Docs Home
Control Plane v0.0.62 published on Wednesday, Jul 9, 2025 by pulumiverse
cpln.getSecret
Explore with Pulumi AI
Use this data source to access information about a Secret within Control Plane.
Required
- name (String) Name of the secret.
Outputs
The following attributes are exported:
- cpln_id (String) The ID, in GUID format, of the secret.
- name (String) Name of the secret.
- description (String) Description of the secret.
- tags (Map of String) Key-value map of resource tags.
- self_link (String) Full link to this resource. Can be referenced by other resources.
- secret_link (String) Output used when linking a secret to an environment variable or volume, in the format:
cpln://secret/SECRET_NAME. - dictionary_as_envs (Map of String) If a dictionary secret is defined, this output will be a key-value map in the following format:
key = cpln://secret/SECRET_NAME.key. - aws (Block List, Max: 1) (see below) Reference Page.
- azure_connector (Block List, Max: 1) (see below) Reference Page.
- azure_sdk (String, Sensitive) JSON string containing the Docker secret. Reference Page.
- dictionary (Map of String) List of unique key-value pairs. Reference Page.
- docker (String, Sensitive) JSON string containing the Docker secret. Reference Page.
- ecr (Block List, Max: 1) (see below).
- gcp (String, Sensitive) JSON string containing the GCP secret. Reference Page
- keypair (Block List, Max: 1) (see below) Reference Page.
- nats_account (Block List, Max: 1) (see below) Reference Page.
- opaque (Block List, Max: 1) (see below) Reference Page.
- tls (Block List, Max: 1) (see below) Reference Page.
- userpass (Block List, Max: 1) (see below) Reference Page.
aws
Optional:
- access_key (String, Sensitive) Access Key provided by AWS.
- role_arn (String) Role ARN provided by AWS.
- secret_key (String, Sensitive) Secret Key provided by AWS.
- external_id (String) AWS IAM Role External ID.
azure_connector
Optional:
- code (String, Sensitive) Code/Key to authenticate to deployment URL.
- url (String, Sensitive) Deployment URL.
ecr
Optional:
- access_key (String) Access Key provided by AWS.
- repos (Set of String) List of ECR repositories.
- role_arn (String) Role ARN provided by AWS.
- secret_key (String, Sensitive) Secret Key provided by AWS.
- external_id (String) AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
keypair
Optional:
- passphrase (String, Sensitive) Passphrase for private key.
- public_key (String) Public Key.
- secret_key (String, Sensitive) Secret/Private Key.
nats_account
Required:
- account_id (String) Account ID.
- private_key (String) Private Key.
opaque
Optional:
- encoding (String) Available encodings:
plain,base64. Default:plain. - payload (String, Sensitive) Plain text or base64 encoded string. Use
encodingattribute to specify encoding.
tls
Optional:
- cert (String) Public Certificate.
- chain (String) Chain Certificate.
- key (String, Sensitive) Private Certificate.
userpass
Optional:
- encoding (String) Available encodings:
plain,base64. Default:plain. - password (String, Sensitive) Password.
