akeyless 1.9.0, Apr 14 25

akeyless 1.9.0 published on Monday, Apr 14, 2025 by akeyless-community

akeyless-community/terraform-provider-akeyless

akeyless.DynamicSecretK8s

Explore with Pulumi AI

akeyless 1.9.0 published on Monday, Apr 14, 2025 by akeyless-community

akeyless-community/terraform-provider-akeyless

Create DynamicSecretK8s Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new DynamicSecretK8s(name: string, args?: DynamicSecretK8sArgs, opts?: CustomResourceOptions);

@overload
def DynamicSecretK8s(resource_name: str,
                     args: Optional[DynamicSecretK8sArgs] = None,
                     opts: Optional[ResourceOptions] = None)

@overload
def DynamicSecretK8s(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     delete_protection: Optional[str] = None,
                     dynamic_secret_k8s_id: Optional[str] = None,
                     encryption_key_name: Optional[str] = None,
                     k8s_allowed_namespaces: Optional[str] = None,
                     k8s_cluster_ca_cert: Optional[str] = None,
                     k8s_cluster_endpoint: Optional[str] = None,
                     k8s_cluster_token: Optional[str] = None,
                     k8s_namespace: Optional[str] = None,
                     k8s_predefined_role_name: Optional[str] = None,
                     k8s_predefined_role_type: Optional[str] = None,
                     k8s_service_account: Optional[str] = None,
                     k8s_service_account_type: Optional[str] = None,
                     name: Optional[str] = None,
                     secure_access_allow_port_forwading: Optional[bool] = None,
                     secure_access_bastion_issuer: Optional[str] = None,
                     secure_access_cluster_endpoint: Optional[str] = None,
                     secure_access_dashboard_url: Optional[str] = None,
                     secure_access_enable: Optional[str] = None,
                     secure_access_web: Optional[bool] = None,
                     secure_access_web_browsing: Optional[bool] = None,
                     secure_access_web_proxy: Optional[bool] = None,
                     tags: Optional[Sequence[str]] = None,
                     target_name: Optional[str] = None,
                     user_ttl: Optional[str] = None)

func NewDynamicSecretK8s(ctx *Context, name string, args *DynamicSecretK8sArgs, opts ...ResourceOption) (*DynamicSecretK8s, error)

public DynamicSecretK8s(string name, DynamicSecretK8sArgs? args = null, CustomResourceOptions? opts = null)

public DynamicSecretK8s(String name, DynamicSecretK8sArgs args)
public DynamicSecretK8s(String name, DynamicSecretK8sArgs args, CustomResourceOptions options)

type: akeyless:DynamicSecretK8s
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args DynamicSecretK8sArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args DynamicSecretK8sArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args DynamicSecretK8sArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args DynamicSecretK8sArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args DynamicSecretK8sArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var dynamicSecretK8sResource = new Akeyless.DynamicSecretK8s("dynamicSecretK8sResource", new()
{
    DeleteProtection = "string",
    DynamicSecretK8sId = "string",
    EncryptionKeyName = "string",
    K8sAllowedNamespaces = "string",
    K8sClusterCaCert = "string",
    K8sClusterEndpoint = "string",
    K8sClusterToken = "string",
    K8sNamespace = "string",
    K8sPredefinedRoleName = "string",
    K8sPredefinedRoleType = "string",
    K8sServiceAccount = "string",
    K8sServiceAccountType = "string",
    Name = "string",
    SecureAccessAllowPortForwading = false,
    SecureAccessBastionIssuer = "string",
    SecureAccessClusterEndpoint = "string",
    SecureAccessDashboardUrl = "string",
    SecureAccessEnable = "string",
    SecureAccessWeb = false,
    SecureAccessWebBrowsing = false,
    SecureAccessWebProxy = false,
    Tags = new[]
    {
        "string",
    },
    TargetName = "string",
    UserTtl = "string",
});

