rds/aws.sdk.kotlin.services.rds.model/ModifyDbInstanceRequest/masterUserSecretKmsKeyId

masterUserSecretKmsKeyId

val masterUserSecretKmsKeyId: String?

The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and managed in Amazon Web Services Secrets Manager.

This setting is valid only if both of the following conditions are met:

  • The DB instance doesn't manage the master user password in Amazon Web Services Secrets Manager.If the DB instance already manages the master user password in Amazon Web Services Secrets Manager, you can't change the KMS key used to encrypt the secret.

  • You are turning on ManageMasterUserPassword to manage the master user password in Amazon Web Services Secrets Manager.If you are turning on ManageMasterUserPassword and don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't use the aws/secretsmanager KMS key to encrypt the secret, and you must use a customer managed KMS key.

The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.

There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.