- username (String) Username.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as cpln from "@pulumiverse/cpln";
export = async () => {
const example = await cpln.getSecret({
name: "example-secret-opaque",
});
return {
"example-secret-payload": example.opaques?.payload,
};
}
import pulumi
import pulumi_cpln as cpln
example = cpln.get_secret(name="example-secret-opaque")
pulumi.export("example-secret-payload", example.opaques.payload)
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-cpln/sdk/go/cpln"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := cpln.LookupSecret(ctx, &cpln.LookupSecretArgs{
Name: "example-secret-opaque",
}, nil)
if err != nil {
return err
}
ctx.Export("example-secret-payload", example.Opaques.Payload)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cpln = Pulumi.Cpln;
return await Deployment.RunAsync(() =>
{
var example = Cpln.GetSecret.Invoke(new()
{
Name = "example-secret-opaque",
});
return new Dictionary<string, object?>
{
["example-secret-payload"] = example.Apply(getSecretResult => getSecretResult.Opaques?.Payload),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cpln.CplnFunctions;
import com.pulumi.cpln.inputs.GetSecretArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = CplnFunctions.getSecret(GetSecretArgs.builder()
.name("example-secret-opaque")
.build());
ctx.export("example-secret-payload", example.opaques().payload());
}
}
variables:
example:
fn::invoke:
function: cpln:getSecret
arguments:
name: example-secret-opaque
outputs:
example-secret-payload: ${example.opaques.payload}
Using getSecret
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getSecret(args: GetSecretArgs, opts?: InvokeOptions): Promise<GetSecretResult>
function getSecretOutput(args: GetSecretOutputArgs, opts?: InvokeOptions): Output<GetSecretResult>def get_secret(aws: Optional[Sequence[GetSecretAw]] = None,
azure_connectors: Optional[Sequence[GetSecretAzureConnector]] = None,
ecrs: Optional[Sequence[GetSecretEcr]] = None,
keypairs: Optional[Sequence[GetSecretKeypair]] = None,
name: Optional[str] = None,
nats_accounts: Optional[Sequence[GetSecretNatsAccount]] = None,
opaques: Optional[Sequence[GetSecretOpaque]] = None,
tls: Optional[Sequence[GetSecretTl]] = None,
userpasses: Optional[Sequence[GetSecretUserpass]] = None,
opts: Optional[InvokeOptions] = None) -> GetSecretResult
def get_secret_output(aws: Optional[pulumi.Input[Sequence[pulumi.Input[GetSecretAwArgs]]]] = None,
azure_connectors: Optional[pulumi.Input[Sequence[pulumi.Input[GetSecretAzureConnectorArgs]]]] = None,
ecrs: Optional[pulumi.Input[Sequence[pulumi.Input[GetSecretEcrArgs]]]] = None,
keypairs: Optional[pulumi.Input[Sequence[pulumi.Input[GetSecretKeypairArgs]]]] = None,
name: Optional[pulumi.Input[str]] = None,
nats_accounts: Optional[pulumi.Input[Sequence[pulumi.Input[GetSecretNatsAccountArgs]]]] = None,
opaques: Optional[pulumi.Input[Sequence[pulumi.Input[GetSecretOpaqueArgs]]]] = None,
tls: Optional[pulumi.Input[Sequence[pulumi.Input[GetSecretTlArgs]]]] = None,
userpasses: Optional[pulumi.Input[Sequence[pulumi.Input[GetSecretUserpassArgs]]]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetSecretResult]func LookupSecret(ctx *Context, args *LookupSecretArgs, opts ...InvokeOption) (*LookupSecretResult, error)
func LookupSecretOutput(ctx *Context, args *LookupSecretOutputArgs, opts ...InvokeOption) LookupSecretResultOutput> Note: This function is named LookupSecret in the Go SDK.
public static class GetSecret
{
public static Task<GetSecretResult> InvokeAsync(GetSecretArgs args, InvokeOptions? opts = null)
public static Output<GetSecretResult> Invoke(GetSecretInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetSecretResult> getSecret(GetSecretArgs args, InvokeOptions options)
public static Output<GetSecretResult> getSecret(GetSecretArgs args, InvokeOptions options)
fn::invoke:
function: cpln:index/getSecret:getSecret
arguments:
# arguments dictionaryThe following arguments are supported:
- Name string
- Aws
List<Pulumiverse.
Cpln. Inputs. Get Secret Aw> - Azure
Connectors List<Pulumiverse.Cpln. Inputs. Get Secret Azure Connector> - Ecrs
List<Pulumiverse.
Cpln. Inputs. Get Secret Ecr> - Keypairs
List<Pulumiverse.
Cpln. Inputs. Get Secret Keypair> - Nats
Accounts List<Pulumiverse.Cpln. Inputs. Get Secret Nats Account> - Opaques
List<Pulumiverse.
Cpln. Inputs. Get Secret Opaque> - Tls
List<Pulumiverse.
Cpln. Inputs. Get Secret Tl> - Userpasses
List<Pulumiverse.
