Viewing docs for Google Cloud v9.16.0
published on Thursday, Mar 19, 2026 by Pulumi
published on Thursday, Mar 19, 2026 by Pulumi
Viewing docs for Google Cloud v9.16.0
published on Thursday, Mar 19, 2026 by Pulumi
published on Thursday, Mar 19, 2026 by Pulumi
Use this data source to get information about a Secret Manager Secret
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const qa = gcp.secretmanager.getSecret({
secretId: "foobar",
});
import pulumi
import pulumi_gcp as gcp
qa = gcp.secretmanager.get_secret(secret_id="foobar")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/secretmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := secretmanager.LookupSecret(ctx, &secretmanager.LookupSecretArgs{
SecretId: "foobar",
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var qa = Gcp.SecretManager.GetSecret.Invoke(new()
{
SecretId = "foobar",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.secretmanager.SecretmanagerFunctions;
import com.pulumi.gcp.secretmanager.inputs.GetSecretArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var qa = SecretmanagerFunctions.getSecret(GetSecretArgs.builder()
.secretId("foobar")
.build());
}
}
variables:
qa:
fn::invoke:
function: gcp:secretmanager:getSecret
arguments:
secretId: foobar
Using getSecret
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getSecret(args: GetSecretArgs, opts?: InvokeOptions): Promise<GetSecretResult>
function getSecretOutput(args: GetSecretOutputArgs, opts?: InvokeOptions): Output<GetSecretResult>def get_secret(project: Optional[str] = None,
secret_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetSecretResult
def get_secret_output(project: Optional[pulumi.Input[str]] = None,
secret_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetSecretResult]func LookupSecret(ctx *Context, args *LookupSecretArgs, opts ...InvokeOption) (*LookupSecretResult, error)
func LookupSecretOutput(ctx *Context, args *LookupSecretOutputArgs, opts ...InvokeOption) LookupSecretResultOutput> Note: This function is named LookupSecret in the Go SDK.
public static class GetSecret
{
public static Task<GetSecretResult> InvokeAsync(GetSecretArgs args, InvokeOptions? opts = null)
public static Output<GetSecretResult> Invoke(GetSecretInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetSecretResult> getSecret(GetSecretArgs args, InvokeOptions options)
public static Output<GetSecretResult> getSecret(GetSecretArgs args, InvokeOptions options)
fn::invoke:
function: gcp:secretmanager/getSecret:getSecret
arguments:
# arguments dictionaryThe following arguments are supported:
getSecret Result
The following output properties are available:
- Annotations Dictionary<string, string>
- Create
Time string - Deletion
Protection bool - Effective
Annotations Dictionary<string, string> - Effective
Labels Dictionary<string, string> - Expire
Time string - Id string
- The provider-assigned unique ID for this managed resource.
- Labels Dictionary<string, string>
- Name string
- Pulumi
Labels Dictionary<string, string> - Replications
List<Get
Secret Replication> - Rotations
List<Get
Secret Rotation> - Secret
Id string - Dictionary<string, string>
- Topics
List<Get
Secret Topic> - Ttl string
- Version
Aliases Dictionary<string, string> - Version
Destroy stringTtl - Project string
- Annotations map[string]string
- Create
Time string - Deletion
Protection bool - Effective
Annotations map[string]string - Effective
Labels map[string]string - Expire
Time string - Id string
- The provider-assigned unique ID for this managed resource.
- Labels map[string]string
- Name string
- Pulumi
Labels map[string]string - Replications
[]Get
Secret Replication - Rotations
[]Get
Secret Rotation - Secret
Id string - map[string]string
- Topics
[]Get
Secret Topic - Ttl string
- Version
Aliases map[string]string - Version
Destroy stringTtl - Project string
- annotations Map<String,String>
- create
Time String - deletion
Protection Boolean - effective
Annotations Map<String,String> - effective
Labels Map<String,String> - expire
Time String - id String
- The provider-assigned unique ID for this managed resource.
- labels Map<String,String>
- name String
- pulumi
Labels Map<String,String> - replications
List<Get
Secret Replication> - rotations
List<Get
Secret Rotation> - secret
Id String - Map<String,String>
- topics
List<Get
Secret Topic> - ttl String
- version
Aliases Map<String,String> - version
Destroy StringTtl - project String
- annotations {[key: string]: string}
- create
Time string - deletion
Protection boolean - effective
Annotations {[key: string]: string} - effective
Labels {[key: string]: string} - expire
Time string - id string
- The provider-assigned unique ID for this managed resource.
