1. Packages
  2. Alicloud Provider
  3. API Docs
  4. kms
  5. Secret
Alibaba Cloud v3.63.0 published on Monday, Sep 30, 2024 by Pulumi

alicloud.kms.Secret

Explore with Pulumi AI

alicloud logo
Alibaba Cloud v3.63.0 published on Monday, Sep 30, 2024 by Pulumi

    Provides a KMS Secret resource.

    For information about KMS Secret and how to use it, see What is Secret.

    NOTE: Available since v1.76.0.

    Example Usage

    Basic Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as alicloud from "@pulumi/alicloud";
    
    const config = new pulumi.Config();
    const name = config.get("name") || "terraform-example";
    const _default = new alicloud.kms.Secret("default", {
        secretName: name,
        secretData: "Secret data",
        versionId: "v1",
        forceDeleteWithoutRecovery: true,
    });
    
    import pulumi
    import pulumi_alicloud as alicloud
    
    config = pulumi.Config()
    name = config.get("name")
    if name is None:
        name = "terraform-example"
    default = alicloud.kms.Secret("default",
        secret_name=name,
        secret_data="Secret data",
        version_id="v1",
        force_delete_without_recovery=True)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/kms"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		cfg := config.New(ctx, "")
    		name := "terraform-example"
    		if param := cfg.Get("name"); param != "" {
    			name = param
    		}
    		_, err := kms.NewSecret(ctx, "default", &kms.SecretArgs{
    			SecretName:                 pulumi.String(name),
    			SecretData:                 pulumi.String("Secret data"),
    			VersionId:                  pulumi.String("v1"),
    			ForceDeleteWithoutRecovery: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AliCloud = Pulumi.AliCloud;
    
    return await Deployment.RunAsync(() => 
    {
        var config = new Config();
        var name = config.Get("name") ?? "terraform-example";
        var @default = new AliCloud.Kms.Secret("default", new()
        {
            SecretName = name,
            SecretData = "Secret data",
            VersionId = "v1",
            ForceDeleteWithoutRecovery = true,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.alicloud.kms.Secret;
    import com.pulumi.alicloud.kms.SecretArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var config = ctx.config();
            final var name = config.get("name").orElse("terraform-example");
            var default_ = new Secret("default", SecretArgs.builder()
                .secretName(name)
                .secretData("Secret data")
                .versionId("v1")
                .forceDeleteWithoutRecovery(true)
                .build());
    
        }
    }
    
    configuration:
      name:
        type: string
        default: terraform-example
    resources:
      default:
        type: alicloud:kms:Secret
        properties:
          secretName: ${name}
          secretData: Secret data
          versionId: v1
          forceDeleteWithoutRecovery: true
    

    Create Secret Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Secret(name: string, args: SecretArgs, opts?: CustomResourceOptions);
    @overload
    def Secret(resource_name: str,
               args: SecretArgs,
               opts: Optional[ResourceOptions] = None)
    
    @overload
    def Secret(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               secret_data: Optional[str] = None,
               version_id: Optional[str] = None,
               secret_name: Optional[str] = None,
               rotation_interval: Optional[str] = None,
               extended_config: Optional[str] = None,
               force_delete_without_recovery: Optional[bool] = None,
               policy: Optional[str] = None,
               recovery_window_in_days: Optional[int] = None,
               description: Optional[str] = None,
               encryption_key_id: Optional[str] = None,
               secret_data_type: Optional[str] = None,
               enable_automatic_rotation: Optional[bool] = None,
               secret_type: Optional[str] = None,
               tags: Optional[Mapping[str, str]] = None,
               dkms_instance_id: Optional[str] = None,
               version_stages: Optional[Sequence[str]] = None)
    func NewSecret(ctx *Context, name string, args SecretArgs, opts ...ResourceOption) (*Secret, error)
    public Secret(string name, SecretArgs args, CustomResourceOptions? opts = null)
    public Secret(String name, SecretArgs args)
    public Secret(String name, SecretArgs args, CustomResourceOptions options)
    
    type: alicloud:kms:Secret
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args SecretArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SecretArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SecretArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SecretArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SecretArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var secretResource = new AliCloud.Kms.Secret("secretResource", new()
    {
        SecretData = "string",
        VersionId = "string",
        SecretName = "string",
        RotationInterval = "string",
        ExtendedConfig = "string",
        ForceDeleteWithoutRecovery = false,
        Policy = "string",
        RecoveryWindowInDays = 0,
        Description = "string",
        EncryptionKeyId = "string",
        SecretDataType = "string",
        EnableAutomaticRotation = false,
        SecretType = "string",
        Tags = 
        {
            { "string", "string" },
        },
        DkmsInstanceId = "string",
        VersionStages = new[]
        {
            "string",
        },
    });
    
    example, err := kms.NewSecret(ctx, "secretResource", &kms.SecretArgs{
    	SecretData:                 pulumi.String("string"),
    	VersionId:                  pulumi.String("string"),
    	SecretName:                 pulumi.String("string"),
    	RotationInterval:           pulumi.String("string"),
    	ExtendedConfig:             pulumi.String("string"),
    	ForceDeleteWithoutRecovery: pulumi.Bool(false),
    	Policy:                     pulumi.String("string"),
    	RecoveryWindowInDays:       pulumi.Int(0),
    	Description:                pulumi.String("string"),
    	EncryptionKeyId:            pulumi.String("string"),
    	SecretDataType:             pulumi.String("string"),
    	EnableAutomaticRotation:    pulumi.Bool(false),
    	SecretType:                 pulumi.String("string"),
    	Tags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	DkmsInstanceId: pulumi.String("string"),
    	VersionStages: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    })
    
    var secretResource = new Secret("secretResource", SecretArgs.builder()
        .secretData("string")
        .versionId("string")
        .secretName("string")
        .rotationInterval("string")
        .extendedConfig("string")
        .forceDeleteWithoutRecovery(false)
        .policy("string")
        .recoveryWindowInDays(0)
        .description("string")
        .encryptionKeyId("string")
        .secretDataType("string")
        .enableAutomaticRotation(false)
        .secretType("string")
        .tags(Map.of("string", "string"))
        .dkmsInstanceId("string")
        .versionStages("string")
        .build());
    
    secret_resource = alicloud.kms.Secret("secretResource",
        secret_data="string",
        version_id="string",
        secret_name="string",
        rotation_interval="string",
        extended_config="string",
        force_delete_without_recovery=False,
        policy="string",
        recovery_window_in_days=0,
        description="string",
        encryption_key_id="string",
        secret_data_type="string",
        enable_automatic_rotation=False,
        secret_type="string",
        tags={
            "string": "string",
        },
        dkms_instance_id="string",
        version_stages=["string"])
    
    const secretResource = new alicloud.kms.Secret("secretResource", {
        secretData: "string",
        versionId: "string",
        secretName: "string",
        rotationInterval: "string",
        extendedConfig: "string",
        forceDeleteWithoutRecovery: false,
        policy: "string",
        recoveryWindowInDays: 0,
        description: "string",
        encryptionKeyId: "string",
        secretDataType: "string",
        enableAutomaticRotation: false,
        secretType: "string",
        tags: {
            string: "string",
        },
        dkmsInstanceId: "string",
        versionStages: ["string"],
    });
    
    type: alicloud:kms:Secret
    properties:
        description: string
        dkmsInstanceId: string
        enableAutomaticRotation: false
        encryptionKeyId: string
        extendedConfig: string
        forceDeleteWithoutRecovery: false
        policy: string
        recoveryWindowInDays: 0
        rotationInterval: string
        secretData: string
        secretDataType: string
        secretName: string
        secretType: string
        tags:
            string: string
        versionId: string
        versionStages:
            - string
    

    Secret Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Secret resource accepts the following input properties:

