Class SecretStringGenerator

Configuration to generate secrets such as passwords automatically.

Inheritance

System.Object

SecretStringGenerator

Implements

ISecretStringGenerator

Namespace: Amazon.CDK.AWS.SecretsManager

Assembly: Amazon.CDK.Lib.dll

Syntax (csharp)

public class SecretStringGenerator : Object, ISecretStringGenerator

Syntax (vb)

Public Class SecretStringGenerator
    Inherits Object
    Implements ISecretStringGenerator

Remarks

ExampleMetadata: infused

Examples

IVpc vpc;


var instance1 = new DatabaseInstance(this, "PostgresInstance1", new DatabaseInstanceProps {
    Engine = DatabaseInstanceEngine.POSTGRES,
    // Generate the secret with admin username `postgres` and random password
    Credentials = Credentials.FromGeneratedSecret("postgres"),
    Vpc = vpc
});
// Templated secret with username and password fields
var templatedSecret = new Secret(this, "TemplatedSecret", new SecretProps {
    GenerateSecretString = new SecretStringGenerator {
        SecretStringTemplate = JSON.Stringify(new Dictionary<string, string> { { "username", "postgres" } }),
        GenerateStringKey = "password",
        ExcludeCharacters = "/@\""
    }
});
// Using the templated secret as credentials
var instance2 = new DatabaseInstance(this, "PostgresInstance2", new DatabaseInstanceProps {
    Engine = DatabaseInstanceEngine.POSTGRES,
    Credentials = new Dictionary<string, object> {
        { "username", templatedSecret.SecretValueFromJson("username").ToString() },
        { "password", templatedSecret.SecretValueFromJson("password") }
    },
    Vpc = vpc
});

Synopsis

Constructors

SecretStringGenerator()

Properties

ExcludeCharacters	A string that includes characters that shouldn't be included in the generated password.
ExcludeLowercase	Specifies that the generated password shouldn't include lowercase letters.
ExcludeNumbers	Specifies that the generated password shouldn't include digits.
ExcludePunctuation	Specifies that the generated password shouldn't include punctuation characters.
ExcludeUppercase	Specifies that the generated password shouldn't include uppercase letters.
GenerateStringKey	The JSON key name that's used to add the generated password to the JSON structure specified by the `secretStringTemplate` parameter.
IncludeSpace	Specifies that the generated password can include the space character.
PasswordLength	The desired length of the generated password.
RequireEachIncludedType	Specifies whether the generated password must include at least one of every allowed character type.
SecretStringTemplate	A properly structured JSON string that the generated password can be added to.

Constructors

SecretStringGenerator()

public SecretStringGenerator()

Properties

ExcludeCharacters

A string that includes characters that shouldn't be included in the generated password.

public string ExcludeCharacters { get; set; }

Property Value

System.String

Remarks

The string can be a minimum of 0 and a maximum of 4096 characters long.

Default: no exclusions

ExcludeLowercase

Specifies that the generated password shouldn't include lowercase letters.

public Nullable<bool> ExcludeLowercase { get; set; }

Property Value

System.Nullable<System.Boolean>

Remarks

Default: false

ExcludeNumbers

Specifies that the generated password shouldn't include digits.

public Nullable<bool> ExcludeNumbers { get; set; }

Property Value

System.Nullable<System.Boolean>

Remarks

Default: false

ExcludePunctuation

Specifies that the generated password shouldn't include punctuation characters.

public Nullable<bool> ExcludePunctuation { get; set; }

Property Value

System.Nullable<System.Boolean>

Remarks

Default: false

ExcludeUppercase

Specifies that the generated password shouldn't include uppercase letters.

public Nullable<bool> ExcludeUppercase { get; set; }

Property Value

System.Nullable<System.Boolean>

Remarks

Default: false

GenerateStringKey

The JSON key name that's used to add the generated password to the JSON structure specified by the secretStringTemplate parameter.

public string GenerateStringKey { get; set; }

Property Value

System.String

Remarks

If you specify generateStringKey then secretStringTemplate must be also be specified.

IncludeSpace

Specifies that the generated password can include the space character.

public Nullable<bool> IncludeSpace { get; set; }

Property Value

System.Nullable<System.Boolean>

Remarks

Default: false

PasswordLength

The desired length of the generated password.

public Nullable<double> PasswordLength { get; set; }

Property Value

System.Nullable<System.Double>

Remarks

Default: 32

RequireEachIncludedType

Specifies whether the generated password must include at least one of every allowed character type.

public Nullable<bool> RequireEachIncludedType { get; set; }

Property Value

System.Nullable<System.Boolean>

Remarks

Default: true

SecretStringTemplate

A properly structured JSON string that the generated password can be added to.

public string SecretStringTemplate { get; set; }

Property Value

System.String

Remarks

The generateStringKey is combined with the generated random string and inserted into the JSON structure that's specified by this parameter. The merged JSON string is returned as the completed SecretString of the secret. If you specify secretStringTemplate then generateStringKey must be also be specified.

Implements

ISecretStringGenerator