Control Plane v0.0.73 published on Thursday, Oct 23, 2025 by pulumiverse
cpln.getSecret
Control Plane v0.0.73 published on Thursday, Oct 23, 2025 by pulumiverse
Use this data source to access information about a Secret within Control Plane.
Required
- name (String) Name of the secret.
Outputs
The following attributes are exported:
- cpln_id (String) The ID, in GUID format, of the secret.
- name (String) Name of the secret.
- description (String) Description of the secret.
- tags (Map of String) Key-value map of resource tags.
- self_link (String) Full link to this resource. Can be referenced by other resources.
- secret_link (String) Output used when linking a secret to an environment variable or volume, in the format:
cpln://secret/SECRET_NAME. - dictionary_as_envs (Map of String) If a dictionary secret is defined, this output will be a key-value map in the following format:
key = cpln://secret/SECRET_NAME.key. - aws (Block List, Max: 1) (see below) Reference Page.
- azure_connector (Block List, Max: 1) (see below) Reference Page.
- azure_sdk (String, Sensitive) JSON string containing the Docker secret. Reference Page.
- dictionary (Map of String) List of unique key-value pairs. Reference Page.
- docker (String, Sensitive) JSON string containing the Docker secret. Reference Page.
- ecr (Block List, Max: 1) (see below).
- gcp (String, Sensitive) JSON string containing the GCP secret. Reference Page
- keypair (Block List, Max: 1) (see below) Reference Page.
- nats_account (Block List, Max: 1) (see below) Reference Page.
- opaque (Block List, Max: 1) (see below) Reference Page.
- tls (Block List, Max: 1) (see below) Reference Page.
- userpass (Block List, Max: 1) (see below) Reference Page.
aws
Optional:
- access_key (String, Sensitive) Access Key provided by AWS.
- role_arn (String) Role ARN provided by AWS.
- secret_key (String, Sensitive) Secret Key provided by AWS.
- external_id (String) AWS IAM Role External ID.
azure_connector
Optional:
- code (String, Sensitive) Code/Key to authenticate to deployment URL.
- url (String, Sensitive) Deployment URL.
ecr
Optional:
- access_key (String) Access Key provided by AWS.
- repos (Set of String) List of ECR repositories.
- role_arn (String) Role ARN provided by AWS.
- secret_key (String, Sensitive) Secret Key provided by AWS.
- external_id (String) AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
keypair
Optional:
- passphrase (String, Sensitive) Passphrase for private key.
- public_key (String) Public Key.
- secret_key (String, Sensitive) Secret/Private Key.
nats_account
Required:
- account_id (String) Account ID.
- private_key (String) Private Key.
opaque
Optional:
- encoding (String) Available encodings:
plain,base64. Default:plain. - payload (String, Sensitive) Plain text or base64 encoded string. Use
encodingattribute to specify encoding.
tls
Optional:
- cert (String) Public Certificate.
- chain (String) Chain Certificate.
- key (String, Sensitive) Private Certificate.
userpass
Optional:
- encoding (String) Available encodings:
plain,base64. Default:plain. - password (String, Sensitive) Password.
