Package software.amazon.awscdk.services.secretsmanager

Interface ISecret.Jsii$Default

All Superinterfaces:
software.constructs.IConstruct, software.constructs.IConstruct.Jsii$Default, software.constructs.IDependable, software.constructs.IDependable.Jsii$Default, IEnvironmentAware, IEnvironmentAware.Jsii$Default, IResource, IResource.Jsii$Default, ISecret, ISecretRef, ISecretRef.Jsii$Default, software.amazon.jsii.JsiiSerializable
All Known Subinterfaces:
ISecretTargetAttachment.Jsii$Default
All Known Implementing Classes:
ISecret.Jsii$Proxy, ISecretTargetAttachment.Jsii$Proxy
Enclosing interface:
ISecret
@Internal public static interface ISecret.Jsii$Default extends ISecret, IResource.Jsii$Default, ISecretRef.Jsii$Default
Internal default implementation for ISecret.

  • Method Details

    • getSecretArn

      @Stability(Stable) @NotNull default String getSecretArn()
      The ARN of the secret in AWS Secrets Manager.

      Will return the full ARN if available, otherwise a partial arn. For secrets imported by the deprecated fromSecretName, it will return the secretName.

      Specified by:
      getSecretArn in interface ISecret

    • getSecretName

      @Stability(Stable) @NotNull default String getSecretName()
      The name of the secret.

      For "owned" secrets, this will be the full resource name (secret name + suffix), unless the '@aws-cdk/aws-secretsmanager:parseOwnedSecretName' feature flag is set.

      Specified by:
      getSecretName in interface ISecret

    • getSecretValue

      @Stability(Stable) @NotNull default SecretValue getSecretValue()
      Retrieve the value of the stored secret as a SecretValue.
      Specified by:
      getSecretValue in interface ISecret

    • getEncryptionKey

      @Stability(Stable) @Nullable default IKey getEncryptionKey()
      The customer-managed encryption key that is used to encrypt this secret, if any.

      When not specified, the default KMS key for the account and region is being used.

      Specified by:
      getEncryptionKey in interface ISecret

    • getSecretFullArn

      @Stability(Stable) @Nullable default String getSecretFullArn()
      The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.

      This is equal to secretArn in most cases, but is undefined when a full ARN is not available (e.g., secrets imported by name).

      Specified by:
      getSecretFullArn in interface ISecret

    • addRotationSchedule

      @Stability(Stable) @NotNull default RotationSchedule addRotationSchedule(@NotNull String id, @NotNull RotationScheduleOptions options)
      Adds a rotation schedule to the secret.

      Specified by:
      addRotationSchedule in interface ISecret
      Parameters:
      id - This parameter is required.
      options - This parameter is required.

    • addToResourcePolicy

      @Stability(Stable) @NotNull default AddToResourcePolicyResult addToResourcePolicy(@NotNull PolicyStatement statement)
      Adds a statement to the IAM resource policy associated with this secret.

      If this secret was created in this stack, a resource policy will be automatically created upon the first call to addToResourcePolicy. If the secret is imported, then this is a no-op.

      Specified by:
      addToResourcePolicy in interface ISecret
      Parameters:
      statement - This parameter is required.

    • attach

      @Stability(Stable) @NotNull default ISecret attach(@NotNull ISecretAttachmentTarget target)
      Attach a target to this secret.

      Specified by:
      attach in interface ISecret
      Parameters:
      target - The target to attach. This parameter is required.
      Returns:
      An attached secret

    • cfnDynamicReferenceKey

      @Stability(Stable) @NotNull default String cfnDynamicReferenceKey(@Nullable SecretsManagerSecretOptions options)
      Returns a key which can be used within an AWS CloudFormation dynamic reference to dynamically load this secret from AWS Secrets Manager.

      Specified by:
      cfnDynamicReferenceKey in interface ISecret
      Parameters:
      options - Options.
      See Also:

    • cfnDynamicReferenceKey

      @Stability(Stable) @NotNull default String cfnDynamicReferenceKey()
      Returns a key which can be used within an AWS CloudFormation dynamic reference to dynamically load this secret from AWS Secrets Manager.

      Specified by:
      cfnDynamicReferenceKey in interface ISecret
      See Also:

    • denyAccountRootDelete

      @Stability(Stable) default void denyAccountRootDelete()
      Denies the DeleteSecret action to all principals within the current account.
      Specified by:
      denyAccountRootDelete in interface ISecret

    • grantRead

      @Stability(Stable) @NotNull default Grant grantRead(@NotNull IGrantable grantee, @Nullable List<String> versionStages)
      Grants reading the secret value to some role.

      Specified by:
      grantRead in interface ISecret
      Parameters:
      grantee - the principal being granted permission. This parameter is required.
      versionStages - the version stages the grant is limited to.

    • grantRead

      @Stability(Stable) @NotNull default Grant grantRead(@NotNull IGrantable grantee)
      Grants reading the secret value to some role.

      Specified by:
      grantRead in interface ISecret
      Parameters:
      grantee - the principal being granted permission. This parameter is required.

    • grantWrite

      @Stability(Stable) @NotNull default Grant grantWrite(@NotNull IGrantable grantee)
      Grants writing and updating the secret value to some role.

      Specified by:
      grantWrite in interface ISecret
      Parameters:
      grantee - the principal being granted permission. This parameter is required.

    • secretValueFromJson

      @Stability(Stable) @NotNull default SecretValue secretValueFromJson(@NotNull String key)
      Interpret the secret as a JSON object and return a field's value from it as a SecretValue.

      Specified by:
      secretValueFromJson in interface ISecret
      Parameters:
      key - This parameter is required.