alicloud.kms.Secret
Explore with Pulumi AI
Provides a KMS Secret resource.
For information about KMS Secret and how to use it, see What is Secret.
NOTE: Available since v1.76.0.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
const config = new pulumi.Config();
const name = config.get("name") || "terraform-example";
const _default = new alicloud.kms.Secret("default", {
secretName: name,
secretData: "Secret data",
versionId: "v1",
forceDeleteWithoutRecovery: true,
});
import pulumi
import pulumi_alicloud as alicloud
config = pulumi.Config()
name = config.get("name")
if name is None:
name = "terraform-example"
default = alicloud.kms.Secret("default",
secret_name=name,
secret_data="Secret data",
version_id="v1",
force_delete_without_recovery=True)
package main
import (
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
name := "terraform-example"
if param := cfg.Get("name"); param != "" {
name = param
}
_, err := kms.NewSecret(ctx, "default", &kms.SecretArgs{
SecretName: pulumi.String(name),
SecretData: pulumi.String("Secret data"),
VersionId: pulumi.String("v1"),
ForceDeleteWithoutRecovery: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var name = config.Get("name") ?? "terraform-example";
var @default = new AliCloud.Kms.Secret("default", new()
{
SecretName = name,
SecretData = "Secret data",
VersionId = "v1",
ForceDeleteWithoutRecovery = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.kms.Secret;
import com.pulumi.alicloud.kms.SecretArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var name = config.get("name").orElse("terraform-example");
var default_ = new Secret("default", SecretArgs.builder()
.secretName(name)
.secretData("Secret data")
.versionId("v1")
.forceDeleteWithoutRecovery(true)
.build());
}
}
configuration:
name:
type: string
default: terraform-example
resources:
default:
type: alicloud:kms:Secret
properties:
secretName: ${name}
secretData: Secret data
versionId: v1
forceDeleteWithoutRecovery: true
Create Secret Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Secret(name: string, args: SecretArgs, opts?: CustomResourceOptions);
@overload
def Secret(resource_name: str,
args: SecretArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Secret(resource_name: str,
opts: Optional[ResourceOptions] = None,
secret_data: Optional[str] = None,
version_id: Optional[str] = None,
secret_name: Optional[str] = None,
rotation_interval: Optional[str] = None,
extended_config: Optional[str] = None,
force_delete_without_recovery: Optional[bool] = None,
policy: Optional[str] = None,
recovery_window_in_days: Optional[int] = None,
description: Optional[str] = None,
encryption_key_id: Optional[str] = None,
secret_data_type: Optional[str] = None,
enable_automatic_rotation: Optional[bool] = None,
secret_type: Optional[str] = None,
tags: Optional[Mapping[str, Any]] = None,
dkms_instance_id: Optional[str] = None,
version_stages: Optional[Sequence[str]] = None)
func NewSecret(ctx *Context, name string, args SecretArgs, opts ...ResourceOption) (*Secret, error)
public Secret(string name, SecretArgs args, CustomResourceOptions? opts = null)
public Secret(String name, SecretArgs args)
public Secret(String name, SecretArgs args, CustomResourceOptions options)
type: alicloud:kms:Secret
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecretArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecretArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecretArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecretArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecretArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var secretResource = new AliCloud.Kms.Secret("secretResource", new()
{
SecretData = "string",
VersionId = "string",
SecretName = "string",
RotationInterval = "string",
ExtendedConfig = "string",
ForceDeleteWithoutRecovery = false,
Policy = "string",
RecoveryWindowInDays = 0,
Description = "string",
EncryptionKeyId = "string",
SecretDataType = "string",
EnableAutomaticRotation = false,
SecretType = "string",
Tags =
{
{ "string", "any" },
},
DkmsInstanceId = "string",
VersionStages = new[]
{
"string",
},
});
example, err := kms.NewSecret(ctx, "secretResource", &kms.SecretArgs{