Cpln. Inputs. Get Secret Userpass>
getSecret Result
The following output properties are available:
- Azure
Sdk string - Cpln
Id string - Description string
- Dictionary Dictionary<string, string>
- Dictionary
As Dictionary<string, string>Envs - Docker string
- Gcp string
- Id string
- Name string
- Secret
Link string - Self
Link string - Dictionary<string, string>
- Aws
List<Pulumiverse.
Cpln. Outputs. Get Secret Aw> - Azure
Connectors List<Pulumiverse.Cpln. Outputs. Get Secret Azure Connector> - Ecrs
List<Pulumiverse.
Cpln. Outputs. Get Secret Ecr> - Keypairs
List<Pulumiverse.
Cpln. Outputs. Get Secret Keypair> - Nats
Accounts List<Pulumiverse.Cpln. Outputs. Get Secret Nats Account> - Opaques
List<Pulumiverse.
Cpln. Outputs. Get Secret Opaque> - Tls
List<Pulumiverse.
Cpln. Outputs. Get Secret Tl> - Userpasses
List<Pulumiverse.
Cpln. Outputs. Get Secret Userpass>
- Azure
Sdk string - Cpln
Id string - Description string
- Dictionary map[string]string
- Dictionary
As map[string]stringEnvs - Docker string
- Gcp string
- Id string
- Name string
- Secret
Link string - Self
Link string - map[string]string
- Aws
[]Get
Secret Aw - Azure
Connectors []GetSecret Azure Connector - Ecrs
[]Get
Secret Ecr - Keypairs
[]Get
Secret Keypair - Nats
Accounts []GetSecret Nats Account - Opaques
[]Get
Secret Opaque - Tls
[]Get
Secret Tl - Userpasses
[]Get
Secret Userpass
- azure
Sdk String - cpln
Id String - description String
- dictionary Map<String,String>
- dictionary
As Map<String,String>Envs - docker String
- gcp String
- id String
- name String
- secret
Link String - self
Link String - Map<String,String>
- aws
List<Get
Secret Aw> - azure
Connectors List<GetSecret Azure Connector> - ecrs
List<Get
Secret Ecr> - keypairs
List<Get
Secret Keypair> - nats
Accounts List<GetSecret Nats Account> - opaques
List<Get
Secret Opaque> - tls
List<Get
Secret Tl> - userpasses
List<Get
Secret Userpass>
- azure
Sdk string - cpln
Id string - description string
- dictionary {[key: string]: string}
- dictionary
As {[key: string]: string}Envs - docker string
- gcp string
- id string
- name string
- secret
Link string - self
Link string - {[key: string]: string}
- aws
Get
Secret Aw[] - azure
Connectors GetSecret Azure Connector[] - ecrs
Get
Secret Ecr[] - keypairs
Get
Secret Keypair[] - nats
Accounts GetSecret Nats Account[] - opaques
Get
Secret Opaque[] - tls
Get
Secret Tl[] - userpasses
Get
Secret Userpass[]
- azure_
sdk str - cpln_
id str - description str
- dictionary Mapping[str, str]
- dictionary_
as_ Mapping[str, str]envs - docker str
- gcp str
- id str
- name str
- secret_
link str - self_
link str - Mapping[str, str]
- aws
Sequence[Get
Secret Aw] - azure_
connectors Sequence[GetSecret Azure Connector] - ecrs
Sequence[Get
Secret Ecr] - keypairs
Sequence[Get
Secret Keypair] - nats_
accounts Sequence[GetSecret Nats Account] - opaques
Sequence[Get
Secret Opaque] - tls
Sequence[Get
Secret Tl] - userpasses
Sequence[Get
Secret Userpass]
- azure
Sdk String - cpln
Id String - description String
- dictionary Map<String>
- dictionary
As Map<String>Envs - docker String
- gcp String
- id String
- name String
- secret
Link String - self
Link String - Map<String>
- aws List<Property Map>
- azure
Connectors List<Property Map> - ecrs List<Property Map>
- keypairs List<Property Map>
- nats
Accounts List<Property Map> - opaques List<Property Map>
- tls List<Property Map>
- userpasses List<Property Map>
Supporting Types
GetSecretAw
- Access
Key string - Access Key provided by AWS.
