Welcome to Pulumi Registry, your window into the cloud. Read the announcement.

Google Native

v0.9.0 published on Wednesday, Nov 24, 2021 by Pulumi

Secret

Creates a new Secret containing no SecretVersions. Auto-naming is currently not supported for this resource.

Create a Secret Resource

new Secret(name: string, args: SecretArgs, opts?: CustomResourceOptions);
@overload
def Secret(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           etag: Optional[str] = None,
           expire_time: Optional[str] = None,
           labels: Optional[Mapping[str, str]] = None,
           project: Optional[str] = None,
           replication: Optional[ReplicationArgs] = None,
           rotation: Optional[RotationArgs] = None,
           secret_id: Optional[str] = None,
           topics: Optional[Sequence[TopicArgs]] = None,
           ttl: Optional[str] = None)
@overload
def Secret(resource_name: str,
           args: SecretArgs,
           opts: Optional[ResourceOptions] = None)
func NewSecret(ctx *Context, name string, args SecretArgs, opts ...ResourceOption) (*Secret, error)
public Secret(string name, SecretArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args SecretArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args SecretArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args SecretArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args SecretArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

Secret Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Secret resource accepts the following input properties:

Replication Pulumi.GoogleNative.SecretManager.V1.Inputs.ReplicationArgs
Immutable. The replication policy of the secret data attached to the Secret. The replication policy cannot be changed after the Secret has been created.
SecretId string
Etag string
Optional. Etag of the currently stored Secret.
ExpireTime string
Optional. Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.
Labels Dictionary<string, string>
The labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: \p{Ll}\p{Lo}{0,62} Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} No more than 64 labels can be assigned to a given resource.
Project string
Rotation Pulumi.GoogleNative.SecretManager.V1.Inputs.RotationArgs
Optional. Rotation policy attached to the Secret. May be excluded if there is no rotation policy.
Topics List<Pulumi.GoogleNative.SecretManager.V1.Inputs.TopicArgs>
Optional. A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.
Ttl string
Input only. The TTL for the Secret.
Replication ReplicationArgs
Immutable. The replication policy of the secret data attached to the Secret. The replication policy cannot be changed after the Secret has been created.
SecretId string
Etag string
Optional. Etag of the currently stored Secret.
ExpireTime string
Optional. Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.
Labels map[string]string
The labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: \p{Ll}\p{Lo}{0,62} Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} No more than 64 labels can be assigned to a given resource.
Project string
Rotation RotationArgs
Optional. Rotation policy attached to the Secret. May be excluded if there is no rotation policy.
Topics []TopicArgs
Optional. A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.
Ttl string
Input only. The TTL for the Secret.
replication ReplicationArgs
Immutable. The replication policy of the secret data attached to the Secret. The replication policy cannot be changed after the Secret has been created.
secretId string
etag string
Optional. Etag of the currently stored Secret.
expireTime string
Optional. Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.
labels {[key: string]: string}
The labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: \p{Ll}\p{Lo}{0,62} Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} No more than 64 labels can be assigned to a given resource.
project string
rotation RotationArgs
Optional. Rotation policy attached to the Secret. May be excluded if there is no rotation policy.
topics TopicArgs[]
Optional. A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.
ttl string
Input only. The TTL for the Secret.
replication ReplicationArgs
Immutable. The replication policy of the secret data attached to the Secret. The replication policy cannot be changed after the Secret has been created.
secret_id str
etag str
Optional. Etag of the currently stored Secret.
expire_time str
Optional. Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.
labels Mapping[str, str]
The labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: \p{Ll}\p{Lo}{0,62} Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} No more than 64 labels can be assigned to a given resource.
project str
rotation RotationArgs
Optional. Rotation policy attached to the Secret. May be excluded if there is no rotation policy.
topics Sequence[TopicArgs]
Optional. A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.
ttl str
Input only. The TTL for the Secret.

Outputs

All input properties are implicitly available as output properties. Additionally, the Secret resource produces the following output properties:

CreateTime string
The time at which the Secret was created.
Id string
The provider-assigned unique ID for this managed resource.
Name string
The resource name of the Secret in the format projects//secrets/.
CreateTime string
The time at which the Secret was created.
Id string
The provider-assigned unique ID for this managed resource.
Name string
The resource name of the Secret in the format projects//secrets/.
createTime string
The time at which the Secret was created.
id string
The provider-assigned unique ID for this managed resource.
name string
The resource name of the Secret in the format projects//secrets/.
create_time str
The time at which the Secret was created.
id str
The provider-assigned unique ID for this managed resource.
name str
The resource name of the Secret in the format projects//secrets/.

