Docs Home
We recommend using Azure Native.
Azure v6.22.1 published on Monday, May 12, 2025 by Pulumi
azure.keyvault.getSecret
Explore with Pulumi AI
Use this data source to access information about an existing Key Vault Secret.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = azure.keyvault.getSecret({
name: "secret-sauce",
keyVaultId: existing.id,
});
export const secretValue = example.then(example => example.value);
import pulumi
import pulumi_azure as azure
example = azure.keyvault.get_secret(name="secret-sauce",
key_vault_id=existing["id"])
pulumi.export("secretValue", example.value)
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := keyvault.LookupSecret(ctx, &keyvault.LookupSecretArgs{
Name: "secret-sauce",
KeyVaultId: existing.Id,
}, nil)
if err != nil {
return err
}
ctx.Export("secretValue", example.Value)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = Azure.KeyVault.GetSecret.Invoke(new()
{
Name = "secret-sauce",
KeyVaultId = existing.Id,
});
return new Dictionary<string, object?>
{
["secretValue"] = example.Apply(getSecretResult => getSecretResult.Value),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.keyvault.KeyvaultFunctions;
import com.pulumi.azure.keyvault.inputs.GetSecretArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = KeyvaultFunctions.getSecret(GetSecretArgs.builder()
.name("secret-sauce")
.keyVaultId(existing.id())
.build());
ctx.export("secretValue", example.value());
}
}
variables:
example:
fn::invoke:
function: azure:keyvault:getSecret
arguments:
name: secret-sauce
keyVaultId: ${existing.id}
outputs:
secretValue: ${example.value}
Using getSecret
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getSecret(args: GetSecretArgs, opts?: InvokeOptions): Promise<GetSecretResult>
function getSecretOutput(args: GetSecretOutputArgs, opts?: InvokeOptions): Output<GetSecretResult>def get_secret(key_vault_id: Optional[str] = None,
name: Optional[str] = None,
version: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetSecretResult
def get_secret_output(key_vault_id: Optional[pulumi.Input[str]] = None,
name: Optional[pulumi.Input[str]] = None,
version: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetSecretResult]func LookupSecret(ctx *Context, args *LookupSecretArgs, opts ...InvokeOption) (*LookupSecretResult, error)
func LookupSecretOutput(ctx *Context, args *LookupSecretOutputArgs, opts ...InvokeOption) LookupSecretResultOutput> Note: This function is named LookupSecret in the Go SDK.
public static class GetSecret
{
public static Task<GetSecretResult> InvokeAsync(GetSecretArgs args, InvokeOptions? opts = null)
public static Output<GetSecretResult> Invoke(GetSecretInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetSecretResult> getSecret(GetSecretArgs args, InvokeOptions options)
public static Output<GetSecretResult> getSecret(GetSecretArgs args, InvokeOptions options)
fn::invoke:
function: azure:keyvault/getSecret:getSecret
arguments:
# arguments dictionaryThe following arguments are supported:
- Key
Vault stringId - Specifies the ID of the Key Vault instance to fetch secret names from, available on the
azure.keyvault.KeyVaultData Source / Resource. - Name string
- Specifies the name of the Key Vault Secret.
- Version string
Specifies the version of the Key Vault Secret. Defaults to the current version of the Key Vault Secret.
NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.
- Key
Vault stringId - Specifies the ID of the Key Vault instance to fetch secret names from, available on the
azure.keyvault.KeyVaultData Source / Resource. - Name string
- Specifies the name of the Key Vault Secret.
- Version string
Specifies the version of the Key Vault Secret. Defaults to the current version of the Key Vault Secret.
NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.
- key
Vault StringId - Specifies the ID of the Key Vault instance to fetch secret names from, available on the
azure.keyvault.KeyVaultData Source / Resource. - name String
- Specifies the name of the Key Vault Secret.
- version String
Specifies the version of the Key Vault Secret. Defaults to the current version of the Key Vault Secret.
NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.
- key
Vault stringId - Specifies the ID of the Key Vault instance to fetch secret names from, available on the
azure.keyvault.KeyVaultData Source / Resource. - name string
- Specifies the name of the Key Vault Secret.
- version string
Specifies the version of the Key Vault Secret. Defaults to the current version of the Key Vault Secret.
NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.
- key_
vault_ strid - Specifies the ID of the Key Vault instance to fetch secret names from, available on the
azure.keyvault.KeyVaultData Source / Resource. - name str
- Specifies the name of the Key Vault Secret.
