SecretStringGenerator

class aws_cdk.aws_secretsmanager.SecretStringGenerator(*, exclude_characters=None, exclude_lowercase=None, exclude_numbers=None, exclude_punctuation=None, exclude_uppercase=None, generate_string_key=None, include_space=None, password_length=None, require_each_included_type=None, secret_string_template=None)

Bases: object

Configuration to generate secrets such as passwords automatically.

Parameters:

  • exclude_characters (Optional[str]) – A string that includes characters that shouldn’t be included in the generated password. The string can be a minimum of 0 and a maximum of 4096 characters long. Default: no exclusions

  • exclude_lowercase (Optional[bool]) – Specifies that the generated password shouldn’t include lowercase letters. Default: false

  • exclude_numbers (Optional[bool]) – Specifies that the generated password shouldn’t include digits. Default: false

  • exclude_punctuation (Optional[bool]) – Specifies that the generated password shouldn’t include punctuation characters. Default: false

  • exclude_uppercase (Optional[bool]) – Specifies that the generated password shouldn’t include uppercase letters. Default: false

  • generate_string_key (Optional[str]) – The JSON key name that’s used to add the generated password to the JSON structure specified by the secretStringTemplate parameter. If you specify generateStringKey then secretStringTemplate must be also be specified.

  • include_space (Optional[bool]) – Specifies that the generated password can include the space character. Default: false

  • password_length (Union[int, float, None]) – The desired length of the generated password. Default: 32

  • require_each_included_type (Optional[bool]) – Specifies whether the generated password must include at least one of every allowed character type. Default: true

  • secret_string_template (Optional[str]) – A properly structured JSON string that the generated password can be added to. The generateStringKey is combined with the generated random string and inserted into the JSON structure that’s specified by this parameter. The merged JSON string is returned as the completed SecretString of the secret. If you specify secretStringTemplate then generateStringKey must be also be specified.

ExampleMetadata:

infused

Example:

# vpc: ec2.IVpc


instance1 = rds.DatabaseInstance(self, "PostgresInstance1",
    engine=rds.DatabaseInstanceEngine.POSTGRES,
    # Generate the secret with admin username `postgres` and random password
    credentials=rds.Credentials.from_generated_secret("postgres"),
    vpc=vpc
)
# Templated secret with username and password fields
templated_secret = secretsmanager.Secret(self, "TemplatedSecret",
    generate_secret_string=secretsmanager.SecretStringGenerator(
        secret_string_template=JSON.stringify({"username": "postgres"}),
        generate_string_key="password",
        exclude_characters="/@""
    )
)
# Using the templated secret as credentials
instance2 = rds.DatabaseInstance(self, "PostgresInstance2",
    engine=rds.DatabaseInstanceEngine.POSTGRES,
    credentials={
        "username": templated_secret.secret_value_from_json("username").to_string(),
        "password": templated_secret.secret_value_from_json("password")
    },
    vpc=vpc
)

Attributes

exclude_characters

A string that includes characters that shouldn’t be included in the generated password.

The string can be a minimum of 0 and a maximum of 4096 characters long.

Default:

no exclusions

exclude_lowercase

Specifies that the generated password shouldn’t include lowercase letters.

Default:

false

exclude_numbers

Specifies that the generated password shouldn’t include digits.

Default:

false

exclude_punctuation

Specifies that the generated password shouldn’t include punctuation characters.

Default:

false

exclude_uppercase

Specifies that the generated password shouldn’t include uppercase letters.

Default:

false

generate_string_key

The JSON key name that’s used to add the generated password to the JSON structure specified by the secretStringTemplate parameter.

If you specify generateStringKey then secretStringTemplate must be also be specified.

include_space

Specifies that the generated password can include the space character.

Default:

false

password_length

The desired length of the generated password.

Default:

32

require_each_included_type

Specifies whether the generated password must include at least one of every allowed character type.

Default:

true

secret_string_template

A properly structured JSON string that the generated password can be added to.

The generateStringKey is combined with the generated random string and inserted into the JSON structure that’s specified by this parameter. The merged JSON string is returned as the completed SecretString of the secret. If you specify secretStringTemplate then generateStringKey must be also be specified.