Namespace Pulumi.Gcp.SecretManager
Classes
GetSecretVersion
GetSecretVersionArgs
GetSecretVersionResult
Secret
A Secret is a logical secret whose value and versions can be accessed.
To get more information about Secret, see:
Example Usage - Secret Config Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var secret_basic = new Gcp.SecretManager.Secret("secret-basic", new Gcp.SecretManager.SecretArgs
{
Labels =
{
{ "label", "my-label" },
},
Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs
{
UserManaged = new Gcp.SecretManager.Inputs.SecretReplicationUserManagedArgs
{
Replicas =
{
new Gcp.SecretManager.Inputs.SecretReplicationUserManagedReplicaArgs
{
Location = "us-central1",
},
new Gcp.SecretManager.Inputs.SecretReplicationUserManagedReplicaArgs
{
Location = "us-east1",
},
},
},
},
SecretId = "secret",
});
}
}
SecretArgs
SecretIamBinding
Three different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:
gcp.secretmanager.SecretIamPolicy: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.gcp.secretmanager.SecretIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.gcp.secretmanager.SecretIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.
Note:
gcp.secretmanager.SecretIamPolicycannot be used in conjunction withgcp.secretmanager.SecretIamBindingandgcp.secretmanager.SecretIamMemberor they will fight over what your policy should be.
Note:
gcp.secretmanager.SecretIamBindingresources can be used in conjunction withgcp.secretmanager.SecretIamMemberresources only if they do not grant privilege to the same role.
google_secret_manager_secret_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/viewer" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.SecretManager.SecretIamPolicy("policy", new Gcp.SecretManager.SecretIamPolicyArgs
{
Project = google_secret_manager_secret.Secret_basic.Project,
SecretId = google_secret_manager_secret.Secret_basic.Secret_id,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_secret_manager_secret_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.SecretManager.SecretIamBinding("binding", new Gcp.SecretManager.SecretIamBindingArgs
{
Project = google_secret_manager_secret.Secret_basic.Project,
SecretId = google_secret_manager_secret.Secret_basic.Secret_id,
Role = "roles/viewer",
Members =
{
"user:jane@example.com",
},
});
}
}
google_secret_manager_secret_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.SecretManager.SecretIamMember("member", new Gcp.SecretManager.SecretIamMemberArgs
{
Project = google_secret_manager_secret.Secret_basic.Project,
SecretId = google_secret_manager_secret.Secret_basic.Secret_id,
Role = "roles/viewer",
Member = "user:jane@example.com",
});
}
}
SecretIamBindingArgs
SecretIamBindingState
SecretIamMember
Three different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:
gcp.secretmanager.SecretIamPolicy: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.gcp.secretmanager.SecretIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.gcp.secretmanager.SecretIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.
Note:
gcp.secretmanager.SecretIamPolicycannot be used in conjunction withgcp.secretmanager.SecretIamBindingandgcp.secretmanager.SecretIamMemberor they will fight over what your policy should be.
Note:
gcp.secretmanager.SecretIamBindingresources can be used in conjunction withgcp.secretmanager.SecretIamMemberresources only if they do not grant privilege to the same role.
google_secret_manager_secret_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/viewer" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.SecretManager.SecretIamPolicy("policy", new Gcp.SecretManager.SecretIamPolicyArgs
{
Project = google_secret_manager_secret.Secret_basic.Project,
SecretId = google_secret_manager_secret.Secret_basic.Secret_id,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_secret_manager_secret_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.SecretManager.SecretIamBinding("binding", new Gcp.SecretManager.SecretIamBindingArgs
{
Project = google_secret_manager_secret.Secret_basic.Project,
SecretId = google_secret_manager_secret.Secret_basic.Secret_id,
Role = "roles/viewer",
Members =
{
"user:jane@example.com",
},
});
}
}
google_secret_manager_secret_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.SecretManager.SecretIamMember("member", new Gcp.SecretManager.SecretIamMemberArgs
{
Project = google_secret_manager_secret.Secret_basic.Project,
SecretId = google_secret_manager_secret.Secret_basic.Secret_id,
Role = "roles/viewer",
Member = "user:jane@example.com",
});
}
}
SecretIamMemberArgs
SecretIamMemberState
SecretIamPolicy
Three different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:
gcp.secretmanager.SecretIamPolicy: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.gcp.secretmanager.SecretIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.gcp.secretmanager.SecretIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.
Note:
gcp.secretmanager.SecretIamPolicycannot be used in conjunction withgcp.secretmanager.SecretIamBindingandgcp.secretmanager.SecretIamMemberor they will fight over what your policy should be.
Note:
gcp.secretmanager.SecretIamBindingresources can be used in conjunction withgcp.secretmanager.SecretIamMemberresources only if they do not grant privilege to the same role.
google_secret_manager_secret_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/viewer" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.SecretManager.SecretIamPolicy("policy", new Gcp.SecretManager.SecretIamPolicyArgs
{
Project = google_secret_manager_secret.Secret_basic.Project,
SecretId = google_secret_manager_secret.Secret_basic.Secret_id,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_secret_manager_secret_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.SecretManager.SecretIamBinding("binding", new Gcp.SecretManager.SecretIamBindingArgs
{
Project = google_secret_manager_secret.Secret_basic.Project,
SecretId = google_secret_manager_secret.Secret_basic.Secret_id,
Role = "roles/viewer",
Members =
{
"user:jane@example.com",
},
});
}
}
google_secret_manager_secret_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.SecretManager.SecretIamMember("member", new Gcp.SecretManager.SecretIamMemberArgs
{
Project = google_secret_manager_secret.Secret_basic.Project,
SecretId = google_secret_manager_secret.Secret_basic.Secret_id,
Role = "roles/viewer",
Member = "user:jane@example.com",
});
}
}
SecretIamPolicyArgs
SecretIamPolicyState
SecretState
SecretVersion
A secret version resource.
Warning: All arguments including
payload.secret_datawill be stored in the raw state as plain-text.
Example Usage - Secret Version Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var secret_basic = new Gcp.SecretManager.Secret("secret-basic", new Gcp.SecretManager.SecretArgs
{
SecretId = "secret-version",
Labels =
{
{ "label", "my-label" },
},
Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs
{
Automatic = true,
},
});
var secret_version_basic = new Gcp.SecretManager.SecretVersion("secret-version-basic", new Gcp.SecretManager.SecretVersionArgs
{
Secret = secret_basic.Id,
SecretData = "secret-data",
});
}
}