Docs Packages
  1. Pulumi Registry
  2. Alibaba Cloud
  3. API Docs
  4. ram
  5. AccessKey
alicloud logo
Alibaba Cloud v3.37.0, May 15 23

alicloud.ram.AccessKey

Explore with Pulumi AI

Provides a RAM User access key resource.

NOTE: You should set the secret_file if you want to get the access key.

NOTE: From version 1.98.0, if not set pgp_key, the resource will output the access key secret to field secret and please protect your backend state file judiciously

Example Usage

Output the secret to a file.

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;

return await Deployment.RunAsync(() => 
{
    // Create a new RAM access key for user.
    var user = new AliCloud.Ram.User("user", new()
    {
        DisplayName = "user_display_name",
        Mobile = "86-18688888888",
        Email = "hello.uuu@aaa.com",
        Comments = "yoyoyo",
        Force = true,
    });

    var ak = new AliCloud.Ram.AccessKey("ak", new()
    {
        UserName = user.Name,
        SecretFile = "/xxx/xxx/xxx.txt",
    });

});

package main

import (
	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/ram"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		user, err := ram.NewUser(ctx, "user", &ram.UserArgs{
			DisplayName: pulumi.String("user_display_name"),
			Mobile:      pulumi.String("86-18688888888"),
			Email:       pulumi.String("hello.uuu@aaa.com"),
			Comments:    pulumi.String("yoyoyo"),
			Force:       pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = ram.NewAccessKey(ctx, "ak", &ram.AccessKeyArgs{
			UserName:   user.Name,
			SecretFile: pulumi.String("/xxx/xxx/xxx.txt"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.ram.User;
import com.pulumi.alicloud.ram.UserArgs;
import com.pulumi.alicloud.ram.AccessKey;
import com.pulumi.alicloud.ram.AccessKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var user = new User("user", UserArgs.builder()        
            .displayName("user_display_name")
            .mobile("86-18688888888")
            .email("hello.uuu@aaa.com")
            .comments("yoyoyo")
            .force(true)
            .build());

        var ak = new AccessKey("ak", AccessKeyArgs.builder()        
            .userName(user.name())
            .secretFile("/xxx/xxx/xxx.txt")
            .build());

    }
}

import pulumi
import pulumi_alicloud as alicloud

# Create a new RAM access key for user.
user = alicloud.ram.User("user",
    display_name="user_display_name",
    mobile="86-18688888888",
    email="hello.uuu@aaa.com",
    comments="yoyoyo",
    force=True)
ak = alicloud.ram.AccessKey("ak",
    user_name=user.name,
    secret_file="/xxx/xxx/xxx.txt")

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

// Create a new RAM access key for user.
const user = new alicloud.ram.User("user", {
    displayName: "user_display_name",
    mobile: "86-18688888888",
    email: "hello.uuu@aaa.com",
    comments: "yoyoyo",
    force: true,
});
const ak = new alicloud.ram.AccessKey("ak", {
    userName: user.name,
    secretFile: "/xxx/xxx/xxx.txt",
});

resources:
  # Create a new RAM access key for user.
  user:
    type: alicloud:ram:User
    properties:
      displayName: user_display_name
      mobile: 86-18688888888
      email: hello.uuu@aaa.com
      comments: yoyoyo
      force: true
  ak:
    type: alicloud:ram:AccessKey
    properties:
      userName: ${user.name}
      secretFile: /xxx/xxx/xxx.txt

to encrypt the secret.

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;

return await Deployment.RunAsync(() => 
{
    // Create a new RAM access key for user.
    var user = new AliCloud.Ram.User("user", new()
    {
        DisplayName = "user_display_name",
        Mobile = "86-18688888888",
        Email = "hello.uuu@aaa.com",
        Comments = "yoyoyo",
        Force = true,
    });

    var encrypt = new AliCloud.Ram.AccessKey("encrypt", new()
    {
        UserName = user.Name,
        PgpKey = "keybase:some_person_that_exists",
    });

    return new Dictionary<string, object?>
    {
        ["secret"] = encrypt.EncryptedSecret,
    };
});