example, err := akeyless.NewDynamicSecretK8s(ctx, "dynamicSecretK8sResource", &akeyless.DynamicSecretK8sArgs{
	DeleteProtection:               pulumi.String("string"),
	DynamicSecretK8sId:             pulumi.String("string"),
	EncryptionKeyName:              pulumi.String("string"),
	K8sAllowedNamespaces:           pulumi.String("string"),
	K8sClusterCaCert:               pulumi.String("string"),
	K8sClusterEndpoint:             pulumi.String("string"),
	K8sClusterToken:                pulumi.String("string"),
	K8sNamespace:                   pulumi.String("string"),
	K8sPredefinedRoleName:          pulumi.String("string"),
	K8sPredefinedRoleType:          pulumi.String("string"),
	K8sServiceAccount:              pulumi.String("string"),
	K8sServiceAccountType:          pulumi.String("string"),
	Name:                           pulumi.String("string"),
	SecureAccessAllowPortForwading: pulumi.Bool(false),
	SecureAccessBastionIssuer:      pulumi.String("string"),
	SecureAccessClusterEndpoint:    pulumi.String("string"),
	SecureAccessDashboardUrl:       pulumi.String("string"),
	SecureAccessEnable:             pulumi.String("string"),
	SecureAccessWeb:                pulumi.Bool(false),
	SecureAccessWebBrowsing:        pulumi.Bool(false),
	SecureAccessWebProxy:           pulumi.Bool(false),
	Tags: pulumi.StringArray{
		pulumi.String("string"),
	},
	TargetName: pulumi.String("string"),
	UserTtl:    pulumi.String("string"),
})

var dynamicSecretK8sResource = new DynamicSecretK8s("dynamicSecretK8sResource", DynamicSecretK8sArgs.builder()
    .deleteProtection("string")
    .dynamicSecretK8sId("string")
    .encryptionKeyName("string")
    .k8sAllowedNamespaces("string")
    .k8sClusterCaCert("string")
    .k8sClusterEndpoint("string")
    .k8sClusterToken("string")
    .k8sNamespace("string")
    .k8sPredefinedRoleName("string")
    .k8sPredefinedRoleType("string")
    .k8sServiceAccount("string")
    .k8sServiceAccountType("string")
    .name("string")
    .secureAccessAllowPortForwading(false)
    .secureAccessBastionIssuer("string")
    .secureAccessClusterEndpoint("string")
    .secureAccessDashboardUrl("string")
    .secureAccessEnable("string")
    .secureAccessWeb(false)
    .secureAccessWebBrowsing(false)
    .secureAccessWebProxy(false)
    .tags("string")
    .targetName("string")
    .userTtl("string")
    .build());

dynamic_secret_k8s_resource = akeyless.DynamicSecretK8s("dynamicSecretK8sResource",
    delete_protection="string",
    dynamic_secret_k8s_id="string",
    encryption_key_name="string",
    k8s_allowed_namespaces="string",
    k8s_cluster_ca_cert="string",
    k8s_cluster_endpoint="string",
    k8s_cluster_token="string",
    k8s_namespace="string",
    k8s_predefined_role_name="string",
    k8s_predefined_role_type="string",
    k8s_service_account="string",
    k8s_service_account_type="string",
    name="string",
    secure_access_allow_port_forwading=False,
    secure_access_bastion_issuer="string",
    secure_access_cluster_endpoint="string",
    secure_access_dashboard_url="string",
    secure_access_enable="string",
    secure_access_web=False,
    secure_access_web_browsing=False,
    secure_access_web_proxy=False,
    tags=["string"],
    target_name="string",
    user_ttl="string")

const dynamicSecretK8sResource = new akeyless.DynamicSecretK8s("dynamicSecretK8sResource", {
    deleteProtection: "string",
    dynamicSecretK8sId: "string",
    encryptionKeyName: "string",
    k8sAllowedNamespaces: "string",
    k8sClusterCaCert: "string",
    k8sClusterEndpoint: "string",
    k8sClusterToken: "string",
    k8sNamespace: "string",
    k8sPredefinedRoleName: "string",
    k8sPredefinedRoleType: "string",
    k8sServiceAccount: "string",
    k8sServiceAccountType: "string",
    name: "string",
    secureAccessAllowPortForwading: false,
    secureAccessBastionIssuer: "string",
    secureAccessClusterEndpoint: "string",
    secureAccessDashboardUrl: "string",
    secureAccessEnable: "string",
    secureAccessWeb: false,
    secureAccessWebBrowsing: false,
    secureAccessWebProxy: false,
    tags: ["string"],
    targetName: "string",
    userTtl: "string",
});

type: akeyless:DynamicSecretK8s
properties:
    deleteProtection: string
    dynamicSecretK8sId: string
    encryptionKeyName: string
    k8sAllowedNamespaces: string
    k8sClusterCaCert: string
    k8sClusterEndpoint: string
    k8sClusterToken: string
    k8sNamespace: string
    k8sPredefinedRoleName: string
    k8sPredefinedRoleType: string
    k8sServiceAccount: string
    k8sServiceAccountType: string
    name: string
    secureAccessAllowPortForwading: false
    secureAccessBastionIssuer: string
    secureAccessClusterEndpoint: string
    secureAccessDashboardUrl: string
    secureAccessEnable: string
    secureAccessWeb: false
    secureAccessWebBrowsing: false
    secureAccessWebProxy: false
    tags:
        - string
    targetName: string
    userTtl: string

