ReadonlynodeThe tree node.
ReadonlysecretThe name of the secret.
For "owned" secrets, this will be the full resource name (secret name + suffix), unless the '@aws-cdk/aws-secretsmanager:parseOwnedSecretName' feature flag is set.
The environment this resource belongs to.
For resources that are created and managed in a Stack (those created by
creating new class instances like new Role(), new Bucket(), etc.), this
is always the same as the environment of the stack they belong to.
For referenced resources (those obtained from referencing methods like
Role.fromRoleArn(), Bucket.fromBucketName(), etc.), they might be
different than the stack they were imported into.
The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.
This is equal to secretArn in most cases, but is undefined when a full ARN is not available (e.g., secrets imported by name).
A reference to a Secret resource.
The stack in which this resource is defined.
Adds a rotation schedule to the secret.
Adds a statement to the IAM resource policy associated with this secret.
If this secret was created in this stack, a resource policy will be
automatically created upon the first call to addToResourcePolicy. If
the secret is imported, then this is a no-op.
Apply the given removal policy to this resource
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
Attach a target to this secret.
The target to attach.
An attached secret
Returns a key which can be used within an AWS CloudFormation dynamic reference to dynamically load this secret from AWS Secrets Manager
Denies the DeleteSecret action to all principals within the current
account.
Grants reading the secret value to some role.
the principal being granted permission.
OptionalversionStages: string[]the version stages the grant is limited to. If not specified, no restriction on the version stages is applied.
Grants writing and updating the secret value to some role.
the principal being granted permission.
Interpret the secret as a JSON object and return a field's value from it as a SecretValue.
Returns a string representation of this construct.
StaticisChecks if x is a construct.
Use this method instead of instanceof to properly detect Construct
instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the constructs library on
disk are seen as independent, completely different libraries. As a
consequence, the class Construct in each copy of the constructs library
is seen as a different class, and an instance of one class will not test as
instanceof the other class. npm install will not create installations
like this, but users may manually symlink construct libraries together or
use a monorepo tool: in those cases, multiple copies of the constructs
library can be accidentally installed, and instanceof will behave
unpredictably. It is safest to avoid using instanceof, and using
this type-testing method instead.
Any object
true if x is an object created from a class which extends Construct.
Create a database secret in SecretsManager. The secret is created in the common JSON object format (see DbSecret interface). The database user defined by the secret can also be automatically provisioned in the database. Provisioning the DB master user is not required and is not supported.
See
DbSecret