1. Packages
  2. Azure Classic
  3. API Docs
  4. keyvault
  5. getSecret

We recommend using Azure Native.

Azure Classic v5.49.0 published on Tuesday, Aug 29, 2023 by Pulumi

azure.keyvault.getSecret

Explore with Pulumi AI

azure logo

We recommend using Azure Native.

Azure Classic v5.49.0 published on Tuesday, Aug 29, 2023 by Pulumi

    Use this data source to access information about an existing Key Vault Secret.

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    
    return await Deployment.RunAsync(() => 
    {
        var example = Azure.KeyVault.GetSecret.Invoke(new()
        {
            Name = "secret-sauce",
            KeyVaultId = data.Azurerm_key_vault.Existing.Id,
        });
    
        return new Dictionary<string, object?>
        {
            ["secretValue"] = example.Apply(getSecretResult => getSecretResult.Value),
        };
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := keyvault.LookupSecret(ctx, &keyvault.LookupSecretArgs{
    			Name:       "secret-sauce",
    			KeyVaultId: data.Azurerm_key_vault.Existing.Id,
    		}, nil)
    		if err != nil {
    			return err
    		}
    		ctx.Export("secretValue", example.Value)
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.keyvault.KeyvaultFunctions;
    import com.pulumi.azure.keyvault.inputs.GetSecretArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var example = KeyvaultFunctions.getSecret(GetSecretArgs.builder()
                .name("secret-sauce")
                .keyVaultId(data.azurerm_key_vault().existing().id())
                .build());
    
            ctx.export("secretValue", example.applyValue(getSecretResult -> getSecretResult.value()));
        }
    }
    
    import pulumi
    import pulumi_azure as azure
    
    example = azure.keyvault.get_secret(name="secret-sauce",
        key_vault_id=data["azurerm_key_vault"]["existing"]["id"])
    pulumi.export("secretValue", example.value)
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    
    const example = azure.keyvault.getSecret({
        name: "secret-sauce",
        keyVaultId: data.azurerm_key_vault.existing.id,
    });
    export const secretValue = example.then(example => example.value);
    
    variables:
      example:
        fn::invoke:
          Function: azure:keyvault:getSecret
          Arguments:
            name: secret-sauce
            keyVaultId: ${data.azurerm_key_vault.existing.id}
    outputs:
      secretValue: ${example.value}
    

    Using getSecret

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getSecret(args: GetSecretArgs, opts?: InvokeOptions): Promise<GetSecretResult>
    function getSecretOutput(args: GetSecretOutputArgs, opts?: InvokeOptions): Output<GetSecretResult>
    def get_secret(key_vault_id: Optional[str] = None,
                   name: Optional[str] = None,
                   version: Optional[str] = None,
                   opts: Optional[InvokeOptions] = None) -> GetSecretResult
    def get_secret_output(key_vault_id: Optional[pulumi.Input[str]] = None,
                   name: Optional[pulumi.Input[str]] = None,
                   version: Optional[pulumi.Input[str]] = None,
                   opts: Optional[InvokeOptions] = None) -> Output[GetSecretResult]
    func LookupSecret(ctx *Context, args *LookupSecretArgs, opts ...InvokeOption) (*LookupSecretResult, error)
    func LookupSecretOutput(ctx *Context, args *LookupSecretOutputArgs, opts ...InvokeOption) LookupSecretResultOutput

    > Note: This function is named LookupSecret in the Go SDK.

    public static class GetSecret 
    {
        public static Task<GetSecretResult> InvokeAsync(GetSecretArgs args, InvokeOptions? opts = null)
        public static Output<GetSecretResult> Invoke(GetSecretInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetSecretResult> getSecret(GetSecretArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: azure:keyvault/getSecret:getSecret
      arguments:
        # arguments dictionary

    The following arguments are supported:

    KeyVaultId string

    Specifies the ID of the Key Vault instance to fetch secret names from, available on the azure.keyvault.KeyVault Data Source / Resource.

    Name string

    Specifies the name of the Key Vault Secret.

    Version string

    Specifies the version of the Key Vault Secret. Defaults to the current version of the Key Vault Secret.

    NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.

    KeyVaultId string

    Specifies the ID of the Key Vault instance to fetch secret names from, available on the azure.keyvault.KeyVault Data Source / Resource.

    Name string

    Specifies the name of the Key Vault Secret.

    Version string

    Specifies the version of the Key Vault Secret. Defaults to the current version of the Key Vault Secret.

    NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.

    keyVaultId String

    Specifies the ID of the Key Vault instance to fetch secret names from, available on the azure.keyvault.KeyVault Data Source / Resource.

    name String

    Specifies the name of the Key Vault Secret.

    version String

    Specifies the version of the Key Vault Secret. Defaults to the current version of the Key Vault Secret.

    NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.

    keyVaultId string

    Specifies the ID of the Key Vault instance to fetch secret names from, available on the azure.keyvault.KeyVault Data Source / Resource.

    name string

    Specifies the name of the Key Vault Secret.

    version string

    Specifies the version of the Key Vault Secret. Defaults to the current version of the Key Vault Secret.

    NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.

    key_vault_id str

    Specifies the ID of the Key Vault instance to fetch secret names from, available on the azure.keyvault.KeyVault Data Source / Resource.

    name str

    Specifies the name of the Key Vault Secret.

    version str

    Specifies the version of the Key Vault Secret. Defaults to the current version of the Key Vault Secret.

    NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.

    keyVaultId String

    Specifies the ID of the Key Vault instance to fetch secret names from, available on the azure.keyvault.KeyVault Data Source / Resource.

    name String

    Specifies the name of the Key Vault Secret.

    version String

    Specifies the version of the Key Vault Secret. Defaults to the current version of the Key Vault Secret.

    NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.

    getSecret Result

    The following output properties are available:

    ContentType string

    The content type for the Key Vault Secret.

    ExpirationDate string

    The date and time at which the Key Vault Secret expires and is no longer valid.

    Id string

    The provider-assigned unique ID for this managed resource.

    KeyVaultId string
    Name string
    NotBeforeDate string

    The earliest date at which the Key Vault Secret can be used.

    ResourceId string

    The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.

    ResourceVersionlessId string

    The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.

    Tags Dictionary<string, string>

    Any tags assigned to this resource.

    Value string

    The value of the Key Vault Secret.

    VersionlessId string

    The Versionless ID of the Key Vault Secret. This can be used to always get latest secret value, and enable fetching automatically rotating secrets.

    Version string
    ContentType string

    The content type for the Key Vault Secret.

    ExpirationDate string

    The date and time at which the Key Vault Secret expires and is no longer valid.

    Id string

    The provider-assigned unique ID for this managed resource.

    KeyVaultId string
    Name string
    NotBeforeDate string

    The earliest date at which the Key Vault Secret can be used.

    ResourceId string

    The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.

    ResourceVersionlessId string

    The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.

    Tags map[string]string

    Any tags assigned to this resource.

    Value string

    The value of the Key Vault Secret.

    VersionlessId string

    The Versionless ID of the Key Vault Secret. This can be used to always get latest secret value, and enable fetching automatically rotating secrets.

    Version string
    contentType String

    The content type for the Key Vault Secret.

    expirationDate String

    The date and time at which the Key Vault Secret expires and is no longer valid.

    id String

    The provider-assigned unique ID for this managed resource.

    keyVaultId String
    name String
    notBeforeDate String

    The earliest date at which the Key Vault Secret can be used.

    resourceId String

    The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.

    resourceVersionlessId String

    The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.

    tags Map<String,String>

    Any tags assigned to this resource.

    value String

    The value of the Key Vault Secret.

    versionlessId String

    The Versionless ID of the Key Vault Secret. This can be used to always get latest secret value, and enable fetching automatically rotating secrets.

    version String
    contentType string

    The content type for the Key Vault Secret.

    expirationDate string

    The date and time at which the Key Vault Secret expires and is no longer valid.

    id string

    The provider-assigned unique ID for this managed resource.

    keyVaultId string
    name string
    notBeforeDate string

    The earliest date at which the Key Vault Secret can be used.

    resourceId string

    The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.

    resourceVersionlessId string

    The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.

    tags {[key: string]: string}

    Any tags assigned to this resource.

    value string

    The value of the Key Vault Secret.

    versionlessId string

    The Versionless ID of the Key Vault Secret. This can be used to always get latest secret value, and enable fetching automatically rotating secrets.

    version string
    content_type str

    The content type for the Key Vault Secret.

    expiration_date str

    The date and time at which the Key Vault Secret expires and is no longer valid.

    id str

    The provider-assigned unique ID for this managed resource.

    key_vault_id str
    name str
    not_before_date str

    The earliest date at which the Key Vault Secret can be used.

    resource_id str

    The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.

    resource_versionless_id str

    The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.

    tags Mapping[str, str]

    Any tags assigned to this resource.

    value str

    The value of the Key Vault Secret.

    versionless_id str

    The Versionless ID of the Key Vault Secret. This can be used to always get latest secret value, and enable fetching automatically rotating secrets.

    version str
    contentType String

    The content type for the Key Vault Secret.

    expirationDate String

    The date and time at which the Key Vault Secret expires and is no longer valid.

    id String

    The provider-assigned unique ID for this managed resource.

    keyVaultId String
    name String
    notBeforeDate String

    The earliest date at which the Key Vault Secret can be used.

    resourceId String

    The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.

    resourceVersionlessId String

    The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.

    tags Map<String>

    Any tags assigned to this resource.

    value String

    The value of the Key Vault Secret.

    versionlessId String

    The Versionless ID of the Key Vault Secret. This can be used to always get latest secret value, and enable fetching automatically rotating secrets.

    version String

    Package Details

    Repository
    Azure Classic pulumi/pulumi-azure
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the azurerm Terraform Provider.

    azure logo

    We recommend using Azure Native.

    Azure Classic v5.49.0 published on Tuesday, Aug 29, 2023 by Pulumi