Package software.amazon.awscdk.services.secretsmanager

Interface SecretStringGenerator

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

SecretStringGenerator.Jsii$Proxy

@Generated(value="jsii-pacmak/1.116.0 (build 0eddcff)",
           date="2025-10-29T11:15:48.528Z")
@Stability(Stable)
public interface SecretStringGenerator
extends software.amazon.jsii.JsiiSerializable

Configuration to generate secrets such as passwords automatically.

Example:

 IVpc vpc;
 DatabaseInstance instance1 = DatabaseInstance.Builder.create(this, "PostgresInstance1")
         .engine(DatabaseInstanceEngine.POSTGRES)
         // Generate the secret with admin username `postgres` and random password
         .credentials(Credentials.fromGeneratedSecret("postgres"))
         .vpc(vpc)
         .build();
 // Templated secret with username and password fields
 Secret templatedSecret = Secret.Builder.create(this, "TemplatedSecret")
         .generateSecretString(SecretStringGenerator.builder()
                 .secretStringTemplate(JSON.stringify(Map.of("username", "postgres")))
                 .generateStringKey("password")
                 .excludeCharacters("/@\"")
                 .build())
         .build();
 // Using the templated secret as credentials
 DatabaseInstance instance2 = DatabaseInstance.Builder.create(this, "PostgresInstance2")
         .engine(DatabaseInstanceEngine.POSTGRES)
         .credentials(Map.of(
                 "username", templatedSecret.secretValueFromJson("username").toString(),
                 "password", templatedSecret.secretValueFromJson("password")))
         .vpc(vpc)
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	SecretStringGenerator.Builder	A builder for SecretStringGenerator
static final class	SecretStringGenerator.Jsii$Proxy	An implementation for SecretStringGenerator

Method Summary

Modifier and Type	Method	Description
static SecretStringGenerator.Builder	builder()
default String	getExcludeCharacters()	A string that includes characters that shouldn't be included in the generated password.
default Boolean	getExcludeLowercase()	Specifies that the generated password shouldn't include lowercase letters.
default Boolean	getExcludeNumbers()	Specifies that the generated password shouldn't include digits.
default Boolean	getExcludePunctuation()	Specifies that the generated password shouldn't include punctuation characters.
default Boolean	getExcludeUppercase()	Specifies that the generated password shouldn't include uppercase letters.
default String	getGenerateStringKey()	The JSON key name that's used to add the generated password to the JSON structure specified by the secretStringTemplate parameter.
default Boolean	getIncludeSpace()	Specifies that the generated password can include the space character.
default Number	getPasswordLength()	The desired length of the generated password.
default Boolean	getRequireEachIncludedType()	Specifies whether the generated password must include at least one of every allowed character type.
default String	getSecretStringTemplate()	A properly structured JSON string that the generated password can be added to.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getExcludeCharacters

@Stability(Stable)
@Nullable
default String getExcludeCharacters()

A string that includes characters that shouldn't be included in the generated password.

The string can be a minimum of 0 and a maximum of 4096 characters long.

Default: no exclusions

getExcludeLowercase

@Stability(Stable)
@Nullable
default Boolean getExcludeLowercase()

Specifies that the generated password shouldn't include lowercase letters.

Default: false

getExcludeNumbers

@Stability(Stable)
@Nullable
default Boolean getExcludeNumbers()

Specifies that the generated password shouldn't include digits.

Default: false

getExcludePunctuation

@Stability(Stable)
@Nullable
default Boolean getExcludePunctuation()

Specifies that the generated password shouldn't include punctuation characters.

Default: false

getExcludeUppercase

@Stability(Stable)
@Nullable
default Boolean getExcludeUppercase()

Specifies that the generated password shouldn't include uppercase letters.

Default: false

getGenerateStringKey

@Stability(Stable)
@Nullable
default String getGenerateStringKey()

The JSON key name that's used to add the generated password to the JSON structure specified by the secretStringTemplate parameter.

If you specify generateStringKey then secretStringTemplate must be also be specified.

getIncludeSpace

@Stability(Stable)
@Nullable
default Boolean getIncludeSpace()

Specifies that the generated password can include the space character.

Default: false

getPasswordLength

@Stability(Stable)
@Nullable
default Number getPasswordLength()

The desired length of the generated password.

Default: 32

getRequireEachIncludedType

@Stability(Stable)
@Nullable
default Boolean getRequireEachIncludedType()

Specifies whether the generated password must include at least one of every allowed character type.

Default: true

getSecretStringTemplate

@Stability(Stable)
@Nullable
default String getSecretStringTemplate()

A properly structured JSON string that the generated password can be added to.

The generateStringKey is combined with the generated random string and inserted into the JSON structure that's specified by this parameter. The merged JSON string is returned as the completed SecretString of the secret. If you specify secretStringTemplate then generateStringKey must be also be specified.

builder

@Stability(Stable)
static SecretStringGenerator.Builder builder()

Returns:

a SecretStringGenerator.Builder of SecretStringGenerator