Alibaba Cloud v3.44.0, Sep 28 23

Alibaba Cloud v3.44.0 published on Thursday, Sep 28, 2023 by Pulumi

alicloud.kms.Secret

Explore with Pulumi AI

Alibaba Cloud v3.44.0 published on Thursday, Sep 28, 2023 by Pulumi

pulumi/pulumi-alicloud

Example Usage

Basic Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;

return await Deployment.RunAsync(() => 
{
    var @default = new AliCloud.Kms.Secret("default", new()
    {
        Description = "from terraform",
        ForceDeleteWithoutRecovery = true,
        SecretData = "Secret data.",
        SecretName = "secret-foo",
        VersionId = "000000000001",
    });

});

package main

import (
	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/kms"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewSecret(ctx, "default", &kms.SecretArgs{
			Description:                pulumi.String("from terraform"),
			ForceDeleteWithoutRecovery: pulumi.Bool(true),
			SecretData:                 pulumi.String("Secret data."),
			SecretName:                 pulumi.String("secret-foo"),
			VersionId:                  pulumi.String("000000000001"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.kms.Secret;
import com.pulumi.alicloud.kms.SecretArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var default_ = new Secret("default", SecretArgs.builder()        
            .description("from terraform")
            .forceDeleteWithoutRecovery(true)
            .secretData("Secret data.")
            .secretName("secret-foo")
            .versionId("000000000001")
            .build());

    }
}

import pulumi
import pulumi_alicloud as alicloud

default = alicloud.kms.Secret("default",
    description="from terraform",
    force_delete_without_recovery=True,
    secret_data="Secret data.",
    secret_name="secret-foo",
    version_id="000000000001")

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

const _default = new alicloud.kms.Secret("default", {
    description: "from terraform",
    forceDeleteWithoutRecovery: true,
    secretData: "Secret data.",
    secretName: "secret-foo",
    versionId: "000000000001",
});

resources:
  default:
    type: alicloud:kms:Secret
    properties:
      description: from terraform
      forceDeleteWithoutRecovery: true
      secretData: Secret data.
      secretName: secret-foo
      versionId: '000000000001'

Create Secret Resource

new Secret(name: string, args: SecretArgs, opts?: CustomResourceOptions);

@overload
def Secret(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           description: Optional[str] = None,
           dkms_instance_id: Optional[str] = None,
           enable_automatic_rotation: Optional[bool] = None,
           encryption_key_id: Optional[str] = None,
           extended_config: Optional[str] = None,
           force_delete_without_recovery: Optional[bool] = None,
           recovery_window_in_days: Optional[int] = None,
           rotation_interval: Optional[str] = None,
           secret_data: Optional[str] = None,
           secret_data_type: Optional[str] = None,
           secret_name: Optional[str] = None,
           secret_type: Optional[str] = None,
           tags: Optional[Mapping[str, Any]] = None,
           version_id: Optional[str] = None,
           version_stages: Optional[Sequence[str]] = None)
@overload
def Secret(resource_name: str,
           args: SecretArgs,
           opts: Optional[ResourceOptions] = None)

func NewSecret(ctx *Context, name string, args SecretArgs, opts ...ResourceOption) (*Secret, error)

public Secret(string name, SecretArgs args, CustomResourceOptions? opts = null)

public Secret(String name, SecretArgs args)
public Secret(String name, SecretArgs args, CustomResourceOptions options)

type: alicloud:kms:Secret
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Secret Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Secret resource accepts the following input properties:

SecretData string: The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version. NOTE: From version 1.204.1, attribute secret_data updating diff will be ignored when secret_type is not Generic.
SecretName string: The name of the secret.
VersionId string: The version number of the initial version. Version numbers are unique in each secret object.
Description string: The description of the secret.
DkmsInstanceId string: The instance ID of the exclusive KMS instance.
EnableAutomaticRotation bool: Whether to enable automatic key rotation.
EncryptionKeyId string: The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.
ExtendedConfig string: The extended configuration of the secret. This parameter specifies the properties of the secret of the specific type. The description can be up to 1,024 characters in length. For more information, see How to use it.
ForceDeleteWithoutRecovery bool: Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.
RecoveryWindowInDays int: Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true.
RotationInterval string: The time period of automatic rotation. The format is integer[unit], where integer represents the length of time, and unit represents the unit of time. The legal unit units are: d (day), h (hour), m (minute), s (second). 7d or 604800s both indicate a 7-day cycle.
SecretDataType string: The type of the secret value. Valid values: text, binary. Default to "text".
SecretType string: The type of the secret. Valid values:
Tags Dictionary<string, object>: A mapping of tags to assign to the resource.
VersionStages List<string>: ) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with "ACSCurrent".

