The CDK Construct Library for AWS::SecretsManager

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for aws-cdk from gravatar.com aws-cdk Avatar for osa-amazon from gravatar.com osa-amazon

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • Author: Amazon Web Services
  • Requires: Python >=3.6

Project description

AWS Secrets Manager Construct Library

Stability: Stable

This is a developer preview (public beta) module. Releases might lack important features and might have future breaking changes.

const secretsmanager = require('@aws-cdk/aws-secretsmanager');

Create a new Secret in a Stack

In order to have SecretsManager generate a new secret value automatically, you can get started with the following:

    // Default secret
    const secret = new secretsManager.Secret(this, 'Secret');
    secret.grantRead(role);

    new iam.User(this, 'User', {
      password: secret.secretValue
    });

    // Templated secret
    const templatedSecret = new secretsManager.Secret(this, 'TemplatedSecret', {
      generateSecretString: {
        secretStringTemplate: JSON.stringify({ username: 'user' }),
        generateStringKey: 'password'
      }
    });

    new iam.User(this, 'OtherUser', {
      userName: templatedSecret.secretValueFromJson('username').toString(),
      password: templatedSecret.secretValueFromJson('password')
    });

The Secret construct does not allow specifying the SecretString property of the AWS::SecretsManager::Secret resource (as this will almost always lead to the secret being surfaced in plain text and possibly committed to your source control).

If you need to use a pre-existing secret, the recommended way is to manually provision the secret in AWS SecretsManager and use the Secret.fromSecretArn or Secret.fromSecretAttributes method to make it available in your CDK Application:

const secret = Secret.fromSecretAttributes(scope, 'ImportedSecret', {
  secretArn: 'arn:aws:secretsmanager:<region>:<account-id-number>:secret:<secret-name>-<random-6-characters>',
  // If the secret is encrypted using a KMS-hosted CMK, either import or reference that key:
  encryptionKey,
});

SecretsManager secret values can only be used in select set of properties. For the list of properties, see the CloudFormation Dynamic References documentation.

Rotating a Secret

A rotation schedule can be added to a Secret:

const fn = new lambda.Function(...);
const secret = new secretsManager.Secret(this, 'Secret');

secret.addRotationSchedule('RotationSchedule', {
  rotationLambda: fn,
  automaticallyAfterDays: 15
});

See Overview of the Lambda Rotation Function on how to implement a Lambda Rotation Function.

For RDS credentials rotation, see aws-rds.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for aws-cdk from gravatar.com aws-cdk Avatar for osa-amazon from gravatar.com osa-amazon

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • Author: Amazon Web Services
  • Requires: Python >=3.6

Release history Release notifications | RSS feed

1.204.0

1.203.0

1.202.0

1.201.0

1.200.0

1.199.0

1.198.1

1.198.0

1.197.0

1.196.0

1.195.0

1.194.0

1.193.0

1.192.0

1.191.0

1.190.0

1.189.0

1.188.0

1.187.0

1.186.1

1.186.0

1.185.0

1.184.1

1.184.0

1.183.0

1.182.0

1.181.1

1.181.0

1.180.0

1.179.0

1.178.0

1.177.0

1.176.0

1.175.0

1.174.0

1.173.0

1.172.0

1.171.0

1.170.1

1.170.0

1.169.0

1.168.0

1.167.0

1.166.1

1.165.0

1.164.0

1.163.2

1.163.1

1.163.0

1.162.0

1.161.0

1.160.0

1.159.0

1.158.0

1.157.0

1.156.1

1.156.0

1.155.0

1.154.0

1.153.1

1.153.0

1.152.0

1.151.0

1.150.0

1.149.0

1.148.0

1.147.0

1.146.0

1.145.0

1.144.0

1.143.0

1.142.0

1.141.0

1.140.0

1.139.0

1.138.2

1.138.1

1.138.0

1.137.0

1.136.0

1.135.0

1.134.0

1.133.0

1.132.0

1.131.0

1.130.0

1.129.0

1.128.0

1.127.0

1.126.0

1.125.0

1.124.0

1.123.0

1.122.0

1.121.0

1.120.0

1.119.0

1.118.0

1.117.0

1.116.0

1.115.0

1.114.0

1.113.0

1.112.0

1.111.0

1.110.1

1.110.0

1.109.0

1.108.1

1.108.0

1.107.0

1.106.1

1.106.0

1.105.0

1.104.0

1.103.0

1.102.0

1.101.0

1.100.0

1.99.0

1.98.0

1.97.0

1.96.0

1.95.2

1.95.1

1.95.0

1.94.1

1.94.0

1.93.0

1.92.0

1.91.0

1.90.1

1.90.0

1.89.0

1.88.0

1.87.1

1.87.0

1.86.0

1.85.0

1.84.0

1.83.0

1.82.0

1.81.0

1.80.0

1.79.0

1.78.0

1.77.0

1.76.0

1.75.0

1.74.0

1.73.0

1.72.0

1.71.0

1.70.0

1.69.0

1.68.0

1.67.0

1.66.0

1.65.0

1.64.1

1.64.0

1.63.0

1.62.0

1.61.1

1.61.0

1.60.0

1.59.0

1.58.0

1.57.0

1.56.0

1.55.0

1.54.0

1.53.0

1.52.0

1.51.0

1.50.0

1.49.1

1.49.0

1.48.0

1.47.1

1.47.0

1.46.0

1.45.0

1.44.0

1.43.0

1.42.1

1.42.0

1.41.0

1.40.0

1.39.0

1.38.0

1.37.0

1.36.1

1.36.0

1.35.0

1.34.1

1.34.0

1.33.1

1.33.0

1.32.2

1.32.1

1.32.0

1.31.0

1.30.0

1.29.0

1.28.0

1.27.0

1.26.0

1.25.0

1.24.0

1.23.0

1.22.0

1.21.1

1.21.0

1.20.0

1.19.0

1.18.0

1.17.1

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.0

1.14.0

1.13.1

1.13.0

1.12.0

1.11.0

1.10.1

1.10.0

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.39.0

0.38.0

0.37.0

This version

0.36.2

0.36.1

0.36.0

0.35.0

0.34.0

0.33.0

0.32.0

0.31.0

0.30.0

0.29.0

0.28.0

0.27.0

0.26.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aws-cdk.aws-secretsmanager-0.36.2.tar.gz (61.3 kB view hashes)

Uploaded Source

Built Distribution

aws_cdk.aws_secretsmanager-0.36.2-py3-none-any.whl (60.5 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page