- labels {[key: string]: string}
- name string
- pulumi
Labels {[key: string]: string} - replications
Get
Secret Replication[] - rotations
Get
Secret Rotation[] - secret
Id string - {[key: string]: string}
- topics
Get
Secret Topic[] - ttl string
- version
Aliases {[key: string]: string} - version
Destroy stringTtl - project string
- annotations Mapping[str, str]
- create_
time str - deletion_
protection bool - effective_
annotations Mapping[str, str] - effective_
labels Mapping[str, str] - expire_
time str - id str
- The provider-assigned unique ID for this managed resource.
- labels Mapping[str, str]
- name str
- pulumi_
labels Mapping[str, str] - replications
Sequence[Get
Secret Replication] - rotations
Sequence[Get
Secret Rotation] - secret_
id str - Mapping[str, str]
- topics
Sequence[Get
Secret Topic] - ttl str
- version_
aliases Mapping[str, str] - version_
destroy_ strttl - project str
- annotations Map<String>
- create
Time String - deletion
Protection Boolean - effective
Annotations Map<String> - effective
Labels Map<String> - expire
Time String - id String
- The provider-assigned unique ID for this managed resource.
- labels Map<String>
- name String
- pulumi
Labels Map<String> - replications List<Property Map>
- rotations List<Property Map>
- secret
Id String - Map<String>
- topics List<Property Map>
- ttl String
- version
Aliases Map<String> - version
Destroy StringTtl - project String
Supporting Types
GetSecretReplication
- Autos
List<Get
Secret Replication Auto> - The Secret will automatically be replicated without any restrictions.
- User
Manageds List<GetSecret Replication User Managed> - The Secret will be replicated to the regions specified by the user.
- Autos
[]Get
Secret Replication Auto - The Secret will automatically be replicated without any restrictions.
- User
Manageds []GetSecret Replication User Managed - The Secret will be replicated to the regions specified by the user.
- autos
List<Get
Secret Replication Auto> - The Secret will automatically be replicated without any restrictions.
- user
Manageds List<GetSecret Replication User Managed> - The Secret will be replicated to the regions specified by the user.
- autos
Get
Secret Replication Auto[] - The Secret will automatically be replicated without any restrictions.
- user
Manageds GetSecret Replication User Managed[] - The Secret will be replicated to the regions specified by the user.
- autos
Sequence[Get
Secret Replication Auto] - The Secret will automatically be replicated without any restrictions.
- user_
manageds Sequence[GetSecret Replication User Managed] - The Secret will be replicated to the regions specified by the user.
- autos List<Property Map>
- The Secret will automatically be replicated without any restrictions.
- user
Manageds List<Property Map> - The Secret will be replicated to the regions specified by the user.
GetSecretReplicationAuto
- Customer
Managed List<GetEncryptions Secret Replication Auto Customer Managed Encryption> - The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used.
- Customer
Managed []GetEncryptions Secret Replication Auto Customer Managed Encryption - The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used.
- customer
Managed List<GetEncryptions Secret Replication Auto Customer Managed Encryption> - The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used.
- customer
Managed GetEncryptions Secret Replication Auto Customer Managed Encryption[] - The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used.
- customer_
managed_ Sequence[Getencryptions Secret Replication Auto Customer Managed Encryption] - The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used.
- customer
Managed List<Property Map>Encryptions - The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used.
GetSecretReplicationAutoCustomerManagedEncryption
- Kms
Key stringName - The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads.
- Kms
Key stringName - The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads.
- kms
Key StringName - The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads.
- kms
Key stringName - The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads.
- kms_
key_ strname - The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads.
- kms
Key StringName - The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads.
GetSecretReplicationUserManaged
- Replicas
List<Get
Secret Replication User Managed Replica> - The list of Replicas for this Secret. Cannot be empty.
- Replicas
[]Get
Secret Replication User Managed Replica - The list of Replicas for this Secret. Cannot be empty.
- replicas
List<Get
Secret Replication User Managed Replica> - The list of Replicas for this Secret. Cannot be empty.
- replicas
Get
Secret Replication User Managed Replica[] - The list of Replicas for this Secret. Cannot be empty.
