How to use @aws-cdk/aws-secretsmanager - 4 common examples
To help you get started, we’ve selected a few @aws-cdk/aws-secretsmanager examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
customink / activerecord-aurora-serverless-adapter / test / aurora-serverless / lib / aurora-serverless-stack.ts View on Github 
aurora2.addDependsOn(dbParamGroup);
new CfnOutput(this, "AASAResourceArn", {
value: `arn:aws:rds:${this.region}:${this.account}:cluster:${DB_CLUSTER_ID}`
});
new CfnOutput(this, "AASAResourceArn2", {
value: `arn:aws:rds:${this.region}:${this.account}:cluster:${DB_CLUSTER_ID}2`
});
// SECRETS
const secret = new CfnSecret(
this,
"Secret",
secretProps(aurora, DB_CLUSTER_ID)
);
const secret2 = new CfnSecret(
this,
"Secret2",
secretProps(aurora2, `${DB_CLUSTER_ID}2`)
);
secret.addDependsOn(aurora);
secret2.addDependsOn(aurora2);
new CfnOutput(this, "AASASecretArn", {
value: secret.ref
});
new CfnOutput(this, "AASASecretArn2", {
value: secret2.ref
});
// TEST USER
const user = new User(this, "TestUser");dbSubnetGroup.dbSubnetGroupName,
dbParamGroup
)
);
aurora.addDependsOn(dbParamGroup);
aurora2.addDependsOn(dbParamGroup);
new CfnOutput(this, "AASAResourceArn", {
value: `arn:aws:rds:${this.region}:${this.account}:cluster:${DB_CLUSTER_ID}`
});
new CfnOutput(this, "AASAResourceArn2", {
value: `arn:aws:rds:${this.region}:${this.account}:cluster:${DB_CLUSTER_ID}2`
});
// SECRETS
const secret = new CfnSecret(
this,
"Secret",
secretProps(aurora, DB_CLUSTER_ID)
);
const secret2 = new CfnSecret(
this,
"Secret2",
secretProps(aurora2, `${DB_CLUSTER_ID}2`)
);
secret.addDependsOn(aurora);
secret2.addDependsOn(aurora2);
new CfnOutput(this, "AASASecretArn", {
value: secret.ref
});
new CfnOutput(this, "AASASecretArn2", {
value: secret2.ref//
// Copyright (C) 2019 Dmitry Kolesnikov
//
// This file may be modified and distributed under the terms
// of the MIT license. See the LICENSE file for details.
// https://github.com/fogfish/aws-cdk-pure
//
// Config/Secret Management HoC
//
import * as secret from '@aws-cdk/aws-secretsmanager'
import { IaaC, include, IPure } from 'aws-cdk-pure'
const defaultBucket = process.env.AWS_IAAC_CONFIG || 'undefined'
const vault = include(secret.Secret.fromSecretAttributes)
/**
* returns a configuration as string value for given key as it is stored by AWS Secret Manager
*
* @param key name of the key
* @param bucket AWS Secret Manager bucket, the value of AWS_IAAC_CONFIG env var is used as default bucket,
*/
export function String(key: string, bucket: string = defaultBucket): IPure {
return vault(Config(bucket)).map(x => x.secretValueFromJson(key).toString())
}
function Config(secretArn: string): IaaC {
const Secret = () => ({ secretArn })
return Secret
}readonly username: string;
/**
* The KMS key to use to encrypt the secret.
*
* @default default master key
*/
readonly encryptionKey?: kms.IKey;
}
/**
* A database secret.
*
* @resource AWS::SecretsManager::Secret
*/
export class DatabaseSecret extends secretsmanager.Secret {
constructor(scope: Construct, id: string, props: DatabaseSecretProps) {
super(scope, id, {
encryptionKey: props.encryptionKey,
generateSecretString: {
passwordLength: 30, // Oracle password cannot have more than 30 characters
secretStringTemplate: JSON.stringify({ username: props.username }),
generateStringKey: 'password',
excludeCharacters: '"@/\\'
}
});
}
}@aws-cdk/aws-secretsmanager
The CDK Construct Library for AWS::SecretsManager
