ExternalDockerCredentialOptions

class aws_cdk.pipelines.ExternalDockerCredentialOptions(*, assume_role=None, secret_password_field=None, secret_username_field=None, usages=None)

Bases: object

Options for defining credentials for a Docker Credential.

Parameters:

  • assume_role (Optional[IRole]) – An IAM role to assume prior to accessing the secret. Default: - none. The current execution role will be used.

  • secret_password_field (Optional[str]) – The name of the JSON field of the secret which contains the secret/password. Default: ‘secret’

  • secret_username_field (Optional[str]) – The name of the JSON field of the secret which contains the user/login name. Default: ‘username’

  • usages (Optional[Sequence[DockerCredentialUsage]]) – Defines which stages of the pipeline should be granted access to these credentials. Default: - all relevant stages (synth, self-update, asset publishing) are granted access.

ExampleMetadata:

infused

Example:

docker_hub_secret = secretsmanager.Secret.from_secret_complete_arn(self, "DHSecret", "arn:aws:...")
# Only the image asset publishing actions will be granted read access to the secret.
creds = pipelines.DockerCredential.docker_hub(docker_hub_secret,
    usages=[pipelines.DockerCredentialUsage.ASSET_PUBLISHING]
)

Attributes

assume_role

An IAM role to assume prior to accessing the secret.

Default:

  • none. The current execution role will be used.

secret_password_field

The name of the JSON field of the secret which contains the secret/password.

Default:

‘secret’

secret_username_field

The name of the JSON field of the secret which contains the user/login name.

Default:

‘username’

usages

Defines which stages of the pipeline should be granted access to these credentials.

Default:

  • all relevant stages (synth, self-update, asset publishing) are granted access.