Table of Contents

Interface ISecret

Namespace
Amazon.CDK.AWS.SecretsManager
Assembly
Amazon.CDK.AWS.SecretsManager.dll

A secret in AWS Secrets Manager.

public interface ISecret : IResource, IConstruct, IConstruct, IDependable

Properties

EncryptionKey

The customer-managed encryption key that is used to encrypt this secret, if any.

IKey? EncryptionKey { get; }

Property Value

IKey

Remarks

When not specified, the default KMS key for the account and region is being used.

SecretArn

The ARN of the secret in AWS Secrets Manager.

string SecretArn { get; }

Property Value

string

Remarks

Will return the full ARN if available, otherwise a partial arn. For secrets imported by the deprecated fromSecretName, it will return the secretName.

Attribute: true

SecretFullArn

The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.

string? SecretFullArn { get; }

Property Value

string

Remarks

This is equal to secretArn in most cases, but is undefined when a full ARN is not available (e.g., secrets imported by name).

SecretName

The name of the secret.

string SecretName { get; }

Property Value

string

Remarks

For "owned" secrets, this will be the full resource name (secret name + suffix), unless the '@aws-cdk/aws-secretsmanager:parseOwnedSecretName' feature flag is set.

SecretValue

Retrieve the value of the stored secret as a SecretValue.

SecretValue SecretValue { get; }

Property Value

SecretValue

Remarks

Attribute: true

Methods

AddRotationSchedule(string, IRotationScheduleOptions)

Adds a rotation schedule to the secret.

RotationSchedule AddRotationSchedule(string id, IRotationScheduleOptions options)

Parameters

id string
options IRotationScheduleOptions

Returns

RotationSchedule

AddToResourcePolicy(PolicyStatement)

Adds a statement to the IAM resource policy associated with this secret.

IAddToResourcePolicyResult AddToResourcePolicy(PolicyStatement statement)

Parameters

statement PolicyStatement

Returns

IAddToResourcePolicyResult

Remarks

If this secret was created in this stack, a resource policy will be automatically created upon the first call to addToResourcePolicy. If the secret is imported, then this is a no-op.

Attach(ISecretAttachmentTarget)

Attach a target to this secret.

ISecret Attach(ISecretAttachmentTarget target)

Parameters

target ISecretAttachmentTarget

The target to attach.

Returns

ISecret

An attached secret

DenyAccountRootDelete()

Denies the DeleteSecret action to all principals within the current account.

void DenyAccountRootDelete()

GrantRead(IGrantable, string[]?)

Grants reading the secret value to some role.

Grant GrantRead(IGrantable grantee, string[]? versionStages = null)

Parameters

grantee IGrantable

the principal being granted permission.

versionStages string[]

the version stages the grant is limited to.

Returns

Grant

GrantWrite(IGrantable)

Grants writing and updating the secret value to some role.

Grant GrantWrite(IGrantable grantee)

Parameters

grantee IGrantable

the principal being granted permission.

Returns

Grant

SecretValueFromJson(string)

Interpret the secret as a JSON object and return a field's value from it as a SecretValue.

SecretValue SecretValueFromJson(string key)

Parameters

key string

Returns

SecretValue