Class: AWSCDK::SecretsManager::SecretStringValueBeta1 Deprecated
- Inherits:
-
Jsii::Object
- Object
- Jsii::Object
- AWSCDK::SecretsManager::SecretStringValueBeta1
- Defined in:
- secrets_manager/secret_string_value_beta1.rb
Overview
Use cdk.SecretValue instead.
An experimental class used to specify an initial secret value for a Secret.
The class wraps a simple string (or JSON representation) in order to provide some safety checks and warnings about the dangers of using plaintext strings as initial secret seed values via CDK/CloudFormation.
Class Method Summary collapse
-
.from_token(secret_value_from_token) ⇒ AWSCDK::SecretsManager::SecretStringValueBeta1
Creates a
SecretValueValueBeta1from a string value coming from a Token. -
.from_unsafe_plaintext(secret_value) ⇒ AWSCDK::SecretsManager::SecretStringValueBeta1
Creates a
SecretStringValueBeta1from a plaintext value. - .jsii_overridable_methods ⇒ Object
Instance Method Summary collapse
-
#initialize(*args) ⇒ SecretStringValueBeta1
constructor
A new instance of SecretStringValueBeta1.
-
#secret_value ⇒ String
Returns the secret value.
Constructor Details
#initialize(*args) ⇒ SecretStringValueBeta1
Returns a new instance of SecretStringValueBeta1.
13 14 15 |
# File 'secrets_manager/secret_string_value_beta1.rb', line 13 def initialize(*args) raise NoMethodError, "aws-cdk-lib.aws_secretsmanager.SecretStringValueBeta1 does not have a visible constructor; use the provided factory methods" end |
Class Method Details
.from_token(secret_value_from_token) ⇒ AWSCDK::SecretsManager::SecretStringValueBeta1
Creates a SecretValueValueBeta1 from a string value coming from a Token.
The intent is to enable creating secrets from references (e.g., Ref, Fn::GetAtt) from other resources.
This might be the direct output of another Construct, or the output of a Custom Resource.
This method throws if it determines the input is an unsafe plaintext string.
For example:
# Creates a new IAM user, access and secret keys, and stores the secret access key in a Secret.
user = AWSCDK::IAM::User.new(self, "User")
access_key = AWSCDK::IAM::AccessKey.new(self, "AccessKey", {user: user})
secret = AWSCDK::SecretsManager::Secret.new(self, "Secret", {
secret_string_value: access_key.secret_access_key,
})
The secret may also be embedded in a string representation of a JSON structure:
user = AWSCDK::IAM::User.new(self, "User")
access_key = AWSCDK::IAM::AccessKey.new(self, "AccessKey", {user: user})
secret_value = AWSCDK::SecretsManager::SecretStringValueBeta1.from_token(JSON[:stringify]({
username: user.user_name,
database: "foo",
password: access_key.secret_access_key.unsafe_unwrap,
}))
Note that the value being a Token does not guarantee safety. For example, a Lazy-evaluated string
(e.g., Lazy.string({ produce: () => 'myInsecurePassword' }))) is a Token, but as the output is
ultimately a plaintext string, and so insecure.
58 59 60 61 |
# File 'secrets_manager/secret_string_value_beta1.rb', line 58 def self.from_token(secret_value_from_token) Jsii::Type.check_type(secret_value_from_token, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "secretValueFromToken") Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_secretsmanager.SecretStringValueBeta1", "fromToken", [secret_value_from_token]) end |
.from_unsafe_plaintext(secret_value) ⇒ AWSCDK::SecretsManager::SecretStringValueBeta1
Creates a SecretStringValueBeta1 from a plaintext value.
This approach is inherently unsafe, as the secret value may be visible in your source control repository and will also appear in plaintext in the resulting CloudFormation template, including in the AWS Console or APIs. Usage of this method is discouraged, especially for production workloads.
71 72 73 74 |
# File 'secrets_manager/secret_string_value_beta1.rb', line 71 def self.from_unsafe_plaintext(secret_value) Jsii::Type.check_type(secret_value, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "secretValue") Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_secretsmanager.SecretStringValueBeta1", "fromUnsafePlaintext", [secret_value]) end |
.jsii_overridable_methods ⇒ Object
17 18 19 20 21 |
# File 'secrets_manager/secret_string_value_beta1.rb', line 17 def self.jsii_overridable_methods { :secret_value => { kind: :method, name: "secretValue", is_optional: false }, } end |
Instance Method Details
#secret_value ⇒ String
Returns the secret value.
79 80 81 |
# File 'secrets_manager/secret_string_value_beta1.rb', line 79 def secret_value() jsii_call_method("secretValue", []) end |