aws-redshift-alpha: remove backtick ` from the user passwords

[ann8ty]

Describe the feature

As per https://docs.aws.amazon.com/cdk/api/v2/docs/aws-redshift-alpha-readme.html#creating-users

The user password is generated by AWS Secrets Manager using the default configuration found in secretsmanager.SecretStringGenerator, except with password length 30 and some SQL-incompliant characters excluded. The plaintext for the password will never be present in the CDK application; instead, a CloudFormation Dynamic Reference will be used wherever the password value is required.

Could you also please exclude backtick ` or expose the secret configuration?

Use Case

When integrating with DBT airflow dags that use redshift, we have a generated password with backtick. The password has to be written as an environment variable to keep it out of dbt profiles yaml. The backtick are problematic. This had to be fixed manually.

Proposed Solution

Simplest, add more characters to the list excluded from the password

Other Information

No response

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

CDK version used

2.85.0 (build 4e0d726)

Environment details (OS name and version, etc.)

Mac Os

[pahud]

I think some have been excluded but I agree to expose the secret as an optional property.

aws-cdk/packages/@aws-cdk/aws-redshift-alpha/lib/database-secret.ts

Line 35 in ed00f24

excludeCharacters: '"@/\\\ \'',

[ann8ty]

@pahud quote and double quote sure are! double checking on that password, it was the backtick that got me. updated the ticket to reflect. thanks!

[pahud]

@pahud quote and double quote sure are! double checking on that password, it was the backtick that got me. updated the ticket to reflect. thanks!

Yeah I guess we could simply create a tiny PR to add the backtick in or just expose the secret prop to the surface.