getAclTokenSecretId

Consul v3.14.1, Mar 30 26

Viewing docs for Consul v3.14.1
published on Monday, Mar 30, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-consul

Viewing docs for Consul v3.14.1
published on Monday, Mar 30, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-consul

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as consul from "@pulumi/consul";

const test = new consul.AclPolicy("test", {
    name: "test",
    rules: "node \"\" { policy = \"read\" }",
    datacenters: ["dc1"],
});
const testAclToken = new consul.AclToken("test", {
    description: "test",
    policies: [test.name],
    local: true,
});
const read = consul.getAclTokenSecretIdOutput({
    accessorId: testAclToken.id,
    pgpKey: "keybase:my_username",
});
export const consulAclTokenSecretId = read.apply(read => read.encryptedSecretId);

import pulumi
import pulumi_consul as consul

test = consul.AclPolicy("test",
    name="test",
    rules="node \"\" { policy = \"read\" }",
    datacenters=["dc1"])
test_acl_token = consul.AclToken("test",
    description="test",
    policies=[test.name],
    local=True)
read = consul.get_acl_token_secret_id_output(accessor_id=test_acl_token.id,
    pgp_key="keybase:my_username")
pulumi.export("consulAclTokenSecretId", read.encrypted_secret_id)

package main

import (
	"github.com/pulumi/pulumi-consul/sdk/v3/go/consul"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		test, err := consul.NewAclPolicy(ctx, "test", &consul.AclPolicyArgs{
			Name:  pulumi.String("test"),
			Rules: pulumi.String("node \"\" { policy = \"read\" }"),
			Datacenters: pulumi.StringArray{
				pulumi.String("dc1"),
			},
		})
		if err != nil {
			return err
		}
		testAclToken, err := consul.NewAclToken(ctx, "test", &consul.AclTokenArgs{
			Description: pulumi.String("test"),
			Policies: pulumi.StringArray{
				test.Name,
			},
			Local: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		read := consul.GetAclTokenSecretIdOutput(ctx, consul.GetAclTokenSecretIdOutputArgs{
			AccessorId: testAclToken.ID(),
			PgpKey:     pulumi.String("keybase:my_username"),
		}, nil)
		ctx.Export("consulAclTokenSecretId", read.ApplyT(func(read consul.GetAclTokenSecretIdResult) (*string, error) {
			return &read.EncryptedSecretId, nil
		}).(pulumi.StringPtrOutput))
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Consul = Pulumi.Consul;

return await Deployment.RunAsync(() => 
{
    var test = new Consul.AclPolicy("test", new()
    {
        Name = "test",
        Rules = "node \"\" { policy = \"read\" }",
        Datacenters = new[]
        {
            "dc1",
        },
    });

    var testAclToken = new Consul.AclToken("test", new()
    {
        Description = "test",
        Policies = new[]
        {
            test.Name,
        },
        Local = true,
    });

    var read = Consul.GetAclTokenSecretId.Invoke(new()
    {
        AccessorId = testAclToken.Id,
        PgpKey = "keybase:my_username",
    });

    return new Dictionary<string, object?>
    {
        ["consulAclTokenSecretId"] = read.Apply(getAclTokenSecretIdResult => getAclTokenSecretIdResult.EncryptedSecretId),
    };
});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.consul.AclPolicy;
import com.pulumi.consul.AclPolicyArgs;
import com.pulumi.consul.AclToken;
import com.pulumi.consul.AclTokenArgs;
import com.pulumi.consul.ConsulFunctions;
import com.pulumi.consul.inputs.GetAclTokenSecretIdArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var test = new AclPolicy("test", AclPolicyArgs.builder()
            .name("test")
            .rules("node \"\" { policy = \"read\" }")
            .datacenters("dc1")
            .build());

        var testAclToken = new AclToken("testAclToken", AclTokenArgs.builder()
            .description("test")
            .policies(test.name())
            .local(true)
            .build());

        final var read = ConsulFunctions.getAclTokenSecretId(GetAclTokenSecretIdArgs.builder()
            .accessorId(testAclToken.id())
            .pgpKey("keybase:my_username")
            .build());

        ctx.export("consulAclTokenSecretId", read.applyValue(_read -> _read.encryptedSecretId()));
    }
}

resources:
  test:
    type: consul:AclPolicy
    properties:
      name: test
      rules: node "" { policy = "read" }
      datacenters:
        - dc1
  testAclToken:
    type: consul:AclToken
    name: test
    properties:
      description: test
      policies:
        - ${test.name}
      local: true
variables:
  read:
    fn::invoke:
      function: consul:getAclTokenSecretId
      arguments:
        accessorId: ${testAclToken.id}
        pgpKey: keybase:my_username
outputs:
  consulAclTokenSecretId: ${read.encryptedSecretId}