- username (String) Username.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as cpln from "@pulumiverse/cpln";
export = async () => {
const example = await cpln.getSecret({
name: "example-secret-opaque",
});
return {
"example-secret-payload": example.opaques?.payload,
};
}
import pulumi
import pulumi_cpln as cpln
example = cpln.get_secret(name="example-secret-opaque")
pulumi.export("example-secret-payload", example.opaques.payload)
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-cpln/sdk/go/cpln"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := cpln.LookupSecret(ctx, &cpln.LookupSecretArgs{
Name: "example-secret-opaque",
}, nil)
if err != nil {
return err
}
ctx.Export("example-secret-payload", example.Opaques.Payload)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cpln = Pulumi.Cpln;
return await Deployment.RunAsync(() =>
{
var example = Cpln.GetSecret.Invoke(new()
{
Name = "example-secret-opaque",
});
return new Dictionary<string, object?>
{
["example-secret-payload"] = example.Apply(getSecretResult => getSecretResult.Opaques?.Payload),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cpln.CplnFunctions;
import com.pulumi.cpln.inputs.GetSecretArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = CplnFunctions.getSecret(GetSecretArgs.builder()
.name("example-secret-opaque")
.build());
ctx.export("example-secret-payload", example.opaques().payload());
}
}
variables:
example:
fn::invoke:
function: cpln:getSecret
arguments:
name: example-secret-opaque
outputs:
example-secret-payload: ${example.opaques.payload}
Using getSecret
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getSecret(args: GetSecretArgs, opts?: InvokeOptions): Promise<GetSecretResult>
function getSecretOutput(args: GetSecretOutputArgs, opts?: InvokeOptions): Output<GetSecretResult>def get_secret(aws: Optional[Sequence[GetSecretAw]] = None,
azure_connectors: Optional[Sequence[GetSecretAzureConnector]] = None,
ecrs: Optional[Sequence[GetSecretEcr]] = None,
keypairs: Optional[Sequence[GetSecretKeypair]] = None,
name: Optional[str] = None,
nats_accounts: Optional[Sequence[GetSecretNatsAccount]] = None,
opaques: Optional[Sequence[GetSecretOpaque]] = None,
tls: Optional[Sequence[GetSecretTl]] = None,
userpasses: Optional[Sequence[GetSecretUserpass]] = None,
opts: Optional[InvokeOptions] = None) -> GetSecretResult
def get_secret_output(aws: Optional[pulumi.Input[Sequence[pulumi.Input[GetSecretAwArgs]]]] = None,
azure_connectors: Optional[pulumi.Input[Sequence[pulumi.Input[GetSecretAzureConnectorArgs]]]] = None,
ecrs: Optional[pulumi.Input[Sequence[pulumi.Input[GetSecretEcrArgs]]]] = None,
keypairs: Optional[pulumi.Input[Sequence[pulumi.Input[GetSecretKeypairArgs]]]] = None,
name: Optional[pulumi.Input[str]] = None,
nats_accounts: Optional[pulumi.Input[Sequence[pulumi.Input[GetSecretNatsAccountArgs]]]] = None,
opaques: Optional[pulumi.Input[Sequence[pulumi.Input[GetSecretOpaqueArgs]]]] = None,
tls: Optional[pulumi.Input[Sequence[pulumi.Input[GetSecretTlArgs]]]] = None,
userpasses: Optional[pulumi.Input[Sequence[pulumi.Input[GetSecretUserpassArgs]]]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetSecretResult]func LookupSecret(ctx *Context, args *LookupSecretArgs, opts ...InvokeOption) (*LookupSecretResult, error)
func LookupSecretOutput(ctx *Context, args *LookupSecretOutputArgs, opts ...InvokeOption) LookupSecretResultOutput> Note: This function is named LookupSecret in the Go SDK.
public static class GetSecret
{
public static Task<GetSecretResult> InvokeAsync(GetSecretArgs args, InvokeOptions? opts = null)
public static Output<GetSecretResult> Invoke(GetSecretInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetSecretResult> getSecret(GetSecretArgs args, InvokeOptions options)
public static Output<GetSecretResult> getSecret(GetSecretArgs args, InvokeOptions options)
fn::invoke:
function: cpln:index/getSecret:getSecret
arguments:
# arguments dictionaryThe following arguments are supported:
- Name string
- Aws
List<Pulumiverse.
Cpln. Inputs. Get Secret Aw> - Azure
Connectors List<Pulumiverse.Cpln. Inputs. Get Secret Azure Connector> - Ecrs
List<Pulumiverse.
Cpln. Inputs. Get Secret Ecr> - Keypairs
List<Pulumiverse.
Cpln. Inputs. Get Secret Keypair> - Nats
Accounts List<Pulumiverse.Cpln. Inputs. Get Secret Nats Account> - Opaques
List<Pulumiverse.
Cpln. Inputs. Get Secret Opaque> - Tls
List<Pulumiverse.
Cpln. Inputs. Get Secret Tl> - Userpasses
List<Pulumiverse.