SecretData: pulumi.String("string"),
VersionId: pulumi.String("string"),
SecretName: pulumi.String("string"),
RotationInterval: pulumi.String("string"),
ExtendedConfig: pulumi.String("string"),
ForceDeleteWithoutRecovery: pulumi.Bool(false),
Policy: pulumi.String("string"),
RecoveryWindowInDays: pulumi.Int(0),
Description: pulumi.String("string"),
EncryptionKeyId: pulumi.String("string"),
SecretDataType: pulumi.String("string"),
EnableAutomaticRotation: pulumi.Bool(false),
SecretType: pulumi.String("string"),
Tags: pulumi.Map{
"string": pulumi.Any("any"),
},
DkmsInstanceId: pulumi.String("string"),
VersionStages: pulumi.StringArray{
pulumi.String("string"),
},
})
var secretResource = new Secret("secretResource", SecretArgs.builder()
.secretData("string")
.versionId("string")
.secretName("string")
.rotationInterval("string")
.extendedConfig("string")
.forceDeleteWithoutRecovery(false)
.policy("string")
.recoveryWindowInDays(0)
.description("string")
.encryptionKeyId("string")
.secretDataType("string")
.enableAutomaticRotation(false)
.secretType("string")
.tags(Map.of("string", "any"))
.dkmsInstanceId("string")
.versionStages("string")
.build());
secret_resource = alicloud.kms.Secret("secretResource",
secret_data="string",
version_id="string",
secret_name="string",
rotation_interval="string",
extended_config="string",
force_delete_without_recovery=False,
policy="string",
recovery_window_in_days=0,
description="string",
encryption_key_id="string",
secret_data_type="string",
enable_automatic_rotation=False,
secret_type="string",
tags={
"string": "any",
},
dkms_instance_id="string",
version_stages=["string"])
const secretResource = new alicloud.kms.Secret("secretResource", {
secretData: "string",
versionId: "string",
secretName: "string",
rotationInterval: "string",
extendedConfig: "string",
forceDeleteWithoutRecovery: false,
policy: "string",
recoveryWindowInDays: 0,
description: "string",
encryptionKeyId: "string",
secretDataType: "string",
enableAutomaticRotation: false,
secretType: "string",
tags: {
string: "any",
},
dkmsInstanceId: "string",
versionStages: ["string"],
});
type: alicloud:kms:Secret
properties:
description: string
dkmsInstanceId: string
enableAutomaticRotation: false
encryptionKeyId: string
extendedConfig: string
forceDeleteWithoutRecovery: false
policy: string
recoveryWindowInDays: 0
rotationInterval: string
secretData: string
secretDataType: string
secretName: string
secretType: string
tags:
string: any
versionId: string
versionStages:
- string
Secret Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Secret resource accepts the following input properties:
- Secret
Data string - The data of the secret. NOTE: From version 1.204.1, attribute
secret_data
updating diff will be ignored whensecret_type
is not Generic. - Secret
Name string - The name of the secret.
- Version
Id string - The version number of the initial version.
- Description string
- The description of the secret.
- Dkms
Instance stringId - The ID of the KMS instance.
- Enable
Automatic boolRotation - Specifies whether to enable automatic rotation. Default value:
false
. Valid values:true
,false
. - Encryption
Key stringId - The ID of the KMS key.
- Extended
Config string - The extended configuration of the secret. For more information, see How to use it.
- Force
Delete boolWithout Recovery - Specifies whether to immediately delete a secret. Default value:
false
. Valid values:true
,false
. - Policy string
- The content of the secret policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
- Recovery
Window intIn Days - Specifies the recovery period of the secret if you do not forcibly delete it. Default value:
30
. NOTE: Ifforce_delete_without_recovery
is set totrue
,recovery_window_in_days
will be ignored. - Rotation
Interval string - The interval for automatic rotation.
- Secret
Data stringType - The type of the secret value. Default value:
text
. Valid values:text
,binary
. - Secret
Type string - The type of the secret. Valid values:
Generic
: Generic secret.Rds
: ApsaraDB RDS secret.RAMCredentials
: RAM secret.ECS
: ECS secret.
- Dictionary<string, object>
- A mapping of tags to assign to the resource.