SecretData string: The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version. NOTE: From version 1.204.1, attribute secret_data updating diff will be ignored when secret_type is not Generic.
SecretName string: The name of the secret.
VersionId string: The version number of the initial version. Version numbers are unique in each secret object.
Description string: The description of the secret.
DkmsInstanceId string: The instance ID of the exclusive KMS instance.
EnableAutomaticRotation bool: Whether to enable automatic key rotation.
EncryptionKeyId string: The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.
ExtendedConfig string: The extended configuration of the secret. This parameter specifies the properties of the secret of the specific type. The description can be up to 1,024 characters in length. For more information, see How to use it.
ForceDeleteWithoutRecovery bool: Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.
RecoveryWindowInDays int: Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true.
RotationInterval string: The time period of automatic rotation. The format is integer[unit], where integer represents the length of time, and unit represents the unit of time. The legal unit units are: d (day), h (hour), m (minute), s (second). 7d or 604800s both indicate a 7-day cycle.
SecretDataType string: The type of the secret value. Valid values: text, binary. Default to "text".
SecretType string: The type of the secret. Valid values:
Tags map[string]interface{}: A mapping of tags to assign to the resource.
VersionStages []string: ) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with "ACSCurrent".

secretData String: The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version. NOTE: From version 1.204.1, attribute secret_data updating diff will be ignored when secret_type is not Generic.
secretName String: The name of the secret.
versionId String: The version number of the initial version. Version numbers are unique in each secret object.
description String: The description of the secret.
dkmsInstanceId String: The instance ID of the exclusive KMS instance.
enableAutomaticRotation Boolean: Whether to enable automatic key rotation.
encryptionKeyId String: The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.
extendedConfig String: The extended configuration of the secret. This parameter specifies the properties of the secret of the specific type. The description can be up to 1,024 characters in length. For more information, see How to use it.
forceDeleteWithoutRecovery Boolean: Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.
recoveryWindowInDays Integer: Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true.
rotationInterval String: The time period of automatic rotation. The format is integer[unit], where integer represents the length of time, and unit represents the unit of time. The legal unit units are: d (day), h (hour), m (minute), s (second). 7d or 604800s both indicate a 7-day cycle.
secretDataType String: The type of the secret value. Valid values: text, binary. Default to "text".
secretType String: The type of the secret. Valid values:
tags Map<String,Object>: A mapping of tags to assign to the resource.
versionStages List<String>: ) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with "ACSCurrent".

secretData string: The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version. NOTE: From version 1.204.1, attribute secret_data updating diff will be ignored when secret_type is not Generic.
secretName string: The name of the secret.
versionId string: The version number of the initial version. Version numbers are unique in each secret object.
description string: The description of the secret.
dkmsInstanceId string: The instance ID of the exclusive KMS instance.
enableAutomaticRotation boolean: Whether to enable automatic key rotation.
encryptionKeyId string: The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.
extendedConfig string: The extended configuration of the secret. This parameter specifies the properties of the secret of the specific type. The description can be up to 1,024 characters in length. For more information, see How to use it.
forceDeleteWithoutRecovery boolean: Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.
recoveryWindowInDays number: Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true.
rotationInterval string: The time period of automatic rotation. The format is integer[unit], where integer represents the length of time, and unit represents the unit of time. The legal unit units are: d (day), h (hour), m (minute), s (second). 7d or 604800s both indicate a 7-day cycle.
secretDataType string: The type of the secret value. Valid values: text, binary. Default to "text".
secretType string: The type of the secret. Valid values:
tags {[key: string]: any}: A mapping of tags to assign to the resource.
versionStages string[]: ) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with "ACSCurrent".

