Secret

Create a Secret Resource

new Secret(name: string, args: SecretArgs, opts?: CustomResourceOptions);

def Secret(resource_name, opts=None, data_json=None, disable_read=None, path=None, __props__=None);

func NewSecret(ctx *Context, name string, args SecretArgs, opts ...ResourceOption) (*Secret, error)

public Secret(string name, SecretArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

Secret Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The Secret resource accepts the following input properties:

DataJson string: String containing a JSON-encoded object that will be written as the secret data at the given path.
Path string: The full logical path at which to write the given data. To write data into the “generic” secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend’s documentation to see which endpoints support the PUT and DELETE methods.
DisableRead bool: True/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.

DataJson string: String containing a JSON-encoded object that will be written as the secret data at the given path.
Path string: The full logical path at which to write the given data. To write data into the “generic” secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend’s documentation to see which endpoints support the PUT and DELETE methods.
DisableRead bool: True/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.

dataJson string: String containing a JSON-encoded object that will be written as the secret data at the given path.
path string: The full logical path at which to write the given data. To write data into the “generic” secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend’s documentation to see which endpoints support the PUT and DELETE methods.
disableRead boolean: True/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.

data_json str: String containing a JSON-encoded object that will be written as the secret data at the given path.
path str: The full logical path at which to write the given data. To write data into the “generic” secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend’s documentation to see which endpoints support the PUT and DELETE methods.
disable_read bool: True/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.

Outputs

All input properties are implicitly available as output properties. Additionally, the Secret resource produces the following output properties:

Data Dictionary<string, object>: A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
Id string: The provider-assigned unique ID for this managed resource.

Data map[string]interface{}: A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
Id string: The provider-assigned unique ID for this managed resource.

data {[key: string]: any}: A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
id string: The provider-assigned unique ID for this managed resource.

data Dict[str, Any]: A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
id str: The provider-assigned unique ID for this managed resource.

Look up an Existing Secret Resource

Get an existing Secret resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecretState, opts?: CustomResourceOptions): Secret

static get(resource_name, id, opts=None, data=None, data_json=None, disable_read=None, path=None, __props__=None);

func GetSecret(ctx *Context, name string, id IDInput, state *SecretState, opts ...ResourceOption) (*Secret, error)

public static Secret Get(string name, Input<string> id, SecretState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Data Dictionary<string, object>: A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
DataJson string: String containing a JSON-encoded object that will be written as the secret data at the given path.
DisableRead bool: True/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.
Path string: The full logical path at which to write the given data. To write data into the “generic” secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend’s documentation to see which endpoints support the PUT and DELETE methods.

Data map[string]interface{}: A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
DataJson string: String containing a JSON-encoded object that will be written as the secret data at the given path.
DisableRead bool: True/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.
Path string: The full logical path at which to write the given data. To write data into the “generic” secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend’s documentation to see which endpoints support the PUT and DELETE methods.

data {[key: string]: any}: A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
dataJson string: String containing a JSON-encoded object that will be written as the secret data at the given path.
disableRead boolean: True/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.
path string: The full logical path at which to write the given data. To write data into the “generic” secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend’s documentation to see which endpoints support the PUT and DELETE methods.

data Dict[str, Any]: A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
data_json str: String containing a JSON-encoded object that will be written as the secret data at the given path.
disable_read bool: True/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.
path str: The full logical path at which to write the given data. To write data into the “generic” secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend’s documentation to see which endpoints support the PUT and DELETE methods.

Package Details

Repository: https://github.com/pulumi/pulumi-vault
License: Apache-2.0
Notes: This Pulumi package is based on the vault Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud