Package software.amazon.awscdk.services.secretsmanager

Interface ISecret

All Superinterfaces:

software.constructs.IConstruct, software.constructs.IDependable, IResource, software.amazon.jsii.JsiiSerializable

All Known Subinterfaces:

ISecret.Jsii$Default, ISecretTargetAttachment, ISecretTargetAttachment.Jsii$Default

All Known Implementing Classes:

DatabaseSecret, DatabaseSecret, DatabaseSecret, ISecret.Jsii$Proxy, ISecretTargetAttachment.Jsii$Proxy, Secret, SecretTargetAttachment

@Generated(value="jsii-pacmak/1.99.0 (build 8f757e4)",
           date="2024-06-13T18:49:25.621Z")
@Stability(Stable)
public interface ISecret
extends software.amazon.jsii.JsiiSerializable, IResource

A secret in AWS Secrets Manager.

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static interface	ISecret.Jsii$Default	Internal default implementation for ISecret.
static final class	ISecret.Jsii$Proxy	A proxy class which represents a concrete javascript instance of this type.

Method Summary

Modifier and Type	Method	Description
RotationSchedule	addRotationSchedule(String id, RotationScheduleOptions options)	Adds a rotation schedule to the secret.
AddToResourcePolicyResult	addToResourcePolicy(PolicyStatement statement)	Adds a statement to the IAM resource policy associated with this secret.
ISecret	attach(ISecretAttachmentTarget target)	Attach a target to this secret.
void	denyAccountRootDelete()	Denies the DeleteSecret action to all principals within the current account.
default IKey	getEncryptionKey()	The customer-managed encryption key that is used to encrypt this secret, if any.
String	getSecretArn()	The ARN of the secret in AWS Secrets Manager.
default String	getSecretFullArn()	The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.
String	getSecretName()	The name of the secret.
SecretValue	getSecretValue()	Retrieve the value of the stored secret as a SecretValue.
Grant	grantRead(IGrantable grantee)	Grants reading the secret value to some role.
Grant	grantRead(IGrantable grantee, List<String> versionStages)	Grants reading the secret value to some role.
Grant	grantWrite(IGrantable grantee)	Grants writing and updating the secret value to some role.
SecretValue	secretValueFromJson(String key)	Interpret the secret as a JSON object and return a field's value from it as a SecretValue.

Methods inherited from interface software.constructs.IConstruct

getNode

Methods inherited from interface software.amazon.awscdk.IResource

applyRemovalPolicy, getEnv, getStack

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getSecretArn

@Stability(Stable)
@NotNull
String getSecretArn()

The ARN of the secret in AWS Secrets Manager.

Will return the full ARN if available, otherwise a partial arn. For secrets imported by the deprecated fromSecretName, it will return the secretName.

getSecretName

@Stability(Stable)
@NotNull
String getSecretName()

The name of the secret.

For "owned" secrets, this will be the full resource name (secret name + suffix), unless the '@aws-cdk/aws-secretsmanager:parseOwnedSecretName' feature flag is set.

getSecretValue

@Stability(Stable)
@NotNull
SecretValue getSecretValue()

Retrieve the value of the stored secret as a SecretValue.

getEncryptionKey

@Stability(Stable)
@Nullable
default IKey getEncryptionKey()

The customer-managed encryption key that is used to encrypt this secret, if any.

When not specified, the default KMS key for the account and region is being used.

getSecretFullArn

@Stability(Stable)
@Nullable
default String getSecretFullArn()

The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.

This is equal to secretArn in most cases, but is undefined when a full ARN is not available (e.g., secrets imported by name).

addRotationSchedule

@Stability(Stable)
@NotNull
RotationSchedule addRotationSchedule(@NotNull
 String id,
 @NotNull
 RotationScheduleOptions options)

Adds a rotation schedule to the secret.

Parameters:

id - This parameter is required.

options - This parameter is required.

addToResourcePolicy

@Stability(Stable)
@NotNull
AddToResourcePolicyResult addToResourcePolicy(@NotNull
 PolicyStatement statement)

Adds a statement to the IAM resource policy associated with this secret.

If this secret was created in this stack, a resource policy will be automatically created upon the first call to addToResourcePolicy. If the secret is imported, then this is a no-op.

Parameters:

statement - This parameter is required.

attach

@Stability(Stable)
@NotNull
ISecret attach(@NotNull
 ISecretAttachmentTarget target)

Attach a target to this secret.

Parameters:

target - The target to attach. This parameter is required.

Returns:

An attached secret

denyAccountRootDelete

@Stability(Stable)
void denyAccountRootDelete()

Denies the DeleteSecret action to all principals within the current account.

grantRead

@Stability(Stable)
@NotNull
Grant grantRead(@NotNull
 IGrantable grantee,
 @Nullable
 List<String> versionStages)

Grants reading the secret value to some role.

Parameters:

grantee - the principal being granted permission. This parameter is required.

versionStages - the version stages the grant is limited to.

grantRead

@Stability(Stable)
@NotNull
Grant grantRead(@NotNull
 IGrantable grantee)

Grants reading the secret value to some role.

Parameters:

grantee - the principal being granted permission. This parameter is required.

grantWrite

@Stability(Stable)
@NotNull
Grant grantWrite(@NotNull
 IGrantable grantee)

Grants writing and updating the secret value to some role.

Parameters:

grantee - the principal being granted permission. This parameter is required.

secretValueFromJson

@Stability(Stable)
@NotNull
SecretValue secretValueFromJson(@NotNull
 String key)

Interpret the secret as a JSON object and return a field's value from it as a SecretValue.

Parameters:

key - This parameter is required.