- Version
Stages List<string> - The stage label that is used to mark the new version.
- Secret
Data string - The data of the secret. NOTE: From version 1.204.1, attribute
secret_data
updating diff will be ignored whensecret_type
is not Generic. - Secret
Name string - The name of the secret.
- Version
Id string - The version number of the initial version.
- Description string
- The description of the secret.
- Dkms
Instance stringId - The ID of the KMS instance.
- Enable
Automatic boolRotation - Specifies whether to enable automatic rotation. Default value:
false
. Valid values:true
,false
. - Encryption
Key stringId - The ID of the KMS key.
- Extended
Config string - The extended configuration of the secret. For more information, see How to use it.
- Force
Delete boolWithout Recovery - Specifies whether to immediately delete a secret. Default value:
false
. Valid values:true
,false
. - Policy string
- The content of the secret policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
- Recovery
Window intIn Days - Specifies the recovery period of the secret if you do not forcibly delete it. Default value:
30
. NOTE: Ifforce_delete_without_recovery
is set totrue
,recovery_window_in_days
will be ignored. - Rotation
Interval string - The interval for automatic rotation.
- Secret
Data stringType - The type of the secret value. Default value:
text
. Valid values:text
,binary
. - Secret
Type string - The type of the secret. Valid values:
Generic
: Generic secret.Rds
: ApsaraDB RDS secret.RAMCredentials
: RAM secret.ECS
: ECS secret.
- map[string]interface{}
- A mapping of tags to assign to the resource.
- Version
Stages []string - The stage label that is used to mark the new version.
- secret
Data String - The data of the secret. NOTE: From version 1.204.1, attribute
secret_data
updating diff will be ignored whensecret_type
is not Generic. - secret
Name String - The name of the secret.
- version
Id String - The version number of the initial version.
- description String
- The description of the secret.
- dkms
Instance StringId - The ID of the KMS instance.
- enable
Automatic BooleanRotation - Specifies whether to enable automatic rotation. Default value:
false
. Valid values:true
,false
. - encryption
Key StringId - The ID of the KMS key.
- extended
Config String - The extended configuration of the secret. For more information, see How to use it.
- force
Delete BooleanWithout Recovery - Specifies whether to immediately delete a secret. Default value:
false
. Valid values:true
,false
. - policy String
- The content of the secret policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
- recovery
Window IntegerIn Days - Specifies the recovery period of the secret if you do not forcibly delete it. Default value:
30
. NOTE: Ifforce_delete_without_recovery
is set totrue
,recovery_window_in_days
will be ignored. - rotation
Interval String - The interval for automatic rotation.
- secret
Data StringType - The type of the secret value. Default value:
text
. Valid values:text
,binary
. - secret
Type String - The type of the secret. Valid values:
Generic
: Generic secret.Rds
: ApsaraDB RDS secret.RAMCredentials
: RAM secret.ECS
: ECS secret.
- Map<String,Object>
- A mapping of tags to assign to the resource.
- version
Stages List<String> - The stage label that is used to mark the new version.
- secret
Data string - The data of the secret. NOTE: From version 1.204.1, attribute
secret_data
updating diff will be ignored whensecret_type
is not Generic. - secret
Name string - The name of the secret.
- version
Id string - The version number of the initial version.
- description string
- The description of the secret.
- dkms
Instance stringId - The ID of the KMS instance.
- enable
Automatic booleanRotation - Specifies whether to enable automatic rotation. Default value:
false
. Valid values:true
,false
. - encryption
Key stringId - The ID of the KMS key.
- extended
Config string - The extended configuration of the secret. For more information, see How to use it.
- force
Delete booleanWithout Recovery - Specifies whether to immediately delete a secret. Default value:
false
. Valid values:true
,false
. - policy string
- The content of the secret policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
- recovery
Window numberIn Days - Specifies the recovery period of the secret if you do not forcibly delete it. Default value:
30
. NOTE: Ifforce_delete_without_recovery
is set totrue
,recovery_window_in_days
will be ignored. - rotation
Interval string - The interval for automatic rotation.
