Metadata-Version: 2.1
Name: aws-cdk.aws-secretsmanager
Version: 1.5.0
Summary: The CDK Construct Library for AWS::SecretsManager
Home-page: https://github.com/aws/aws-cdk
Author: Amazon Web Services
License: UNKNOWN
Project-URL: Source, https://github.com/aws/aws-cdk.git
Description: ## AWS Secrets Manager Construct Library
        <!--BEGIN STABILITY BANNER-->
        
        ---
        
        ![Stability: Stable](https://img.shields.io/badge/stability-Stable-success.svg?style=for-the-badge)
        
        
        ---
        <!--END STABILITY BANNER-->
        
        ```ts
        const secretsmanager = require('@aws-cdk/aws-secretsmanager');
        ```
        
        ### Create a new Secret in a Stack
        In order to have SecretsManager generate a new secret value automatically,
        you can get started with the following:
        
        ```ts
            // Default secret
            const secret = new secretsManager.Secret(this, 'Secret');
            secret.grantRead(role);
        
            new iam.User(this, 'User', {
              password: secret.secretValue
            });
        
            // Templated secret
            const templatedSecret = new secretsManager.Secret(this, 'TemplatedSecret', {
              generateSecretString: {
                secretStringTemplate: JSON.stringify({ username: 'user' }),
                generateStringKey: 'password'
              }
            });
        
            new iam.User(this, 'OtherUser', {
              userName: templatedSecret.secretValueFromJson('username').toString(),
              password: templatedSecret.secretValueFromJson('password')
            });
        ```
        
        The `Secret` construct does not allow specifying the `SecretString` property
        of the `AWS::SecretsManager::Secret` resource (as this will almost always
        lead to the secret being surfaced in plain text and possibly committed to
        your source control).
        
        If you need to use a pre-existing secret, the recommended way is to manually
        provision the secret in *AWS SecretsManager* and use the `Secret.fromSecretArn`
        or `Secret.fromSecretAttributes` method to make it available in your CDK Application:
        
        ```ts
        const secret = secretsmanager.Secret.fromSecretAttributes(scope, 'ImportedSecret', {
          secretArn: 'arn:aws:secretsmanager:<region>:<account-id-number>:secret:<secret-name>-<random-6-characters>',
          // If the secret is encrypted using a KMS-hosted CMK, either import or reference that key:
          encryptionKey,
        });
        ```
        
        SecretsManager secret values can only be used in select set of properties. For the
        list of properties, see [the CloudFormation Dynamic References documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.htm).
        
        ### Rotating a Secret
        A rotation schedule can be added to a Secret:
        ```ts
        const fn = new lambda.Function(...);
        const secret = new secretsmanager.Secret(this, 'Secret');
        
        secret.addRotationSchedule('RotationSchedule', {
          rotationLambda: fn,
          automaticallyAfter: Duration.days(15)
        });
        ```
        See [Overview of the Lambda Rotation Function](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-lambda-function-overview.html) on how to implement a Lambda Rotation Function.
        
        For RDS credentials rotation, see [aws-rds](https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-rds/README.md).
        
        
Platform: UNKNOWN
Requires-Python: >=3.6
Description-Content-Type: text/markdown