- External
Id string - AWS IAM Role External ID.
- Role
Arn string - Role ARN provided by AWS.
- Secret
Key string - Secret Key provided by AWS.
- Access
Key string - Access Key provided by AWS.
- External
Id string - AWS IAM Role External ID.
- Role
Arn string - Role ARN provided by AWS.
- Secret
Key string - Secret Key provided by AWS.
- access
Key String - Access Key provided by AWS.
- external
Id String - AWS IAM Role External ID.
- role
Arn String - Role ARN provided by AWS.
- secret
Key String - Secret Key provided by AWS.
- access
Key string - Access Key provided by AWS.
- external
Id string - AWS IAM Role External ID.
- role
Arn string - Role ARN provided by AWS.
- secret
Key string - Secret Key provided by AWS.
- access_
key str - Access Key provided by AWS.
- external_
id str - AWS IAM Role External ID.
- role_
arn str - Role ARN provided by AWS.
- secret_
key str - Secret Key provided by AWS.
- access
Key String - Access Key provided by AWS.
- external
Id String - AWS IAM Role External ID.
- role
Arn String - Role ARN provided by AWS.
- secret
Key String - Secret Key provided by AWS.
GetSecretAzureConnector
GetSecretEcr
- Access
Key string - Access Key provided by AWS.
- Repos List<string>
- List of ECR repositories.
- Role
Arn string - Role ARN provided by AWS.
- Secret
Key string - Secret Key provided by AWS.
- External
Id string - AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
- Access
Key string - Access Key provided by AWS.
- Repos []string
- List of ECR repositories.
- Role
Arn string - Role ARN provided by AWS.
- Secret
Key string - Secret Key provided by AWS.
- External
Id string - AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
- access
Key String - Access Key provided by AWS.
- repos List<String>
- List of ECR repositories.
- role
Arn String - Role ARN provided by AWS.
- secret
Key String - Secret Key provided by AWS.
- external
Id String - AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
- access
Key string - Access Key provided by AWS.
- repos string[]
- List of ECR repositories.
- role
Arn string - Role ARN provided by AWS.
- secret
Key string - Secret Key provided by AWS.
- external
Id string - AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
- access_
key str - Access Key provided by AWS.
- repos Sequence[str]
- List of ECR repositories.
- role_
arn str - Role ARN provided by AWS.
- secret_
key str - Secret Key provided by AWS.
- external_
id str - AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
- access
Key String - Access Key provided by AWS.
- repos List<String>
- List of ECR repositories.
- role
Arn String - Role ARN provided by AWS.
- secret
Key String - Secret Key provided by AWS.
- external
Id String - AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
GetSecretKeypair
- Passphrase string
- Passphrase for private key.
- Public
Key string - Public Key.
- Secret
Key string - Secret/Private Key.
- Passphrase string
- Passphrase for private key.
- Public
Key string - Public Key.
- Secret
Key string - Secret/Private Key.
- passphrase String
- Passphrase for private key.
- public
Key String - Public Key.
- secret
Key String - Secret/Private Key.
- passphrase string
- Passphrase for private key.
- public
Key string - Public Key.
- secret
Key string - Secret/Private Key.
- passphrase str
- Passphrase for private key.
- public_
key str - Public Key.
- secret_
key str - Secret/Private Key.
- passphrase String
- Passphrase for private key.
- public
Key String - Public Key.
- secret
Key String - Secret/Private Key.
GetSecretNatsAccount
- Account
Id string - Account ID.
- Private
Key string - Private Key.
- Account
Id string - Account ID.
- Private
Key string - Private Key.
- account
Id String - Account ID.
- private
Key String - Private Key.
- account
Id string - Account ID.
- private
Key string - Private Key.
- account_
id str - Account ID.
- private_
key str - Private Key.
- account
Id String - Account ID.
- private
Key String - Private Key.
GetSecretOpaque
GetSecretTl
GetSecretUserpass
Package Details
- Repository
- cpln pulumiverse/pulumi-cpln
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cplnTerraform Provider.