- secret
Data stringType - The type of the secret value. Default value:
text
. Valid values:text
,binary
. - secret
Type string - The type of the secret. Valid values:
Generic
: Generic secret.Rds
: ApsaraDB RDS secret.RAMCredentials
: RAM secret.ECS
: ECS secret.
- {[key: string]: any}
- A mapping of tags to assign to the resource.
- version
Stages string[] - The stage label that is used to mark the new version.
- secret_
data str - The data of the secret. NOTE: From version 1.204.1, attribute
secret_data
updating diff will be ignored whensecret_type
is not Generic. - secret_
name str - The name of the secret.
- version_
id str - The version number of the initial version.
- description str
- The description of the secret.
- dkms_
instance_ strid - The ID of the KMS instance.
- enable_
automatic_ boolrotation - Specifies whether to enable automatic rotation. Default value:
false
. Valid values:true
,false
. - encryption_
key_ strid - The ID of the KMS key.
- extended_
config str - The extended configuration of the secret. For more information, see How to use it.
- force_
delete_ boolwithout_ recovery - Specifies whether to immediately delete a secret. Default value:
false
. Valid values:true
,false
. - policy str
- The content of the secret policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
- recovery_
window_ intin_ days - Specifies the recovery period of the secret if you do not forcibly delete it. Default value:
30
. NOTE: Ifforce_delete_without_recovery
is set totrue
,recovery_window_in_days
will be ignored. - rotation_
interval str - The interval for automatic rotation.
- secret_
data_ strtype - The type of the secret value. Default value:
text
. Valid values:text
,binary
. - secret_
type str - The type of the secret. Valid values:
Generic
: Generic secret.Rds
: ApsaraDB RDS secret.RAMCredentials
: RAM secret.ECS
: ECS secret.
- Mapping[str, Any]
- A mapping of tags to assign to the resource.
- version_
stages Sequence[str] - The stage label that is used to mark the new version.
- secret
Data String - The data of the secret. NOTE: From version 1.204.1, attribute
secret_data
updating diff will be ignored whensecret_type
is not Generic. - secret
Name String - The name of the secret.
- version
Id String - The version number of the initial version.
- description String
- The description of the secret.
- dkms
Instance StringId - The ID of the KMS instance.
- enable
Automatic BooleanRotation - Specifies whether to enable automatic rotation. Default value:
false
. Valid values:true
,false
. - encryption
Key StringId - The ID of the KMS key.
- extended
Config String - The extended configuration of the secret. For more information, see How to use it.
- force
Delete BooleanWithout Recovery - Specifies whether to immediately delete a secret. Default value:
false
. Valid values:true
,false
. - policy String
- The content of the secret policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
- recovery
Window NumberIn Days - Specifies the recovery period of the secret if you do not forcibly delete it. Default value:
30
. NOTE: Ifforce_delete_without_recovery
is set totrue
,recovery_window_in_days
will be ignored. - rotation
Interval String - The interval for automatic rotation.
- secret
Data StringType - The type of the secret value. Default value:
text
. Valid values:text
,binary
. - secret
Type String - The type of the secret. Valid values:
Generic
: Generic secret.Rds
: ApsaraDB RDS secret.RAMCredentials
: RAM secret.ECS
: ECS secret.
- Map<Any>
- A mapping of tags to assign to the resource.
- version
Stages List<String> - The stage label that is used to mark the new version.
Outputs
All input properties are implicitly available as output properties. Additionally, the Secret resource produces the following output properties:
- Arn string
- The ARN of the secret.
- Create
Time string - (Available since v1.224.0) The time when the secret is created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Planned
Delete stringTime - The time when the secret is scheduled to be deleted.
- Arn string
- The ARN of the secret.
- Create
Time string - (Available since v1.224.0) The time when the secret is created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Planned
Delete stringTime - The time when the secret is scheduled to be deleted.
- arn String
- The ARN of the secret.
- create
Time String - (Available since v1.224.0) The time when the secret is created.
- id String
- The provider-assigned unique ID for this managed resource.
- planned
Delete StringTime - The time when the secret is scheduled to be deleted.
