Docs Home
This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v3.4.0 published on Wednesday, May 7, 2025 by Pulumi
azure-native.keyvault.Secret
Explore with Pulumi AI
This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v3.4.0 published on Wednesday, May 7, 2025 by Pulumi
Resource information with extended details.
Uses Azure REST API version 2024-11-01. In version 2.x of the Azure Native provider, it used API version 2023-02-01.
Other available API versions: 2023-02-01, 2023-07-01, 2024-04-01-preview, 2024-12-01-preview. These can be accessed by generating a local SDK package using the CLI command pulumi package add azure-native keyvault [ApiVersion]. See the version guide for details.
Example Usage
Create a secret
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var secret = new AzureNative.KeyVault.Secret("secret", new()
{
Properties = new AzureNative.KeyVault.Inputs.SecretPropertiesArgs
{
Value = "secret-value",
},
ResourceGroupName = "sample-group",
SecretName = "secret-name",
VaultName = "sample-vault",
});
});
package main
import (
keyvault "github.com/pulumi/pulumi-azure-native-sdk/keyvault/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := keyvault.NewSecret(ctx, "secret", &keyvault.SecretArgs{
Properties: &keyvault.SecretPropertiesArgs{
Value: pulumi.String("secret-value"),
},
ResourceGroupName: pulumi.String("sample-group"),
SecretName: pulumi.String("secret-name"),
VaultName: pulumi.String("sample-vault"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.keyvault.Secret;
import com.pulumi.azurenative.keyvault.SecretArgs;
import com.pulumi.azurenative.keyvault.inputs.SecretPropertiesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var secret = new Secret("secret", SecretArgs.builder()
.properties(SecretPropertiesArgs.builder()
.value("secret-value")
.build())
.resourceGroupName("sample-group")
.secretName("secret-name")
.vaultName("sample-vault")
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const secret = new azure_native.keyvault.Secret("secret", {
properties: {
value: "secret-value",
},
resourceGroupName: "sample-group",
secretName: "secret-name",
vaultName: "sample-vault",
});
import pulumi
import pulumi_azure_native as azure_native
secret = azure_native.keyvault.Secret("secret",
properties={
"value": "secret-value",
},
resource_group_name="sample-group",
secret_name="secret-name",
vault_name="sample-vault")
resources:
secret:
type: azure-native:keyvault:Secret
properties:
properties:
value: secret-value
resourceGroupName: sample-group
secretName: secret-name
vaultName: sample-vault
Create Secret Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Secret(name: string, args: SecretArgs, opts?: CustomResourceOptions);@overload
def Secret(resource_name: str,
args: SecretArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Secret(resource_name: str,
opts: Optional[ResourceOptions] = None,
properties: Optional[SecretPropertiesArgs] = None,
resource_group_name: Optional[str] = None,
vault_name: Optional[str] = None,
secret_name: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)func NewSecret(ctx *Context, name string, args SecretArgs, opts ...ResourceOption) (*Secret, error)public Secret(string name, SecretArgs args, CustomResourceOptions? opts = null)
public Secret(String name, SecretArgs args)
public Secret(String name, SecretArgs args, CustomResourceOptions options)
type: azure-native:keyvault:Secret
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecretArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecretArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecretArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecretArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecretArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var examplesecretResourceResourceFromKeyvault = new AzureNative.KeyVault.Secret("examplesecretResourceResourceFromKeyvault", new()
{
Properties = new AzureNative.KeyVault.Inputs.SecretPropertiesArgs
{
Attributes = new AzureNative.KeyVault.Inputs.SecretAttributesArgs
{
Enabled = false,
Expires = 0,
NotBefore = 0,
},
ContentType = "string",
Value = "string",
},
ResourceGroupName = "string",
VaultName = "string",
SecretName = "string",
Tags =
{
{ "string", "string" },
},
});
example, err := keyvault.NewSecret(ctx, "examplesecretResourceResourceFromKeyvault", &keyvault.SecretArgs{
Properties: &keyvault.SecretPropertiesArgs{
Attributes: &keyvault.SecretAttributesArgs{
Enabled: pulumi.Bool(false),
Expires: pulumi.Int(0),
NotBefore: pulumi.Int(0),
},
ContentType: pulumi.String("string"),
Value: pulumi.String("string"),
},
ResourceGroupName: pulumi.String("string"),
VaultName: pulumi.String("string"),
SecretName: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var examplesecretResourceResourceFromKeyvault = new com.pulumi.azurenative.keyvault.Secret("examplesecretResourceResourceFromKeyvault", com.pulumi.azurenative.keyvault.SecretArgs.builder()
.properties(SecretPropertiesArgs.builder()
.attributes(SecretAttributesArgs.builder()
.enabled(false)
.expires(0)
.notBefore(0)
.build())
.contentType("string")
.value("string")
.build())
.resourceGroupName("string")
.vaultName("string")
.secretName("string")
.tags(Map.of("string", "string"))
.build());
examplesecret_resource_resource_from_keyvault = azure_native.keyvault.Secret("examplesecretResourceResourceFromKeyvault",
properties={
"attributes": {
"enabled": False,
"expires": 0,
"not_before": 0,
},
"content_type": "string",
"value": "string",
},
resource_group_name="string",
vault_name="string",
secret_name="string",
tags={
"string": "string",
})
const examplesecretResourceResourceFromKeyvault = new azure_native.keyvault.Secret("examplesecretResourceResourceFromKeyvault", {
properties: {
attributes: {
enabled: false,
expires: 0,
notBefore: 0,
},
contentType: "string",
value: "string",
},
resourceGroupName: "string",
vaultName: "string",
secretName: "string",
tags: {
string: "string",
},
});
type: azure-native:keyvault:Secret
properties:
properties:
attributes:
enabled: false
expires: 0
notBefore: 0
contentType: string
value: string
resourceGroupName: string
secretName: string
tags:
string: string
vaultName: string
Secret Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Secret resource accepts the following input properties:
- Properties
Pulumi.
