aws-cdk-lib.aws_secretsmanager.SecretAttributes

interface SecretAttributes

LanguageType name
.NETAmazon.CDK.AWS.SecretsManager.SecretAttributes
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awssecretsmanager#SecretAttributes
Javasoftware.amazon.awscdk.services.secretsmanager.SecretAttributes
Pythonaws_cdk.aws_secretsmanager.SecretAttributes
TypeScript (source)aws-cdk-lib » aws_secretsmanager » SecretAttributes

Attributes required to import an existing secret into the Stack.

One ARN format (secretArn, secretCompleteArn, secretPartialArn) must be provided.

Example

const userpool = new cognito.UserPool(this, 'Pool');
const secret = secretsmanager.Secret.fromSecretAttributes(this, "CognitoClientSecret", {
    secretCompleteArn: "arn:aws:secretsmanager:xxx:xxx:secret:xxx-xxx"
}).secretValue

const provider = new cognito.UserPoolIdentityProviderGoogle(this, 'Google', {
  clientId: 'amzn-client-id',
  clientSecretValue: secret,
  userPool: userpool,
});

Properties

NameTypeDescription
encryptionKey?IKeyThe encryption key that is used to encrypt the secret, unless the default SecretsManager key is used.
secretCompleteArn?stringThe complete ARN of the secret in SecretsManager.
secretPartialArn?stringThe partial ARN of the secret in SecretsManager.

encryptionKey?

Type: IKey (optional)

The encryption key that is used to encrypt the secret, unless the default SecretsManager key is used.


secretCompleteArn?

Type: string (optional)

The complete ARN of the secret in SecretsManager.

This is the ARN including the Secrets Manager 6-character suffix. Cannot be used with secretArn or secretPartialArn.


secretPartialArn?

Type: string (optional)

The partial ARN of the secret in SecretsManager.

This is the ARN without the Secrets Manager 6-character suffix. Cannot be used with secretArn or secretCompleteArn.