UNPKG

aws-delivlib

Version:

A fabulous library for defining continuous pipelines for building, testing and releasing code libraries.

github.com/cdklabs/aws-delivlib

cdklabs/aws-delivlib

65 lines (64 loc) 2.75 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
import { RemovalPolicy, aws_iam as iam, aws_kms as kms, aws_lambda as lambda } from 'aws-cdk-lib'; import { Construct } from 'constructs'; import { CertificateSigningRequest, DistinguishedName } from './certificate-signing-request'; export interface RsaPrivateKeySecretProps { /** * The modulus size of the RSA key that will be generated. * * The NIST publishes a document that provides guidance on how to select an appropriate key size: * @see https://csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-4/final */ keySize: number; /** * The name of the AWS Secrets Manager entity that will be created to hold the private key. */ secretName: string; /** * The description to attach to the AWS Secrets Manager entity that will hold the private key. */ description?: string; /** * The KMS key to be used for encrypting the AWS Secrets Manager entity. * * @default the default KMS key will be used in accordance with AWS Secrets Manager default behavior. */ secretEncryptionKey?: kms.IKey; /** * The deletion policy to apply on the Private Key secret. * * @default Retain */ removalPolicy?: RemovalPolicy; } /** * An OpenSSL-generated RSA Private Key. It can for example be used to obtain a Certificate signed by a Certificate * Authority through the use of the ``CertificateSigningRequest`` construct (or via the * ``#newCertificateSigningRequest``) method. */ export declare class RsaPrivateKeySecret extends Construct { /** * The ARN of the secret that holds the private key. */ secretArn: string; customResource: lambda.SingletonFunction; private secretArnLike; private masterKey?; constructor(parent: Construct, id: string, props: RsaPrivateKeySecretProps); /** * Creates a new CSR resource using this private key. * * @param id the ID of the construct in the construct tree. * @param dn the distinguished name to record on the CSR. * @param keyUsage the intended key usage (for example: "critical,digitalSignature") * @param extendedKeyUsage the indended extended key usage, if any (for example: "critical,digitalSignature") * * @returns a new ``CertificateSigningRequest`` instance that can be used to access the actual CSR document. */ newCertificateSigningRequest(id: string, dn: DistinguishedName, keyUsage: string, extendedKeyUsage?: string): CertificateSigningRequest; /** * Allows a given IAM Role to read the secret value. * * @param grantee the principal to which permissions should be granted. */ grantGetSecretValue(grantee: iam.IPrincipal): void; }