Azure Native. Key Vault. Inputs. Secret Properties - Properties of the secret
- Resource
Group stringName - The name of the Resource Group to which the vault belongs.
- Vault
Name string - Name of the vault
- Secret
Name string - Name of the secret. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information.
- Dictionary<string, string>
- The tags that will be assigned to the secret.
- Properties
Secret
Properties Args - Properties of the secret
- Resource
Group stringName - The name of the Resource Group to which the vault belongs.
- Vault
Name string - Name of the vault
- Secret
Name string - Name of the secret. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information.
- map[string]string
- The tags that will be assigned to the secret.
- properties
Secret
Properties - Properties of the secret
- resource
Group StringName - The name of the Resource Group to which the vault belongs.
- vault
Name String - Name of the vault
- secret
Name String - Name of the secret. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information.
- Map<String,String>
- The tags that will be assigned to the secret.
- properties
Secret
Properties - Properties of the secret
- resource
Group stringName - The name of the Resource Group to which the vault belongs.
- vault
Name string - Name of the vault
- secret
Name string - Name of the secret. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information.
- {[key: string]: string}
- The tags that will be assigned to the secret.
- properties
Secret
Properties Args - Properties of the secret
- resource_
group_ strname - The name of the Resource Group to which the vault belongs.
- vault_
name str - Name of the vault
- secret_
name str - Name of the secret. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information.
- Mapping[str, str]
- The tags that will be assigned to the secret.
- properties Property Map
- Properties of the secret
- resource
Group StringName - The name of the Resource Group to which the vault belongs.
- vault
Name String - Name of the vault
- secret
Name String - Name of the secret. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information.
- Map<String>
- The tags that will be assigned to the secret.
Outputs
All input properties are implicitly available as output properties. Additionally, the Secret resource produces the following output properties:
- Azure
Api stringVersion - The Azure API version of the resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- Location string
- Azure location of the key vault resource.
- Name string
- Name of the key vault resource.
- Type string
- Resource type of the key vault resource.
- Azure
Api stringVersion - The Azure API version of the resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- Location string
- Azure location of the key vault resource.
- Name string
- Name of the key vault resource.
- Type string
- Resource type of the key vault resource.
- azure
Api StringVersion - The Azure API version of the resource.
- id String
- The provider-assigned unique ID for this managed resource.
- location String
- Azure location of the key vault resource.
- name String
- Name of the key vault resource.
- type String
- Resource type of the key vault resource.
- azure
Api stringVersion - The Azure API version of the resource.
- id string
- The provider-assigned unique ID for this managed resource.
- location string
- Azure location of the key vault resource.
- name string
- Name of the key vault resource.
- type string
- Resource type of the key vault resource.
- azure_
api_ strversion - The Azure API version of the resource.
- id str
- The provider-assigned unique ID for this managed resource.
- location str
- Azure location of the key vault resource.
- name str
- Name of the key vault resource.
- type str
- Resource type of the key vault resource.
- azure
Api StringVersion - The Azure API version of the resource.
- id String
- The provider-assigned unique ID for this managed resource.
- location String
- Azure location of the key vault resource.
- name String
- Name of the key vault resource.
- type String
- Resource type of the key vault resource.
Supporting Types
SecretAttributes, SecretAttributesArgs
- enabled bool
- Determines whether the object is enabled.
- expires int
- Expiry date in seconds since 1970-01-01T00:00:00Z.
- not_
before int - Not before date in seconds since 1970-01-01T00:00:00Z.
SecretAttributesResponse, SecretAttributesResponseArgs
- Created int
- Creation time in seconds since 1970-01-01T00:00:00Z.
- Updated int
- Last updated time in seconds since 1970-01-01T00:00:00Z.
- Enabled bool
- Determines whether the object is enabled.
