Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

secretsmanager.Secret support name prefix on creation

See original GitHub issue

I’d like to be able to call:

this.secret = new secretsmanager.Secret(this, "somesecret", {
  prefix: "/production/MyApp/"
})

That way I still get a unique name but I can have an app specific prefix to make it easier to find my secret.

Use Case

I don’t want to specify a name for my secret - I want the autogenerated one. I do want my secret to be name spaced to the prefix I use for other components.

Proposed Solution

Modify: https://github.com/aws/aws-cdk/blob/v1.39.0/packages/%40aws-cdk/aws-secretsmanager/lib/secret.ts#L219-L222

To accept a prefix:

e.g.

  constructor(scope: Construct, id: string, props: SecretProps = {}) {
    super(scope, id, {
      physicalName: `{props.secretPrefix || ""}props.secretName`,
    });

? I’m not really sure if that is the right way to do it - I am not a typescript expert.

Other

👋 I may be able to implement this feature request
⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

Issue Analytics

State:
Created 3 years ago
Comments:13 (6 by maintainers)

Top GitHub Comments

1reaction

thetoolsmithcommented, Sep 6, 2022

@skinny85 We have other pieces of code that use discovery of “known” secret names. So not being able to lookup a secret by name because of the random added suffix breaks that flow. This is a pretty standard use of a secret store from my perspective. In any case, I’ve found a way to do what I wanted using the SecretStringValueBeta1 class in aws-cdk-lib/aws-secretsmanager lib. This code lets us create secret names and values of our choosing without the added random characters that otherwise would have been added.

import { Secret, SecretStringValueBeta1 } from 'aws-cdk-lib/aws-secretsmanager'

const secretkey = '/my/product/secrets/test-user'
const myname = 'paul'
const myid = '999'
const secret = SecretStringValueBeta1.fromToken(JSON.stringify({ id: myid, name: myname })) 
new Secret(this, secretkey, {
  secretName: secretkey,
  secretStringBeta1: secret,
  description: `test user name ${myname}`
})

0reactions

skinny85commented, Aug 16, 2022

No, it is not possible. This is just how the SecretsManger service works; there is nothing CDK-specific here (using secretName and Secret will result in the same random suffix being added to the ARN).

May I ask why is the suffix a problem?

Top Results From Across the Web

AWS::SecretsManager::Secret - AWS CloudFormation

An alias is always prefixed by alias / , for example alias/aws/secretsmanager . For more information, see About aliases.

aws_secretsmanager_secret | Resources | hashicorp/aws

To enable automatic secret rotation, the Secrets Manager service requires usage of ... (Optional) Creates a unique name beginning with the specified prefix....

create-secret — AWS CLI 2.9.6 Command Reference

A secret can be a password, a set of credentials such as a user name and password, an OAuth token, or other secret...

AWS secretsmanager error, unable to list the secrets with ...

Short Answer: Retrieving Secrets by prefix is not supported by AWS (as of Jan 7 2020). Here's Why: You probably tried to set...

aws secretsmanager create-secret

Note that if an Secrets Manager API call results in AWS creating the account's ... Do not use the aws: prefix in your...