secret_data str: The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version. NOTE: From version 1.204.1, attribute secret_data updating diff will be ignored when secret_type is not Generic.
secret_name str: The name of the secret.
version_id str: The version number of the initial version. Version numbers are unique in each secret object.
description str: The description of the secret.
dkms_instance_id str: The instance ID of the exclusive KMS instance.
enable_automatic_rotation bool: Whether to enable automatic key rotation.
encryption_key_id str: The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.
extended_config str: The extended configuration of the secret. This parameter specifies the properties of the secret of the specific type. The description can be up to 1,024 characters in length. For more information, see How to use it.
force_delete_without_recovery bool: Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.
recovery_window_in_days int: Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true.
rotation_interval str: The time period of automatic rotation. The format is integer[unit], where integer represents the length of time, and unit represents the unit of time. The legal unit units are: d (day), h (hour), m (minute), s (second). 7d or 604800s both indicate a 7-day cycle.
secret_data_type str: The type of the secret value. Valid values: text, binary. Default to "text".
secret_type str: The type of the secret. Valid values:
tags Mapping[str, Any]: A mapping of tags to assign to the resource.
version_stages Sequence[str]: ) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with "ACSCurrent".

secretData String: The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version. NOTE: From version 1.204.1, attribute secret_data updating diff will be ignored when secret_type is not Generic.
secretName String: The name of the secret.
versionId String: The version number of the initial version. Version numbers are unique in each secret object.
description String: The description of the secret.
dkmsInstanceId String: The instance ID of the exclusive KMS instance.
enableAutomaticRotation Boolean: Whether to enable automatic key rotation.
encryptionKeyId String: The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.
extendedConfig String: The extended configuration of the secret. This parameter specifies the properties of the secret of the specific type. The description can be up to 1,024 characters in length. For more information, see How to use it.
forceDeleteWithoutRecovery Boolean: Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.
recoveryWindowInDays Number: Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true.
rotationInterval String: The time period of automatic rotation. The format is integer[unit], where integer represents the length of time, and unit represents the unit of time. The legal unit units are: d (day), h (hour), m (minute), s (second). 7d or 604800s both indicate a 7-day cycle.
secretDataType String: The type of the secret value. Valid values: text, binary. Default to "text".
secretType String: The type of the secret. Valid values:
tags Map<Any>: A mapping of tags to assign to the resource.
versionStages List<String>: ) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with "ACSCurrent".

Outputs

All input properties are implicitly available as output properties. Additionally, the Secret resource produces the following output properties:

Arn string: The Alicloud Resource Name (ARN) of the secret.
Id string: The provider-assigned unique ID for this managed resource.
PlannedDeleteTime string: The time when the secret is scheduled to be deleted.

Arn string: The Alicloud Resource Name (ARN) of the secret.
Id string: The provider-assigned unique ID for this managed resource.
PlannedDeleteTime string: The time when the secret is scheduled to be deleted.

arn String: The Alicloud Resource Name (ARN) of the secret.
id String: The provider-assigned unique ID for this managed resource.
plannedDeleteTime String: The time when the secret is scheduled to be deleted.

arn string: The Alicloud Resource Name (ARN) of the secret.
id string: The provider-assigned unique ID for this managed resource.
plannedDeleteTime string: The time when the secret is scheduled to be deleted.

arn str: The Alicloud Resource Name (ARN) of the secret.
id str: The provider-assigned unique ID for this managed resource.
planned_delete_time str: The time when the secret is scheduled to be deleted.

arn String: The Alicloud Resource Name (ARN) of the secret.
id String: The provider-assigned unique ID for this managed resource.
plannedDeleteTime String: The time when the secret is scheduled to be deleted.

Look up Existing Secret Resource

Get an existing Secret resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecretState, opts?: CustomResourceOptions): Secret

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        description: Optional[str] = None,
        dkms_instance_id: Optional[str] = None,
        enable_automatic_rotation: Optional[bool] = None,
        encryption_key_id: Optional[str] = None,
        extended_config: Optional[str] = None,
        force_delete_without_recovery: Optional[bool] = None,
        planned_delete_time: Optional[str] = None,
        recovery_window_in_days: Optional[int] = None,
        rotation_interval: Optional[str] = None,
        secret_data: Optional[str] = None,
        secret_data_type: Optional[str] = None,
        secret_name: Optional[str] = None,
        secret_type: Optional[str] = None,
        tags: Optional[Mapping[str, Any]] = None,
        version_id: Optional[str] = None,
        version_stages: Optional[Sequence[str]] = None) -> Secret

func GetSecret(ctx *Context, name string, id IDInput, state *SecretState, opts ...ResourceOption) (*Secret, error)

public static Secret Get(string name, Input<string> id, SecretState? state, CustomResourceOptions? opts = null)

