interface SecretStringGenerator
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.SecretsManager.SecretStringGenerator |
 Java | software.amazon.awscdk.services.secretsmanager.SecretStringGenerator |
 Python | aws_cdk.aws_secretsmanager.SecretStringGenerator |
 TypeScript (source) | @aws-cdk/aws-secretsmanager » SecretStringGenerator |
Configuration to generate secrets such as passwords automatically.
Example
// Default secret
const secret = new secretsmanager.Secret(this, 'Secret');
// Using the default secret
new iam.User(this, 'User', {
password: secret.secretValue,
});
// Templated secret
const templatedSecret = new secretsmanager.Secret(this, 'TemplatedSecret', {
generateSecretString: {
secretStringTemplate: JSON.stringify({ username: 'user' }),
generateStringKey: 'password',
},
});
// Using the templated secret
new iam.User(this, 'OtherUser', {
userName: templatedSecret.secretValueFromJson('username').toString(),
password: templatedSecret.secretValueFromJson('password'),
});
Properties
| Name | Type | Description |
|---|---|---|
| exclude | string | A string that includes characters that shouldn't be included in the generated password. |
| exclude | boolean | Specifies that the generated password shouldn't include lowercase letters. |
| exclude | boolean | Specifies that the generated password shouldn't include digits. |
| exclude | boolean | Specifies that the generated password shouldn't include punctuation characters. |
| exclude | boolean | Specifies that the generated password shouldn't include uppercase letters. |
| generate | string | The JSON key name that's used to add the generated password to the JSON structure specified by the secretStringTemplate parameter. |
| include | boolean | Specifies that the generated password can include the space character. |
| password | number | The desired length of the generated password. |
| require | boolean | Specifies whether the generated password must include at least one of every allowed character type. |
| secret | string | A properly structured JSON string that the generated password can be added to. |
excludeCharacters?
Type:
string
(optional, default: no exclusions)
A string that includes characters that shouldn't be included in the generated password.
The string can be a minimum
of 0 and a maximum of 4096 characters long.
excludeLowercase?
Type:
boolean
(optional, default: false)
Specifies that the generated password shouldn't include lowercase letters.
excludeNumbers?
Type:
boolean
(optional, default: false)
Specifies that the generated password shouldn't include digits.
excludePunctuation?
Type:
boolean
(optional, default: false)
Specifies that the generated password shouldn't include punctuation characters.
excludeUppercase?
Type:
boolean
(optional, default: false)
Specifies that the generated password shouldn't include uppercase letters.
generateStringKey?
Type:
string
(optional)
The JSON key name that's used to add the generated password to the JSON structure specified by the secretStringTemplate parameter.
If you specify generateStringKey then secretStringTemplate
must be also be specified.
includeSpace?
Type:
boolean
(optional, default: false)
Specifies that the generated password can include the space character.
passwordLength?
Type:
number
(optional, default: 32)
The desired length of the generated password.
requireEachIncludedType?
Type:
boolean
(optional, default: true)
Specifies whether the generated password must include at least one of every allowed character type.
secretStringTemplate?
Type:
string
(optional)
A properly structured JSON string that the generated password can be added to.
The generateStringKey is
combined with the generated random string and inserted into the JSON structure that's specified by this parameter.
The merged JSON string is returned as the completed SecretString of the secret. If you specify secretStringTemplate
then generateStringKey must be also be specified.