Using getAclTokenSecretId

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getAclTokenSecretId(args: GetAclTokenSecretIdArgs, opts?: InvokeOptions): Promise<GetAclTokenSecretIdResult>
function getAclTokenSecretIdOutput(args: GetAclTokenSecretIdOutputArgs, opts?: InvokeOptions): Output<GetAclTokenSecretIdResult>

def get_acl_token_secret_id(accessor_id: Optional[str] = None,
                            namespace: Optional[str] = None,
                            partition: Optional[str] = None,
                            pgp_key: Optional[str] = None,
                            opts: Optional[InvokeOptions] = None) -> GetAclTokenSecretIdResult
def get_acl_token_secret_id_output(accessor_id: Optional[pulumi.Input[str]] = None,
                            namespace: Optional[pulumi.Input[str]] = None,
                            partition: Optional[pulumi.Input[str]] = None,
                            pgp_key: Optional[pulumi.Input[str]] = None,
                            opts: Optional[InvokeOptions] = None) -> Output[GetAclTokenSecretIdResult]

func GetAclTokenSecretId(ctx *Context, args *GetAclTokenSecretIdArgs, opts ...InvokeOption) (*GetAclTokenSecretIdResult, error)
func GetAclTokenSecretIdOutput(ctx *Context, args *GetAclTokenSecretIdOutputArgs, opts ...InvokeOption) GetAclTokenSecretIdResultOutput

> Note: This function is named GetAclTokenSecretId in the Go SDK.

public static class GetAclTokenSecretId 
{
    public static Task<GetAclTokenSecretIdResult> InvokeAsync(GetAclTokenSecretIdArgs args, InvokeOptions? opts = null)
    public static Output<GetAclTokenSecretIdResult> Invoke(GetAclTokenSecretIdInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetAclTokenSecretIdResult> getAclTokenSecretId(GetAclTokenSecretIdArgs args, InvokeOptions options)
public static Output<GetAclTokenSecretIdResult> getAclTokenSecretId(GetAclTokenSecretIdArgs args, InvokeOptions options)

fn::invoke:
  function: consul:index/getAclTokenSecretId:getAclTokenSecretId
  arguments:
    # arguments dictionary

The following arguments are supported:

AccessorId string: The accessor ID of the ACL token.
Namespace string: The namespace to lookup the token.
Partition string: The partition to lookup the token.
PgpKey string: Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists. If you do not set this argument, the token secret ID will be written as plain text in the Terraform state.

AccessorId string: The accessor ID of the ACL token.
Namespace string: The namespace to lookup the token.
Partition string: The partition to lookup the token.
PgpKey string: Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists. If you do not set this argument, the token secret ID will be written as plain text in the Terraform state.

accessorId String: The accessor ID of the ACL token.
namespace String: The namespace to lookup the token.
partition String: The partition to lookup the token.
pgpKey String: Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists. If you do not set this argument, the token secret ID will be written as plain text in the Terraform state.

accessorId string: The accessor ID of the ACL token.
namespace string: The namespace to lookup the token.
partition string: The partition to lookup the token.
pgpKey string: Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists. If you do not set this argument, the token secret ID will be written as plain text in the Terraform state.

accessor_id str: The accessor ID of the ACL token.
namespace str: The namespace to lookup the token.
partition str: The partition to lookup the token.
pgp_key str: Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists. If you do not set this argument, the token secret ID will be written as plain text in the Terraform state.

accessorId String: The accessor ID of the ACL token.
namespace String: The namespace to lookup the token.
partition String: The partition to lookup the token.
pgpKey String: Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists. If you do not set this argument, the token secret ID will be written as plain text in the Terraform state.