AWS Cloud Development Kit (AWS CDK)
Developer Guide

Get a Value from AWS Secrets Manager

To use values from AWS Secrets Manager in your CDK app, use the fromSecretAttributes method. It represents a value that is retrieved from Secrets Manager and used at AWS CloudFormation deployment time.

TypeScriptPython
TypeScript
import sm = require("@aws-cdk/aws-secretsmanager"); export class SecretsManagerStack extends core.Stack { constructor(scope: core.App, id: string, props?: core.StackProps) { super(scope, id, props); const secret = sm.Secret.fromSecretAttributes(this, "ImportedSecret", { secretArn: "arn:aws:secretsmanager:<region>:<account-id-number>:secret:<secret-name>-<random-6-characters>" // If the secret is encrypted using a KMS-hosted CMK, either import or reference that key: // encryptionKey: ... });
Python
import aws_cdk.aws_secretsmanager as sm class SecretsManagerStack(core.Stack): def __init__(self, scope: core.App, id: str, **kwargs): super().__init__(scope, name, **kwargs) secret = sm.Secret.from_secret_attributes(this, "ImportedSecret", secret_arn="arn:aws:secretsmanager:<region>:<account-id-number>:secret:<secret-name>-<random-6-characters>", # If the secret is encrypted using a KMS-hosted CMK, either import or reference that key: # encryption_key=.... )

Use the create-secret CLI command to create a secret from the command-line, such as when testing:

aws secretsmanager create-secret --name ImportedSecret --secret-string mygroovybucket

The command returns an ARN you can use for the example.