fix(core): remove cdk.Secret #2068

rix0rrr · 2019-03-21T09:36:18Z

cdk.Secret was left over from when we thought we were going to do
secrets differently. Today, we model secret values as strings, which
can be retrieved from one of these:

ssm.ParameterStoreSecureString.stringValue
secretsmanager.SecretString.stringValue
cdk.CfnParameter.stringValue (but don't do that, because the secret
will be readable from CloudFormation logs)

Fixes #2064.

BREAKING CHANGE: Replace use of cdk.Secret with
secretsmanager.SecretString (preferred) or
ssm.ParameterStoreSecureString.

Pull Request Checklist

Testing
- Unit test added (prefer not to modify an existing test, otherwise, it's probably a breaking change)
- CLI change?: coordinate update of integration tests with team
- cdk-init template change?: coordinated update of integration tests with team
Docs
- jsdocs: All public APIs documented
- README: README and/or documentation topic updated
Title and Description
- Change type: title prefixed with fix, feat will appear in changelog
- Title: use lower-case and doesn't end with a period
- Breaking?: last paragraph: "BREAKING CHANGE: <describe what changed + link for details>"
- Issues: Indicate issues fixed via: "Fixes #xxx" or "Closes #xxx"
Sensitive Modules (requires 2 PR approvers)
- IAM Policy Document (in @aws-cdk/aws-iam)
- EC2 Security Groups and ACLs (in @aws-cdk/aws-ec2)
- Grant APIs (only if not based on official documentation with a reference)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license.

`cdk.Secret` was left over from when we thought we were going to do secrets differently. Today, we model secret values as strings, which can be retrieved from one of these: - `ssm.ParameterStoreSecureString.stringValue` - `secretsmanager.SecretString.stringValue` - `cdk.CfnParameter.stringValue` (but don't do that, because the secret will be readable from CloudFormation logs) Fixes #2064. BREAKING CHANGE: Replace use of `cdk.Secret` with `secretsmanager.SecretString` (preferred) or `ssm.ParameterStoreSecureString`.

eladb

Now I recall why we added this Secret class - we wanted to help people avoid embedding in clear text secrets in their code/templates, so we just added a wrapper. Do you think it's worth keeping perhaps?

rix0rrr · 2019-03-26T13:09:44Z

So what we would be trying to achieve then is a flavor of string that is guaranteed to not be literally in the template?

I think the following might be appropriate then:

/**
 * A marker interface for objects that represent a secret string value
 */
export interface ISecretValue {
  stringValue: string;
}

Alternatively, in the constructs that want a secret, we just go:

if (!cdk.unresolved(input)) {
  throw new Error('Oy, are you daft or what?');
}

eladb · 2019-03-28T21:03:02Z

The latter option is not half bad, and I love the error message.

rix0rrr · 2019-04-01T08:43:24Z

The problem is there being will prevent people who know they want a literal secret value, for whatever reason.

addWarning() maybe?

eladb · 2019-04-01T09:11:02Z

Maybe an explicit optional switch that disables this check?

eladb · 2019-04-01T10:36:17Z

packages/@aws-cdk/alexa-ask/README.md

@@ -3,3 +3,54 @@
 ```ts
 const alexaAsk = require('@aws-cdk/alexa-ask');
 ```
+


rebase issue?

Yes. Did not expect the empty README to be the correct end situation.

eladb · 2019-04-01T11:00:29Z

packages/@aws-cdk/cdk/lib/secret.ts

+ * secret values will not allow you to pass in a literal secret value. They do
+ * so by calling `Secret.assertSafeSecret()`.
+ *
+ * You can escape the check by calling `Secret.unsafeSecret()`, but doing


Maybe instead of Secret.unsafeSecret we can do Secret.clearText or Secret.plainText? Less about policy, more about mechanism...

rix0rrr requested review from RomainMuller, skinny85 and a team as code owners March 21, 2019 09:36

Update Ref expectation

a5511a4

rix0rrr self-assigned this Mar 21, 2019

sam-goodwin approved these changes Mar 22, 2019

View reviewed changes

eladb suggested changes Mar 24, 2019

View reviewed changes

rix0rrr added 2 commits April 1, 2019 11:22

Merge remote-tracking branch 'origin/master' into huijbers/remove-secret

22d5aa1

Reintroduce Secret as a static class

b5117a2

eladb reviewed Apr 1, 2019

View reviewed changes

rix0rrr added 2 commits April 1, 2019 12:51

Remove README

f68c333

CodeBuild tests

14dbd82

eladb approved these changes Apr 1, 2019

View reviewed changes

Rename -> plainText

5baf64f

rix0rrr merged commit b53d04d into master Apr 1, 2019

rix0rrr deleted the huijbers/remove-secret branch April 1, 2019 14:02

NGL321 added the contribution/core This is a PR that came from AWS. label Sep 27, 2019

This was referenced Dec 12, 2019

[Snyk] Upgrade @aws-cdk/cdk from 0.22.0 to 0.35.0 MechanicalRock/scdk#3

Closed

[Snyk] Upgrade @aws-cdk/cdk from 0.24.1 to 0.35.0 MechanicalRock/cdk-constructs#8

Open

[Snyk] Upgrade @aws-cdk/cdk from 0.24.1 to 0.35.0 MechanicalRock/account-reaper#6

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(core): remove cdk.Secret #2068

fix(core): remove cdk.Secret #2068

rix0rrr commented Mar 21, 2019

eladb left a comment

rix0rrr commented Mar 26, 2019 •

edited

Loading

eladb commented Mar 28, 2019

rix0rrr commented Apr 1, 2019

eladb commented Apr 1, 2019

eladb Apr 1, 2019

rix0rrr Apr 1, 2019

eladb Apr 1, 2019

fix(core): remove cdk.Secret #2068

fix(core): remove cdk.Secret #2068

Conversation

rix0rrr commented Mar 21, 2019

Pull Request Checklist

eladb left a comment

Choose a reason for hiding this comment

rix0rrr commented Mar 26, 2019 • edited Loading

eladb commented Mar 28, 2019

rix0rrr commented Apr 1, 2019

eladb commented Apr 1, 2019

eladb Apr 1, 2019

Choose a reason for hiding this comment

rix0rrr Apr 1, 2019

Choose a reason for hiding this comment

eladb Apr 1, 2019

Choose a reason for hiding this comment

rix0rrr commented Mar 26, 2019 •

edited

Loading