Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DeletionPolicy for secretsmanager.Secret #6527

Closed
AknEp opened this issue Mar 2, 2020 · 0 comments · Fixed by #8188
Closed

DeletionPolicy for secretsmanager.Secret #6527

AknEp opened this issue Mar 2, 2020 · 0 comments · Fixed by #8188
Assignees
@skinny85
Labels
@aws-cdk/aws-secretsmanager Related to AWS Secrets Manager effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. in-progress This issue is being actively worked on.

Comments

@AknEp
Copy link

AknEp commented Mar 2, 2020

Why we add DeletionPolicy to secretsmanager.Secret?

Use Case

In production environment, we often store important values on secretsmanager.Secret.
For example, password-salt, cookie encryption key, or API key for other services.
To keep secure, these variables shouldn't be stored in other place.

But, without DeletionPolicy(Retain), it can be deleted by human error.
I think, sometimes it should be kept if cloudformation resource are deleted.

Proposed Solution

Add DeletionPolicy to secretsmanager.Secret's initialization Props.

Other

I thought it might be issue of cloudformation at first.
But cloudformation have this.

aws-cloudformation/cloudformation-coverage-roadmap#405

This is a 🚀 Feature Request
@AknEp AknEp added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Mar 2, 2020
@SomayaB SomayaB added the @aws-cdk/aws-secretsmanager Related to AWS Secrets Manager label Mar 2, 2020
@skinny85 skinny85 added the effort/small Small work item – less than a day of effort label Mar 11, 2020
@SomayaB SomayaB removed the needs-triage This issue or PR still needs to be triaged. label May 19, 2020
winky added a commit to winky/aws-cdk that referenced this issue May 25, 2020
@winky
feat(secretsmanager): deletionPolicy for secretsmanager
cee70dc 
We often store important values on secretsmanager.Secret.
But, without DeletionPolicy(Retain), it can be deleted by human error.

closes: aws#6527
@winky winky mentioned this issue May 25, 2020
Merged
@SomayaB SomayaB added the in-progress This issue is being actively worked on. label May 26, 2020
@mergify mergify bot closed this as completed in #8188 Jun 8, 2020
mergify bot pushed a commit that referenced this issue Jun 8, 2020
@winky
feat(secretsmanager): deletionPolicy for secretsmanager (#8188)
f6fe36a 
We often store important values on secretsmanager.Secret.
But, without DeletionPolicy(Retain), it can be deleted by human error.
So, add DeletionPolicy to secretsmanager.Secret's initialization Props.

closes: #6527

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@skinny85 skinny85

Labels
@aws-cdk/aws-secretsmanager Related to AWS Secrets Manager effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. in-progress This issue is being actively worked on.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(secretsmanager): deletionPolicy for secretsmanager winky/aws-cdk
3 participants
@skinny85 @AknEp @SomayaB