- version str
Specifies the version of the Key Vault Secret. Defaults to the current version of the Key Vault Secret.
NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.
- key
Vault StringId - Specifies the ID of the Key Vault instance to fetch secret names from, available on the
azure.keyvault.KeyVaultData Source / Resource. - name String
- Specifies the name of the Key Vault Secret.
- version String
Specifies the version of the Key Vault Secret. Defaults to the current version of the Key Vault Secret.
NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.
getSecret Result
The following output properties are available:
- Content
Type string - The content type for the Key Vault Secret.
- Expiration
Date string - The date and time at which the Key Vault Secret expires and is no longer valid.
- Id string
- The provider-assigned unique ID for this managed resource.
- Key
Vault stringId - Name string
- Not
Before stringDate - The earliest date at which the Key Vault Secret can be used.
- Resource
Id string - The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.
- Resource
Versionless stringId - The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.
- Dictionary<string, string>
- Any tags assigned to this resource.
- Value string
- The value of the Key Vault Secret.
- Versionless
Id string - The Versionless ID of the Key Vault Secret. This can be used to always get latest secret value, and enable fetching automatically rotating secrets.
- Version string
- Content
Type string - The content type for the Key Vault Secret.
- Expiration
Date string - The date and time at which the Key Vault Secret expires and is no longer valid.
- Id string
- The provider-assigned unique ID for this managed resource.
- Key
Vault stringId - Name string
- Not
Before stringDate - The earliest date at which the Key Vault Secret can be used.
- Resource
Id string - The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.
- Resource
Versionless stringId - The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.
- map[string]string
- Any tags assigned to this resource.
- Value string
- The value of the Key Vault Secret.
- Versionless
Id string - The Versionless ID of the Key Vault Secret. This can be used to always get latest secret value, and enable fetching automatically rotating secrets.
- Version string
- content
Type String - The content type for the Key Vault Secret.
- expiration
Date String - The date and time at which the Key Vault Secret expires and is no longer valid.
- id String
- The provider-assigned unique ID for this managed resource.
- key
Vault StringId - name String
- not
Before StringDate - The earliest date at which the Key Vault Secret can be used.
- resource
Id String - The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.
- resource
Versionless StringId - The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.
- Map<String,String>
- Any tags assigned to this resource.
- value String
- The value of the Key Vault Secret.
- versionless
Id String - The Versionless ID of the Key Vault Secret. This can be used to always get latest secret value, and enable fetching automatically rotating secrets.
- version String
- content
Type string - The content type for the Key Vault Secret.
- expiration
Date string - The date and time at which the Key Vault Secret expires and is no longer valid.
- id string
- The provider-assigned unique ID for this managed resource.
- key
Vault stringId - name string
- not
Before stringDate - The earliest date at which the Key Vault Secret can be used.
- resource
Id string - The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.
- resource
Versionless stringId - The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.
- {[key: string]: string}
- Any tags assigned to this resource.
- value string
- The value of the Key Vault Secret.
- versionless
Id string - The Versionless ID of the Key Vault Secret. This can be used to always get latest secret value, and enable fetching automatically rotating secrets.
- version string
- content_
type str - The content type for the Key Vault Secret.
- expiration_
date str - The date and time at which the Key Vault Secret expires and is no longer valid.
- id str
- The provider-assigned unique ID for this managed resource.
- key_
vault_ strid - name str
- not_
before_ strdate - The earliest date at which the Key Vault Secret can be used.
- resource_
id str - The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.
- resource_
versionless_ strid - The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.
- Mapping[str, str]
- Any tags assigned to this resource.
- value str
- The value of the Key Vault Secret.
- versionless_
id str - The Versionless ID of the Key Vault Secret. This can be used to always get latest secret value, and enable fetching automatically rotating secrets.
- version str
- content
Type String - The content type for the Key Vault Secret.
- expiration
Date String - The date and time at which the Key Vault Secret expires and is no longer valid.
- id String
- The provider-assigned unique ID for this managed resource.
- key
Vault StringId - name String
- not
Before StringDate - The earliest date at which the Key Vault Secret can be used.
- resource
Id String - The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.
- resource
Versionless StringId - The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.
- Map<String>
- Any tags assigned to this resource.
- value String
- The value of the Key Vault Secret.
- versionless
Id String - The Versionless ID of the Key Vault Secret. This can be used to always get latest secret value, and enable fetching automatically rotating secrets.
- version String
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurermTerraform Provider.