- replicas
Sequence[Get
Secret Replication User Managed Replica] - The list of Replicas for this Secret. Cannot be empty.
- replicas List<Property Map>
- The list of Replicas for this Secret. Cannot be empty.
GetSecretReplicationUserManagedReplica
- Customer
Managed List<GetEncryptions Secret Replication User Managed Replica Customer Managed Encryption> - Customer Managed Encryption for the secret.
- Location string
- The canonical IDs of the location to replicate data. For example: "us-east1".
- Customer
Managed []GetEncryptions Secret Replication User Managed Replica Customer Managed Encryption - Customer Managed Encryption for the secret.
- Location string
- The canonical IDs of the location to replicate data. For example: "us-east1".
- customer
Managed List<GetEncryptions Secret Replication User Managed Replica Customer Managed Encryption> - Customer Managed Encryption for the secret.
- location String
- The canonical IDs of the location to replicate data. For example: "us-east1".
- customer
Managed GetEncryptions Secret Replication User Managed Replica Customer Managed Encryption[] - Customer Managed Encryption for the secret.
- location string
- The canonical IDs of the location to replicate data. For example: "us-east1".
- customer_
managed_ Sequence[Getencryptions Secret Replication User Managed Replica Customer Managed Encryption] - Customer Managed Encryption for the secret.
- location str
- The canonical IDs of the location to replicate data. For example: "us-east1".
- customer
Managed List<Property Map>Encryptions - Customer Managed Encryption for the secret.
- location String
- The canonical IDs of the location to replicate data. For example: "us-east1".
GetSecretReplicationUserManagedReplicaCustomerManagedEncryption
- Kms
Key stringName - Describes the Cloud KMS encryption key that will be used to protect destination secret.
- Kms
Key stringName - Describes the Cloud KMS encryption key that will be used to protect destination secret.
- kms
Key StringName - Describes the Cloud KMS encryption key that will be used to protect destination secret.
- kms
Key stringName - Describes the Cloud KMS encryption key that will be used to protect destination secret.
- kms_
key_ strname - Describes the Cloud KMS encryption key that will be used to protect destination secret.
- kms
Key StringName - Describes the Cloud KMS encryption key that will be used to protect destination secret.
GetSecretRotation
- Next
Rotation stringTime - Timestamp in UTC at which the Secret is scheduled to rotate. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- Rotation
Period string - The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications.
- Next
Rotation stringTime - Timestamp in UTC at which the Secret is scheduled to rotate. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- Rotation
Period string - The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications.
- next
Rotation StringTime - Timestamp in UTC at which the Secret is scheduled to rotate. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- rotation
Period String - The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications.
- next
Rotation stringTime - Timestamp in UTC at which the Secret is scheduled to rotate. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- rotation
Period string - The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications.
- next_
rotation_ strtime - Timestamp in UTC at which the Secret is scheduled to rotate. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- rotation_
period str - The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications.
- next
Rotation StringTime - Timestamp in UTC at which the Secret is scheduled to rotate. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- rotation
Period String - The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications.
GetSecretTopic
- Name string
- The resource name of the Pub/Sub topic that will be published to, in the following format: projects//topics/. For publication to succeed, the Secret Manager Service Agent service account must have pubsub.publisher permissions on the topic.
- Name string
- The resource name of the Pub/Sub topic that will be published to, in the following format: projects//topics/. For publication to succeed, the Secret Manager Service Agent service account must have pubsub.publisher permissions on the topic.
- name String
- The resource name of the Pub/Sub topic that will be published to, in the following format: projects//topics/. For publication to succeed, the Secret Manager Service Agent service account must have pubsub.publisher permissions on the topic.
- name string
- The resource name of the Pub/Sub topic that will be published to, in the following format: projects//topics/. For publication to succeed, the Secret Manager Service Agent service account must have pubsub.publisher permissions on the topic.
- name str
- The resource name of the Pub/Sub topic that will be published to, in the following format: projects//topics/. For publication to succeed, the Secret Manager Service Agent service account must have pubsub.publisher permissions on the topic.
- name String
- The resource name of the Pub/Sub topic that will be published to, in the following format: projects//topics/. For publication to succeed, the Secret Manager Service Agent service account must have pubsub.publisher permissions on the topic.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.
Viewing docs for Google Cloud v9.16.0
published on Thursday, Mar 19, 2026 by Pulumi
published on Thursday, Mar 19, 2026 by Pulumi