Cpln. Inputs. Get Secret Userpass>
getSecret Result
The following output properties are available:
- Azure
Sdk string - Cpln
Id string - Description string
- Dictionary Dictionary<string, string>
- Dictionary
As Dictionary<string, string>Envs - Docker string
- Gcp string
- Id string
- Name string
- Secret
Link string - Self
Link string - Dictionary<string, string>
- Aws
List<Pulumiverse.
Cpln. Outputs. Get Secret Aw> - Azure
Connectors List<Pulumiverse.Cpln. Outputs. Get Secret Azure Connector> - Ecrs
List<Pulumiverse.
Cpln. Outputs. Get Secret Ecr> - Keypairs
List<Pulumiverse.
Cpln. Outputs. Get Secret Keypair> - Nats
Accounts List<Pulumiverse.Cpln. Outputs. Get Secret Nats Account> - Opaques
List<Pulumiverse.
Cpln. Outputs. Get Secret Opaque> - Tls
List<Pulumiverse.
Cpln. Outputs. Get Secret Tl> - Userpasses
List<Pulumiverse.
Cpln. Outputs. Get Secret Userpass>
- Azure
Sdk string - Cpln
Id string - Description string
- Dictionary map[string]string
- Dictionary
As map[string]stringEnvs - Docker string
- Gcp string
- Id string
- Name string
- Secret
Link string - Self
Link string - map[string]string
- Aws
[]Get
Secret Aw - Azure
Connectors []GetSecret Azure Connector - Ecrs
[]Get
Secret Ecr - Keypairs
[]Get
Secret Keypair - Nats
Accounts []GetSecret Nats Account - Opaques
[]Get
Secret Opaque - Tls
[]Get
Secret Tl - Userpasses
[]Get
Secret Userpass
- azure
Sdk String - cpln
Id String - description String
- dictionary Map<String,String>
- dictionary
As Map<String,String>Envs - docker String
- gcp String
- id String
- name String
- secret
Link String - self
Link String - Map<String,String>
- aws
List<Get
Secret Aw> - azure
Connectors List<GetSecret Azure Connector> - ecrs
List<Get
Secret Ecr> - keypairs
List<Get
Secret Keypair> - nats
Accounts List<GetSecret Nats Account> - opaques
List<Get
Secret Opaque> - tls
List<Get
Secret Tl> - userpasses
List<Get
Secret Userpass>
- azure
Sdk string - cpln
Id string - description string
- dictionary {[key: string]: string}
- dictionary
As {[key: string]: string}Envs - docker string
- gcp string
- id string
- name string
- secret
Link string - self
Link string - {[key: string]: string}
- aws
Get
Secret Aw[] - azure
Connectors GetSecret Azure Connector[] - ecrs
Get
Secret Ecr[] - keypairs
Get
Secret Keypair[] - nats
Accounts GetSecret Nats Account[] - opaques
Get
Secret Opaque[] - tls
Get
Secret Tl[] - userpasses
Get
Secret Userpass[]
- azure_
sdk str - cpln_
id str - description str
- dictionary Mapping[str, str]
- dictionary_
as_ Mapping[str, str]envs - docker str
- gcp str
- id str
- name str
- secret_
link str - self_
link str - Mapping[str, str]
- aws
Sequence[Get
Secret Aw] - azure_
connectors Sequence[GetSecret Azure Connector] - ecrs
Sequence[Get
Secret Ecr] - keypairs
Sequence[Get
Secret Keypair] - nats_
accounts Sequence[GetSecret Nats Account] - opaques
Sequence[Get
Secret Opaque] - tls
Sequence[Get
Secret Tl] - userpasses
Sequence[Get
Secret Userpass]
- azure
Sdk String - cpln
Id String - description String
- dictionary Map<String>
- dictionary
As Map<String>Envs - docker String
- gcp String
- id String
- name String
- secret
Link String - self
Link String - Map<String>
- aws List<Property Map>
- azure
Connectors List<Property Map> - ecrs List<Property Map>
- keypairs List<Property Map>
- nats
Accounts List<Property Map> - opaques List<Property Map>
- tls List<Property Map>
- userpasses List<Property Map>
Supporting Types
GetSecretAw
- Access
Key string - Access Key provided by AWS.