- arn string
- The ARN of the secret.
- create
Time string - (Available since v1.224.0) The time when the secret is created.
- id string
- The provider-assigned unique ID for this managed resource.
- planned
Delete stringTime - The time when the secret is scheduled to be deleted.
- arn str
- The ARN of the secret.
- create_
time str - (Available since v1.224.0) The time when the secret is created.
- id str
- The provider-assigned unique ID for this managed resource.
- planned_
delete_ strtime - The time when the secret is scheduled to be deleted.
- arn String
- The ARN of the secret.
- create
Time String - (Available since v1.224.0) The time when the secret is created.
- id String
- The provider-assigned unique ID for this managed resource.
- planned
Delete StringTime - The time when the secret is scheduled to be deleted.
Look up Existing Secret Resource
Get an existing Secret resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecretState, opts?: CustomResourceOptions): Secret
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
create_time: Optional[str] = None,
description: Optional[str] = None,
dkms_instance_id: Optional[str] = None,
enable_automatic_rotation: Optional[bool] = None,
encryption_key_id: Optional[str] = None,
extended_config: Optional[str] = None,
force_delete_without_recovery: Optional[bool] = None,
planned_delete_time: Optional[str] = None,
policy: Optional[str] = None,
recovery_window_in_days: Optional[int] = None,
rotation_interval: Optional[str] = None,
secret_data: Optional[str] = None,
secret_data_type: Optional[str] = None,
secret_name: Optional[str] = None,
secret_type: Optional[str] = None,
tags: Optional[Mapping[str, Any]] = None,
version_id: Optional[str] = None,
version_stages: Optional[Sequence[str]] = None) -> Secret
func GetSecret(ctx *Context, name string, id IDInput, state *SecretState, opts ...ResourceOption) (*Secret, error)
public static Secret Get(string name, Input<string> id, SecretState? state, CustomResourceOptions? opts = null)
public static Secret get(String name, Output<String> id, SecretState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arn string
- The ARN of the secret.
- Create
Time string - (Available since v1.224.0) The time when the secret is created.
- Description string
- The description of the secret.
- Dkms
Instance stringId - The ID of the KMS instance.
- Enable
Automatic boolRotation - Specifies whether to enable automatic rotation. Default value:
false
. Valid values:true
,false
. - Encryption
Key stringId - The ID of the KMS key.
- Extended
Config string - The extended configuration of the secret. For more information, see How to use it.
- Force
Delete boolWithout Recovery - Specifies whether to immediately delete a secret. Default value:
false
. Valid values:true
,false
. - Planned
Delete stringTime - The time when the secret is scheduled to be deleted.
- Policy string
- The content of the secret policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
- Recovery
Window intIn Days - Specifies the recovery period of the secret if you do not forcibly delete it. Default value:
30
. NOTE: Ifforce_delete_without_recovery
is set totrue
,recovery_window_in_days
will be ignored. - Rotation
Interval string - The interval for automatic rotation.
- Secret
Data string - The data of the secret. NOTE: From version 1.204.1, attribute
secret_data
updating diff will be ignored whensecret_type
is not Generic. - Secret
Data stringType - The type of the secret value. Default value:
text
. Valid values:text
,binary
. - Secret
Name string - The name of the secret.
- Secret
Type string - The type of the secret. Valid values:
Generic
: Generic secret.Rds
: ApsaraDB RDS secret.RAMCredentials
: RAM secret.ECS
: ECS secret.
- Dictionary<string, object>
- A mapping of tags to assign to the resource.
- Version
Id string - The version number of the initial version.
- Version
Stages List<string> - The stage label that is used to mark the new version.
- Arn string
- The ARN of the secret.
- Create
Time string - (Available since v1.224.0) The time when the secret is created.
- Description string
- The description of the secret.
- Dkms
Instance stringId - The ID of the KMS instance.
- Enable
Automatic boolRotation - Specifies whether to enable automatic rotation. Default value:
false
. Valid values:true
,false
. - Encryption
Key stringId - The ID of the KMS key.
