alicloud logo
Alibaba Cloud v3.34.0, Mar 17 23

alicloud.kms.Secret

This resouce used to create a secret and store its initial version.

NOTE: Available in 1.76.0+.

Example Usage

Basic Usage

using System.Collections.Generic;
using Pulumi;
using AliCloud = Pulumi.AliCloud;

return await Deployment.RunAsync(() => 
{
    var @default = new AliCloud.Kms.Secret("default", new()
    {
        Description = "from terraform",
        ForceDeleteWithoutRecovery = true,
        SecretData = "Secret data.",
        SecretName = "secret-foo",
        VersionId = "000000000001",
    });

});
package main

import (
	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/kms"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewSecret(ctx, "default", &kms.SecretArgs{
			Description:                pulumi.String("from terraform"),
			ForceDeleteWithoutRecovery: pulumi.Bool(true),
			SecretData:                 pulumi.String("Secret data."),
			SecretName:                 pulumi.String("secret-foo"),
			VersionId:                  pulumi.String("000000000001"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.kms.Secret;
import com.pulumi.alicloud.kms.SecretArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var default_ = new Secret("default", SecretArgs.builder()        
            .description("from terraform")
            .forceDeleteWithoutRecovery(true)
            .secretData("Secret data.")
            .secretName("secret-foo")
            .versionId("000000000001")
            .build());

    }
}
import pulumi
import pulumi_alicloud as alicloud

default = alicloud.kms.Secret("default",
    description="from terraform",
    force_delete_without_recovery=True,
    secret_data="Secret data.",
    secret_name="secret-foo",
    version_id="000000000001")
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

const _default = new alicloud.kms.Secret("default", {
    description: "from terraform",
    forceDeleteWithoutRecovery: true,
    secretData: "Secret data.",
    secretName: "secret-foo",
    versionId: "000000000001",
});
resources:
  default:
    type: alicloud:kms:Secret
    properties:
      description: from terraform
      forceDeleteWithoutRecovery: true
      secretData: Secret data.
      secretName: secret-foo
      versionId: '000000000001'

Create Secret Resource

new Secret(name: string, args: SecretArgs, opts?: CustomResourceOptions);
@overload
def Secret(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           description: Optional[str] = None,
           dkms_instance_id: Optional[str] = None,
           enable_automatic_rotation: Optional[bool] = None,
           encryption_key_id: Optional[str] = None,
           force_delete_without_recovery: Optional[bool] = None,
           recovery_window_in_days: Optional[int] = None,
           rotation_interval: Optional[str] = None,
           secret_data: Optional[str] = None,
           secret_data_type: Optional[str] = None,
           secret_name: Optional[str] = None,
           tags: Optional[Mapping[str, Any]] = None,
           version_id: Optional[str] = None,
           version_stages: Optional[Sequence[str]] = None)
@overload
def Secret(resource_name: str,
           args: SecretArgs,
           opts: Optional[ResourceOptions] = None)
func NewSecret(ctx *Context, name string, args SecretArgs, opts ...ResourceOption) (*Secret, error)
public Secret(string name, SecretArgs args, CustomResourceOptions? opts = null)
public Secret(String name, SecretArgs args)
public Secret(String name, SecretArgs args, CustomResourceOptions options)
type: alicloud:kms:Secret
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args SecretArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args SecretArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args SecretArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args SecretArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args SecretArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Secret Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Secret resource accepts the following input properties:

SecretData string

The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version.

SecretName string

The name of the secret.

VersionId string

The version number of the initial version. Version numbers are unique in each secret object.

Description string

The description of the secret.

DkmsInstanceId string

The instance ID of the exclusive KMS instance.

EnableAutomaticRotation bool

Whether to enable automatic key rotation.

EncryptionKeyId string

The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.

ForceDeleteWithoutRecovery bool

Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.

RecoveryWindowInDays int

Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true.

RotationInterval string

The time period of automatic rotation. The format is integer[unit], where integer represents the length of time, and unit represents the unit of time. The legal unit units are: d (day), h (hour), m (minute), s (second). 7d or 604800s both indicate a 7-day cycle.

SecretDataType string

The type of the secret value. Valid values: text, binary. Default to "text".

Tags Dictionary<string, object>

A mapping of tags to assign to the resource.

VersionStages List<string>

) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with "ACSCurrent".

SecretData string

The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version.

SecretName string

The name of the secret.

