UNPKG

@aws-cdk/core

Version:

AWS Cloud Development Kit Core Library

github.com/aws/aws-cdk

aws/aws-cdk

91 lines (90 loc) 3.51 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
import { CfnDynamicReference } from './cfn-dynamic-reference'; import { CfnParameter } from './cfn-parameter'; import { Intrinsic } from './private/intrinsic'; /** * Work with secret values in the CDK * * Secret values in the CDK (such as those retrieved from SecretsManager) are * represented as regular strings, just like other values that are only * available at deployment time. * * To help you avoid accidental mistakes which would lead to you putting your * secret values directly into a CloudFormation template, constructs that take * secret values will not allow you to pass in a literal secret value. They do * so by calling `Secret.assertSafeSecret()`. * * You can escape the check by calling `Secret.plainText()`, but doing * so is highly discouraged. */ export declare class SecretValue extends Intrinsic { /** * Construct a literal secret value for use with secret-aware constructs * * *Do not use this method for any secrets that you care about.* * * The only reasonable use case for using this method is when you are testing. */ static plainText(secret: string): SecretValue; /** * Creates a `SecretValue` with a value which is dynamically loaded from AWS Secrets Manager. * @param secretId The ID or ARN of the secret * @param options Options */ static secretsManager(secretId: string, options?: SecretsManagerSecretOptions): SecretValue; /** * Use a secret value stored from a Systems Manager (SSM) parameter. * * @param parameterName The name of the parameter in the Systems Manager * Parameter Store. The parameter name is case-sensitive. * * @param version An integer that specifies the version of the parameter to * use. You must specify the exact version. You cannot currently specify that * AWS CloudFormation use the latest version of a parameter. */ static ssmSecure(parameterName: string, version: string): SecretValue; /** * Obtain the secret value through a CloudFormation dynamic reference. * * If possible, use `SecretValue.ssmSecure` or `SecretValue.secretsManager` directly. * * @param ref The dynamic reference to use. */ static cfnDynamicReference(ref: CfnDynamicReference): SecretValue; /** * Obtain the secret value through a CloudFormation parameter. * * Generally, this is not a recommended approach. AWS Secrets Manager is the * recommended way to reference secrets. * * @param param The CloudFormation parameter to use. */ static cfnParameter(param: CfnParameter): SecretValue; } /** * Options for referencing a secret value from Secrets Manager. */ export interface SecretsManagerSecretOptions { /** * Specified the secret version that you want to retrieve by the staging label attached to the version. * * Can specify at most one of `versionId` and `versionStage`. * * @default AWSCURRENT */ readonly versionStage?: string; /** * Specifies the unique identifier of the version of the secret you want to use. * * Can specify at most one of `versionId` and `versionStage`. * * @default AWSCURRENT */ readonly versionId?: string; /** * The key of a JSON field to retrieve. This can only be used if the secret * stores a JSON object. * * @default - returns all the content stored in the Secrets Manager secret. */ readonly jsonField?: string; }