DynamicSecretK8s Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The DynamicSecretK8s resource accepts the following input properties:

DeleteProtection string: Protection from accidental deletion of this item [true/false]
DynamicSecretK8sId string: The ID of this resource.
EncryptionKeyName string: Encrypt dynamic secret details with following key
K8sAllowedNamespaces string: Comma-separated list of allowed K8S namespaces for the generated ServiceAccount (relevant only for k8s-service-account-type=dynamic).
K8sClusterCaCert string: K8S Cluster certificate. Base 64 encoded certificate.
K8sClusterEndpoint string: K8S Cluster endpoint. https:// , \n\n of the cluster.
K8sClusterToken string: K8S Cluster authentication token.
K8sNamespace string: K8S Namespace where the ServiceAccount exists.
K8sPredefinedRoleName string: The pre-existing Role or ClusterRole name to bind the generated ServiceAccount to (relevant only for k8s-service-account-type=dynamic).
K8sPredefinedRoleType string: Specifies the type of the pre-existing K8S role Role, ClusterRole.
K8sServiceAccount string: K8S ServiceAccount to extract token from.
K8sServiceAccountType string: K8S ServiceAccount type [fixed, dynamic].
Name string: Dynamic secret name
SecureAccessAllowPortForwading bool: Enable Port forwarding while using CLI access.
SecureAccessBastionIssuer string: Path to the SSH Certificate Issuer for your Akeyless Bastion
SecureAccessClusterEndpoint string: The K8s cluster endpoint
SecureAccessDashboardUrl string: The K8s dashboard url
SecureAccessEnable string: Enable/Disable secure remote access, [true/false]
SecureAccessWeb bool: Enable Web Secure Remote Access
SecureAccessWebBrowsing bool: Secure browser via Akeyless Web Access Bastion
SecureAccessWebProxy bool: Web-Proxy via Akeyless Web Access Bastion
Tags List<string>: List of the tags attached to this secret. To specify multiple tags use argument multiple times: --tag Tag1 --tag Tag2
TargetName string: Name of existing target to use in dynamic secret creation
UserTtl string: User TTL

DeleteProtection string: Protection from accidental deletion of this item [true/false]
DynamicSecretK8sId string: The ID of this resource.
EncryptionKeyName string: Encrypt dynamic secret details with following key
K8sAllowedNamespaces string: Comma-separated list of allowed K8S namespaces for the generated ServiceAccount (relevant only for k8s-service-account-type=dynamic).
K8sClusterCaCert string: K8S Cluster certificate. Base 64 encoded certificate.
K8sClusterEndpoint string: K8S Cluster endpoint. https:// , \n\n of the cluster.
K8sClusterToken string: K8S Cluster authentication token.
K8sNamespace string: K8S Namespace where the ServiceAccount exists.
K8sPredefinedRoleName string: The pre-existing Role or ClusterRole name to bind the generated ServiceAccount to (relevant only for k8s-service-account-type=dynamic).
K8sPredefinedRoleType string: Specifies the type of the pre-existing K8S role Role, ClusterRole.
K8sServiceAccount string: K8S ServiceAccount to extract token from.
K8sServiceAccountType string: K8S ServiceAccount type [fixed, dynamic].
Name string: Dynamic secret name
SecureAccessAllowPortForwading bool: Enable Port forwarding while using CLI access.
SecureAccessBastionIssuer string: Path to the SSH Certificate Issuer for your Akeyless Bastion
SecureAccessClusterEndpoint string: The K8s cluster endpoint
SecureAccessDashboardUrl string: The K8s dashboard url
SecureAccessEnable string: Enable/Disable secure remote access, [true/false]
SecureAccessWeb bool: Enable Web Secure Remote Access
SecureAccessWebBrowsing bool: Secure browser via Akeyless Web Access Bastion
SecureAccessWebProxy bool: Web-Proxy via Akeyless Web Access Bastion
Tags []string: List of the tags attached to this secret. To specify multiple tags use argument multiple times: --tag Tag1 --tag Tag2
TargetName string: Name of existing target to use in dynamic secret creation
UserTtl string: User TTL