VersionId string

The version number of the initial version. Version numbers are unique in each secret object.

Description string

The description of the secret.

DkmsInstanceId string

The instance ID of the exclusive KMS instance.

EnableAutomaticRotation bool

Whether to enable automatic key rotation.

EncryptionKeyId string

The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.

ForceDeleteWithoutRecovery bool

Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.

RecoveryWindowInDays int

Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true.

RotationInterval string

The time period of automatic rotation. The format is integer[unit], where integer represents the length of time, and unit represents the unit of time. The legal unit units are: d (day), h (hour), m (minute), s (second). 7d or 604800s both indicate a 7-day cycle.

SecretDataType string

The type of the secret value. Valid values: text, binary. Default to "text".

Tags map[string]interface{}

A mapping of tags to assign to the resource.

VersionStages []string

) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with "ACSCurrent".

secretData String

The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version.

secretName String

The name of the secret.

versionId String

The version number of the initial version. Version numbers are unique in each secret object.

description String

The description of the secret.

dkmsInstanceId String

The instance ID of the exclusive KMS instance.

enableAutomaticRotation Boolean

Whether to enable automatic key rotation.

encryptionKeyId String

The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.

forceDeleteWithoutRecovery Boolean

Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.

recoveryWindowInDays Integer

Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true.

rotationInterval String

The time period of automatic rotation. The format is integer[unit], where integer represents the length of time, and unit represents the unit of time. The legal unit units are: d (day), h (hour), m (minute), s (second). 7d or 604800s both indicate a 7-day cycle.

secretDataType String

The type of the secret value. Valid values: text, binary. Default to "text".

tags Map<String,Object>

A mapping of tags to assign to the resource.

versionStages List<String>

) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with "ACSCurrent".

secretData string

The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version.

secretName string

The name of the secret.

versionId string

The version number of the initial version. Version numbers are unique in each secret object.

description string

The description of the secret.

dkmsInstanceId string

The instance ID of the exclusive KMS instance.

enableAutomaticRotation boolean

Whether to enable automatic key rotation.

encryptionKeyId string

The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.

forceDeleteWithoutRecovery boolean

Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.

recoveryWindowInDays number

Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true.

rotationInterval string

The time period of automatic rotation. The format is integer[unit], where integer represents the length of time, and unit represents the unit of time. The legal unit units are: d (day), h (hour), m (minute), s (second). 7d or 604800s both indicate a 7-day cycle.

secretDataType string

The type of the secret value. Valid values: text, binary. Default to "text".

tags {[key: string]: any}

A mapping of tags to assign to the resource.

versionStages string[]

) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with "ACSCurrent".

secret_data str

The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version.

secret_name str

The name of the secret.

version_id str

The version number of the initial version. Version numbers are unique in each secret object.

description str

The description of the secret.

dkms_instance_id str

The instance ID of the exclusive KMS instance.

enable_automatic_rotation bool

Whether to enable automatic key rotation.

encryption_key_id str

The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.

force_delete_without_recovery bool

Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.

recovery_window_in_days int

Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true.

rotation_interval str

The time period of automatic rotation. The format is integer[unit], where integer represents the length of time, and unit represents the unit of time. The legal unit units are: d (day), h (hour), m (minute), s (second). 7d or 604800s both indicate a 7-day cycle.

secret_data_type str

The type of the secret value. Valid values: text, binary. Default to "text".

tags Mapping[str, Any]

A mapping of tags to assign to the resource.

version_stages Sequence[str]

) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with "ACSCurrent".

secretData String

The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version.

secretName String

The name of the secret.

versionId String

The version number of the initial version. Version numbers are unique in each secret object.

description String

The description of the secret.

dkmsInstanceId String

The instance ID of the exclusive KMS instance.

enableAutomaticRotation Boolean

Whether to enable automatic key rotation.

encryptionKeyId String

The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.

forceDeleteWithoutRecovery Boolean

Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.

recoveryWindowInDays Number

Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true.

rotationInterval String

The time period of automatic rotation. The format is integer[unit], where integer represents the length of time, and unit represents the unit of time. The legal unit units are: d (day), h (hour), m (minute), s (second). 7d or 604800s both indicate a 7-day cycle.

secretDataType String

The type of the secret value. Valid values: text, binary. Default to "text".

tags Map<Any>

A mapping of tags to assign to the resource.

versionStages List<String>

) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with "ACSCurrent".

