HashiCorp Vault v6.2.0, Jun 21 24

HashiCorp Vault v6.2.0 published on Friday, Jun 21, 2024 by Pulumi

vault.generic.Secret

Explore with Pulumi AI

HashiCorp Vault v6.2.0 published on Friday, Jun 21, 2024 by Pulumi

pulumi/pulumi-vault

Import

Generic secrets can be imported using the path, e.g.

$ pulumi import vault:generic/secret:Secret example secret/foo

Create Secret Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Secret(name: string, args: SecretArgs, opts?: CustomResourceOptions);

@overload
def Secret(resource_name: str,
           args: SecretArgs,
           opts: Optional[ResourceOptions] = None)

@overload
def Secret(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           data_json: Optional[str] = None,
           path: Optional[str] = None,
           delete_all_versions: Optional[bool] = None,
           disable_read: Optional[bool] = None,
           namespace: Optional[str] = None)

func NewSecret(ctx *Context, name string, args SecretArgs, opts ...ResourceOption) (*Secret, error)

public Secret(string name, SecretArgs args, CustomResourceOptions? opts = null)

public Secret(String name, SecretArgs args)
public Secret(String name, SecretArgs args, CustomResourceOptions options)

type: vault:generic:Secret
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var secretResource = new Vault.Generic.Secret("secretResource", new()
{
    DataJson = "string",
    Path = "string",
    DeleteAllVersions = false,
    DisableRead = false,
    Namespace = "string",
});

example, err := generic.NewSecret(ctx, "secretResource", &generic.SecretArgs{
	DataJson:          pulumi.String("string"),
	Path:              pulumi.String("string"),
	DeleteAllVersions: pulumi.Bool(false),
	DisableRead:       pulumi.Bool(false),
	Namespace:         pulumi.String("string"),
})

var secretResource = new Secret("secretResource", SecretArgs.builder()
    .dataJson("string")
    .path("string")
    .deleteAllVersions(false)
    .disableRead(false)
    .namespace("string")
    .build());

secret_resource = vault.generic.Secret("secretResource",
    data_json="string",
    path="string",
    delete_all_versions=False,
    disable_read=False,
    namespace="string")

const secretResource = new vault.generic.Secret("secretResource", {
    dataJson: "string",
    path: "string",
    deleteAllVersions: false,
    disableRead: false,
    namespace: "string",
});

type: vault:generic:Secret
properties:
    dataJson: string
    deleteAllVersions: false
    disableRead: false
    namespace: string
    path: string

Secret Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Secret resource accepts the following input properties:

DataJson string: String containing a JSON-encoded object that will be written as the secret data at the given path.
Path string: The full logical path at which to write the given data. To write data into the "generic" secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend's documentation to see which endpoints support the PUT and DELETE methods.
DeleteAllVersions bool: true/false. Only applicable for kv-v2 stores. If set to true, permanently deletes all versions for the specified key. The default behavior is to only delete the latest version of the secret.
DisableRead bool: true/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.
Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

DataJson string: String containing a JSON-encoded object that will be written as the secret data at the given path.
Path string: The full logical path at which to write the given data. To write data into the "generic" secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend's documentation to see which endpoints support the PUT and DELETE methods.
DeleteAllVersions bool: true/false. Only applicable for kv-v2 stores. If set to true, permanently deletes all versions for the specified key. The default behavior is to only delete the latest version of the secret.
DisableRead bool: true/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.
Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

dataJson String: String containing a JSON-encoded object that will be written as the secret data at the given path.
path String: The full logical path at which to write the given data. To write data into the "generic" secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend's documentation to see which endpoints support the PUT and DELETE methods.
deleteAllVersions Boolean: true/false. Only applicable for kv-v2 stores. If set to true, permanently deletes all versions for the specified key. The default behavior is to only delete the latest version of the secret.
disableRead Boolean: true/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.
namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

dataJson string: String containing a JSON-encoded object that will be written as the secret data at the given path.
path string: The full logical path at which to write the given data. To write data into the "generic" secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend's documentation to see which endpoints support the PUT and DELETE methods.
deleteAllVersions boolean: true/false. Only applicable for kv-v2 stores. If set to true, permanently deletes all versions for the specified key. The default behavior is to only delete the latest version of the secret.
disableRead boolean: true/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.
namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

data_json str: String containing a JSON-encoded object that will be written as the secret data at the given path.
path str: The full logical path at which to write the given data. To write data into the "generic" secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend's documentation to see which endpoints support the PUT and DELETE methods.
delete_all_versions bool: true/false. Only applicable for kv-v2 stores. If set to true, permanently deletes all versions for the specified key. The default behavior is to only delete the latest version of the secret.
disable_read bool: true/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.
namespace str: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

dataJson String: String containing a JSON-encoded object that will be written as the secret data at the given path.
path String: The full logical path at which to write the given data. To write data into the "generic" secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend's documentation to see which endpoints support the PUT and DELETE methods.
deleteAllVersions Boolean: true/false. Only applicable for kv-v2 stores. If set to true, permanently deletes all versions for the specified key. The default behavior is to only delete the latest version of the secret.
disableRead Boolean: true/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.
namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

Outputs

All input properties are implicitly available as output properties. Additionally, the Secret resource produces the following output properties:

Data Dictionary<string, object>: A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
Id string: The provider-assigned unique ID for this managed resource.

