AWS::SecretsManager::Secret GenerateSecretString
Generates a random password. We recommend that you specify the maximum length and include every character type that the system you are generating a password for can support.
Required permissions:
secretsmanager:GetRandomPassword. For more information, see IAM policy actions for Secrets Manager and Authentication and access control
in Secrets Manager.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "ExcludeCharacters" :String, "ExcludeLowercase" :Boolean, "ExcludeNumbers" :Boolean, "ExcludePunctuation" :Boolean, "ExcludeUppercase" :Boolean, "GenerateStringKey" :String, "IncludeSpace" :Boolean, "PasswordLength" :Integer, "RequireEachIncludedType" :Boolean, "SecretStringTemplate" :String}
YAML
ExcludeCharacters:StringExcludeLowercase:BooleanExcludeNumbers:BooleanExcludePunctuation:BooleanExcludeUppercase:BooleanGenerateStringKey:StringIncludeSpace:BooleanPasswordLength:IntegerRequireEachIncludedType:BooleanSecretStringTemplate:String
Properties
ExcludeCharacters-
A string of the characters that you don't want in the password.
Required: No
Type: String
Update requires: No interruption
ExcludeLowercase-
Specifies whether to exclude lowercase letters from the password. If you don't include this switch, the password can contain lowercase letters.
Required: No
Type: Boolean
Update requires: No interruption
ExcludeNumbers-
Specifies whether to exclude numbers from the password. If you don't include this switch, the password can contain numbers.
Required: No
Type: Boolean
Update requires: No interruption
ExcludePunctuation-
Specifies whether to exclude the following punctuation characters from the password:
! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~. If you don't include this switch, the password can contain punctuation.Required: No
Type: Boolean
Update requires: No interruption
ExcludeUppercase-
Specifies whether to exclude uppercase letters from the password. If you don't include this switch, the password can contain uppercase letters.
Required: No
Type: Boolean
Update requires: No interruption
GenerateStringKey-
The JSON key name for the key/value pair, where the value is the generated password. This pair is added to the JSON structure specified by the
SecretStringTemplateparameter. If you specify this parameter, then you must also specifySecretStringTemplate.Required: No
Type: String
Update requires: No interruption
IncludeSpace-
Specifies whether to include the space character. If you include this switch, the password can contain space characters.
Required: No
Type: Boolean
Update requires: No interruption
PasswordLength-
The length of the password. If you don't include this parameter, the default length is 32 characters.
Required: No
Type: Integer
Update requires: No interruption
RequireEachIncludedType-
Specifies whether to include at least one upper and lowercase letter, one number, and one punctuation. If you don't include this switch, the password contains at least one of every character type.
Required: No
Type: Boolean
Update requires: No interruption
SecretStringTemplate-
A template that the generated string must match. When you make a change to this property, a new secret version is created.
Required: No
Type: String
Update requires: No interruption
See also
-
GetRandomPassword in the AWS Secrets Manager API Reference
