getRandomPassword method
Generates a random password of the specified complexity. This operation is intended for use in the Lambda rotation function. Per best practice, we recommend that you specify the maximum length and include every character type that the system you are generating a password for can support.
Minimum permissions
To run this command, you must have the following permissions:
- secretsmanager:GetRandomPassword
May throw InvalidParameterException. May throw InvalidRequestException. May throw InternalServiceError.
Parameter excludeCharacters
:
A string that includes characters that should not be included in the
generated password. The default is that all characters from the included
sets can be used.
Parameter excludeLowercase
:
Specifies that the generated password should not include lowercase
letters. The default if you do not include this switch parameter is that
lowercase letters can be included.
Parameter excludeNumbers
:
Specifies that the generated password should not include digits. The
default if you do not include this switch parameter is that digits can be
included.
Parameter excludePunctuation
:
Specifies that the generated password should not include punctuation
characters. The default if you do not include this switch parameter is
that punctuation characters can be included.
The following are the punctuation characters that can be included
in the generated password if you don't explicitly exclude them with
ExcludeCharacters
or ExcludePunctuation
:
! " # $ % & ' ( ) * + , - . / : ; < = > ? @
\
^ _ ` {
| } ~
Parameter excludeUppercase
:
Specifies that the generated password should not include uppercase
letters. The default if you do not include this switch parameter is that
uppercase letters can be included.
Parameter includeSpace
:
Specifies that the generated password can include the space character. The
default if you do not include this switch parameter is that the space
character is not included.
Parameter passwordLength
:
The desired length of the generated password. The default value if you do
not include this parameter is 32 characters.
Parameter requireEachIncludedType
:
A boolean value that specifies whether the generated password must include
at least one of every allowed character type. The default value is
True
and the operation requires at least one of every
character type.
Implementation
Future<GetRandomPasswordResponse> getRandomPassword({
String? excludeCharacters,
bool? excludeLowercase,
bool? excludeNumbers,
bool? excludePunctuation,
bool? excludeUppercase,
bool? includeSpace,
int? passwordLength,
bool? requireEachIncludedType,
}) async {
_s.validateStringLength(
'excludeCharacters',
excludeCharacters,
0,
4096,
);
_s.validateNumRange(
'passwordLength',
passwordLength,
1,
4096,
);
final headers = <String, String>{
'Content-Type': 'application/x-amz-json-1.1',
'X-Amz-Target': 'secretsmanager.GetRandomPassword'
};
final jsonResponse = await _protocol.send(
method: 'POST',
requestUri: '/',
exceptionFnMap: _exceptionFns,
// TODO queryParams
headers: headers,
payload: {
if (excludeCharacters != null) 'ExcludeCharacters': excludeCharacters,
if (excludeLowercase != null) 'ExcludeLowercase': excludeLowercase,
if (excludeNumbers != null) 'ExcludeNumbers': excludeNumbers,
if (excludePunctuation != null)
'ExcludePunctuation': excludePunctuation,
if (excludeUppercase != null) 'ExcludeUppercase': excludeUppercase,
if (includeSpace != null) 'IncludeSpace': includeSpace,
if (passwordLength != null) 'PasswordLength': passwordLength,
if (requireEachIncludedType != null)
'RequireEachIncludedType': requireEachIncludedType,
},
);
return GetRandomPasswordResponse.fromJson(jsonResponse.body);
}