deleteProtection String: Protection from accidental deletion of this item [true/false]
dynamicSecretK8sId String: The ID of this resource.
encryptionKeyName String: Encrypt dynamic secret details with following key
k8sAllowedNamespaces String: Comma-separated list of allowed K8S namespaces for the generated ServiceAccount (relevant only for k8s-service-account-type=dynamic).
k8sClusterCaCert String: K8S Cluster certificate. Base 64 encoded certificate.
k8sClusterEndpoint String: K8S Cluster endpoint. https:// , \n\n of the cluster.
k8sClusterToken String: K8S Cluster authentication token.
k8sNamespace String: K8S Namespace where the ServiceAccount exists.
k8sPredefinedRoleName String: The pre-existing Role or ClusterRole name to bind the generated ServiceAccount to (relevant only for k8s-service-account-type=dynamic).
k8sPredefinedRoleType String: Specifies the type of the pre-existing K8S role Role, ClusterRole.
k8sServiceAccount String: K8S ServiceAccount to extract token from.
k8sServiceAccountType String: K8S ServiceAccount type [fixed, dynamic].
name String: Dynamic secret name
secureAccessAllowPortForwading Boolean: Enable Port forwarding while using CLI access.
secureAccessBastionIssuer String: Path to the SSH Certificate Issuer for your Akeyless Bastion
secureAccessClusterEndpoint String: The K8s cluster endpoint
secureAccessDashboardUrl String: The K8s dashboard url
secureAccessEnable String: Enable/Disable secure remote access, [true/false]
secureAccessWeb Boolean: Enable Web Secure Remote Access
secureAccessWebBrowsing Boolean: Secure browser via Akeyless Web Access Bastion
secureAccessWebProxy Boolean: Web-Proxy via Akeyless Web Access Bastion
tags List<String>: List of the tags attached to this secret. To specify multiple tags use argument multiple times: --tag Tag1 --tag Tag2
targetName String: Name of existing target to use in dynamic secret creation
userTtl String: User TTL

deleteProtection string: Protection from accidental deletion of this item [true/false]
dynamicSecretK8sId string: The ID of this resource.
encryptionKeyName string: Encrypt dynamic secret details with following key
k8sAllowedNamespaces string: Comma-separated list of allowed K8S namespaces for the generated ServiceAccount (relevant only for k8s-service-account-type=dynamic).
k8sClusterCaCert string: K8S Cluster certificate. Base 64 encoded certificate.
k8sClusterEndpoint string: K8S Cluster endpoint. https:// , \n\n of the cluster.
k8sClusterToken string: K8S Cluster authentication token.
k8sNamespace string: K8S Namespace where the ServiceAccount exists.
k8sPredefinedRoleName string: The pre-existing Role or ClusterRole name to bind the generated ServiceAccount to (relevant only for k8s-service-account-type=dynamic).
k8sPredefinedRoleType string: Specifies the type of the pre-existing K8S role Role, ClusterRole.
k8sServiceAccount string: K8S ServiceAccount to extract token from.
k8sServiceAccountType string: K8S ServiceAccount type [fixed, dynamic].
name string: Dynamic secret name
secureAccessAllowPortForwading boolean: Enable Port forwarding while using CLI access.
secureAccessBastionIssuer string: Path to the SSH Certificate Issuer for your Akeyless Bastion
secureAccessClusterEndpoint string: The K8s cluster endpoint
secureAccessDashboardUrl string: The K8s dashboard url
secureAccessEnable string: Enable/Disable secure remote access, [true/false]
secureAccessWeb boolean: Enable Web Secure Remote Access
secureAccessWebBrowsing boolean: Secure browser via Akeyless Web Access Bastion
secureAccessWebProxy boolean: Web-Proxy via Akeyless Web Access Bastion
tags string[]: List of the tags attached to this secret. To specify multiple tags use argument multiple times: --tag Tag1 --tag Tag2
targetName string: Name of existing target to use in dynamic secret creation
userTtl string: User TTL

