SecretString from SecretsManager should be a valid cdk.Secret

[hoegertn]

Given the following code:

const githubAccessToken = new SecretString(this, 'GithubToken', {secretId: 'GitHub'});

it should be valid to use it directly in a SourceAction for Codepipeline.

Instead I have to write it like new Secret(githubAccessToken.jsonFieldValue('Token'))

[eladb]

I guess that name of the JSON field is additional information you'll need to supply (in your case Token).

How about something like toSecret:

githubAccessToken.toSecret('Token')

Would that be more convinient/discoverable?

[rix0rrr]

I guess jsonFieldValue should always have returned a Secret, actually, no? A fragment of a Secret is still a Secret.

We can deprecate that accessor and make a new one that returns a value of the right type.

---

githubAccessToken.toSecret('Token')

This seems a little inscrutable to me. Reads as if you're converting the githubAccessToken to a Secret (which it already is), and some modifier for the conversion is the string 'Token'.

IOW, to me it looks as if toSecret() operates on the WHOLE value, rather than extracing a part of it. Maybe extractSecret()? accessField() ?

[rix0rrr]

Don't close this please, I think it's still relevant. We have to hash out the right API though.

[njlynch]

Closing this out, as the SecretString interface was removed in #2161 (in CDK version 0.28.0!). The interfaces of Secret, cdk.SecretValue, and others have been dramatically altered since then, so hard to say if there's still any relevance.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.