Class SecretTargetAttachment

An attached secret.

Inheritance

object

Resource

SecretTargetAttachment

Implements

ISecretTargetAttachment

ISecret

IResource

IConstruct

IDependable

IEnvironmentAware

Inherited Members

Resource.IsOwnedResource(IConstruct)

Resource.IsResource(IConstruct)

Resource.ApplyRemovalPolicy(RemovalPolicy)

Resource.GeneratePhysicalName()

Resource.GetResourceArnAttribute(string, IArnComponents)

Resource.GetResourceNameAttribute(string)

Resource.Env

Resource.PhysicalName

Resource.Stack

Namespace: Amazon.CDK.AWS.SecretsManager

Assembly: Amazon.CDK.Lib.dll

Syntax (csharp)

public class SecretTargetAttachment : Resource, ISecretTargetAttachment, ISecret, IResource, IConstruct, IDependable, IEnvironmentAware

Syntax (vb)

Public Class SecretTargetAttachment Inherits Resource Implements ISecretTargetAttachment, ISecret, IResource, IConstruct, IDependable, IEnvironmentAware

Remarks

ExampleMetadata: fixture=_generated

Examples

// The code below shows an example of how to instantiate this type.
            // The values are placeholders you should change.
            using Amazon.CDK.AWS.SecretsManager;

            Secret secret;
            ISecretAttachmentTarget secretAttachmentTarget;

            var secretTargetAttachment = new SecretTargetAttachment(this, "MySecretTargetAttachment", new SecretTargetAttachmentProps {
                Secret = secret,
                Target = secretAttachmentTarget
            });

Synopsis

Constructors

SecretTargetAttachment(Construct, string, ISecretTargetAttachmentProps)

An attached secret.

Properties

ArnForPolicies	Provides an identifier for this secret for use in IAM policies.
AutoCreatePolicy	An attached secret.
EncryptionKey	The customer-managed encryption key that is used to encrypt this secret, if any.
PROPERTY_INJECTION_ID	Uniquely identifies this class.
SecretArn	The ARN of the secret in AWS Secrets Manager.
SecretFullArn	The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.
SecretName	The name of the secret.
SecretTargetAttachmentSecretArn	Same as `secretArn`.
SecretValue	Retrieve the value of the stored secret as a `SecretValue`.

Methods

AddRotationSchedule(string, IRotationScheduleOptions)	Adds a rotation schedule to the secret.
AddToResourcePolicy(PolicyStatement)	Forward any additions to the resource policy to the original secret.
Attach(ISecretAttachmentTarget)	Attach a target to this secret.
DenyAccountRootDelete()	Denies the `DeleteSecret` action to all principals within the current account.
FromSecretTargetAttachmentSecretArn(Construct, string, string)	An attached secret.
GrantRead(IGrantable, string[]?)	Grants reading the secret value to some role.
GrantWrite(IGrantable)	Grants writing and updating the secret value to some role.
SecretValueFromJson(string)	Interpret the secret as a JSON object and return a field's value from it as a `SecretValue`.

Constructors

SecretTargetAttachment(Construct, string, ISecretTargetAttachmentProps)

An attached secret.

public SecretTargetAttachment(Construct scope, string id, ISecretTargetAttachmentProps props)

Parameters

scope Construct
id string
props ISecretTargetAttachmentProps

Remarks

ExampleMetadata: fixture=_generated

Examples

// The code below shows an example of how to instantiate this type.
            // The values are placeholders you should change.
            using Amazon.CDK.AWS.SecretsManager;

            Secret secret;
            ISecretAttachmentTarget secretAttachmentTarget;

            var secretTargetAttachment = new SecretTargetAttachment(this, "MySecretTargetAttachment", new SecretTargetAttachmentProps {
                Secret = secret,
                Target = secretAttachmentTarget
            });

Properties

ArnForPolicies

Provides an identifier for this secret for use in IAM policies.

protected virtual string ArnForPolicies { get; }

Property Value

string

Remarks

If there is a full ARN, this is just the ARN; if we have a partial ARN -- due to either importing by secret name or partial ARN -- then we need to add a suffix to capture the full ARN's format.

AutoCreatePolicy

An attached secret.

protected virtual bool AutoCreatePolicy { get; }

Property Value

bool

Remarks

ExampleMetadata: fixture=_generated

Examples

// The code below shows an example of how to instantiate this type.
            // The values are placeholders you should change.
            using Amazon.CDK.AWS.SecretsManager;

            Secret secret;
            ISecretAttachmentTarget secretAttachmentTarget;

            var secretTargetAttachment = new SecretTargetAttachment(this, "MySecretTargetAttachment", new SecretTargetAttachmentProps {
                Secret = secret,
                Target = secretAttachmentTarget
            });

EncryptionKey

The customer-managed encryption key that is used to encrypt this secret, if any.

public virtual IKey? EncryptionKey { get; }

Property Value

IKey

Remarks

When not specified, the default KMS key for the account and region is being used.

