.

Grant GrantWrite(IGrantable grantee)

Parameters

grantee IGrantable

the principal being granted permission.

Returns

Grant

SecretValueFromJson(string)

Interpret the secret as a JSON object and return a field's value from it as a SecretValue.

SecretValue SecretValueFromJson(string key)

Parameters

key string

Returns

SecretValue