Package software.amazon.awscdk.services.secretsmanager

Class SecretStringValueBeta1

java.lang.Object
software.amazon.jsii.JsiiObject
software.amazon.awscdk.services.secretsmanager.SecretStringValueBeta1
All Implemented Interfaces:
software.amazon.jsii.JsiiSerializable
@Generated(value="jsii-pacmak/1.109.0 (build c221850)", date="2025-03-19T18:01:42.425Z") @Stability(Deprecated) @Deprecated public class SecretStringValueBeta1 extends software.amazon.jsii.JsiiObject
Deprecated.
Use cdk.SecretValue instead.
(deprecated) An experimental class used to specify an initial secret value for a Secret.

The class wraps a simple string (or JSON representation) in order to provide some safety checks and warnings about the dangers of using plaintext strings as initial secret seed values via CDK/CloudFormation.

Example: 

 User user = new User(this, "User");
 AccessKey accessKey = AccessKey.Builder.create(this, "AccessKey").user(user).build();
 SecretStringValueBeta1 secretValue = SecretStringValueBeta1.fromToken(JSON.stringify(Map.of(
         "username", user.getUserName(),
         "database", "foo",
         "password", accessKey.secretAccessKey.unsafeUnwrap())));

  • Nested Class Summary

    Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

    software.amazon.jsii.JsiiObject.InitializationMode

  • Constructor Summary

    Constructors
    Modifier
    Constructor
    Description
    protected
    SecretStringValueBeta1(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
    Deprecated.
     
    protected
    SecretStringValueBeta1(software.amazon.jsii.JsiiObjectRef objRef)
    Deprecated.
     

  • Method Summary

    Modifier and Type
    Method
    Description
    static SecretStringValueBeta1
    fromToken(String secretValueFromToken)
    Deprecated.
    static SecretStringValueBeta1
    fromUnsafePlaintext(String secretValue)
    Deprecated.
    String
    secretValue()
    Deprecated.

    Methods inherited from class software.amazon.jsii.JsiiObject

    jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface software.amazon.jsii.JsiiSerializable

    $jsii$toJson

  • Constructor Details

    • SecretStringValueBeta1

      protected SecretStringValueBeta1(software.amazon.jsii.JsiiObjectRef objRef)
      Deprecated.

    • SecretStringValueBeta1

      protected SecretStringValueBeta1(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
      Deprecated.

  • Method Details

    • fromToken

      @Stability(Deprecated) @Deprecated @NotNull public static SecretStringValueBeta1 fromToken(@NotNull String secretValueFromToken)
      Deprecated.
      (deprecated) Creates a SecretValueValueBeta1 from a string value coming from a Token.

      The intent is to enable creating secrets from references (e.g., Ref, Fn::GetAtt) from other resources. This might be the direct output of another Construct, or the output of a Custom Resource. This method throws if it determines the input is an unsafe plaintext string.

      For example: 

       // Creates a new IAM user, access and secret keys, and stores the secret access key in a Secret.
 User user = new User(this, "User");
 AccessKey accessKey = AccessKey.Builder.create(this, "AccessKey").user(user).build();
 Secret secret = Secret.Builder.create(this, "Secret")
         .secretStringValue(accessKey.getSecretAccessKey())
         .build();

      The secret may also be embedded in a string representation of a JSON structure: 

       User user = new User(this, "User");
 AccessKey accessKey = AccessKey.Builder.create(this, "AccessKey").user(user).build();
 SecretStringValueBeta1 secretValue = SecretStringValueBeta1.fromToken(JSON.stringify(Map.of(
         "username", user.getUserName(),
         "database", "foo",
         "password", accessKey.secretAccessKey.unsafeUnwrap())));

      Note that the value being a Token does not guarantee safety. For example, a Lazy-evaluated string (e.g., Lazy.string({ produce: () => 'myInsecurePassword' }))) is a Token, but as the output is ultimately a plaintext string, and so insecure.

      Parameters:
      secretValueFromToken - a secret value coming from a Construct attribute or Custom Resource output. This parameter is required.

    • fromUnsafePlaintext

      @Stability(Deprecated) @Deprecated @NotNull public static SecretStringValueBeta1 fromUnsafePlaintext(@NotNull String secretValue)
      Deprecated.
      (deprecated) Creates a SecretStringValueBeta1 from a plaintext value.

      This approach is inherently unsafe, as the secret value may be visible in your source control repository and will also appear in plaintext in the resulting CloudFormation template, including in the AWS Console or APIs. Usage of this method is discouraged, especially for production workloads.

      Parameters:
      secretValue - This parameter is required.

    • secretValue

      @Stability(Deprecated) @Deprecated @NotNull public String secretValue()
      Deprecated.
      (deprecated) Returns the secret value.