1. Packages
  2. Azure Classic
  3. API Docs
  4. keyvault
  5. getSecret

We recommend using Azure Native.

Azure Classic v5.80.0 published on Monday, Jun 10, 2024 by Pulumi

azure.keyvault.getSecret

Explore with Pulumi AI

azure logo

We recommend using Azure Native.

Azure Classic v5.80.0 published on Monday, Jun 10, 2024 by Pulumi

    Use this data source to access information about an existing Key Vault Secret.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    
    const example = azure.keyvault.getSecret({
        name: "secret-sauce",
        keyVaultId: existing.id,
    });
    export const secretValue = example.then(example => example.value);
    
    import pulumi
    import pulumi_azure as azure
    
    example = azure.keyvault.get_secret(name="secret-sauce",
        key_vault_id=existing["id"])
    pulumi.export("secretValue", example.value)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := keyvault.LookupSecret(ctx, &keyvault.LookupSecretArgs{
    			Name:       "secret-sauce",
    			KeyVaultId: existing.Id,
    		}, nil)
    		if err != nil {
    			return err
    		}
    		ctx.Export("secretValue", example.Value)
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    
    return await Deployment.RunAsync(() => 
    {
        var example = Azure.KeyVault.GetSecret.Invoke(new()
        {
            Name = "secret-sauce",
            KeyVaultId = existing.Id,
        });
    
        return new Dictionary<string, object?>
        {
            ["secretValue"] = example.Apply(getSecretResult => getSecretResult.Value),
        };
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.keyvault.KeyvaultFunctions;
    import com.pulumi.azure.keyvault.inputs.GetSecretArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var example = KeyvaultFunctions.getSecret(GetSecretArgs.builder()
                .name("secret-sauce")
                .keyVaultId(existing.id())
                .build());
    
            ctx.export("secretValue", example.applyValue(getSecretResult -> getSecretResult.value()));
        }
    }
    
    variables:
      example:
        fn::invoke:
          Function: azure:keyvault:getSecret
          Arguments:
            name: secret-sauce
            keyVaultId: ${existing.id}
    outputs:
      secretValue: ${example.value}
    

    Using getSecret

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getSecret(args: GetSecretArgs, opts?: InvokeOptions): Promise<GetSecretResult>
    function getSecretOutput(args: GetSecretOutputArgs, opts?: InvokeOptions): Output<GetSecretResult>
    def get_secret(key_vault_id: Optional[str] = None,
                   name: Optional[str] = None,
                   version: Optional[str] = None,
                   opts: Optional[InvokeOptions] = None) -> GetSecretResult
    def get_secret_output(key_vault_id: Optional[pulumi.Input[str]] = None,
                   name: Optional[pulumi.Input[str]] = None,
                   version: Optional[pulumi.Input[str]] = None,
                   opts: Optional[InvokeOptions] = None) -> Output[GetSecretResult]
    func LookupSecret(ctx *Context, args *LookupSecretArgs, opts ...InvokeOption) (*LookupSecretResult, error)
    func LookupSecretOutput(ctx *Context, args *LookupSecretOutputArgs, opts ...InvokeOption) LookupSecretResultOutput

    > Note: This function is named LookupSecret in the Go SDK.

    public static class GetSecret 
    {
        public static Task<GetSecretResult> InvokeAsync(GetSecretArgs args, InvokeOptions? opts = null)
        public static Output<GetSecretResult> Invoke(GetSecretInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetSecretResult> getSecret(GetSecretArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: azure:keyvault/getSecret:getSecret
      arguments:
        # arguments dictionary

    The following arguments are supported:

    KeyVaultId string
    Specifies the ID of the Key Vault instance to fetch secret names from, available on the azure.keyvault.KeyVault Data Source / Resource.
    Name string
    Specifies the name of the Key Vault Secret.
    Version string

    Specifies the version of the Key Vault Secret. Defaults to the current version of the Key Vault Secret.

    NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.

    KeyVaultId string
    Specifies the ID of the Key Vault instance to fetch secret names from, available on the azure.keyvault.KeyVault Data Source / Resource.
    Name string
    Specifies the name of the Key Vault Secret.
    Version string

    Specifies the version of the Key Vault Secret. Defaults to the current version of the Key Vault Secret.

    NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.

    keyVaultId String
    Specifies the ID of the Key Vault instance to fetch secret names from, available on the azure.keyvault.KeyVault Data Source / Resource.
    name String
    Specifies the name of the Key Vault Secret.
    version String

    Specifies the version of the Key Vault Secret. Defaults to the current version of the Key Vault Secret.

    NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.

    keyVaultId string
    Specifies the ID of the Key Vault instance to fetch secret names from, available on the azure.keyvault.KeyVault Data Source / Resource.
    name string
    Specifies the name of the Key Vault Secret.
    version string

    Specifies the version of the Key Vault Secret. Defaults to the current version of the Key Vault Secret.

    NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.

    key_vault_id str
    Specifies the ID of the Key Vault instance to fetch secret names from, available on the azure.keyvault.KeyVault Data Source / Resource.
    name str
    Specifies the name of the Key Vault Secret.
    version str

    Specifies the version of the Key Vault Secret. Defaults to the current version of the Key Vault Secret.

    NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.

    keyVaultId String
    Specifies the ID of the Key Vault instance to fetch secret names from, available on the azure.keyvault.KeyVault Data Source / Resource.
    name String
    Specifies the name of the Key Vault Secret.
    version String

    Specifies the version of the Key Vault Secret. Defaults to the current version of the Key Vault Secret.

    NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.

    getSecret Result

    The following output properties are available:

    ContentType string
    The content type for the Key Vault Secret.
    ExpirationDate string
    The date and time at which the Key Vault Secret expires and is no longer valid.
    Id string
    The provider-assigned unique ID for this managed resource.
    KeyVaultId string
    Name string
    NotBeforeDate string
    The earliest date at which the Key Vault Secret can be used.
    ResourceId string
    The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.
    ResourceVersionlessId string
    The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.
    Tags Dictionary<string, string>
    Any tags assigned to this resource.
    Value string
    The value of the Key Vault Secret.
    VersionlessId string
    The Versionless ID of the Key Vault Secret. This can be used to always get latest secret value, and enable fetching automatically rotating secrets.
    Version string
    ContentType string
    The content type for the Key Vault Secret.
    ExpirationDate string
    The date and time at which the Key Vault Secret expires and is no longer valid.
    Id string
    The provider-assigned unique ID for this managed resource.
    KeyVaultId string
    Name string
    NotBeforeDate string
    The earliest date at which the Key Vault Secret can be used.
    ResourceId string
    The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.
    ResourceVersionlessId string
    The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.
    Tags map[string]string
    Any tags assigned to this resource.
    Value string
    The value of the Key Vault Secret.
    VersionlessId string
    The Versionless ID of the Key Vault Secret. This can be used to always get latest secret value, and enable fetching automatically rotating secrets.
    Version string
    contentType String
    The content type for the Key Vault Secret.
    expirationDate String
    The date and time at which the Key Vault Secret expires and is no longer valid.
    id String
    The provider-assigned unique ID for this managed resource.
    keyVaultId String
    name String
    notBeforeDate String
    The earliest date at which the Key Vault Secret can be used.
    resourceId String
    The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.
    resourceVersionlessId String
    The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.
    tags Map<String,String>
    Any tags assigned to this resource.
    value String
    The value of the Key Vault Secret.
    versionlessId String
    The Versionless ID of the Key Vault Secret. This can be used to always get latest secret value, and enable fetching automatically rotating secrets.
    version String
    contentType string
    The content type for the Key Vault Secret.
    expirationDate string
    The date and time at which the Key Vault Secret expires and is no longer valid.
    id string
    The provider-assigned unique ID for this managed resource.
    keyVaultId string
    name string
    notBeforeDate string
    The earliest date at which the Key Vault Secret can be used.
    resourceId string
    The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.
    resourceVersionlessId string
    The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.
    tags {[key: string]: string}
    Any tags assigned to this resource.
    value string
    The value of the Key Vault Secret.
    versionlessId string
    The Versionless ID of the Key Vault Secret. This can be used to always get latest secret value, and enable fetching automatically rotating secrets.
    version string
    content_type str
    The content type for the Key Vault Secret.
    expiration_date str
    The date and time at which the Key Vault Secret expires and is no longer valid.
    id str
    The provider-assigned unique ID for this managed resource.
    key_vault_id str
    name str
    not_before_date str
    The earliest date at which the Key Vault Secret can be used.
    resource_id str
    The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.
    resource_versionless_id str
    The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.
    tags Mapping[str, str]
    Any tags assigned to this resource.
    value str
    The value of the Key Vault Secret.
    versionless_id str
    The Versionless ID of the Key Vault Secret. This can be used to always get latest secret value, and enable fetching automatically rotating secrets.
    version str
    contentType String
    The content type for the Key Vault Secret.
    expirationDate String
    The date and time at which the Key Vault Secret expires and is no longer valid.
    id String
    The provider-assigned unique ID for this managed resource.
    keyVaultId String
    name String
    notBeforeDate String
    The earliest date at which the Key Vault Secret can be used.
    resourceId String
    The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.
    resourceVersionlessId String
    The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.
    tags Map<String>
    Any tags assigned to this resource.
    value String
    The value of the Key Vault Secret.
    versionlessId String
    The Versionless ID of the Key Vault Secret. This can be used to always get latest secret value, and enable fetching automatically rotating secrets.
    version String

    Package Details

    Repository
    Azure Classic pulumi/pulumi-azure
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azurerm Terraform Provider.
    azure logo

    We recommend using Azure Native.

    Azure Classic v5.80.0 published on Monday, Jun 10, 2024 by Pulumi