Data map[string]interface{}: A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
Id string: The provider-assigned unique ID for this managed resource.

data Map<String,Object>: A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
id String: The provider-assigned unique ID for this managed resource.

data {[key: string]: any}: A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
id string: The provider-assigned unique ID for this managed resource.

data Mapping[str, Any]: A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
id str: The provider-assigned unique ID for this managed resource.

data Map<Any>: A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
id String: The provider-assigned unique ID for this managed resource.

Look up Existing Secret Resource

Get an existing Secret resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecretState, opts?: CustomResourceOptions): Secret

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        data: Optional[Mapping[str, Any]] = None,
        data_json: Optional[str] = None,
        delete_all_versions: Optional[bool] = None,
        disable_read: Optional[bool] = None,
        namespace: Optional[str] = None,
        path: Optional[str] = None) -> Secret

func GetSecret(ctx *Context, name string, id IDInput, state *SecretState, opts ...ResourceOption) (*Secret, error)

public static Secret Get(string name, Input<string> id, SecretState? state, CustomResourceOptions? opts = null)

public static Secret get(String name, Output<String> id, SecretState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Data Dictionary<string, object>: A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
DataJson string: String containing a JSON-encoded object that will be written as the secret data at the given path.
DeleteAllVersions bool: true/false. Only applicable for kv-v2 stores. If set to true, permanently deletes all versions for the specified key. The default behavior is to only delete the latest version of the secret.
DisableRead bool: true/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.
Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
Path string: The full logical path at which to write the given data. To write data into the "generic" secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend's documentation to see which endpoints support the PUT and DELETE methods.

Data map[string]interface{}: A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
DataJson string: String containing a JSON-encoded object that will be written as the secret data at the given path.
DeleteAllVersions bool: true/false. Only applicable for kv-v2 stores. If set to true, permanently deletes all versions for the specified key. The default behavior is to only delete the latest version of the secret.
DisableRead bool: true/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.
Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
Path string: The full logical path at which to write the given data. To write data into the "generic" secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend's documentation to see which endpoints support the PUT and DELETE methods.

data Map<String,Object>: A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
dataJson String: String containing a JSON-encoded object that will be written as the secret data at the given path.
deleteAllVersions Boolean: true/false. Only applicable for kv-v2 stores. If set to true, permanently deletes all versions for the specified key. The default behavior is to only delete the latest version of the secret.
disableRead Boolean: true/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.
namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
path String: The full logical path at which to write the given data. To write data into the "generic" secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend's documentation to see which endpoints support the PUT and DELETE methods.

data {[key: string]: any}: A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
dataJson string: String containing a JSON-encoded object that will be written as the secret data at the given path.
deleteAllVersions boolean: true/false. Only applicable for kv-v2 stores. If set to true, permanently deletes all versions for the specified key. The default behavior is to only delete the latest version of the secret.
disableRead boolean: true/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.
namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
path string: The full logical path at which to write the given data. To write data into the "generic" secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend's documentation to see which endpoints support the PUT and DELETE methods.

data Mapping[str, Any]: A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
data_json str: String containing a JSON-encoded object that will be written as the secret data at the given path.
delete_all_versions bool: true/false. Only applicable for kv-v2 stores. If set to true, permanently deletes all versions for the specified key. The default behavior is to only delete the latest version of the secret.
disable_read bool: true/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.
namespace str: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
path str: The full logical path at which to write the given data. To write data into the "generic" secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend's documentation to see which endpoints support the PUT and DELETE methods.

data Map<Any>: A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
dataJson String: String containing a JSON-encoded object that will be written as the secret data at the given path.
deleteAllVersions Boolean: true/false. Only applicable for kv-v2 stores. If set to true, permanently deletes all versions for the specified key. The default behavior is to only delete the latest version of the secret.
disableRead Boolean: true/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.
namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
path String: The full logical path at which to write the given data. To write data into the "generic" secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend's documentation to see which endpoints support the PUT and DELETE methods.

Package Details

Repository: Vault pulumi/pulumi-vault
License: Apache-2.0
Notes: This Pulumi package is based on the vault Terraform Provider.

HashiCorp Vault v6.2.0 published on Friday, Jun 21, 2024 by Pulumi

pulumi/pulumi-vault

vault.generic.Secret

On this page

On this page

Import

Create Secret Resource

Constructor syntax

Parameters

Constructor example

Secret Resource Properties

Inputs

Outputs

Look up Existing Secret Resource

Package Details

On this page

On this page