package main

import (
	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/ram"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		user, err := ram.NewUser(ctx, "user", &ram.UserArgs{
			DisplayName: pulumi.String("user_display_name"),
			Mobile:      pulumi.String("86-18688888888"),
			Email:       pulumi.String("hello.uuu@aaa.com"),
			Comments:    pulumi.String("yoyoyo"),
			Force:       pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		encrypt, err := ram.NewAccessKey(ctx, "encrypt", &ram.AccessKeyArgs{
			UserName: user.Name,
			PgpKey:   pulumi.String("keybase:some_person_that_exists"),
		})
		if err != nil {
			return err
		}
		ctx.Export("secret", encrypt.EncryptedSecret)
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.ram.User;
import com.pulumi.alicloud.ram.UserArgs;
import com.pulumi.alicloud.ram.AccessKey;
import com.pulumi.alicloud.ram.AccessKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var user = new User("user", UserArgs.builder()        
            .displayName("user_display_name")
            .mobile("86-18688888888")
            .email("hello.uuu@aaa.com")
            .comments("yoyoyo")
            .force(true)
            .build());

        var encrypt = new AccessKey("encrypt", AccessKeyArgs.builder()        
            .userName(user.name())
            .pgpKey("keybase:some_person_that_exists")
            .build());

        ctx.export("secret", encrypt.encryptedSecret());
    }
}

import pulumi
import pulumi_alicloud as alicloud

# Create a new RAM access key for user.
user = alicloud.ram.User("user",
    display_name="user_display_name",
    mobile="86-18688888888",
    email="hello.uuu@aaa.com",
    comments="yoyoyo",
    force=True)
encrypt = alicloud.ram.AccessKey("encrypt",
    user_name=user.name,
    pgp_key="keybase:some_person_that_exists")
pulumi.export("secret", encrypt.encrypted_secret)

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

// Create a new RAM access key for user.
const user = new alicloud.ram.User("user", {
    displayName: "user_display_name",
    mobile: "86-18688888888",
    email: "hello.uuu@aaa.com",
    comments: "yoyoyo",
    force: true,
});
const encrypt = new alicloud.ram.AccessKey("encrypt", {
    userName: user.name,
    pgpKey: "keybase:some_person_that_exists",
});
export const secret = encrypt.encryptedSecret;

resources:
  # Create a new RAM access key for user.
  user:
    type: alicloud:ram:User
    properties:
      displayName: user_display_name
      mobile: 86-18688888888
      email: hello.uuu@aaa.com
      comments: yoyoyo
      force: true
  encrypt:
    type: alicloud:ram:AccessKey
    properties:
      userName: ${user.name}
      pgpKey: keybase:some_person_that_exists
outputs:
  secret: ${encrypt.encryptedSecret}

Create AccessKey Resource

new AccessKey(name: string, args?: AccessKeyArgs, opts?: CustomResourceOptions);
@overload
def AccessKey(resource_name: str,
              opts: Optional[ResourceOptions] = None,
              pgp_key: Optional[str] = None,
              secret_file: Optional[str] = None,
              status: Optional[str] = None,
              user_name: Optional[str] = None)
@overload
def AccessKey(resource_name: str,
              args: Optional[AccessKeyArgs] = None,
              opts: Optional[ResourceOptions] = None)
func NewAccessKey(ctx *Context, name string, args *AccessKeyArgs, opts ...ResourceOption) (*AccessKey, error)
public AccessKey(string name, AccessKeyArgs? args = null, CustomResourceOptions? opts = null)
public AccessKey(String name, AccessKeyArgs args)
public AccessKey(String name, AccessKeyArgs args, CustomResourceOptions options)

type: alicloud:ram:AccessKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AccessKeyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args AccessKeyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AccessKeyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AccessKeyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args AccessKeyArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

AccessKey Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AccessKey resource accepts the following input properties:

PgpKey string

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists

SecretFile string

The name of file that can save access key id and access key secret. Strongly suggest you to specified it when you creating access key, otherwise, you wouldn't get its secret ever.

Status string

Status of access key. It must be Active or Inactive. Default value is Active.

UserName string

Name of the RAM user. This name can have a string of 1 to 64 characters, must contain only alphanumeric characters or hyphens, such as "-",".","_", and must not begin with a hyphen.