- Expires int
- Expiry date in seconds since 1970-01-01T00:00:00Z.
- Not
Before int - Not before date in seconds since 1970-01-01T00:00:00Z.
- Created int
- Creation time in seconds since 1970-01-01T00:00:00Z.
- Updated int
- Last updated time in seconds since 1970-01-01T00:00:00Z.
- Enabled bool
- Determines whether the object is enabled.
- Expires int
- Expiry date in seconds since 1970-01-01T00:00:00Z.
- Not
Before int - Not before date in seconds since 1970-01-01T00:00:00Z.
- created Integer
- Creation time in seconds since 1970-01-01T00:00:00Z.
- updated Integer
- Last updated time in seconds since 1970-01-01T00:00:00Z.
- enabled Boolean
- Determines whether the object is enabled.
- expires Integer
- Expiry date in seconds since 1970-01-01T00:00:00Z.
- not
Before Integer - Not before date in seconds since 1970-01-01T00:00:00Z.
- created number
- Creation time in seconds since 1970-01-01T00:00:00Z.
- updated number
- Last updated time in seconds since 1970-01-01T00:00:00Z.
- enabled boolean
- Determines whether the object is enabled.
- expires number
- Expiry date in seconds since 1970-01-01T00:00:00Z.
- not
Before number - Not before date in seconds since 1970-01-01T00:00:00Z.
- created int
- Creation time in seconds since 1970-01-01T00:00:00Z.
- updated int
- Last updated time in seconds since 1970-01-01T00:00:00Z.
- enabled bool
- Determines whether the object is enabled.
- expires int
- Expiry date in seconds since 1970-01-01T00:00:00Z.
- not_
before int - Not before date in seconds since 1970-01-01T00:00:00Z.
- created Number
- Creation time in seconds since 1970-01-01T00:00:00Z.
- updated Number
- Last updated time in seconds since 1970-01-01T00:00:00Z.
- enabled Boolean
- Determines whether the object is enabled.
- expires Number
- Expiry date in seconds since 1970-01-01T00:00:00Z.
- not
Before Number - Not before date in seconds since 1970-01-01T00:00:00Z.
SecretProperties, SecretPropertiesArgs
- Attributes
Pulumi.
Azure Native. Key Vault. Inputs. Secret Attributes - The attributes of the secret.
- Content
Type string - The content type of the secret.
- Value string
- The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.
- Attributes
Secret
Attributes - The attributes of the secret.
- Content
Type string - The content type of the secret.
- Value string
- The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.
- attributes
Secret
Attributes - The attributes of the secret.
- content
Type String - The content type of the secret.
- value String
- The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.
- attributes
Secret
Attributes - The attributes of the secret.
- content
Type string - The content type of the secret.
- value string
- The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.
- attributes
Secret
Attributes - The attributes of the secret.
- content_
type str - The content type of the secret.
- value str
- The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.
- attributes Property Map
- The attributes of the secret.
- content
Type String - The content type of the secret.
- value String
- The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.
SecretPropertiesResponse, SecretPropertiesResponseArgs
- Secret
Uri string - The URI to retrieve the current version of the secret.
- Secret
Uri stringWith Version - The URI to retrieve the specific version of the secret.
- Attributes
Pulumi.
Azure Native. Key Vault. Inputs. Secret Attributes Response - The attributes of the secret.
- Content
Type string - The content type of the secret.
- Value string
- The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.
- Secret
Uri string - The URI to retrieve the current version of the secret.
- Secret
Uri stringWith Version - The URI to retrieve the specific version of the secret.
- Attributes
Secret
Attributes Response - The attributes of the secret.
- Content
Type string - The content type of the secret.
- Value string
- The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.
- secret
Uri String - The URI to retrieve the current version of the secret.
- secret
Uri StringWith Version - The URI to retrieve the specific version of the secret.
- attributes
Secret
Attributes Response - The attributes of the secret.
- content
Type String - The content type of the secret.
- value String
- The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.
- secret
Uri string - The URI to retrieve the current version of the secret.
- secret
Uri stringWith Version - The URI to retrieve the specific version of the secret.
- attributes
Secret
Attributes Response - The attributes of the secret.
- content
Type string - The content type of the secret.
- value string
- The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.
- secret_
uri str - The URI to retrieve the current version of the secret.
- secret_
uri_ strwith_ version - The URI to retrieve the specific version of the secret.
- attributes
Secret
Attributes Response - The attributes of the secret.
- content_
type str - The content type of the secret.
- value str
- The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.
- secret
Uri String - The URI to retrieve the current version of the secret.
- secret
Uri StringWith Version - The URI to retrieve the specific version of the secret.
- attributes Property Map
- The attributes of the secret.
- content
Type String - The content type of the secret.
- value String
- The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:keyvault:Secret secret-name /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}/secrets/{secretName}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0
This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v3.4.0 published on Wednesday, May 7, 2025 by Pulumi