Skip to content

Secret

Source: src/AWS/SecretsManager/Secret.ts

An AWS Secrets Manager secret.

Secret owns the lifecycle of the secret metadata and current value. It can store a caller-provided value or generate a password-backed JSON payload for downstream resources such as Aurora clusters and RDS proxies.

Creating Secrets

Section titled “Creating Secrets”

Static Secret String

const secret = yield* Secret("DbSecret", {
  secretString: Redacted.make(JSON.stringify({
    username: "app",
    password: "super-secret",
  })),
});

Generated Password Secret

const secret = yield* Secret("DbSecret", {
  generateSecretString: {
    secretStringTemplate: JSON.stringify({ username: "app" }),
    generateStringKey: "password",
    PasswordLength: 32,
  },
});