PROPERTY_INJECTION_ID

Uniquely identifies this class.

public static string PROPERTY_INJECTION_ID { get; }

Property Value

string

Remarks

ExampleMetadata: fixture=_generated

SecretArn

The ARN of the secret in AWS Secrets Manager.

public virtual string SecretArn { get; }

Property Value

string

Remarks

Will return the full ARN if available, otherwise a partial arn. For secrets imported by the deprecated fromSecretName, it will return the secretName.

SecretFullArn

The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.

public virtual string? SecretFullArn { get; }

Property Value

string

Remarks

This is equal to secretArn in most cases, but is undefined when a full ARN is not available (e.g., secrets imported by name).

SecretName

The name of the secret.

public virtual string SecretName { get; }

Property Value

string

Remarks

For "owned" secrets, this will be the full resource name (secret name + suffix), unless the '@aws-cdk/aws-secretsmanager:parseOwnedSecretName' feature flag is set.

SecretTargetAttachmentSecretArn

Same as secretArn.

public virtual string SecretTargetAttachmentSecretArn { get; }

Property Value

string

Remarks

Attribute: true

SecretValue

Retrieve the value of the stored secret as a SecretValue.

public virtual SecretValue SecretValue { get; }

Property Value

SecretValue

Remarks

ExampleMetadata: fixture=_generated

Methods

AddRotationSchedule(string, IRotationScheduleOptions)

Adds a rotation schedule to the secret.

public virtual RotationSchedule AddRotationSchedule(string id, IRotationScheduleOptions options)

Parameters

id string
options IRotationScheduleOptions

Returns

RotationSchedule

Remarks

ExampleMetadata: fixture=_generated

AddToResourcePolicy(PolicyStatement)

Forward any additions to the resource policy to the original secret.

public virtual IAddToResourcePolicyResult AddToResourcePolicy(PolicyStatement statement)

Parameters

statement PolicyStatement

Returns

IAddToResourcePolicyResult

Remarks

This is required because a secret can only have a single resource policy. If we do not forward policy additions, a new policy resource is created using the secret attachment ARN. This ends up being rejected by CloudFormation.

Attach(ISecretAttachmentTarget)

Attach a target to this secret.

public virtual ISecret Attach(ISecretAttachmentTarget target)

Parameters

target ISecretAttachmentTarget: The target to attach.

Returns

ISecret

An attached secret

Remarks

ExampleMetadata: fixture=_generated

DenyAccountRootDelete()

Denies the DeleteSecret action to all principals within the current account.

public virtual void DenyAccountRootDelete()

Remarks

ExampleMetadata: fixture=_generated

FromSecretTargetAttachmentSecretArn(Construct, string, string)

An attached secret.

public static ISecretTargetAttachment FromSecretTargetAttachmentSecretArn(Construct scope, string id, string secretTargetAttachmentSecretArn)

Parameters

scope Construct
id string
secretTargetAttachmentSecretArn string

Returns

ISecretTargetAttachment

Remarks

ExampleMetadata: fixture=_generated

Examples

// The code below shows an example of how to instantiate this type.
            // The values are placeholders you should change.
            using Amazon.CDK.AWS.SecretsManager;

            Secret secret;
            ISecretAttachmentTarget secretAttachmentTarget;

            var secretTargetAttachment = new SecretTargetAttachment(this, "MySecretTargetAttachment", new SecretTargetAttachmentProps {
                Secret = secret,
                Target = secretAttachmentTarget
            });

GrantRead(IGrantable, string[]?)

Grants reading the secret value to some role.

public virtual Grant GrantRead(IGrantable grantee, string[]? versionStages = null)

Parameters

grantee IGrantable
versionStages string[]

Returns

Grant

Remarks

ExampleMetadata: fixture=_generated

GrantWrite(IGrantable)

Grants writing and updating the secret value to some role.

public virtual Grant GrantWrite(IGrantable grantee)

Parameters

grantee IGrantable

Returns

Grant

Remarks

ExampleMetadata: fixture=_generated

SecretValueFromJson(string)

Interpret the secret as a JSON object and return a field's value from it as a SecretValue.

public virtual SecretValue SecretValueFromJson(string jsonField)

Parameters

jsonField string

Returns

SecretValue

Remarks

ExampleMetadata: fixture=_generated

Implements

ISecretTargetAttachment

ISecret

IResource

Constructs.IConstruct

Constructs.IDependable

IEnvironmentAware