delete_protection str: Protection from accidental deletion of this item [true/false]
dynamic_secret_k8s_id str: The ID of this resource.
encryption_key_name str: Encrypt dynamic secret details with following key
k8s_allowed_namespaces str: Comma-separated list of allowed K8S namespaces for the generated ServiceAccount (relevant only for k8s-service-account-type=dynamic).
k8s_cluster_ca_cert str: K8S Cluster certificate. Base 64 encoded certificate.
k8s_cluster_endpoint str: K8S Cluster endpoint. https:// , \n\n of the cluster.
k8s_cluster_token str: K8S Cluster authentication token.
k8s_namespace str: K8S Namespace where the ServiceAccount exists.
k8s_predefined_role_name str: The pre-existing Role or ClusterRole name to bind the generated ServiceAccount to (relevant only for k8s-service-account-type=dynamic).
k8s_predefined_role_type str: Specifies the type of the pre-existing K8S role Role, ClusterRole.
k8s_service_account str: K8S ServiceAccount to extract token from.
k8s_service_account_type str: K8S ServiceAccount type [fixed, dynamic].
name str: Dynamic secret name
secure_access_allow_port_forwading bool: Enable Port forwarding while using CLI access.
secure_access_bastion_issuer str: Path to the SSH Certificate Issuer for your Akeyless Bastion
secure_access_cluster_endpoint str: The K8s cluster endpoint
secure_access_dashboard_url str: The K8s dashboard url
secure_access_enable str: Enable/Disable secure remote access, [true/false]
secure_access_web bool: Enable Web Secure Remote Access
secure_access_web_browsing bool: Secure browser via Akeyless Web Access Bastion
secure_access_web_proxy bool: Web-Proxy via Akeyless Web Access Bastion
tags Sequence[str]: List of the tags attached to this secret. To specify multiple tags use argument multiple times: --tag Tag1 --tag Tag2
target_name str: Name of existing target to use in dynamic secret creation
user_ttl str: User TTL

deleteProtection String: Protection from accidental deletion of this item [true/false]
dynamicSecretK8sId String: The ID of this resource.
encryptionKeyName String: Encrypt dynamic secret details with following key
k8sAllowedNamespaces String: Comma-separated list of allowed K8S namespaces for the generated ServiceAccount (relevant only for k8s-service-account-type=dynamic).
k8sClusterCaCert String: K8S Cluster certificate. Base 64 encoded certificate.
k8sClusterEndpoint String: K8S Cluster endpoint. https:// , \n\n of the cluster.
k8sClusterToken String: K8S Cluster authentication token.
k8sNamespace String: K8S Namespace where the ServiceAccount exists.
k8sPredefinedRoleName String: The pre-existing Role or ClusterRole name to bind the generated ServiceAccount to (relevant only for k8s-service-account-type=dynamic).
k8sPredefinedRoleType String: Specifies the type of the pre-existing K8S role Role, ClusterRole.
k8sServiceAccount String: K8S ServiceAccount to extract token from.
k8sServiceAccountType String: K8S ServiceAccount type [fixed, dynamic].
name String: Dynamic secret name
secureAccessAllowPortForwading Boolean: Enable Port forwarding while using CLI access.
secureAccessBastionIssuer String: Path to the SSH Certificate Issuer for your Akeyless Bastion
secureAccessClusterEndpoint String: The K8s cluster endpoint
secureAccessDashboardUrl String: The K8s dashboard url
secureAccessEnable String: Enable/Disable secure remote access, [true/false]
secureAccessWeb Boolean: Enable Web Secure Remote Access
secureAccessWebBrowsing Boolean: Secure browser via Akeyless Web Access Bastion
secureAccessWebProxy Boolean: Web-Proxy via Akeyless Web Access Bastion
tags List<String>: List of the tags attached to this secret. To specify multiple tags use argument multiple times: --tag Tag1 --tag Tag2
targetName String: Name of existing target to use in dynamic secret creation
userTtl String: User TTL

Outputs

All input properties are implicitly available as output properties. Additionally, the DynamicSecretK8s resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing DynamicSecretK8s Resource

Get an existing DynamicSecretK8s resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: DynamicSecretK8sState, opts?: CustomResourceOptions): DynamicSecretK8s

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        delete_protection: Optional[str] = None,
        dynamic_secret_k8s_id: Optional[str] = None,
        encryption_key_name: Optional[str] = None,
        k8s_allowed_namespaces: Optional[str] = None,
        k8s_cluster_ca_cert: Optional[str] = None,
        k8s_cluster_endpoint: Optional[str] = None,
        k8s_cluster_token: Optional[str] = None,
        k8s_namespace: Optional[str] = None,
        k8s_predefined_role_name: Optional[str] = None,
        k8s_predefined_role_type: Optional[str] = None,
        k8s_service_account: Optional[str] = None,
        k8s_service_account_type: Optional[str] = None,
        name: Optional[str] = None,
        secure_access_allow_port_forwading: Optional[bool] = None,
        secure_access_bastion_issuer: Optional[str] = None,
        secure_access_cluster_endpoint: Optional[str] = None,
        secure_access_dashboard_url: Optional[str] = None,
        secure_access_enable: Optional[str] = None,
        secure_access_web: Optional[bool] = None,
        secure_access_web_browsing: Optional[bool] = None,
        secure_access_web_proxy: Optional[bool] = None,
        tags: Optional[Sequence[str]] = None,
        target_name: Optional[str] = None,
        user_ttl: Optional[str] = None) -> DynamicSecretK8s

