UNPKG

cdk-encrypted-secret

Version:

CDK Construct that creates an AWS Secret Manager Secret and sets the value from an encrypted Ciphertext.

github.com/nickwillan/cdk-encrypted-secret

nickwillan/cdk-encrypted-secret

35 lines (34 loc) 1.67 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
import { RetentionDays } from 'aws-cdk-lib/aws-logs'; import { Secret, SecretProps } from 'aws-cdk-lib/aws-secretsmanager'; import { Construct } from 'constructs'; /** * EncryptedSecretProps defines the properties for the EncryptedSecret construct. * * @interface EncryptedSecretProps * @property {SecretProps} [secretProps] - The SecretProps for the Secret to be created and set the decrypted value in. * @property {Secret} [existingSecretObj] - The existing Secret to be used to set the decrypted value in. * @property {string} ciphertextBlob - The ciphertext to be decrypted and stored in the Secret. * @property {string} keyId - The KMS Key ARN to be used to decrypt the ciphertext. * @property {RetentionDays} [logRetentionDays] - The retention days for the log group (optional, default is ONE_WEEK). */ export interface EncryptedSecretProps { readonly secretProps?: SecretProps; readonly existingSecretObj?: Secret; readonly ciphertextBlob: string; readonly keyId: string; readonly logRetentionDays?: RetentionDays; } /** * EncryptedSecret is a custom construct that creates a Secret in Secrets Manager and decrypts the ciphertext * using the KMS Key ARN provided and stores the decrypted value in the Secret. * * @class EncryptedSecret * @extends {Construct} * @param {Construct} scope - The scope of the construct. * @param {string} id - The id of the construct. * @param {EncryptedSecretProps} props - The EncryptedSecretProps for the EncryptedSecret construct. */ export declare class EncryptedSecret extends Construct { secret: Secret; constructor(scope: Construct, id: string, props: EncryptedSecretProps); }