Module: AWSCDK::SecretsManager::ISecret
- Includes:
- IResource, Interfaces::AWSSecretsmanager::ISecretRef
- Included in:
- ISecretTargetAttachment, Secret, SecretTargetAttachment
- Defined in:
- secrets_manager/i_secret.rb
Overview
A secret in AWS Secrets Manager.
Class Method Summary collapse
Instance Method Summary collapse
-
#add_rotation_schedule(id, options) ⇒ AWSCDK::SecretsManager::RotationSchedule
Adds a rotation schedule to the secret.
-
#add_to_resource_policy(statement) ⇒ AWSCDK::IAM::AddToResourcePolicyResult
Adds a statement to the IAM resource policy associated with this secret.
-
#apply_removal_policy(policy) ⇒ void
Apply the given removal policy to this resource.
-
#attach(target) ⇒ AWSCDK::SecretsManager::ISecret
Attach a target to this secret.
-
#cfn_dynamic_reference_key(options = nil) ⇒ String
Returns a key which can be used within an AWS CloudFormation dynamic reference to dynamically load this secret from AWS Secrets Manager.
-
#deny_account_root_delete ⇒ void
Denies the
DeleteSecretaction to all principals within the current account. -
#encryption_key ⇒ AWSCDK::KMS::IKey?
The customer-managed encryption key that is used to encrypt this secret, if any.
-
#env ⇒ AWSCDK::Interfaces::ResourceEnvironment
The environment this resource belongs to.
-
#grant_read(grantee, version_stages = nil) ⇒ AWSCDK::IAM::Grant
Grants reading the secret value to some role.
-
#grant_write(grantee) ⇒ AWSCDK::IAM::Grant
Grants writing and updating the secret value to some role.
-
#node ⇒ Constructs::Node
The tree node.
-
#secret_arn ⇒ String
The ARN of the secret in AWS Secrets Manager.
-
#secret_full_arn ⇒ String?
The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.
-
#secret_name ⇒ String
The name of the secret.
-
#secret_ref ⇒ AWSCDK::Interfaces::AWSSecretsmanager::SecretReference
A reference to a Secret resource.
-
#secret_value ⇒ AWSCDK::SecretValue
Retrieve the value of the stored secret as a
SecretValue. -
#secret_value_from_json(key) ⇒ AWSCDK::SecretValue
Interpret the secret as a JSON object and return a field's value from it as a
SecretValue. -
#stack ⇒ AWSCDK::Stack
The stack in which this resource is defined.
-
#with(*mixins) ⇒ Constructs::IConstruct
Applies one or more mixins to this construct.
Class Method Details
.jsii_overridable_methods ⇒ Object
203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 |
# File 'secrets_manager/i_secret.rb', line 203 def self.jsii_overridable_methods { :node => { kind: :property, name: "node", is_optional: false }, :env => { kind: :property, name: "env", is_optional: false }, :stack => { kind: :property, name: "stack", is_optional: false }, :secret_ref => { kind: :property, name: "secretRef", is_optional: false }, :secret_arn => { kind: :property, name: "secretArn", is_optional: false }, :secret_name => { kind: :property, name: "secretName", is_optional: false }, :secret_value => { kind: :property, name: "secretValue", is_optional: false }, :encryption_key => { kind: :property, name: "encryptionKey", is_optional: true }, :secret_full_arn => { kind: :property, name: "secretFullArn", is_optional: true }, :with => { kind: :method, name: "with", is_optional: false }, :apply_removal_policy => { kind: :method, name: "applyRemovalPolicy", is_optional: false }, :add_rotation_schedule => { kind: :method, name: "addRotationSchedule", is_optional: false }, :add_to_resource_policy => { kind: :method, name: "addToResourcePolicy", is_optional: false }, :attach => { kind: :method, name: "attach", is_optional: false }, :cfn_dynamic_reference_key => { kind: :method, name: "cfnDynamicReferenceKey", is_optional: false }, :deny_account_root_delete => { kind: :method, name: "denyAccountRootDelete", is_optional: false }, :grant_read => { kind: :method, name: "grantRead", is_optional: false }, :grant_write => { kind: :method, name: "grantWrite", is_optional: false }, :secret_value_from_json => { kind: :method, name: "secretValueFromJson", is_optional: false }, } end |
Instance Method Details
#add_rotation_schedule(id, options) ⇒ AWSCDK::SecretsManager::RotationSchedule
Adds a rotation schedule to the secret.
127 128 129 130 131 132 |
# File 'secrets_manager/i_secret.rb', line 127 def add_rotation_schedule(id, ) Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id") = .is_a?(Hash) ? ::AWSCDK::SecretsManager::RotationScheduleOptions.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfc2VjcmV0c21hbmFnZXIuUm90YXRpb25TY2hlZHVsZU9wdGlvbnMifQ==")), "options") jsii_call_method("addRotationSchedule", [id, ]) end |
#add_to_resource_policy(statement) ⇒ AWSCDK::IAM::AddToResourcePolicyResult
Adds a statement to the IAM resource policy associated with this secret.
If this secret was created in this stack, a resource policy will be
automatically created upon the first call to add_to_resource_policy. If
the secret is imported, then this is a no-op.
142 143 144 145 |
# File 'secrets_manager/i_secret.rb', line 142 def add_to_resource_policy(statement) Jsii::Type.check_type(statement, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "statement") jsii_call_method("addToResourcePolicy", [statement]) end |
#apply_removal_policy(policy) ⇒ void
This method returns an undefined value.
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
117 118 119 120 |
# File 'secrets_manager/i_secret.rb', line 117 def apply_removal_policy(policy) Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZW1vdmFsUG9saWN5In0=")), "policy") jsii_call_method("applyRemovalPolicy", [policy]) end |
#attach(target) ⇒ AWSCDK::SecretsManager::ISecret
Attach a target to this secret.