PgpKey string

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists

SecretFile string

The name of file that can save access key id and access key secret. Strongly suggest you to specified it when you creating access key, otherwise, you wouldn't get its secret ever.

Status string

Status of access key. It must be Active or Inactive. Default value is Active.

UserName string

Name of the RAM user. This name can have a string of 1 to 64 characters, must contain only alphanumeric characters or hyphens, such as "-",".","_", and must not begin with a hyphen.

pgpKey String

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists

secretFile String

The name of file that can save access key id and access key secret. Strongly suggest you to specified it when you creating access key, otherwise, you wouldn't get its secret ever.

status String

Status of access key. It must be Active or Inactive. Default value is Active.

userName String

Name of the RAM user. This name can have a string of 1 to 64 characters, must contain only alphanumeric characters or hyphens, such as "-",".","_", and must not begin with a hyphen.

pgpKey string

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists

secretFile string

The name of file that can save access key id and access key secret. Strongly suggest you to specified it when you creating access key, otherwise, you wouldn't get its secret ever.

status string

Status of access key. It must be Active or Inactive. Default value is Active.

userName string

Name of the RAM user. This name can have a string of 1 to 64 characters, must contain only alphanumeric characters or hyphens, such as "-",".","_", and must not begin with a hyphen.

pgp_key str

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists

secret_file str

The name of file that can save access key id and access key secret. Strongly suggest you to specified it when you creating access key, otherwise, you wouldn't get its secret ever.

status str

Status of access key. It must be Active or Inactive. Default value is Active.

user_name str

Name of the RAM user. This name can have a string of 1 to 64 characters, must contain only alphanumeric characters or hyphens, such as "-",".","_", and must not begin with a hyphen.

pgpKey String

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists

secretFile String

The name of file that can save access key id and access key secret. Strongly suggest you to specified it when you creating access key, otherwise, you wouldn't get its secret ever.

status String

Status of access key. It must be Active or Inactive. Default value is Active.

userName String

Name of the RAM user. This name can have a string of 1 to 64 characters, must contain only alphanumeric characters or hyphens, such as "-",".","_", and must not begin with a hyphen.

Outputs

All input properties are implicitly available as output properties. Additionally, the AccessKey resource produces the following output properties:

EncryptedSecret string
Id string

The provider-assigned unique ID for this managed resource.

KeyFingerprint string

The fingerprint of the PGP key used to encrypt the secret

Secret string

(Available in 1.98.0+) - The secret access key. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a pgp_key instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.

EncryptedSecret string
Id string

The provider-assigned unique ID for this managed resource.

KeyFingerprint string

The fingerprint of the PGP key used to encrypt the secret

Secret string

(Available in 1.98.0+) - The secret access key. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a pgp_key instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.

encryptedSecret String
id String

The provider-assigned unique ID for this managed resource.

keyFingerprint String

The fingerprint of the PGP key used to encrypt the secret

secret String

(Available in 1.98.0+) - The secret access key. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a pgp_key instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.

encryptedSecret string
id string

The provider-assigned unique ID for this managed resource.

keyFingerprint string

The fingerprint of the PGP key used to encrypt the secret

secret string

(Available in 1.98.0+) - The secret access key. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a pgp_key instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.

encrypted_secret str
id str

The provider-assigned unique ID for this managed resource.

key_fingerprint str

The fingerprint of the PGP key used to encrypt the secret

secret str

(Available in 1.98.0+) - The secret access key. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a pgp_key instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.

encryptedSecret String
id String

The provider-assigned unique ID for this managed resource.

keyFingerprint String

The fingerprint of the PGP key used to encrypt the secret

secret String

(Available in 1.98.0+) - The secret access key. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a pgp_key instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.

