Package software.amazon.awscdk.services.rds

Class Credentials

java.lang.Object
software.amazon.jsii.JsiiObject
software.amazon.awscdk.services.rds.Credentials
All Implemented Interfaces:
software.amazon.jsii.JsiiSerializable
@Generated(value="jsii-pacmak/1.127.0 (build 2117ad5)", date="2026-03-27T13:12:06.283Z") @Stability(Stable) public abstract class Credentials extends software.amazon.jsii.JsiiObject
Username and password combination.

Example: 

 IVpc vpc;
 DatabaseInstance instance1 = DatabaseInstance.Builder.create(this, "PostgresInstance1")
         .engine(DatabaseInstanceEngine.POSTGRES)
         // Generate the secret with admin username `postgres` and random password
         .credentials(Credentials.fromGeneratedSecret("postgres"))
         .vpc(vpc)
         .build();
 // Templated secret with username and password fields
 Secret templatedSecret = Secret.Builder.create(this, "TemplatedSecret")
         .generateSecretString(SecretStringGenerator.builder()
                 .secretStringTemplate(JSON.stringify(Map.of("username", "postgres")))
                 .generateStringKey("password")
                 .excludeCharacters("/@\"")
                 .build())
         .build();
 // Using the templated secret as credentials
 DatabaseInstance instance2 = DatabaseInstance.Builder.create(this, "PostgresInstance2")
         .engine(DatabaseInstanceEngine.POSTGRES)
         .credentials(Map.of(
                 "username", templatedSecret.secretValueFromJson("username").toString(),
                 "password", templatedSecret.secretValueFromJson("password")))
         .vpc(vpc)
         .build();

  • Constructor Details

    • Credentials

      protected Credentials(software.amazon.jsii.JsiiObjectRef objRef)

    • Credentials

      protected Credentials(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • Credentials

      @Stability(Stable) protected Credentials()

  • Method Details

    • fromGeneratedSecret

      @Stability(Stable) @NotNull public static Credentials fromGeneratedSecret(@NotNull String username, @Nullable CredentialsBaseOptions options)
      Creates Credentials with a password generated and stored in Secrets Manager.

      Parameters:
      username - This parameter is required.
      options -

    • fromGeneratedSecret

      @Stability(Stable) @NotNull public static Credentials fromGeneratedSecret(@NotNull String username)
      Creates Credentials with a password generated and stored in Secrets Manager.

      Parameters:
      username - This parameter is required.

    • fromPassword

      @Stability(Stable) @NotNull public static Credentials fromPassword(@NotNull String username, @NotNull SecretValue password)
      Creates Credentials from a password.

      Do not put passwords in your CDK code directly.

      Parameters:
      username - This parameter is required.
      password - This parameter is required.

    • fromSecret

      @Stability(Stable) @NotNull public static Credentials fromSecret(@NotNull ISecret secret, @Nullable String username)
      Creates Credentials from an existing Secrets Manager Secret (or DatabaseSecret).

      The Secret must be a JSON string with a username and password field: 

       {
   ...
   "username": <required: username>,
   "password": <required: password>,
 }

      Parameters:
      secret - The secret where the credentials are stored. This parameter is required.
      username - The username defined in the secret.

    • fromSecret

      @Stability(Stable) @NotNull public static Credentials fromSecret(@NotNull ISecret secret)
      Creates Credentials from an existing Secrets Manager Secret (or DatabaseSecret).

      The Secret must be a JSON string with a username and password field: 

       {
   ...
   "username": <required: username>,
   "password": <required: password>,
 }

      Parameters:
      secret - The secret where the credentials are stored. This parameter is required.

    • fromUsername

      @Stability(Stable) @NotNull public static Credentials fromUsername(@NotNull String username, @Nullable CredentialsFromUsernameOptions options)
      Creates Credentials for the given username, and optional password and key.

      If no password is provided, one will be generated and stored in Secrets Manager.

      Parameters:
      username - This parameter is required.
      options -

    • fromUsername

      @Stability(Stable) @NotNull public static Credentials fromUsername(@NotNull String username)
      Creates Credentials for the given username, and optional password and key.

      If no password is provided, one will be generated and stored in Secrets Manager.

      Parameters:
      username - This parameter is required.

    • getUsername

      @Stability(Stable) @NotNull public abstract String getUsername()
      Username.

    • getEncryptionKey

      @Stability(Stable) @Nullable public abstract IKey getEncryptionKey()
      KMS encryption key to encrypt the generated secret.

      Default: - default master key

    • getExcludeCharacters

      @Stability(Stable) @Nullable public abstract String getExcludeCharacters()
      The characters to exclude from the generated password.

      Only used if password has not been set.

      Default: - the DatabaseSecret default exclude character set (" %+~`#$invalid input: '&'*()|[]{}:;invalid input: '<'>?!'/@\"\\")

    • getPassword

      @Stability(Stable) @Nullable public abstract SecretValue getPassword()
      Password.

      Do not put passwords in your CDK code directly.

      Default: - a Secrets Manager generated password

    • getReplicaRegions

      @Stability(Stable) @Nullable public abstract List<ReplicaRegion> getReplicaRegions()
      A list of regions where to replicate the generated secret.

      Default: - Secret is not replicated

    • getSecret

      @Stability(Stable) @Nullable public abstract ISecret getSecret()
      Secret used to instantiate this Login.

      Default: - none

    • getSecretName

      @Stability(Stable) @Nullable public abstract String getSecretName()
      The name to use for the Secret if a new Secret is to be generated in SecretsManager for these Credentials.

      Default: - A name is generated by CloudFormation.

    • getUsernameAsString

      @Stability(Stable) @Nullable public abstract Boolean getUsernameAsString()
      Whether the username should be referenced as a string and not as a dynamic reference to the username in the secret.

      Default: false