Metadata-Version: 2.1
Name: aws-cdk.aws-secretsmanager
Version: 1.13.0
Summary: The CDK Construct Library for AWS::SecretsManager
Home-page: https://github.com/aws/aws-cdk
Author: Amazon Web Services
License: UNKNOWN
Project-URL: Source, https://github.com/aws/aws-cdk.git
Description: ## AWS Secrets Manager Construct Library
        
        <html></html>---
        
        
        ![Stability: Stable](https://img.shields.io/badge/stability-Stable-success.svg?style=for-the-badge)
        
        ---
        <html></html>
        
        ```python
        # Example may have issues. See https://github.com/aws/jsii/issues/826
        secretsmanager = require("@aws-cdk/aws-secretsmanager")
        ```
        
        ### Create a new Secret in a Stack
        
        In order to have SecretsManager generate a new secret value automatically,
        you can get started with the following:
        
        ```python
        # Example may have issues. See https://github.com/aws/jsii/issues/826
        # Default secret
        secret = secretsmanager.Secret(self, "Secret")
        secret.grant_read(role)
        
        iam.User(self, "User",
            password=secret.secret_value
        )
        
        # Templated secret
        templated_secret = secretsmanager.Secret(self, "TemplatedSecret",
            generate_secret_string={
                "secret_string_template": JSON.stringify(username="user"),
                "generate_string_key": "password"
            }
        )
        
        iam.User(self, "OtherUser",
            user_name=templated_secret.secret_value_from_json("username").to_string(),
            password=templated_secret.secret_value_from_json("password")
        )
        ```
        
        The `Secret` construct does not allow specifying the `SecretString` property
        of the `AWS::SecretsManager::Secret` resource (as this will almost always
        lead to the secret being surfaced in plain text and possibly committed to
        your source control).
        
        If you need to use a pre-existing secret, the recommended way is to manually
        provision the secret in *AWS SecretsManager* and use the `Secret.fromSecretArn`
        or `Secret.fromSecretAttributes` method to make it available in your CDK Application:
        
        ```python
        # Example may have issues. See https://github.com/aws/jsii/issues/826
        secret = secretsmanager.Secret.from_secret_attributes(scope, "ImportedSecret",
            secret_arn="arn:aws:secretsmanager:<region>:<account-id-number>:secret:<secret-name>-<random-6-characters>",
            # If the secret is encrypted using a KMS-hosted CMK, either import or reference that key:
            encryption_key=encryption_key
        )
        ```
        
        SecretsManager secret values can only be used in select set of properties. For the
        list of properties, see [the CloudFormation Dynamic References documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.htm).
        
        ### Rotating a Secret
        
        A rotation schedule can be added to a Secret:
        
        ```python
        # Example may have issues. See https://github.com/aws/jsii/issues/826
        fn = lambda.Function(...)
        secret = secretsmanager.Secret(self, "Secret")
        
        secret.add_rotation_schedule("RotationSchedule",
            rotation_lambda=fn,
            automatically_after=Duration.days(15)
        )
        ```
        
        See [Overview of the Lambda Rotation Function](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-lambda-function-overview.html) on how to implement a Lambda Rotation Function.
        
        For RDS credentials rotation, see [aws-rds](https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-rds/README.md).
        
Platform: UNKNOWN
Requires-Python: >=3.6
Description-Content-Type: text/markdown
