cdk-sops-secrets
Version:
CDK Constructs that syncs your sops secrets into AWS SecretsManager secrets.
58 lines (57 loc) • 2.02 kB
TypeScript
import { Grant, IGrantable } from 'aws-cdk-lib/aws-iam';
import { IKey } from 'aws-cdk-lib/aws-kms';
import { IStringParameter, ParameterReference, ParameterTier } from 'aws-cdk-lib/aws-ssm';
import { RemovalPolicy, ResourceEnvironment, Stack } from 'aws-cdk-lib/core';
import { Construct } from 'constructs';
import { SopsSync, SopsSyncOptions } from './SopsSync';
/**
* The configuration options of the StringParameter
*/
export interface SopsCommonParameterProps extends SopsSyncOptions {
/**
* The tier of the string parameter
*
* @default - undefined
*/
readonly tier?: ParameterTier;
/**
* Information about the parameter that you want to add to the system.
*
* @default none
*/
readonly description?: string;
/**
* The customer-managed encryption key to use for encrypting the secret value.
*
* @default - A default KMS key for the account and region is used.
*/
readonly encryptionKey: IKey;
}
export interface SopsStringParameterProps extends SopsCommonParameterProps {
/**
* The name of the parameter.
*
* @default - a name will be generated by CloudFormation
*/
readonly parameterName?: string;
}
/**
* A drop in replacement for the normal String Parameter, that is populated with the encrypted
* content of the given sops file.
*/
export declare class SopsStringParameter extends Construct implements IStringParameter {
private readonly parameter;
readonly sync: SopsSync;
readonly encryptionKey: IKey;
readonly stack: Stack;
readonly env: ResourceEnvironment;
readonly parameterArn: string;
readonly parameterName: string;
readonly parameterType: string;
readonly stringValue: string;
readonly parameterRef: ParameterReference;
constructor(scope: Construct, id: string, props: SopsStringParameterProps);
grantRead(grantee: IGrantable): Grant;
grantWrite(grantee: IGrantable): Grant;
applyRemovalPolicy(policy: RemovalPolicy): void;
}