Best practices when using secrets manager to an object that only accepts string

[andreprawira]

Take a look at this code where im using aws_secretsmanager to generate secrets

secretsmanager.Secret(
            self,
            "credentials",
            secret_name="credentials",
            generate_secret_string=secretsmanager.SecretStringGenerator(
                exclude_characters="!@#$%^&*()`~,}{[]=+'?\\/|<>:;\"",
                generate_string_key="password",
                secret_string_template='{"username":"admin"}',
            ),
        )

Then take a look at this code where am using aws_amazonmq to create CfnBroker and passing the password

amazonmq.CfnBroker(
            self,
            "broker",
            broker_name="broker",
            deployment_mode="CLUSTER_MULTI_AZ",
            engine_type="RABBITMQ",
            host_instance_type="mq.m5.xlarge",
            publicly_accessible=False,
            users=[
                amazonmq.CfnBroker.UserProperty(
                    password=mq_secret.secret_value_from_json(
                        "password"
                    ).unsafe_unwrap(),
                    username="admin",
                )
            ],
            subnet_ids=private_subnet_ids,
            security_groups=[broker_security_group.security_group_id],
            logs=amazonmq.CfnBroker.LogListProperty(general=True),
        )

when i cdk synth, i get a message saying its unsafe to use .unsafe_unwrap() which is also what the docs says. However, the password object only accepts string and i have to convert the password into a string so i can pass it. But then its not safe/best practice? So what do i do then?