Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(secretsmanager): Specify secret value at creation #9594

Merged
merged 4 commits into from
Aug 11, 2020
Merged

feat(secretsmanager): Specify secret value at creation #9594

merged 4 commits into from
Aug 11, 2020

Conversation

njlynch
Copy link
Contributor

@njlynch njlynch commented Aug 11, 2020

Enables customers to supply their own secret value in the cases where an auto-
generated value is not viable. This exposes the secret value in the cdk output,
and CloudFormation template, but not CloudWatch/CloudTrail.

fixes #5810

PR Notes:

  1. Any feedback / thoughts on how else (besides the docstring) to warn folks of the implications of this approach?
  2. The secret string can either be a plain string or string representation of a JSON value. I briefly toyed with creating secretString and secretValueJson or something, and only allowing one or the other, but wasn't sure it was better. Suggestions on this interface welcome.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@njlynch
feat(secretsmanager): Specify secret value at creation
1e64f95 
Enables customers to supply their own secret value in the cases where an auto-
generated value is not viable. This exposes the secret value in the cdk output,
and CloudFormation template, but not CloudWatch/CloudTrail.

fixes #5810
@njlynch njlynch requested a review from a team August 11, 2020 11:20
@njlynch njlynch self-assigned this Aug 11, 2020
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Aug 11, 2020
@RomainMuller RomainMuller added the pr/do-not-merge This PR should not be merged at this time. label Aug 11, 2020
rix0rrr
rix0rrr reviewed Aug 11, 2020
View reviewed changes
packages/@aws-cdk/aws-secretsmanager/lib/secret.ts
@@ -103,6 +103,20 @@ export interface SecretProps {
*/
readonly secretName?: string;

/**
* **WARNING:** *It is **highly** encouraged to leave this field undefined and allow SecretsManager to create the secret value.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Putting this here mucks with our doc generation. Put a caption as the first line. For example:

/**
  * Literal secret value (DANGEROUS!)
  */

rix0rrr
rix0rrr approved these changes Aug 11, 2020
View reviewed changes
Copy link
Contributor

@rix0rrr rix0rrr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. I hate it.

@njlynch njlynch removed the pr/do-not-merge This PR should not be merged at this time. label Aug 11, 2020
@mergify
Copy link
Contributor

mergify bot commented Aug 11, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 02eb116
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Contributor

mergify bot commented Aug 11, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit 07fedff into master Aug 11, 2020
@mergify mergify bot deleted the njlynch/secrets-byo-secret branch August 11, 2020 17:14
njlynch added a commit that referenced this pull request Aug 11, 2020
@njlynch
Revert "feat(secretsmanager): Specify secret value at creation (#9594)"
0a97db2 
This reverts commit 07fedff.
@njlynch njlynch mentioned this pull request Aug 12, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rix0rrr rix0rrr rix0rrr approved these changes

@RomainMuller RomainMuller RomainMuller approved these changes

Assignees

@njlynch njlynch

Labels
contribution/core This is a PR that came from AWS.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Aws cdk don't provide a way to create secrets with specified values
4 participants
@njlynch @aws-cdk-automation @RomainMuller @rix0rrr