- External
Id string - AWS IAM Role External ID.
- Role
Arn string - Role ARN provided by AWS.
- Secret
Key string - Secret Key provided by AWS.
- Access
Key string - Access Key provided by AWS.
- External
Id string - AWS IAM Role External ID.
- Role
Arn string - Role ARN provided by AWS.
- Secret
Key string - Secret Key provided by AWS.
- access
Key String - Access Key provided by AWS.
- external
Id String - AWS IAM Role External ID.
- role
Arn String - Role ARN provided by AWS.
- secret
Key String - Secret Key provided by AWS.
- access
Key string - Access Key provided by AWS.
- external
Id string - AWS IAM Role External ID.
- role
Arn string - Role ARN provided by AWS.
- secret
Key string - Secret Key provided by AWS.
- access_
key str - Access Key provided by AWS.
- external_
id str - AWS IAM Role External ID.
- role_
arn str - Role ARN provided by AWS.
- secret_
key str - Secret Key provided by AWS.
- access
Key String - Access Key provided by AWS.
- external
Id String - AWS IAM Role External ID.
- role
Arn String - Role ARN provided by AWS.
- secret
Key String - Secret Key provided by AWS.
GetSecretAzureConnector
GetSecretEcr
- Access
Key string - Access Key provided by AWS.
- Repos List<string>
- List of ECR repositories.
- Role
Arn string - Role ARN provided by AWS.
- Secret
Key string - Secret Key provided by AWS.
- External
Id string - AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
- Access
Key string - Access Key provided by AWS.
- Repos []string
- List of ECR repositories.
- Role
Arn string - Role ARN provided by AWS.
- Secret
Key string - Secret Key provided by AWS.
- External
Id string - AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
- access
Key String - Access Key provided by AWS.
- repos List<String>
- List of ECR repositories.
- role
Arn String - Role ARN provided by AWS.
- secret
Key String - Secret Key provided by AWS.
- external
Id String - AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
- access
Key string - Access Key provided by AWS.
- repos string[]
- List of ECR repositories.
- role
Arn string - Role ARN provided by AWS.
- secret
Key string - Secret Key provided by AWS.
- external
Id string - AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
- access_
key str - Access Key provided by AWS.
- repos Sequence[str]
- List of ECR repositories.
- role_
arn str - Role ARN provided by AWS.
- secret_
key str - Secret Key provided by AWS.
- external_
id str - AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
- access
Key String - Access Key provided by AWS.
- repos List<String>
- List of ECR repositories.
- role
Arn String - Role ARN provided by AWS.
- secret
Key String - Secret Key provided by AWS.
- external
Id String - AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
GetSecretKeypair
- Passphrase string
- Passphrase for private key.
- Public
Key string - Public Key.
- Secret
Key string - Secret/Private Key.
- Passphrase string
- Passphrase for private key.
- Public
Key string - Public Key.
- Secret
Key string - Secret/Private Key.
- passphrase String
- Passphrase for private key.
- public
Key String - Public Key.
- secret
Key String - Secret/Private Key.
- passphrase string
- Passphrase for private key.
- public
Key string - Public Key.
- secret
Key string - Secret/Private Key.
- passphrase str
- Passphrase for private key.
- public_
key str - Public Key.
- secret_
key str - Secret/Private Key.
- passphrase String
- Passphrase for private key.
- public
Key String - Public Key.
- secret
Key String - Secret/Private Key.
GetSecretNatsAccount
- Account
Id string - Account ID.
- Private
Key string - Private Key.
- Account
Id string - Account ID.
- Private
Key string - Private Key.
- account
Id String - Account ID.
- private
Key String - Private Key.
- account
Id string - Account ID.
- private
Key string - Private Key.
- account_
id str - Account ID.
- private_
key str - Private Key.
- account
Id String - Account ID.
- private
Key String - Private Key.
GetSecretOpaque
GetSecretTl
GetSecretUserpass
Package Details
- Repository
- cpln pulumiverse/pulumi-cpln
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cplnTerraform Provider.
Control Plane v0.0.73 published on Thursday, Oct 23, 2025 by pulumiverse