func GetDynamicSecretK8s(ctx *Context, name string, id IDInput, state *DynamicSecretK8sState, opts ...ResourceOption) (*DynamicSecretK8s, error)

public static DynamicSecretK8s Get(string name, Input<string> id, DynamicSecretK8sState? state, CustomResourceOptions? opts = null)

public static DynamicSecretK8s get(String name, Output<String> id, DynamicSecretK8sState state, CustomResourceOptions options)

resources:  _:    type: akeyless:DynamicSecretK8s    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

DeleteProtection string: Protection from accidental deletion of this item [true/false]
DynamicSecretK8sId string: The ID of this resource.
EncryptionKeyName string: Encrypt dynamic secret details with following key
K8sAllowedNamespaces string: Comma-separated list of allowed K8S namespaces for the generated ServiceAccount (relevant only for k8s-service-account-type=dynamic).
K8sClusterCaCert string: K8S Cluster certificate. Base 64 encoded certificate.
K8sClusterEndpoint string: K8S Cluster endpoint. https:// , \n\n of the cluster.
K8sClusterToken string: K8S Cluster authentication token.
K8sNamespace string: K8S Namespace where the ServiceAccount exists.
K8sPredefinedRoleName string: The pre-existing Role or ClusterRole name to bind the generated ServiceAccount to (relevant only for k8s-service-account-type=dynamic).
K8sPredefinedRoleType string: Specifies the type of the pre-existing K8S role Role, ClusterRole.
K8sServiceAccount string: K8S ServiceAccount to extract token from.
K8sServiceAccountType string: K8S ServiceAccount type [fixed, dynamic].
Name string: Dynamic secret name
SecureAccessAllowPortForwading bool: Enable Port forwarding while using CLI access.
SecureAccessBastionIssuer string: Path to the SSH Certificate Issuer for your Akeyless Bastion
SecureAccessClusterEndpoint string: The K8s cluster endpoint
SecureAccessDashboardUrl string: The K8s dashboard url
SecureAccessEnable string: Enable/Disable secure remote access, [true/false]
SecureAccessWeb bool: Enable Web Secure Remote Access
SecureAccessWebBrowsing bool: Secure browser via Akeyless Web Access Bastion
SecureAccessWebProxy bool: Web-Proxy via Akeyless Web Access Bastion
Tags List<string>: List of the tags attached to this secret. To specify multiple tags use argument multiple times: --tag Tag1 --tag Tag2
TargetName string: Name of existing target to use in dynamic secret creation
UserTtl string: User TTL

DeleteProtection string: Protection from accidental deletion of this item [true/false]
DynamicSecretK8sId string: The ID of this resource.
EncryptionKeyName string: Encrypt dynamic secret details with following key
K8sAllowedNamespaces string: Comma-separated list of allowed K8S namespaces for the generated ServiceAccount (relevant only for k8s-service-account-type=dynamic).
K8sClusterCaCert string: K8S Cluster certificate. Base 64 encoded certificate.
K8sClusterEndpoint string: K8S Cluster endpoint. https:// , \n\n of the cluster.
K8sClusterToken string: K8S Cluster authentication token.
K8sNamespace string: K8S Namespace where the ServiceAccount exists.
K8sPredefinedRoleName string: The pre-existing Role or ClusterRole name to bind the generated ServiceAccount to (relevant only for k8s-service-account-type=dynamic).
K8sPredefinedRoleType string: Specifies the type of the pre-existing K8S role Role, ClusterRole.
K8sServiceAccount string: K8S ServiceAccount to extract token from.
K8sServiceAccountType string: K8S ServiceAccount type [fixed, dynamic].
Name string: Dynamic secret name
SecureAccessAllowPortForwading bool: Enable Port forwarding while using CLI access.
SecureAccessBastionIssuer string: Path to the SSH Certificate Issuer for your Akeyless Bastion
SecureAccessClusterEndpoint string: The K8s cluster endpoint
SecureAccessDashboardUrl string: The K8s dashboard url
SecureAccessEnable string: Enable/Disable secure remote access, [true/false]
SecureAccessWeb bool: Enable Web Secure Remote Access
SecureAccessWebBrowsing bool: Secure browser via Akeyless Web Access Bastion
SecureAccessWebProxy bool: Web-Proxy via Akeyless Web Access Bastion
Tags []string: List of the tags attached to this secret. To specify multiple tags use argument multiple times: --tag Tag1 --tag Tag2
TargetName string: Name of existing target to use in dynamic secret creation
UserTtl string: User TTL

