rds/aws.sdk.kotlin.services.rds.model/ModifyTenantDatabaseRequest/masterUserSecretKmsKeyId

masterUserSecretKmsKeyId

val masterUserSecretKmsKeyId: String?

The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and managed in Amazon Web Services Secrets Manager.

This setting is valid only if both of the following conditions are met:

  • The tenant database doesn't manage the master user password in Amazon Web Services Secrets Manager.If the tenant database already manages the master user password in Amazon Web Services Secrets Manager, you can't change the KMS key used to encrypt the secret.

  • You're turning on ManageMasterUserPassword to manage the master user password in Amazon Web Services Secrets Manager.If you're turning on ManageMasterUserPassword and don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't use the aws/secretsmanager KMS key to encrypt the secret, and you must use a self-managed KMS key.

The Amazon Web Services KMS key identifier is any of the following:

  • Key ARN

  • Key ID

  • Alias ARN

  • Alias name for the KMS key

To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.

A default KMS key exists for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.

© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved. Generated by dokka