Secret

Import

Generic secrets can be imported using the path, e.g.

 $ pulumi import vault:generic/secret:Secret example secret/foo

Create a Secret Resource

new Secret(name: string, args: SecretArgs, opts?: CustomResourceOptions);
@overload
def Secret(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           data_json: Optional[str] = None,
           disable_read: Optional[bool] = None,
           path: Optional[str] = None)
@overload
def Secret(resource_name: str,
           args: SecretArgs,
           opts: Optional[ResourceOptions] = None)
func NewSecret(ctx *Context, name string, args SecretArgs, opts ...ResourceOption) (*Secret, error)
public Secret(string name, SecretArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args SecretArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args SecretArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args SecretArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args SecretArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

Secret Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The Secret resource accepts the following input properties:

DataJson string
String containing a JSON-encoded object that will be written as the secret data at the given path.
Path string
The full logical path at which to write the given data. To write data into the “generic” secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend’s documentation to see which endpoints support the PUT and DELETE methods.
DisableRead bool
True/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.
DataJson string
String containing a JSON-encoded object that will be written as the secret data at the given path.
Path string
The full logical path at which to write the given data. To write data into the “generic” secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend’s documentation to see which endpoints support the PUT and DELETE methods.
DisableRead bool
True/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.
dataJson string
String containing a JSON-encoded object that will be written as the secret data at the given path.
path string
The full logical path at which to write the given data. To write data into the “generic” secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend’s documentation to see which endpoints support the PUT and DELETE methods.
disableRead boolean
True/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.
data_json str
String containing a JSON-encoded object that will be written as the secret data at the given path.
path str
The full logical path at which to write the given data. To write data into the “generic” secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend’s documentation to see which endpoints support the PUT and DELETE methods.
disable_read bool
True/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.

Outputs

All input properties are implicitly available as output properties. Additionally, the Secret resource produces the following output properties:

Data Dictionary<string, object>
A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
Id string
The provider-assigned unique ID for this managed resource.
Data map[string]interface{}
A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
Id string
The provider-assigned unique ID for this managed resource.
data {[key: string]: any}
A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
id string
The provider-assigned unique ID for this managed resource.
data Mapping[str, Any]
A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
id str
The provider-assigned unique ID for this managed resource.

Look up an Existing Secret Resource

Get an existing Secret resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecretState, opts?: CustomResourceOptions): Secret
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        data: Optional[Mapping[str, Any]] = None,
        data_json: Optional[str] = None,
        disable_read: Optional[bool] = None,
        path: Optional[str] = None) -> Secret
func GetSecret(ctx *Context, name string, id IDInput, state *SecretState, opts ...ResourceOption) (*Secret, error)
public static Secret Get(string name, Input<string> id, SecretState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

Data Dictionary<string, object>
A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
DataJson string
String containing a JSON-encoded object that will be written as the secret data at the given path.
DisableRead bool
True/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.
Path string
The full logical path at which to write the given data. To write data into the “generic” secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend’s documentation to see which endpoints support the PUT and DELETE methods.
Data map[string]interface{}
A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
DataJson string
String containing a JSON-encoded object that will be written as the secret data at the given path.
DisableRead bool
True/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.
Path string
The full logical path at which to write the given data. To write data into the “generic” secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend’s documentation to see which endpoints support the PUT and DELETE methods.
data {[key: string]: any}
A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
dataJson string
String containing a JSON-encoded object that will be written as the secret data at the given path.
disableRead boolean
True/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.
path string
The full logical path at which to write the given data. To write data into the “generic” secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend’s documentation to see which endpoints support the PUT and DELETE methods.
data Mapping[str, Any]
A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
data_json str
String containing a JSON-encoded object that will be written as the secret data at the given path.
disable_read bool
True/false. Set this to true if your vault authentication is not able to read the data. Setting this to true will break drift detection. Defaults to false.
path str
The full logical path at which to write the given data. To write data into the “generic” secret backend mounted in Vault by default, this should be prefixed with secret/. Writing to other backends with this resource is possible; consult each backend’s documentation to see which endpoints support the PUT and DELETE methods.

Package Details

Repository
https://github.com/pulumi/pulumi-vault
License
Apache-2.0
Notes
This Pulumi package is based on the vault Terraform Provider.