AWS Secrets Manager Construct Library
const secretsmanager = require('@aws-cdk/aws-secretsmanager');
Create a new Secret in a Stack
In order to have SecretsManager generate a new secret value automatically,
you can get started with the following:
example of creating a secret
The Secret
construct does not allow specifying the SecretString
property
of the AWS::SecretsManager::Secret
resource (as this will almost always
lead to the secret being surfaced in plain text and possibly committed to
your source control).
If you need to use a pre-existing secret, the recommended way is to manually
provision the secret in AWS SecretsManager and use the Secret.fromSecretArn
or Secret.fromSecretAttributes
method to make it available in your CDK Application:
const secret = secretsmanager.Secret.fromSecretAttributes(scope, 'ImportedSecret', {
secretArn: 'arn:aws:secretsmanager:<region>:<account-id-number>:secret:<secret-name>-<random-6-characters>',
encryptionKey,
});
SecretsManager secret values can only be used in select set of properties. For the
list of properties, see the CloudFormation Dynamic References documentation.
Rotating a Secret
A rotation schedule can be added to a Secret:
const fn = new lambda.Function(...);
const secret = new secretsmanager.Secret(this, 'Secret');
secret.addRotationSchedule('RotationSchedule', {
rotationLambda: fn,
automaticallyAfter: Duration.days(15)
});
See Overview of the Lambda Rotation Function on how to implement a Lambda Rotation Function.
For RDS credentials rotation, see aws-rds.
1.0.0 (2019-07-09)
General Availability of the AWS Cloud Development Kit!! πππ₯π₯πΎπΎ
We are excited to announce the 1.0.0 release of the AWS CDK β
including GA support for TypeScript, JavaScript, and Python!
We want to thank all of our early customers, and the hundreds of contributors,
for all the help and support in making this release a reality.
Thank you for the patience to deal with the many, many breaking changes that happened along the way.
This product would not be what it is today if it weren't for all the feedback,
diligent issue reporting (bugs, missing features, unclear documentation, etc.),
and code contributions from the community.
Special thanks go out to a few of our most prolific contributors who went above and beyond to help improve the CDK:
1.0.0 is a huge milestone for us, but it's still only the beginning!
We are excited to continue evolving the CDK, to introduce support for new languages and capabilities,
and to continue working closely with the open-source community.
Bug Fixes
- cli: output message when successfully synthesizing multiple stacks (#3259) (0c30f12)
- python: Make sure stack name in the init template does not contain illegal characters (#3261) (7d22b2c)