Outputs

All input properties are implicitly available as output properties. Additionally, the Secret resource produces the following output properties:

Arn string

The Alicloud Resource Name (ARN) of the secret.

Id string

The provider-assigned unique ID for this managed resource.

PlannedDeleteTime string

The time when the secret is scheduled to be deleted.

Arn string

The Alicloud Resource Name (ARN) of the secret.

Id string

The provider-assigned unique ID for this managed resource.

PlannedDeleteTime string

The time when the secret is scheduled to be deleted.

arn String

The Alicloud Resource Name (ARN) of the secret.

id String

The provider-assigned unique ID for this managed resource.

plannedDeleteTime String

The time when the secret is scheduled to be deleted.

arn string

The Alicloud Resource Name (ARN) of the secret.

id string

The provider-assigned unique ID for this managed resource.

plannedDeleteTime string

The time when the secret is scheduled to be deleted.

arn str

The Alicloud Resource Name (ARN) of the secret.

id str

The provider-assigned unique ID for this managed resource.

planned_delete_time str

The time when the secret is scheduled to be deleted.

arn String

The Alicloud Resource Name (ARN) of the secret.

id String

The provider-assigned unique ID for this managed resource.

plannedDeleteTime String

The time when the secret is scheduled to be deleted.

Look up Existing Secret Resource

Get an existing Secret resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecretState, opts?: CustomResourceOptions): Secret
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        description: Optional[str] = None,
        dkms_instance_id: Optional[str] = None,
        enable_automatic_rotation: Optional[bool] = None,
        encryption_key_id: Optional[str] = None,
        force_delete_without_recovery: Optional[bool] = None,
        planned_delete_time: Optional[str] = None,
        recovery_window_in_days: Optional[int] = None,
        rotation_interval: Optional[str] = None,
        secret_data: Optional[str] = None,
        secret_data_type: Optional[str] = None,
        secret_name: Optional[str] = None,
        tags: Optional[Mapping[str, Any]] = None,
        version_id: Optional[str] = None,
        version_stages: Optional[Sequence[str]] = None) -> Secret
func GetSecret(ctx *Context, name string, id IDInput, state *SecretState, opts ...ResourceOption) (*Secret, error)
public static Secret Get(string name, Input<string> id, SecretState? state, CustomResourceOptions? opts = null)
public static Secret get(String name, Output<String> id, SecretState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Arn string

The Alicloud Resource Name (ARN) of the secret.

Description string

The description of the secret.

DkmsInstanceId string

The instance ID of the exclusive KMS instance.

EnableAutomaticRotation bool

Whether to enable automatic key rotation.

EncryptionKeyId string

The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.

ForceDeleteWithoutRecovery bool

Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.

PlannedDeleteTime string

The time when the secret is scheduled to be deleted.

RecoveryWindowInDays int

Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true.

RotationInterval string

The time period of automatic rotation. The format is integer[unit], where integer represents the length of time, and unit represents the unit of time. The legal unit units are: d (day), h (hour), m (minute), s (second). 7d or 604800s both indicate a 7-day cycle.

SecretData string

The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version.

SecretDataType string

The type of the secret value. Valid values: text, binary. Default to "text".

SecretName string

The name of the secret.

Tags Dictionary<string, object>

A mapping of tags to assign to the resource.

VersionId string

The version number of the initial version. Version numbers are unique in each secret object.

VersionStages List<string>

) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with "ACSCurrent".

Arn string

The Alicloud Resource Name (ARN) of the secret.

Description string

The description of the secret.

DkmsInstanceId string

The instance ID of the exclusive KMS instance.

EnableAutomaticRotation bool

Whether to enable automatic key rotation.

EncryptionKeyId string

The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.

ForceDeleteWithoutRecovery bool

Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.

PlannedDeleteTime string

The time when the secret is scheduled to be deleted.

RecoveryWindowInDays int

Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true.

RotationInterval string

The time period of automatic rotation. The format is integer[unit], where integer represents the length of time, and unit represents the unit of time. The legal unit units are: d (day), h (hour), m (minute), s (second). 7d or 604800s both indicate a 7-day cycle.

SecretData string

The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version.

SecretDataType string

The type of the secret value. Valid values: text, binary. Default to "text".

SecretName string

The name of the secret.

Tags map[string]interface{}

A mapping of tags to assign to the resource.

VersionId string

The version number of the initial version. Version numbers are unique in each secret object.