- Extended
Config string - The extended configuration of the secret. For more information, see How to use it.
- Force
Delete boolWithout Recovery - Specifies whether to immediately delete a secret. Default value:
false
. Valid values:true
,false
. - Planned
Delete stringTime - The time when the secret is scheduled to be deleted.
- Policy string
- The content of the secret policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
- Recovery
Window intIn Days - Specifies the recovery period of the secret if you do not forcibly delete it. Default value:
30
. NOTE: Ifforce_delete_without_recovery
is set totrue
,recovery_window_in_days
will be ignored. - Rotation
Interval string - The interval for automatic rotation.
- Secret
Data string - The data of the secret. NOTE: From version 1.204.1, attribute
secret_data
updating diff will be ignored whensecret_type
is not Generic. - Secret
Data stringType - The type of the secret value. Default value:
text
. Valid values:text
,binary
. - Secret
Name string - The name of the secret.
- Secret
Type string - The type of the secret. Valid values:
Generic
: Generic secret.Rds
: ApsaraDB RDS secret.RAMCredentials
: RAM secret.ECS
: ECS secret.
- map[string]interface{}
- A mapping of tags to assign to the resource.
- Version
Id string - The version number of the initial version.
- Version
Stages []string - The stage label that is used to mark the new version.
- arn String
- The ARN of the secret.
- create
Time String - (Available since v1.224.0) The time when the secret is created.
- description String
- The description of the secret.
- dkms
Instance StringId - The ID of the KMS instance.
- enable
Automatic BooleanRotation - Specifies whether to enable automatic rotation. Default value:
false
. Valid values:true
,false
. - encryption
Key StringId - The ID of the KMS key.
- extended
Config String - The extended configuration of the secret. For more information, see How to use it.
- force
Delete BooleanWithout Recovery - Specifies whether to immediately delete a secret. Default value:
false
. Valid values:true
,false
. - planned
Delete StringTime - The time when the secret is scheduled to be deleted.
- policy String
- The content of the secret policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
- recovery
Window IntegerIn Days - Specifies the recovery period of the secret if you do not forcibly delete it. Default value:
30
. NOTE: Ifforce_delete_without_recovery
is set totrue
,recovery_window_in_days
will be ignored. - rotation
Interval String - The interval for automatic rotation.
- secret
Data String - The data of the secret. NOTE: From version 1.204.1, attribute
secret_data
updating diff will be ignored whensecret_type
is not Generic. - secret
Data StringType - The type of the secret value. Default value:
text
. Valid values:text
,binary
. - secret
Name String - The name of the secret.
- secret
Type String - The type of the secret. Valid values:
Generic
: Generic secret.Rds
: ApsaraDB RDS secret.RAMCredentials
: RAM secret.ECS
: ECS secret.
- Map<String,Object>
- A mapping of tags to assign to the resource.
- version
Id String - The version number of the initial version.
- version
Stages List<String> - The stage label that is used to mark the new version.
- arn string
- The ARN of the secret.
- create
Time string - (Available since v1.224.0) The time when the secret is created.
- description string
- The description of the secret.
- dkms
Instance stringId - The ID of the KMS instance.
- enable
Automatic booleanRotation - Specifies whether to enable automatic rotation. Default value:
false
. Valid values:true
,false
. - encryption
Key stringId - The ID of the KMS key.
- extended
Config string - The extended configuration of the secret. For more information, see How to use it.
- force
Delete booleanWithout Recovery - Specifies whether to immediately delete a secret. Default value:
false
. Valid values:true
,false
. - planned
Delete stringTime - The time when the secret is scheduled to be deleted.
- policy string
- The content of the secret policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
- recovery
Window numberIn Days - Specifies the recovery period of the secret if you do not forcibly delete it. Default value:
30
. NOTE: Ifforce_delete_without_recovery
is set totrue
,recovery_window_in_days
will be ignored. - rotation
Interval string - The interval for automatic rotation.
