Interface ISecret
A secret in AWS Secrets Manager.
Namespace: Amazon.CDK.AWS.SecretsManager
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public interface ISecret : IResource
Syntax (vb)
Public Interface ISecret
Inherits IResource, IConstruct, IDependable
Synopsis
Properties
EncryptionKey | The customer-managed encryption key that is used to encrypt this secret, if any. |
SecretArn | The ARN of the secret in AWS Secrets Manager. |
SecretFullArn | The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix. |
SecretName | The name of the secret. |
SecretValue | Retrieve the value of the stored secret as a |
Methods
AddRotationSchedule(String, IRotationScheduleOptions) | Adds a rotation schedule to the secret. |
AddToResourcePolicy(PolicyStatement) | Adds a statement to the IAM resource policy associated with this secret. |
Attach(ISecretAttachmentTarget) | Attach a target to this secret. |
DenyAccountRootDelete() | Denies the |
GrantRead(IGrantable, String[]) | Grants reading the secret value to some role. |
GrantWrite(IGrantable) | Grants writing and updating the secret value to some role. |
SecretValueFromJson(String) | Interpret the secret as a JSON object and return a field's value from it as a |
Properties
EncryptionKey
The customer-managed encryption key that is used to encrypt this secret, if any.
virtual IKey EncryptionKey { get; }
Property Value
Remarks
When not specified, the default KMS key for the account and region is being used.
SecretArn
The ARN of the secret in AWS Secrets Manager.
string SecretArn { get; }
Property Value
System.String
Remarks
Will return the full ARN if available, otherwise a partial arn.
For secrets imported by the deprecated fromSecretName
, it will return the secretName
.
Attribute: true
SecretFullArn
The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.
virtual string SecretFullArn { get; }
Property Value
System.String
Remarks
This is equal to secretArn
in most cases, but is undefined when a full ARN is not available (e.g., secrets imported by name).
SecretName
The name of the secret.
string SecretName { get; }
Property Value
System.String
Remarks
For "owned" secrets, this will be the full resource name (secret name + suffix), unless the '@aws-cdk/aws-secretsmanager:parseOwnedSecretName' feature flag is set.
SecretValue
Retrieve the value of the stored secret as a SecretValue
.
SecretValue SecretValue { get; }
Property Value
Remarks
Attribute: true
Methods
AddRotationSchedule(String, IRotationScheduleOptions)
Adds a rotation schedule to the secret.
RotationSchedule AddRotationSchedule(string id, IRotationScheduleOptions options)
Parameters
- id System.String
- options IRotationScheduleOptions
Returns
AddToResourcePolicy(PolicyStatement)
Adds a statement to the IAM resource policy associated with this secret.
IAddToResourcePolicyResult AddToResourcePolicy(PolicyStatement statement)
Parameters
- statement PolicyStatement
Returns
Remarks
If this secret was created in this stack, a resource policy will be
automatically created upon the first call to addToResourcePolicy
. If
the secret is imported, then this is a no-op.
Attach(ISecretAttachmentTarget)
Attach a target to this secret.
ISecret Attach(ISecretAttachmentTarget target)
Parameters
- target ISecretAttachmentTarget
The target to attach.
Returns
An attached secret
DenyAccountRootDelete()
Denies the DeleteSecret
action to all principals within the current account.
void DenyAccountRootDelete()
GrantRead(IGrantable, String[])
Grants reading the secret value to some role.
Grant GrantRead(IGrantable grantee, string[] versionStages = null)
Parameters
- grantee IGrantable
the principal being granted permission.
- versionStages System.String[]
the version stages the grant is limited to.
Returns
GrantWrite(IGrantable)
Grants writing and updating the secret value to some role.
Grant GrantWrite(IGrantable grantee)
Parameters
- grantee IGrantable
the principal being granted permission.
Returns
SecretValueFromJson(String)
Interpret the secret as a JSON object and return a field's value from it as a SecretValue
.
SecretValue SecretValueFromJson(string key)
Parameters
- key System.String
Returns