    SecretData string
    The data of the secret. NOTE: From version 1.204.1, attribute secret_data updating diff will be ignored when secret_type is not Generic.
    SecretName string
    The name of the secret.
    VersionId string
    The version number of the initial version.
    Description string
    The description of the secret.
    DkmsInstanceId string
    The ID of the KMS instance.
    EnableAutomaticRotation bool
    Specifies whether to enable automatic rotation. Default value: false. Valid values: true, false.
    EncryptionKeyId string
    The ID of the KMS key.
    ExtendedConfig string
    The extended configuration of the secret. For more information, see How to use it.
    ForceDeleteWithoutRecovery bool
    Specifies whether to immediately delete a secret. Default value: false. Valid values: true, false.
    Policy string
    The content of the secret policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
    RecoveryWindowInDays int
    Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. NOTE: If force_delete_without_recovery is set to true, recovery_window_in_days will be ignored.
    RotationInterval string
    The interval for automatic rotation.
    SecretDataType string
    The type of the secret value. Default value: text. Valid values: text, binary.
    SecretType string
    The type of the secret. Valid values:

    • Generic: Generic secret.
    • Rds: ApsaraDB RDS secret.
    • RAMCredentials: RAM secret.
    • ECS: ECS secret.
    Tags Dictionary<string, string>
    A mapping of tags to assign to the resource.
    VersionStages List<string>
    The stage label that is used to mark the new version.
    SecretData string
    The data of the secret. NOTE: From version 1.204.1, attribute secret_data updating diff will be ignored when secret_type is not Generic.
    SecretName string
    The name of the secret.
    VersionId string
    The version number of the initial version.
    Description string
    The description of the secret.
    DkmsInstanceId string
    The ID of the KMS instance.
    EnableAutomaticRotation bool
    Specifies whether to enable automatic rotation. Default value: false. Valid values: true, false.
    EncryptionKeyId string
    The ID of the KMS key.
    ExtendedConfig string
    The extended configuration of the secret. For more information, see How to use it.
    ForceDeleteWithoutRecovery bool
    Specifies whether to immediately delete a secret. Default value: false. Valid values: true, false.
    Policy string
    The content of the secret policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
    RecoveryWindowInDays int
    Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. NOTE: If force_delete_without_recovery is set to true, recovery_window_in_days will be ignored.
    RotationInterval string
    The interval for automatic rotation.
    SecretDataType string
    The type of the secret value. Default value: text. Valid values: text, binary.
    SecretType string
    The type of the secret. Valid values:

    • Generic: Generic secret.
    • Rds: ApsaraDB RDS secret.
    • RAMCredentials: RAM secret.
    • ECS: ECS secret.
    Tags map[string]string
    A mapping of tags to assign to the resource.
    VersionStages []string
    The stage label that is used to mark the new version.
    secretData String
    The data of the secret. NOTE: From version 1.204.1, attribute secret_data updating diff will be ignored when secret_type is not Generic.
    secretName String
    The name of the secret.
    versionId String
    The version number of the initial version.
    description String
    The description of the secret.
    dkmsInstanceId String
    The ID of the KMS instance.
    enableAutomaticRotation Boolean
    Specifies whether to enable automatic rotation. Default value: false. Valid values: true, false.
    encryptionKeyId String
    The ID of the KMS key.
    extendedConfig String
    The extended configuration of the secret. For more information, see How to use it.
    forceDeleteWithoutRecovery Boolean
    Specifies whether to immediately delete a secret. Default value: false. Valid values: true, false.
    policy String
    The content of the secret policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
    recoveryWindowInDays Integer
    Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. NOTE: If force_delete_without_recovery is set to true, recovery_window_in_days will be ignored.
    rotationInterval String
    The interval for automatic rotation.
    secretDataType String
    The type of the secret value. Default value: text. Valid values: text, binary.
    secretType String
    The type of the secret. Valid values:

    • Generic: Generic secret.
    • Rds: ApsaraDB RDS secret.
    • RAMCredentials: RAM secret.
    • ECS: ECS secret.
    tags Map<String,String>
    A mapping of tags to assign to the resource.
    versionStages List<String>
    The stage label that is used to mark the new version.
    secretData string
    The data of the secret. NOTE: From version 1.204.1, attribute secret_data updating diff will be ignored when secret_type is not Generic.
    secretName string
    The name of the secret.
    versionId string
    The version number of the initial version.
    description string
    The description of the secret.
    dkmsInstanceId string
    The ID of the KMS instance.
    enableAutomaticRotation boolean
    Specifies whether to enable automatic rotation. Default value: false. Valid values: true, false.
    encryptionKeyId string
    The ID of the KMS key.
    extendedConfig string
    The extended configuration of the secret. For more information, see How to use it.
    forceDeleteWithoutRecovery boolean
    Specifies whether to immediately delete a secret. Default value: false. Valid values: true, false.
    policy string
    The content of the secret policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
    recoveryWindowInDays number
    Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. NOTE: If force_delete_without_recovery is set to true, recovery_window_in_days will be ignored.
    rotationInterval string
    The interval for automatic rotation.
    secretDataType string
    The type of the secret value. Default value: text. Valid values: text, binary.
    secretType string
    The type of the secret. Valid values:

    • Generic: Generic secret.
    • Rds: ApsaraDB RDS secret.
    • RAMCredentials: RAM secret.
    • ECS: ECS secret.
    tags {[key: string]: string}
    A mapping of tags to assign to the resource.
    versionStages string[]
    The stage label that is used to mark the new version.
    secret_data str
    The data of the secret. NOTE: From version 1.204.1, attribute secret_data updating diff will be ignored when secret_type is not Generic.
    secret_name str
    The name of the secret.
    version_id str
    The version number of the initial version.
    description str
    The description of the secret.
    dkms_instance_id str
    The ID of the KMS instance.
    enable_automatic_rotation bool
    Specifies whether to enable automatic rotation. Default value: false. Valid values: true, false.
    encryption_key_id str
    The ID of the KMS key.
    extended_config str
    The extended configuration of the secret. For more information, see How to use it.
    force_delete_without_recovery bool
    Specifies whether to immediately delete a secret. Default value: false. Valid values: true, false.
    policy str
    The content of the secret policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
    recovery_window_in_days int
    Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. NOTE: If force_delete_without_recovery is set to true, recovery_window_in_days will be ignored.
    rotation_interval str
    The interval for automatic rotation.
    secret_data_type str
    The type of the secret value. Default value: text. Valid values: text, binary.
    secret_type str
    The type of the secret. Valid values:

    • Generic: Generic secret.
    • Rds: ApsaraDB RDS secret.
    • RAMCredentials: RAM secret.
    • ECS: ECS secret.
    tags Mapping[str, str]
    A mapping of tags to assign to the resource.
    version_stages Sequence[str]
    The stage label that is used to mark the new version.
    secretData String
    The data of the secret. NOTE: From version 1.204.1, attribute secret_data updating diff will be ignored when secret_type is not Generic.
    secretName String
    The name of the secret.
    versionId String
    The version number of the initial version.
    description String
    The description of the secret.
    dkmsInstanceId String
    The ID of the KMS instance.
    enableAutomaticRotation Boolean
    Specifies whether to enable automatic rotation. Default value: false. Valid values: true, false.
    encryptionKeyId String
    The ID of the KMS key.
    extendedConfig String
    The extended configuration of the secret. For more information, see How to use it.
    forceDeleteWithoutRecovery Boolean
    Specifies whether to immediately delete a secret. Default value: false. Valid values: true, false.
    policy String
    The content of the secret policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
    recoveryWindowInDays Number
    Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. NOTE: If force_delete_without_recovery is set to true, recovery_window_in_days will be ignored.
    rotationInterval String
    The interval for automatic rotation.
    secretDataType String
    The type of the secret value. Default value: text. Valid values: text, binary.
    secretType String
    The type of the secret. Valid values:

    • Generic: Generic secret.
    • Rds: ApsaraDB RDS secret.
    • RAMCredentials: RAM secret.
    • ECS: ECS secret.
    tags Map<String>
    A mapping of tags to assign to the resource.
    versionStages List<String>
    The stage label that is used to mark the new version.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Secret resource produces the following output properties:

    Arn string
    The ARN of the secret.
    CreateTime string
    (Available since v1.224.0) The time when the secret is created.
    Id string
    The provider-assigned unique ID for this managed resource.
    PlannedDeleteTime string
    The time when the secret is scheduled to be deleted.
    Arn string
    The ARN of the secret.
    CreateTime string
    (Available since v1.224.0) The time when the secret is created.
    Id string
    The provider-assigned unique ID for this managed resource.
    PlannedDeleteTime string
    The time when the secret is scheduled to be deleted.
    arn String
    The ARN of the secret.
    createTime String
    (Available since v1.224.0) The time when the secret is created.
    id String
    The provider-assigned unique ID for this managed resource.
    plannedDeleteTime String
    The time when the secret is scheduled to be deleted.
    arn string
    The ARN of the secret.
    createTime string
    (Available since v1.224.0) The time when the secret is created.
    id string
    The provider-assigned unique ID for this managed resource.
    plannedDeleteTime string
    The time when the secret is scheduled to be deleted.
    arn str
    The ARN of the secret.
    create_time str
    (Available since v1.224.0) The time when the secret is created.
    id str
    The provider-assigned unique ID for this managed resource.
    planned_delete_time str
    The time when the secret is scheduled to be deleted.
    arn String
    The ARN of the secret.
    createTime String
    (Available since v1.224.0) The time when the secret is created.
    id String
    The provider-assigned unique ID for this managed resource.
    plannedDeleteTime String
    The time when the secret is scheduled to be deleted.

    Look up Existing Secret Resource

    Get an existing Secret resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SecretState, opts?: CustomResourceOptions): Secret
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            arn: Optional[str] = None,
            create_time: Optional[str] = None,
            description: Optional[str] = None,
            dkms_instance_id: Optional[str] = None,
            enable_automatic_rotation: Optional[bool] = None,
            encryption_key_id: Optional[str] = None,
            extended_config: Optional[str] = None,
            force_delete_without_recovery: Optional[bool] = None,
            planned_delete_time: Optional[str] = None,
            policy: Optional[str] = None,
            recovery_window_in_days: Optional[int] = None,
            rotation_interval: Optional[str] = None,
            secret_data: Optional[str] = None,
            secret_data_type: Optional[str] = None,
            secret_name: Optional[str] = None,
            secret_type: Optional[str] = None,
            tags: Optional[Mapping[str, str]] = None,
            version_id: Optional[str] = None,
            version_stages: Optional[Sequence[str]] = None) -> Secret
    func GetSecret(ctx *Context, name string, id IDInput, state *SecretState, opts ...ResourceOption) (*Secret, error)
    public static Secret Get(string name, Input<string> id, SecretState? state, CustomResourceOptions? opts = null)
    public static Secret get(String name, Output<String> id, SecretState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Arn string
    The ARN of the secret.
    CreateTime string
    (Available since v1.224.0) The time when the secret is created.
    Description string
    The description of the secret.
    DkmsInstanceId string
    The ID of the KMS instance.
    EnableAutomaticRotation bool
    Specifies whether to enable automatic rotation. Default value: false. Valid values: true, false.
    EncryptionKeyId string
    The ID of the KMS key.
    ExtendedConfig string
    The extended configuration of the secret. For more information, see How to use it.
    ForceDeleteWithoutRecovery bool
    Specifies whether to immediately delete a secret. Default value: false. Valid values: true, false.
    PlannedDeleteTime string
    The time when the secret is scheduled to be deleted.
    Policy string
    The content of the secret policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
    RecoveryWindowInDays int
    Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. NOTE: If force_delete_without_recovery is set to true, recovery_window_in_days will be ignored.
    RotationInterval string
    The interval for automatic rotation.
    SecretData string
    The data of the secret. NOTE: From version 1.204.1, attribute secret_data updating diff will be ignored when secret_type is not Generic.
    SecretDataType string
    The type of the secret value. Default value: text. Valid values: text, binary.
    SecretName string
    The name of the secret.
    SecretType string
    The type of the secret. Valid values:

    • Generic: Generic secret.
    • Rds: ApsaraDB RDS secret.
    • RAMCredentials: RAM secret.
    • ECS: ECS secret.
    Tags Dictionary<string, string>
    A mapping of tags to assign to the resource.
    VersionId string
    The version number of the initial version.
    VersionStages List<string>
    The stage label that is used to mark the new version.
    Arn string
    The ARN of the secret.
    CreateTime string
    (Available since v1.224.0) The time when the secret is created.
    Description string
    The description of the secret.
    DkmsInstanceId string
    The ID of the KMS instance.
    EnableAutomaticRotation bool
    Specifies whether to enable automatic rotation. Default value: false. Valid values: true, false.
    EncryptionKeyId string
    The ID of the KMS key.
    ExtendedConfig string
    The extended configuration of the secret. For more information, see How to use it.
    ForceDeleteWithoutRecovery bool
    Specifies whether to immediately delete a secret. Default value: false. Valid values: true, false.
    PlannedDeleteTime string
    The time when the secret is scheduled to be deleted.
    Policy string
    The content of the secret policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
    RecoveryWindowInDays int
    Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. NOTE: If force_delete_without_recovery is set to true, recovery_window_in_days will be ignored.
    RotationInterval string
    The interval for automatic rotation.
    SecretData string
    The data of the secret. NOTE: From version 1.204.1, attribute secret_data updating diff will be ignored when secret_type is not Generic.
    SecretDataType string
    The type of the secret value. Default value: text. Valid values: text, binary.
    SecretName string
    The name of the secret.
    SecretType string
    The type of the secret. Valid values:

    • Generic: Generic secret.
    • Rds: ApsaraDB RDS secret.
    • RAMCredentials: RAM secret.
    • ECS: ECS secret.
    Tags map[string]string
    A mapping of tags to assign to the resource.
    VersionId string
    The version number of the initial version.
    VersionStages []string
    The stage label that is used to mark the new version.
    arn String
    The ARN of the secret.
    createTime String
    (Available since v1.224.0) The time when the secret is created.
    description String
    The description of the secret.
    dkmsInstanceId String
    The ID of the KMS instance.
    enableAutomaticRotation Boolean
    Specifies whether to enable automatic rotation. Default value: false. Valid values: true, false.
    encryptionKeyId String
    The ID of the KMS key.
    extendedConfig String
    The extended configuration of the secret. For more information, see How to use it.
    forceDeleteWithoutRecovery Boolean
    Specifies whether to immediately delete a secret. Default value: false. Valid values: true, false.
    plannedDeleteTime String
    The time when the secret is scheduled to be deleted.
    policy String
    The content of the secret policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
    recoveryWindowInDays Integer
    Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. NOTE: If force_delete_without_recovery is set to true, recovery_window_in_days will be ignored.
    rotationInterval String
    The interval for automatic rotation.
    secretData String
    The data of the secret. NOTE: From version 1.204.1, attribute secret_data updating diff will be ignored when secret_type is not Generic.
    secretDataType String
    The type of the secret value. Default value: text. Valid values: text, binary.
    secretName String
    The name of the secret.
    secretType String
    The type of the secret. Valid values:

    • Generic: Generic secret.
    • Rds: ApsaraDB RDS secret.
    • RAMCredentials: RAM secret.
    • ECS: ECS secret.
    tags Map<String,String>
    A mapping of tags to assign to the resource.
    versionId String
    The version number of the initial version.
    versionStages List<String>
    The stage label that is used to mark the new version.
    arn string
    The ARN of the secret.
    createTime string
    (Available since v1.224.0) The time when the secret is created.
    description string
    The description of the secret.
    dkmsInstanceId string
    The ID of the KMS instance.
    enableAutomaticRotation boolean
    Specifies whether to enable automatic rotation. Default value: false. Valid values: true, false.
    encryptionKeyId string
    The ID of the KMS key.
    extendedConfig string
    The extended configuration of the secret. For more information, see How to use it.
    forceDeleteWithoutRecovery boolean
    Specifies whether to immediately delete a secret. Default value: false. Valid values: true, false.
    plannedDeleteTime string
    The time when the secret is scheduled to be deleted.
    policy string
    The content of the secret policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
    recoveryWindowInDays number
    Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. NOTE: If force_delete_without_recovery is set to true, recovery_window_in_days will be ignored.
    rotationInterval string
    The interval for automatic rotation.
    secretData string
    The data of the secret. NOTE: From version 1.204.1, attribute secret_data updating diff will be ignored when secret_type is not Generic.
    secretDataType string
    The type of the secret value. Default value: text. Valid values: text, binary.
    secretName string
    The name of the secret.
    secretType string
    The type of the secret. Valid values:

    • Generic: Generic secret.
    • Rds: ApsaraDB RDS secret.
    • RAMCredentials: RAM secret.
    • ECS: ECS secret.
    tags {[key: string]: string}
    A mapping of tags to assign to the resource.
    versionId string
    The version number of the initial version.
    versionStages string[]
    The stage label that is used to mark the new version.
    arn str
    The ARN of the secret.
    create_time str
    (Available since v1.224.0) The time when the secret is created.
    description str
    The description of the secret.
    dkms_instance_id str
    The ID of the KMS instance.
    enable_automatic_rotation bool
    Specifies whether to enable automatic rotation. Default value: false. Valid values: true, false.
    encryption_key_id str
    The ID of the KMS key.
    extended_config str
    The extended configuration of the secret. For more information, see How to use it.
    force_delete_without_recovery bool
    Specifies whether to immediately delete a secret. Default value: false. Valid values: true, false.
    planned_delete_time str
    The time when the secret is scheduled to be deleted.
    policy str
    The content of the secret policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
    recovery_window_in_days int
    Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. NOTE: If force_delete_without_recovery is set to true, recovery_window_in_days will be ignored.
    rotation_interval str
    The interval for automatic rotation.
    secret_data str
    The data of the secret. NOTE: From version 1.204.1, attribute secret_data updating diff will be ignored when secret_type is not Generic.
    secret_data_type str
    The type of the secret value. Default value: text. Valid values: text, binary.
    secret_name str
    The name of the secret.
    secret_type str
    The type of the secret. Valid values:

    • Generic: Generic secret.
    • Rds: ApsaraDB RDS secret.
    • RAMCredentials: RAM secret.
    • ECS: ECS secret.
    tags Mapping[str, str]
    A mapping of tags to assign to the resource.
    version_id str
    The version number of the initial version.
    version_stages Sequence[str]
    The stage label that is used to mark the new version.
    arn String
    The ARN of the secret.
    createTime String
    (Available since v1.224.0) The time when the secret is created.
    description String
    The description of the secret.
    dkmsInstanceId String
    The ID of the KMS instance.
    enableAutomaticRotation Boolean
    Specifies whether to enable automatic rotation. Default value: false. Valid values: true, false.
    encryptionKeyId String
    The ID of the KMS key.
    extendedConfig String
    The extended configuration of the secret. For more information, see How to use it.
    forceDeleteWithoutRecovery Boolean
    Specifies whether to immediately delete a secret. Default value: false. Valid values: true, false.
    plannedDeleteTime String
    The time when the secret is scheduled to be deleted.
    policy String
    The content of the secret policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
    recoveryWindowInDays Number
    Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. NOTE: If force_delete_without_recovery is set to true, recovery_window_in_days will be ignored.
    rotationInterval String
    The interval for automatic rotation.
    secretData String
    The data of the secret. NOTE: From version 1.204.1, attribute secret_data updating diff will be ignored when secret_type is not Generic.
    secretDataType String
    The type of the secret value. Default value: text. Valid values: text, binary.
    secretName String
    The name of the secret.
    secretType String
    The type of the secret. Valid values:

    • Generic: Generic secret.
    • Rds: ApsaraDB RDS secret.
    • RAMCredentials: RAM secret.
    • ECS: ECS secret.
    tags Map<String>
    A mapping of tags to assign to the resource.
    versionId String
    The version number of the initial version.
    versionStages List<String>
    The stage label that is used to mark the new version.

    Import

    KMS Secret can be imported using the id, e.g.

    $ pulumi import alicloud:kms/secret:Secret example <id>
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Alibaba Cloud pulumi/pulumi-alicloud
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the alicloud Terraform Provider.
    alicloud logo
    Alibaba Cloud v3.63.0 published on Monday, Sep 30, 2024 by Pulumi