VersionStages []string

) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with "ACSCurrent".

arn String

The Alicloud Resource Name (ARN) of the secret.

description String

The description of the secret.

dkmsInstanceId String

The instance ID of the exclusive KMS instance.

enableAutomaticRotation Boolean

Whether to enable automatic key rotation.

encryptionKeyId String

The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.

forceDeleteWithoutRecovery Boolean

Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.

plannedDeleteTime String

The time when the secret is scheduled to be deleted.

recoveryWindowInDays Integer

Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true.

rotationInterval String

The time period of automatic rotation. The format is integer[unit], where integer represents the length of time, and unit represents the unit of time. The legal unit units are: d (day), h (hour), m (minute), s (second). 7d or 604800s both indicate a 7-day cycle.

secretData String

The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version.

secretDataType String

The type of the secret value. Valid values: text, binary. Default to "text".

secretName String

The name of the secret.

tags Map<String,Object>

A mapping of tags to assign to the resource.

versionId String

The version number of the initial version. Version numbers are unique in each secret object.

versionStages List<String>

) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with "ACSCurrent".

arn string

The Alicloud Resource Name (ARN) of the secret.

description string

The description of the secret.

dkmsInstanceId string

The instance ID of the exclusive KMS instance.

enableAutomaticRotation boolean

Whether to enable automatic key rotation.

encryptionKeyId string

The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.

forceDeleteWithoutRecovery boolean

Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.

plannedDeleteTime string

The time when the secret is scheduled to be deleted.

recoveryWindowInDays number

Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true.

rotationInterval string

The time period of automatic rotation. The format is integer[unit], where integer represents the length of time, and unit represents the unit of time. The legal unit units are: d (day), h (hour), m (minute), s (second). 7d or 604800s both indicate a 7-day cycle.

secretData string

The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version.

secretDataType string

The type of the secret value. Valid values: text, binary. Default to "text".

secretName string

The name of the secret.

tags {[key: string]: any}

A mapping of tags to assign to the resource.

versionId string

The version number of the initial version. Version numbers are unique in each secret object.

versionStages string[]

) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with "ACSCurrent".

arn str

The Alicloud Resource Name (ARN) of the secret.

description str

The description of the secret.

dkms_instance_id str

The instance ID of the exclusive KMS instance.

enable_automatic_rotation bool

Whether to enable automatic key rotation.

encryption_key_id str

The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.

force_delete_without_recovery bool

Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.

planned_delete_time str

The time when the secret is scheduled to be deleted.

recovery_window_in_days int

Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true.

rotation_interval str

The time period of automatic rotation. The format is integer[unit], where integer represents the length of time, and unit represents the unit of time. The legal unit units are: d (day), h (hour), m (minute), s (second). 7d or 604800s both indicate a 7-day cycle.

secret_data str

The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version.

secret_data_type str

The type of the secret value. Valid values: text, binary. Default to "text".

secret_name str

The name of the secret.

tags Mapping[str, Any]

A mapping of tags to assign to the resource.

version_id str

The version number of the initial version. Version numbers are unique in each secret object.

version_stages Sequence[str]

) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with "ACSCurrent".

arn String

The Alicloud Resource Name (ARN) of the secret.

description String

The description of the secret.

dkmsInstanceId String

The instance ID of the exclusive KMS instance.

enableAutomaticRotation Boolean

Whether to enable automatic key rotation.

encryptionKeyId String

The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.

forceDeleteWithoutRecovery Boolean

Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.

plannedDeleteTime String

The time when the secret is scheduled to be deleted.

recoveryWindowInDays Number

Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true.

rotationInterval String

The time period of automatic rotation. The format is integer[unit], where integer represents the length of time, and unit represents the unit of time. The legal unit units are: d (day), h (hour), m (minute), s (second). 7d or 604800s both indicate a 7-day cycle.

secretData String

The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version.

secretDataType String

The type of the secret value. Valid values: text, binary. Default to "text".

secretName String

The name of the secret.

tags Map<Any>

A mapping of tags to assign to the resource.

versionId String

The version number of the initial version. Version numbers are unique in each secret object.

versionStages List<String>

) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with "ACSCurrent".

Import

KMS secret can be imported using the id, e.g.

 $ pulumi import alicloud:kms/secret:Secret default secret-foo

Package Details

Repository
Alibaba Cloud pulumi/pulumi-alicloud
License
Apache-2.0
Notes

This Pulumi package is based on the alicloud Terraform Provider.