public static Secret get(String name, Output<String> id, SecretState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Arn string: The Alicloud Resource Name (ARN) of the secret.
Description string: The description of the secret.
DkmsInstanceId string: The instance ID of the exclusive KMS instance.
EnableAutomaticRotation bool: Whether to enable automatic key rotation.
EncryptionKeyId string: The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.
ExtendedConfig string: The extended configuration of the secret. This parameter specifies the properties of the secret of the specific type. The description can be up to 1,024 characters in length. For more information, see How to use it.
ForceDeleteWithoutRecovery bool: Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.
PlannedDeleteTime string: The time when the secret is scheduled to be deleted.
RecoveryWindowInDays int: Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true.
RotationInterval string: The time period of automatic rotation. The format is integer[unit], where integer represents the length of time, and unit represents the unit of time. The legal unit units are: d (day), h (hour), m (minute), s (second). 7d or 604800s both indicate a 7-day cycle.
SecretData string: The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version. NOTE: From version 1.204.1, attribute secret_data updating diff will be ignored when secret_type is not Generic.
SecretDataType string: The type of the secret value. Valid values: text, binary. Default to "text".
SecretName string: The name of the secret.
SecretType string: The type of the secret. Valid values:
Tags Dictionary<string, object>: A mapping of tags to assign to the resource.
VersionId string: The version number of the initial version. Version numbers are unique in each secret object.
VersionStages List<string>: ) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with "ACSCurrent".

Arn string: The Alicloud Resource Name (ARN) of the secret.
Description string: The description of the secret.
DkmsInstanceId string: The instance ID of the exclusive KMS instance.
EnableAutomaticRotation bool: Whether to enable automatic key rotation.
EncryptionKeyId string: The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.
ExtendedConfig string: The extended configuration of the secret. This parameter specifies the properties of the secret of the specific type. The description can be up to 1,024 characters in length. For more information, see How to use it.
ForceDeleteWithoutRecovery bool: Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.
PlannedDeleteTime string: The time when the secret is scheduled to be deleted.
RecoveryWindowInDays int: Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true.
RotationInterval string: The time period of automatic rotation. The format is integer[unit], where integer represents the length of time, and unit represents the unit of time. The legal unit units are: d (day), h (hour), m (minute), s (second). 7d or 604800s both indicate a 7-day cycle.
SecretData string: The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version. NOTE: From version 1.204.1, attribute secret_data updating diff will be ignored when secret_type is not Generic.
SecretDataType string: The type of the secret value. Valid values: text, binary. Default to "text".
SecretName string: The name of the secret.
SecretType string: The type of the secret. Valid values:
Tags map[string]interface{}: A mapping of tags to assign to the resource.
VersionId string: The version number of the initial version. Version numbers are unique in each secret object.
VersionStages []string: ) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with "ACSCurrent".

arn String: The Alicloud Resource Name (ARN) of the secret.
description String: The description of the secret.
dkmsInstanceId String: The instance ID of the exclusive KMS instance.
enableAutomaticRotation Boolean: Whether to enable automatic key rotation.
encryptionKeyId String: The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.
extendedConfig String: The extended configuration of the secret. This parameter specifies the properties of the secret of the specific type. The description can be up to 1,024 characters in length. For more information, see How to use it.
forceDeleteWithoutRecovery Boolean: Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.
plannedDeleteTime String: The time when the secret is scheduled to be deleted.
recoveryWindowInDays Integer: Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true.
rotationInterval String: The time period of automatic rotation. The format is integer[unit], where integer represents the length of time, and unit represents the unit of time. The legal unit units are: d (day), h (hour), m (minute), s (second). 7d or 604800s both indicate a 7-day cycle.
secretData String: The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version. NOTE: From version 1.204.1, attribute secret_data updating diff will be ignored when secret_type is not Generic.
secretDataType String: The type of the secret value. Valid values: text, binary. Default to "text".
secretName String: The name of the secret.
secretType String: The type of the secret. Valid values:
tags Map<String,Object>: A mapping of tags to assign to the resource.
versionId String: The version number of the initial version. Version numbers are unique in each secret object.
versionStages List<String>: ) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with "ACSCurrent".