Look up Existing AccessKey Resource

Get an existing AccessKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AccessKeyState, opts?: CustomResourceOptions): AccessKey
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        encrypted_secret: Optional[str] = None,
        key_fingerprint: Optional[str] = None,
        pgp_key: Optional[str] = None,
        secret: Optional[str] = None,
        secret_file: Optional[str] = None,
        status: Optional[str] = None,
        user_name: Optional[str] = None) -> AccessKey
func GetAccessKey(ctx *Context, name string, id IDInput, state *AccessKeyState, opts ...ResourceOption) (*AccessKey, error)
public static AccessKey Get(string name, Input<string> id, AccessKeyState? state, CustomResourceOptions? opts = null)
public static AccessKey get(String name, Output<String> id, AccessKeyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
EncryptedSecret string
KeyFingerprint string

The fingerprint of the PGP key used to encrypt the secret

PgpKey string

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists

Secret string

(Available in 1.98.0+) - The secret access key. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a pgp_key instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.

SecretFile string

The name of file that can save access key id and access key secret. Strongly suggest you to specified it when you creating access key, otherwise, you wouldn't get its secret ever.

Status string

Status of access key. It must be Active or Inactive. Default value is Active.

UserName string

Name of the RAM user. This name can have a string of 1 to 64 characters, must contain only alphanumeric characters or hyphens, such as "-",".","_", and must not begin with a hyphen.

EncryptedSecret string
KeyFingerprint string

The fingerprint of the PGP key used to encrypt the secret

PgpKey string

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists

Secret string

(Available in 1.98.0+) - The secret access key. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a pgp_key instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.

SecretFile string

The name of file that can save access key id and access key secret. Strongly suggest you to specified it when you creating access key, otherwise, you wouldn't get its secret ever.

Status string

Status of access key. It must be Active or Inactive. Default value is Active.

UserName string

Name of the RAM user. This name can have a string of 1 to 64 characters, must contain only alphanumeric characters or hyphens, such as "-",".","_", and must not begin with a hyphen.

encryptedSecret String
keyFingerprint String

The fingerprint of the PGP key used to encrypt the secret

pgpKey String

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists

secret String

(Available in 1.98.0+) - The secret access key. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a pgp_key instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.

secretFile String

The name of file that can save access key id and access key secret. Strongly suggest you to specified it when you creating access key, otherwise, you wouldn't get its secret ever.

status String

Status of access key. It must be Active or Inactive. Default value is Active.

userName String

Name of the RAM user. This name can have a string of 1 to 64 characters, must contain only alphanumeric characters or hyphens, such as "-",".","_", and must not begin with a hyphen.

encryptedSecret string
keyFingerprint string

The fingerprint of the PGP key used to encrypt the secret

pgpKey string

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists

secret string

(Available in 1.98.0+) - The secret access key. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a pgp_key instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.

secretFile string

The name of file that can save access key id and access key secret. Strongly suggest you to specified it when you creating access key, otherwise, you wouldn't get its secret ever.

status string

Status of access key. It must be Active or Inactive. Default value is Active.

userName string

Name of the RAM user. This name can have a string of 1 to 64 characters, must contain only alphanumeric characters or hyphens, such as "-",".","_", and must not begin with a hyphen.

encrypted_secret str
key_fingerprint str

The fingerprint of the PGP key used to encrypt the secret

pgp_key str

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists

secret str

(Available in 1.98.0+) - The secret access key. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a pgp_key instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.

secret_file str

The name of file that can save access key id and access key secret. Strongly suggest you to specified it when you creating access key, otherwise, you wouldn't get its secret ever.

status str

Status of access key. It must be Active or Inactive. Default value is Active.

user_name str

Name of the RAM user. This name can have a string of 1 to 64 characters, must contain only alphanumeric characters or hyphens, such as "-",".","_", and must not begin with a hyphen.

encryptedSecret String
keyFingerprint String

The fingerprint of the PGP key used to encrypt the secret

pgpKey String

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists

secret String

(Available in 1.98.0+) - The secret access key. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a pgp_key instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.

secretFile String

The name of file that can save access key id and access key secret. Strongly suggest you to specified it when you creating access key, otherwise, you wouldn't get its secret ever.

status String

Status of access key. It must be Active or Inactive. Default value is Active.

userName String

Name of the RAM user. This name can have a string of 1 to 64 characters, must contain only alphanumeric characters or hyphens, such as "-",".","_", and must not begin with a hyphen.

Package Details

Repository
Alibaba Cloud pulumi/pulumi-alicloud
License
Apache-2.0
Notes

This Pulumi package is based on the alicloud Terraform Provider.