151 152 153 154 |
# File 'secrets_manager/i_secret.rb', line 151 def attach(target) Jsii::Type.check_type(target, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfc2VjcmV0c21hbmFnZXIuSVNlY3JldEF0dGFjaG1lbnRUYXJnZXQifQ==")), "target") jsii_call_method("attach", [target]) end |
#cfn_dynamic_reference_key(options = nil) ⇒ String
Returns a key which can be used within an AWS CloudFormation dynamic reference to dynamically load this secret from AWS Secrets Manager.
161 162 163 164 165 |
# File 'secrets_manager/i_secret.rb', line 161 def cfn_dynamic_reference_key( = nil) = .is_a?(Hash) ? ::AWSCDK::SecretsManagerSecretOptions.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5TZWNyZXRzTWFuYWdlclNlY3JldE9wdGlvbnMifQ==")), "options") unless .nil? jsii_call_method("cfnDynamicReferenceKey", []) end |
#deny_account_root_delete ⇒ void
This method returns an undefined value.
Denies the DeleteSecret action to all principals within the current account.
170 171 172 |
# File 'secrets_manager/i_secret.rb', line 170 def deny_account_root_delete() jsii_call_method("denyAccountRootDelete", []) end |
#encryption_key ⇒ AWSCDK::KMS::IKey?
The customer-managed encryption key that is used to encrypt this secret, if any.
When not specified, the default KMS key for the account and region is being used.
78 79 80 |
# File 'secrets_manager/i_secret.rb', line 78 def encryption_key() jsii_get_property("encryptionKey") end |
#env ⇒ AWSCDK::Interfaces::ResourceEnvironment
The environment this resource belongs to.
For resources that are created and managed in a Stack (those created by
creating new class instances like new Role(), new Bucket(), etc.), this
is always the same as the environment of the stack they belong to.
For referenced resources (those obtained from referencing methods like
Role.fromRoleArn(), Bucket.fromBucketName(), etc.), they might be
different than the stack they were imported into.
27 28 29 |
# File 'secrets_manager/i_secret.rb', line 27 def env() jsii_get_property("env") end |
#grant_read(grantee, version_stages = nil) ⇒ AWSCDK::IAM::Grant
Grants reading the secret value to some role.
179 180 181 182 183 |
# File 'secrets_manager/i_secret.rb', line 179 def grant_read(grantee, version_stages = nil) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") Jsii::Type.check_type(version_stages, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "versionStages") unless version_stages.nil? jsii_call_method("grantRead", [grantee, version_stages]) end |
#grant_write(grantee) ⇒ AWSCDK::IAM::Grant
Grants writing and updating the secret value to some role.
189 190 191 192 |
# File 'secrets_manager/i_secret.rb', line 189 def grant_write(grantee) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") jsii_call_method("grantWrite", [grantee]) end |
#node ⇒ Constructs::Node
The tree node.
12 13 14 |
# File 'secrets_manager/i_secret.rb', line 12 def node() jsii_get_property("node") end |
#secret_arn ⇒ String
The ARN of the secret in AWS Secrets Manager.
Will return the full ARN if available, otherwise a partial arn.
For secrets imported by the deprecated from_secret_name, it will return the secret_name.
51 52 53 |
# File 'secrets_manager/i_secret.rb', line 51 def secret_arn() jsii_get_property("secretArn") end |
#secret_full_arn ⇒ String?
The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.
This is equal to secret_arn in most cases, but is undefined when a full ARN is not available (e.g., secrets imported by name).
87 88 89 |
# File 'secrets_manager/i_secret.rb', line 87 def secret_full_arn() jsii_get_property("secretFullArn") end |
#secret_name ⇒ String
The name of the secret.
For "owned" secrets, this will be the full resource name (secret name + suffix), unless the '@aws-cdk/aws-secretsmanager:parseOwnedSecretName' feature flag is set.
61 62 63 |
# File 'secrets_manager/i_secret.rb', line 61 def secret_name() jsii_get_property("secretName") end |
#secret_ref ⇒ AWSCDK::Interfaces::AWSSecretsmanager::SecretReference
A reference to a Secret resource.
41 42 43 |
# File 'secrets_manager/i_secret.rb', line 41 def secret_ref() jsii_get_property("secretRef") end |
#secret_value ⇒ AWSCDK::SecretValue
Retrieve the value of the stored secret as a SecretValue.
68 69 70 |
# File 'secrets_manager/i_secret.rb', line 68 def secret_value() jsii_get_property("secretValue") end |
#secret_value_from_json(key) ⇒ AWSCDK::SecretValue
Interpret the secret as a JSON object and return a field's value from it as a SecretValue.
198 199 200 201 |
# File 'secrets_manager/i_secret.rb', line 198 def secret_value_from_json(key) Jsii::Type.check_type(key, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "key") jsii_call_method("secretValueFromJson", [key]) end |
#stack ⇒ AWSCDK::Stack
The stack in which this resource is defined.
34 35 36 |
# File 'secrets_manager/i_secret.rb', line 34 def stack() jsii_get_property("stack") end |
#with(*mixins) ⇒ Constructs::IConstruct
Applies one or more mixins to this construct.
Mixins are applied in order. The list of constructs is captured at the start of the call, so constructs added by a mixin will not be visited.
98 99 100 101 102 103 |
# File 'secrets_manager/i_secret.rb', line 98 def with(*mixins) mixins.each_with_index do |item, index| Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLklNaXhpbiJ9")), "mixins[#{index}]") end jsii_call_method("with", [*mixins]) end |