arn string: The Alicloud Resource Name (ARN) of the secret.
description string: The description of the secret.
dkmsInstanceId string: The instance ID of the exclusive KMS instance.
enableAutomaticRotation boolean: Whether to enable automatic key rotation.
encryptionKeyId string: The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.
extendedConfig string: The extended configuration of the secret. This parameter specifies the properties of the secret of the specific type. The description can be up to 1,024 characters in length. For more information, see How to use it.
forceDeleteWithoutRecovery boolean: Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.
plannedDeleteTime string: The time when the secret is scheduled to be deleted.
recoveryWindowInDays number: Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true.
rotationInterval string: The time period of automatic rotation. The format is integer[unit], where integer represents the length of time, and unit represents the unit of time. The legal unit units are: d (day), h (hour), m (minute), s (second). 7d or 604800s both indicate a 7-day cycle.
secretData string: The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version. NOTE: From version 1.204.1, attribute secret_data updating diff will be ignored when secret_type is not Generic.
secretDataType string: The type of the secret value. Valid values: text, binary. Default to "text".
secretName string: The name of the secret.
secretType string: The type of the secret. Valid values:
tags {[key: string]: any}: A mapping of tags to assign to the resource.
versionId string: The version number of the initial version. Version numbers are unique in each secret object.
versionStages string[]: ) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with "ACSCurrent".

arn str: The Alicloud Resource Name (ARN) of the secret.
description str: The description of the secret.
dkms_instance_id str: The instance ID of the exclusive KMS instance.
enable_automatic_rotation bool: Whether to enable automatic key rotation.
encryption_key_id str: The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.
extended_config str: The extended configuration of the secret. This parameter specifies the properties of the secret of the specific type. The description can be up to 1,024 characters in length. For more information, see How to use it.
force_delete_without_recovery bool: Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.
planned_delete_time str: The time when the secret is scheduled to be deleted.
recovery_window_in_days int: Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true.
rotation_interval str: The time period of automatic rotation. The format is integer[unit], where integer represents the length of time, and unit represents the unit of time. The legal unit units are: d (day), h (hour), m (minute), s (second). 7d or 604800s both indicate a 7-day cycle.
secret_data str: The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version. NOTE: From version 1.204.1, attribute secret_data updating diff will be ignored when secret_type is not Generic.
secret_data_type str: The type of the secret value. Valid values: text, binary. Default to "text".
secret_name str: The name of the secret.
secret_type str: The type of the secret. Valid values:
tags Mapping[str, Any]: A mapping of tags to assign to the resource.
version_id str: The version number of the initial version. Version numbers are unique in each secret object.
version_stages Sequence[str]: ) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with "ACSCurrent".

arn String: The Alicloud Resource Name (ARN) of the secret.
description String: The description of the secret.
dkmsInstanceId String: The instance ID of the exclusive KMS instance.
enableAutomaticRotation Boolean: Whether to enable automatic key rotation.
encryptionKeyId String: The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.
extendedConfig String: The extended configuration of the secret. This parameter specifies the properties of the secret of the specific type. The description can be up to 1,024 characters in length. For more information, see How to use it.
forceDeleteWithoutRecovery Boolean: Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.
plannedDeleteTime String: The time when the secret is scheduled to be deleted.
recoveryWindowInDays Number: Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true.
rotationInterval String: The time period of automatic rotation. The format is integer[unit], where integer represents the length of time, and unit represents the unit of time. The legal unit units are: d (day), h (hour), m (minute), s (second). 7d or 604800s both indicate a 7-day cycle.
secretData String: The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version. NOTE: From version 1.204.1, attribute secret_data updating diff will be ignored when secret_type is not Generic.
secretDataType String: The type of the secret value. Valid values: text, binary. Default to "text".
secretName String: The name of the secret.
secretType String: The type of the secret. Valid values:
tags Map<Any>: A mapping of tags to assign to the resource.
versionId String: The version number of the initial version. Version numbers are unique in each secret object.
versionStages List<String>: ) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with "ACSCurrent".

Import

KMS secret can be imported using the id, e.g.

 $ pulumi import alicloud:kms/secret:Secret default <id>

Package Details

Repository: Alibaba Cloud pulumi/pulumi-alicloud
License: Apache-2.0
Notes: This Pulumi package is based on the alicloud Terraform Provider.

Alibaba Cloud v3.44.0 published on Thursday, Sep 28, 2023 by Pulumi

pulumi/pulumi-alicloud

alicloud.kms.Secret

On this page

On this page

Example Usage

Create Secret Resource

Secret Resource Properties

Inputs

Outputs

Look up Existing Secret Resource

Import

Package Details

On this page

On this page