Package software.amazon.awscdk.services.secretsmanager

Class CfnSecret

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.CfnElement
software.amazon.awscdk.CfnRefElement
software.amazon.awscdk.CfnResource
software.amazon.awscdk.services.secretsmanager.CfnSecret
All Implemented Interfaces:
IInspectable, ITaggable, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable
@Generated(value="jsii-pacmak/1.101.0 (build b95fe5d)", date="2024-07-12T19:34:09.667Z") @Stability(Stable) public class CfnSecret extends CfnResource implements IInspectable, ITaggable
Creates a new secret.

A secret can be a password, a set of credentials such as a user name and password, an OAuth token, or other secret information that you store in an encrypted form in Secrets Manager.

For Amazon RDS master user credentials, see AWS::RDS::DBCluster MasterUserSecret .

To retrieve a secret in a CloudFormation template, use a dynamic reference . For more information, see Retrieve a secret in an AWS CloudFormation resource .

A common scenario is to first create a secret with GenerateSecretString , which generates a password, and then use a dynamic reference to retrieve the username and password from the secret to use as credentials for a new database. See the example Creating a Redshift cluster and a secret for the admin credentials .

For information about creating a secret in the console, see Create a secret . For information about creating a secret using the CLI or SDK, see CreateSecret .

For information about retrieving a secret in code, see Retrieve secrets from Secrets Manager .

Example: 

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.secretsmanager.*;
 CfnSecret cfnSecret = CfnSecret.Builder.create(this, "MyCfnSecret")
         .description("description")
         .generateSecretString(GenerateSecretStringProperty.builder()
                 .excludeCharacters("excludeCharacters")
                 .excludeLowercase(false)
                 .excludeNumbers(false)
                 .excludePunctuation(false)
                 .excludeUppercase(false)
                 .generateStringKey("generateStringKey")
                 .includeSpace(false)
                 .passwordLength(123)
                 .requireEachIncludedType(false)
                 .secretStringTemplate("secretStringTemplate")
                 .build())
         .kmsKeyId("kmsKeyId")
         .name("name")
         .replicaRegions(List.of(ReplicaRegionProperty.builder()
                 .region("region")
                 // the properties below are optional
                 .kmsKeyId("kmsKeyId")
                 .build()))
         .secretString("secretString")
         .tags(List.of(CfnTag.builder()
                 .key("key")
                 .value("value")
                 .build()))
         .build();

See Also:

  • Field Details

    • CFN_RESOURCE_TYPE_NAME

      @Stability(Stable) public static final String CFN_RESOURCE_TYPE_NAME
      The CloudFormation resource type name for this resource class.

  • Constructor Details

    • CfnSecret

      protected CfnSecret(software.amazon.jsii.JsiiObjectRef objRef)

    • CfnSecret

      protected CfnSecret(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • CfnSecret

      @Stability(Stable) public CfnSecret(@NotNull software.constructs.Construct scope, @NotNull String id, @Nullable CfnSecretProps props)
      Parameters:
      scope - Scope in which this resource is defined. This parameter is required.
      id - Construct identifier for this resource (unique in its scope). This parameter is required.
      props - Resource properties.

    • CfnSecret

      @Stability(Stable) public CfnSecret(@NotNull software.constructs.Construct scope, @NotNull String id)
      Parameters:
      scope - Scope in which this resource is defined. This parameter is required.
      id - Construct identifier for this resource (unique in its scope). This parameter is required.

  • Method Details

    • inspect

      @Stability(Stable) public void inspect(@NotNull TreeInspector inspector)
      Examines the CloudFormation resource and discloses attributes.

      Specified by:
      inspect in interface IInspectable
      Parameters:
      inspector - tree inspector to collect and process attributes. This parameter is required.

    • renderProperties

      @Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String,Object> props)
      Overrides:
      renderProperties in class CfnResource
      Parameters:
      props - This parameter is required.

    • getAttrId

      @Stability(Stable) @NotNull public String getAttrId()
      The ARN of the secret.

    • getCfnProperties

      @Stability(Stable) @NotNull protected Map<String,Object> getCfnProperties()
      Overrides:
      getCfnProperties in class CfnResource

    • getTags

      @Stability(Stable) @NotNull public TagManager getTags()
      Tag Manager which manages the tags for this resource.
      Specified by:
      getTags in interface ITaggable

    • getDescription

      @Stability(Stable) @Nullable public String getDescription()
      The description of the secret.

    • setDescription

      @Stability(Stable) public void setDescription(@Nullable String value)
      The description of the secret.

    • getGenerateSecretString

      @Stability(Stable) @Nullable public Object getGenerateSecretString()
      A structure that specifies how to generate a password to encrypt and store in the secret.

    • setGenerateSecretString

      @Stability(Stable) public void setGenerateSecretString(@Nullable IResolvable value)
      A structure that specifies how to generate a password to encrypt and store in the secret.

    • setGenerateSecretString

      @Stability(Stable) public void setGenerateSecretString(@Nullable CfnSecret.GenerateSecretStringProperty value)
      A structure that specifies how to generate a password to encrypt and store in the secret.

    • getKmsKeyId

      @Stability(Stable) @Nullable public String getKmsKeyId()
      The ARN, key ID, or alias of the AWS KMS key that Secrets Manager uses to encrypt the secret value in the secret.

    • setKmsKeyId

      @Stability(Stable) public void setKmsKeyId(@Nullable String value)
      The ARN, key ID, or alias of the AWS KMS key that Secrets Manager uses to encrypt the secret value in the secret.

    • getName

      @Stability(Stable) @Nullable public String getName()
      The name of the new secret.

    • setName

      @Stability(Stable) public void setName(@Nullable String value)
      The name of the new secret.

    • getReplicaRegions

      @Stability(Stable) @Nullable public Object getReplicaRegions()
      A custom type that specifies a Region and the KmsKeyId for a replica secret.

    • setReplicaRegions

      @Stability(Stable) public void setReplicaRegions(@Nullable IResolvable value)
      A custom type that specifies a Region and the KmsKeyId for a replica secret.

    • setReplicaRegions

      @Stability(Stable) public void setReplicaRegions(@Nullable List<Object> value)
      A custom type that specifies a Region and the KmsKeyId for a replica secret.

    • getSecretString

      @Stability(Stable) @Nullable public String getSecretString()
      The text to encrypt and store in the secret.

    • setSecretString

      @Stability(Stable) public void setSecretString(@Nullable String value)
      The text to encrypt and store in the secret.

    • getTagsRaw

      @Stability(Stable) @Nullable public List<CfnTag> getTagsRaw()
      A list of tags to attach to the secret.

    • setTagsRaw

      @Stability(Stable) public void setTagsRaw(@Nullable List<CfnTag> value)
      A list of tags to attach to the secret.