- secret
Data string - The data of the secret. NOTE: From version 1.204.1, attribute
secret_data
updating diff will be ignored whensecret_type
is not Generic. - secret
Data stringType - The type of the secret value. Default value:
text
. Valid values:text
,binary
. - secret
Name string - The name of the secret.
- secret
Type string - The type of the secret. Valid values:
Generic
: Generic secret.Rds
: ApsaraDB RDS secret.RAMCredentials
: RAM secret.ECS
: ECS secret.
- {[key: string]: any}
- A mapping of tags to assign to the resource.
- version
Id string - The version number of the initial version.
- version
Stages string[] - The stage label that is used to mark the new version.
- arn str
- The ARN of the secret.
- create_
time str - (Available since v1.224.0) The time when the secret is created.
- description str
- The description of the secret.
- dkms_
instance_ strid - The ID of the KMS instance.
- enable_
automatic_ boolrotation - Specifies whether to enable automatic rotation. Default value:
false
. Valid values:true
,false
. - encryption_
key_ strid - The ID of the KMS key.
- extended_
config str - The extended configuration of the secret. For more information, see How to use it.
- force_
delete_ boolwithout_ recovery - Specifies whether to immediately delete a secret. Default value:
false
. Valid values:true
,false
. - planned_
delete_ strtime - The time when the secret is scheduled to be deleted.
- policy str
- The content of the secret policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
- recovery_
window_ intin_ days - Specifies the recovery period of the secret if you do not forcibly delete it. Default value:
30
. NOTE: Ifforce_delete_without_recovery
is set totrue
,recovery_window_in_days
will be ignored. - rotation_
interval str - The interval for automatic rotation.
- secret_
data str - The data of the secret. NOTE: From version 1.204.1, attribute
secret_data
updating diff will be ignored whensecret_type
is not Generic. - secret_
data_ strtype - The type of the secret value. Default value:
text
. Valid values:text
,binary
. - secret_
name str - The name of the secret.
- secret_
type str - The type of the secret. Valid values:
Generic
: Generic secret.Rds
: ApsaraDB RDS secret.RAMCredentials
: RAM secret.ECS
: ECS secret.
- Mapping[str, Any]
- A mapping of tags to assign to the resource.
- version_
id str - The version number of the initial version.
- version_
stages Sequence[str] - The stage label that is used to mark the new version.
- arn String
- The ARN of the secret.
- create
Time String - (Available since v1.224.0) The time when the secret is created.
- description String
- The description of the secret.
- dkms
Instance StringId - The ID of the KMS instance.
- enable
Automatic BooleanRotation - Specifies whether to enable automatic rotation. Default value:
false
. Valid values:true
,false
. - encryption
Key StringId - The ID of the KMS key.
- extended
Config String - The extended configuration of the secret. For more information, see How to use it.
- force
Delete BooleanWithout Recovery - Specifies whether to immediately delete a secret. Default value:
false
. Valid values:true
,false
. - planned
Delete StringTime - The time when the secret is scheduled to be deleted.
- policy String
- The content of the secret policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
- recovery
Window NumberIn Days - Specifies the recovery period of the secret if you do not forcibly delete it. Default value:
30
. NOTE: Ifforce_delete_without_recovery
is set totrue
,recovery_window_in_days
will be ignored. - rotation
Interval String - The interval for automatic rotation.
- secret
Data String - The data of the secret. NOTE: From version 1.204.1, attribute
secret_data
updating diff will be ignored whensecret_type
is not Generic. - secret
Data StringType - The type of the secret value. Default value:
text
. Valid values:text
,binary
. - secret
Name String - The name of the secret.
- secret
Type String - The type of the secret. Valid values:
Generic
: Generic secret.Rds
: ApsaraDB RDS secret.RAMCredentials
: RAM secret.ECS
: ECS secret.
- Map<Any>
- A mapping of tags to assign to the resource.
- version
Id String - The version number of the initial version.
- version
Stages List<String> - The stage label that is used to mark the new version.
Import
KMS Secret can be imported using the id, e.g.
$ pulumi import alicloud:kms/secret:Secret example <id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Alibaba Cloud pulumi/pulumi-alicloud
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
alicloud
Terraform Provider.