deleteProtection String: Protection from accidental deletion of this item [true/false]
dynamicSecretK8sId String: The ID of this resource.
encryptionKeyName String: Encrypt dynamic secret details with following key
k8sAllowedNamespaces String: Comma-separated list of allowed K8S namespaces for the generated ServiceAccount (relevant only for k8s-service-account-type=dynamic).
k8sClusterCaCert String: K8S Cluster certificate. Base 64 encoded certificate.
k8sClusterEndpoint String: K8S Cluster endpoint. https:// , \n\n of the cluster.
k8sClusterToken String: K8S Cluster authentication token.
k8sNamespace String: K8S Namespace where the ServiceAccount exists.
k8sPredefinedRoleName String: The pre-existing Role or ClusterRole name to bind the generated ServiceAccount to (relevant only for k8s-service-account-type=dynamic).
k8sPredefinedRoleType String: Specifies the type of the pre-existing K8S role Role, ClusterRole.
k8sServiceAccount String: K8S ServiceAccount to extract token from.
k8sServiceAccountType String: K8S ServiceAccount type [fixed, dynamic].
name String: Dynamic secret name
secureAccessAllowPortForwading Boolean: Enable Port forwarding while using CLI access.
secureAccessBastionIssuer String: Path to the SSH Certificate Issuer for your Akeyless Bastion
secureAccessClusterEndpoint String: The K8s cluster endpoint
secureAccessDashboardUrl String: The K8s dashboard url
secureAccessEnable String: Enable/Disable secure remote access, [true/false]
secureAccessWeb Boolean: Enable Web Secure Remote Access
secureAccessWebBrowsing Boolean: Secure browser via Akeyless Web Access Bastion
secureAccessWebProxy Boolean: Web-Proxy via Akeyless Web Access Bastion
tags List<String>: List of the tags attached to this secret. To specify multiple tags use argument multiple times: --tag Tag1 --tag Tag2
targetName String: Name of existing target to use in dynamic secret creation
userTtl String: User TTL

deleteProtection string: Protection from accidental deletion of this item [true/false]
dynamicSecretK8sId string: The ID of this resource.
encryptionKeyName string: Encrypt dynamic secret details with following key
k8sAllowedNamespaces string: Comma-separated list of allowed K8S namespaces for the generated ServiceAccount (relevant only for k8s-service-account-type=dynamic).
k8sClusterCaCert string: K8S Cluster certificate. Base 64 encoded certificate.
k8sClusterEndpoint string: K8S Cluster endpoint. https:// , \n\n of the cluster.
k8sClusterToken string: K8S Cluster authentication token.
k8sNamespace string: K8S Namespace where the ServiceAccount exists.
k8sPredefinedRoleName string: The pre-existing Role or ClusterRole name to bind the generated ServiceAccount to (relevant only for k8s-service-account-type=dynamic).
k8sPredefinedRoleType string: Specifies the type of the pre-existing K8S role Role, ClusterRole.
k8sServiceAccount string: K8S ServiceAccount to extract token from.
k8sServiceAccountType string: K8S ServiceAccount type [fixed, dynamic].
name string: Dynamic secret name
secureAccessAllowPortForwading boolean: Enable Port forwarding while using CLI access.
secureAccessBastionIssuer string: Path to the SSH Certificate Issuer for your Akeyless Bastion
secureAccessClusterEndpoint string: The K8s cluster endpoint
secureAccessDashboardUrl string: The K8s dashboard url
secureAccessEnable string: Enable/Disable secure remote access, [true/false]
secureAccessWeb boolean: Enable Web Secure Remote Access
secureAccessWebBrowsing boolean: Secure browser via Akeyless Web Access Bastion
secureAccessWebProxy boolean: Web-Proxy via Akeyless Web Access Bastion
tags string[]: List of the tags attached to this secret. To specify multiple tags use argument multiple times: --tag Tag1 --tag Tag2
targetName string: Name of existing target to use in dynamic secret creation
userTtl string: User TTL

