class SecretStringValueBeta1
Language | Type name |
---|---|
![]() | Amazon.CDK.AWS.SecretsManager.SecretStringValueBeta1 |
![]() | github.com/aws/aws-cdk-go/awscdk/v2/awssecretsmanager#SecretStringValueBeta1 |
![]() | software.amazon.awscdk.services.secretsmanager.SecretStringValueBeta1 |
![]() | aws_cdk.aws_secretsmanager.SecretStringValueBeta1 |
![]() | aws-cdk-lib » aws_secretsmanager » SecretStringValueBeta1 |
⚠️ Deprecated: Use cdk.SecretValue
instead.
An experimental class used to specify an initial secret value for a Secret.
The class wraps a simple string (or JSON representation) in order to provide some safety checks and warnings about the dangers of using plaintext strings as initial secret seed values via CDK/CloudFormation.
Example
const user = new iam.User(this, 'User');
const accessKey = new iam.AccessKey(this, 'AccessKey', { user });
const secretValue = secretsmanager.SecretStringValueBeta1.fromToken(JSON.stringify({
username: user.userName,
database: 'foo',
password: accessKey.secretAccessKey.unsafeUnwrap(),
}));
Methods
Name | Description |
---|---|
secret | Returns the secret value. |
static from | Creates a SecretValueValueBeta1 from a string value coming from a Token. |
static from | Creates a SecretStringValueBeta1 from a plaintext value. |
secretValue()
public secretValue(): string
⚠️ Deprecated: Use cdk.SecretValue
instead.
Returns
string
Returns the secret value.
static fromToken(secretValueFromToken)
public static fromToken(secretValueFromToken: string): SecretStringValueBeta1
⚠️ Deprecated: Use cdk.SecretValue
instead.
Parameters
- secretValueFromToken
string
— a secret value coming from a Construct attribute or Custom Resource output.
Returns
Creates a SecretValueValueBeta1
from a string value coming from a Token.
The intent is to enable creating secrets from references (e.g., Ref
, Fn::GetAtt
) from other resources.
This might be the direct output of another Construct, or the output of a Custom Resource.
This method throws if it determines the input is an unsafe plaintext string.
For example:
// Creates a new IAM user, access and secret keys, and stores the secret access key in a Secret.
const user = new iam.User(this, 'User');
const accessKey = new iam.AccessKey(this, 'AccessKey', { user });
const secret = new secretsmanager.Secret(this, 'Secret', {
secretStringValue: accessKey.secretAccessKey,
});
The secret may also be embedded in a string representation of a JSON structure:
const user = new iam.User(this, 'User');
const accessKey = new iam.AccessKey(this, 'AccessKey', { user });
const secretValue = secretsmanager.SecretStringValueBeta1.fromToken(JSON.stringify({
username: user.userName,
database: 'foo',
password: accessKey.secretAccessKey.unsafeUnwrap(),
}));
Note that the value being a Token does not guarantee safety. For example, a Lazy-evaluated string
(e.g., Lazy.string({ produce: () => 'myInsecurePassword' }))
) is a Token, but as the output is
ultimately a plaintext string, and so insecure.
static fromUnsafePlaintext(secretValue)
public static fromUnsafePlaintext(secretValue: string): SecretStringValueBeta1
⚠️ Deprecated: Use cdk.SecretValue
instead.
Parameters
- secretValue
string
Returns
Creates a SecretStringValueBeta1
from a plaintext value.
This approach is inherently unsafe, as the secret value may be visible in your source control repository and will also appear in plaintext in the resulting CloudFormation template, including in the AWS Console or APIs. Usage of this method is discouraged, especially for production workloads.