ApiKeyCredentialProviderProps

class aws_cdk.aws_bedrockagentcore.ApiKeyCredentialProviderProps(*, api_key=None, api_key_credential_provider_name=None, tags=None)

Bases: object

Properties for a new {@link ApiKeyCredentialProvider} (Token Vault resource).

Parameters:

  • api_key (Optional[SecretValue]) – The API key value. NOTE: The API key will be included in the CloudFormation template as part of synthesis. The service stores the key in Secrets Manager after creation, but the value is visible in the template and deployment history. Use SecretValue.unsafePlainText() to explicitly acknowledge plaintext, or pass a reference from another construct to avoid embedding the literal value. If omitted, you can supply the key through another mechanism supported by the service. Default: - no key in template (provider may still be created depending on service behavior)

  • api_key_credential_provider_name (Optional[str]) – Name of the credential provider. Default: a name generated by CDK

  • tags (Optional[Mapping[str, str]]) – Tags for this credential provider. Default: - no tags

ExampleMetadata:

infused

Example:

gateway = agentcore.Gateway(self, "MyGateway",
    gateway_name="my-gateway"
)

# Create an API key credential provider in Token Vault
api_key_provider = agentcore.ApiKeyCredentialProvider(self, "MyApiKeyProvider",
    api_key_credential_provider_name="my-apikey"
)

bucket = s3.Bucket.from_bucket_name(self, "ExistingBucket", "my-schema-bucket")
s3my_schema = agentcore.ApiSchema.from_s3_file(bucket, "schemas/myschema.yaml")

# Add an OpenAPI target using the L2 construct directly
target = gateway.add_open_api_target("MyTarget",
    gateway_target_name="my-api-target",
    description="Target for external API integration",
    api_schema=s3my_schema,
    credential_provider_configurations=[
        agentcore.GatewayCredentialProvider.from_api_key_identity(api_key_provider,
            credential_location=agentcore.ApiKeyCredentialLocation.header(
                credential_parameter_name="X-API-Key"
            )
        )
    ]
)

# This makes sure your s3 bucket is available before target
target.node.add_dependency(bucket)

Attributes

api_key

The API key value.

NOTE: The API key will be included in the CloudFormation template as part of synthesis. The service stores the key in Secrets Manager after creation, but the value is visible in the template and deployment history. Use SecretValue.unsafePlainText() to explicitly acknowledge plaintext, or pass a reference from another construct to avoid embedding the literal value.

If omitted, you can supply the key through another mechanism supported by the service.

Default:

  • no key in template (provider may still be created depending on service behavior)

api_key_credential_provider_name

Name of the credential provider.

Default:

a name generated by CDK

tags

Tags for this credential provider.

Default:

  • no tags