delete_protection str: Protection from accidental deletion of this item [true/false]
dynamic_secret_k8s_id str: The ID of this resource.
encryption_key_name str: Encrypt dynamic secret details with following key
k8s_allowed_namespaces str: Comma-separated list of allowed K8S namespaces for the generated ServiceAccount (relevant only for k8s-service-account-type=dynamic).
k8s_cluster_ca_cert str: K8S Cluster certificate. Base 64 encoded certificate.
k8s_cluster_endpoint str: K8S Cluster endpoint. https:// , \n\n of the cluster.
k8s_cluster_token str: K8S Cluster authentication token.
k8s_namespace str: K8S Namespace where the ServiceAccount exists.
k8s_predefined_role_name str: The pre-existing Role or ClusterRole name to bind the generated ServiceAccount to (relevant only for k8s-service-account-type=dynamic).
k8s_predefined_role_type str: Specifies the type of the pre-existing K8S role Role, ClusterRole.
k8s_service_account str: K8S ServiceAccount to extract token from.
k8s_service_account_type str: K8S ServiceAccount type [fixed, dynamic].
name str: Dynamic secret name
secure_access_allow_port_forwading bool: Enable Port forwarding while using CLI access.
secure_access_bastion_issuer str: Path to the SSH Certificate Issuer for your Akeyless Bastion
secure_access_cluster_endpoint str: The K8s cluster endpoint
secure_access_dashboard_url str: The K8s dashboard url
secure_access_enable str: Enable/Disable secure remote access, [true/false]
secure_access_web bool: Enable Web Secure Remote Access
secure_access_web_browsing bool: Secure browser via Akeyless Web Access Bastion
secure_access_web_proxy bool: Web-Proxy via Akeyless Web Access Bastion
tags Sequence[str]: List of the tags attached to this secret. To specify multiple tags use argument multiple times: --tag Tag1 --tag Tag2
target_name str: Name of existing target to use in dynamic secret creation
user_ttl str: User TTL

deleteProtection String: Protection from accidental deletion of this item [true/false]
dynamicSecretK8sId String: The ID of this resource.
encryptionKeyName String: Encrypt dynamic secret details with following key
k8sAllowedNamespaces String: Comma-separated list of allowed K8S namespaces for the generated ServiceAccount (relevant only for k8s-service-account-type=dynamic).
k8sClusterCaCert String: K8S Cluster certificate. Base 64 encoded certificate.
k8sClusterEndpoint String: K8S Cluster endpoint. https:// , \n\n of the cluster.
k8sClusterToken String: K8S Cluster authentication token.
k8sNamespace String: K8S Namespace where the ServiceAccount exists.
k8sPredefinedRoleName String: The pre-existing Role or ClusterRole name to bind the generated ServiceAccount to (relevant only for k8s-service-account-type=dynamic).
k8sPredefinedRoleType String: Specifies the type of the pre-existing K8S role Role, ClusterRole.
k8sServiceAccount String: K8S ServiceAccount to extract token from.
k8sServiceAccountType String: K8S ServiceAccount type [fixed, dynamic].
name String: Dynamic secret name
secureAccessAllowPortForwading Boolean: Enable Port forwarding while using CLI access.
secureAccessBastionIssuer String: Path to the SSH Certificate Issuer for your Akeyless Bastion
secureAccessClusterEndpoint String: The K8s cluster endpoint
secureAccessDashboardUrl String: The K8s dashboard url
secureAccessEnable String: Enable/Disable secure remote access, [true/false]
secureAccessWeb Boolean: Enable Web Secure Remote Access
secureAccessWebBrowsing Boolean: Secure browser via Akeyless Web Access Bastion
secureAccessWebProxy Boolean: Web-Proxy via Akeyless Web Access Bastion
tags List<String>: List of the tags attached to this secret. To specify multiple tags use argument multiple times: --tag Tag1 --tag Tag2
targetName String: Name of existing target to use in dynamic secret creation
userTtl String: User TTL

Package Details

Repository: akeyless akeyless-community/terraform-provider-akeyless
License
Notes: This Pulumi package is based on the akeyless Terraform Provider.

akeyless 1.9.0 published on Monday, Apr 14, 2025 by akeyless-community

akeyless-community/terraform-provider-akeyless

akeyless.DynamicSecretK8s

On this page

On this page

Create DynamicSecretK8s Resource

Constructor syntax

Parameters

Constructor example

DynamicSecretK8s Resource Properties

Inputs

Outputs

Look up Existing DynamicSecretK8s Resource

Package Details

On this page

On this page