-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(secretsmanager): create secret with secretObjectValue #21091
feat(secretsmanager): create secret with secretObjectValue #21091
Conversation
A common use case is to create key/value secrets where the values could be either strings _or_ other secret values. Currently this is possible, but the user experience is not great. This PR introduces a new input prop `secretObjectValue` which is of type `{ [key: string]: SecretValue }`. For example, you can now create a JSON secret: ```ts new secretsmanager.Secret(stack, 'JSONSecret', { secretObjectValue: { username: SecretValue.unsafePlainText(user.userName), // intrinsic reference, not exposed as plaintext database: SecretValue.unsafePlainText('foo'), // rendered as plain text, but not a secret password: accessKey.secretAccessKey, // SecretValue }, }); ``` I've also updated the docs to better reflect what `unsafe` means given this new context. fixes #20461
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
A common use case is to create key/value secrets where the values could
be either strings or other secret values. Currently this is possible,
but the user experience is not great. This PR introduces a new input
prop
secretObjectValue
which is of type{ [key: string]: SecretValue }
.For example, you can now create a JSON secret:
I've also updated the docs to better reflect what
unsafe
means giventhis new context.
fixes #20461
All Submissions:
Adding new Unconventional Dependencies:
New Features
yarn integ
to deploy the infrastructure and generate the snapshot (i.e.yarn integ
without--dry-run
)?By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license