Supporting Types

Automatic

CustomerManagedEncryption Pulumi.GoogleNative.SecretManager.V1.Inputs.CustomerManagedEncryption
Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
CustomerManagedEncryption CustomerManagedEncryption
Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
customerManagedEncryption CustomerManagedEncryption
Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
customer_managed_encryption CustomerManagedEncryption
Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.

AutomaticResponse

CustomerManagedEncryption Pulumi.GoogleNative.SecretManager.V1.Inputs.CustomerManagedEncryptionResponse
Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
CustomerManagedEncryption CustomerManagedEncryptionResponse
Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
customerManagedEncryption CustomerManagedEncryptionResponse
Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
customer_managed_encryption CustomerManagedEncryptionResponse
Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.

CustomerManagedEncryption

KmsKeyName string
The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the replica location. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in global. The expected format is projects//locations//keyRings//cryptoKeys/.
KmsKeyName string
The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the replica location. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in global. The expected format is projects//locations//keyRings//cryptoKeys/.
kmsKeyName string
The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the replica location. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in global. The expected format is projects//locations//keyRings//cryptoKeys/.
kms_key_name str
The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the replica location. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in global. The expected format is projects//locations//keyRings//cryptoKeys/.

CustomerManagedEncryptionResponse

KmsKeyName string
The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the replica location. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in global. The expected format is projects//locations//keyRings//cryptoKeys/.
KmsKeyName string
The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the replica location. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in global. The expected format is projects//locations//keyRings//cryptoKeys/.
kmsKeyName string
The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the replica location. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in global. The expected format is projects//locations//keyRings//cryptoKeys/.
kms_key_name str
The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the replica location. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in global. The expected format is projects//locations//keyRings//cryptoKeys/.

Replica

CustomerManagedEncryption Pulumi.GoogleNative.SecretManager.V1.Inputs.CustomerManagedEncryption
Optional. The customer-managed encryption configuration of the User-Managed Replica. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
Location string
The canonical IDs of the location to replicate data. For example: "us-east1".
CustomerManagedEncryption CustomerManagedEncryption
Optional. The customer-managed encryption configuration of the User-Managed Replica. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
Location string
The canonical IDs of the location to replicate data. For example: "us-east1".
customerManagedEncryption CustomerManagedEncryption
Optional. The customer-managed encryption configuration of the User-Managed Replica. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
location string
The canonical IDs of the location to replicate data. For example: "us-east1".
customer_managed_encryption CustomerManagedEncryption
Optional. The customer-managed encryption configuration of the User-Managed Replica. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
location str
The canonical IDs of the location to replicate data. For example: "us-east1".

ReplicaResponse

CustomerManagedEncryption Pulumi.GoogleNative.SecretManager.V1.Inputs.CustomerManagedEncryptionResponse
Optional. The customer-managed encryption configuration of the User-Managed Replica. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
Location string
The canonical IDs of the location to replicate data. For example: "us-east1".
CustomerManagedEncryption CustomerManagedEncryptionResponse
Optional. The customer-managed encryption configuration of the User-Managed Replica. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
Location string
The canonical IDs of the location to replicate data. For example: "us-east1".
customerManagedEncryption CustomerManagedEncryptionResponse
Optional. The customer-managed encryption configuration of the User-Managed Replica. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
location string
The canonical IDs of the location to replicate data. For example: "us-east1".
customer_managed_encryption CustomerManagedEncryptionResponse
Optional. The customer-managed encryption configuration of the User-Managed Replica. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
location str
The canonical IDs of the location to replicate data. For example: "us-east1".

Replication

Automatic Pulumi.GoogleNative.SecretManager.V1.Inputs.Automatic
The Secret will automatically be replicated without any restrictions.
UserManaged Pulumi.GoogleNative.SecretManager.V1.Inputs.UserManaged
The Secret will only be replicated into the locations specified.
Automatic Automatic
The Secret will automatically be replicated without any restrictions.
UserManaged UserManaged
The Secret will only be replicated into the locations specified.
automatic Automatic
The Secret will automatically be replicated without any restrictions.
userManaged UserManaged
The Secret will only be replicated into the locations specified.
automatic Automatic
The Secret will automatically be replicated without any restrictions.
user_managed UserManaged
The Secret will only be replicated into the locations specified.

ReplicationResponse

Automatic Pulumi.GoogleNative.SecretManager.V1.Inputs.AutomaticResponse
The Secret will automatically be replicated without any restrictions.
UserManaged Pulumi.GoogleNative.SecretManager.V1.Inputs.UserManagedResponse
The Secret will only be replicated into the locations specified.
Automatic AutomaticResponse
The Secret will automatically be replicated without any restrictions.
UserManaged UserManagedResponse
The Secret will only be replicated into the locations specified.
automatic AutomaticResponse
The Secret will automatically be replicated without any restrictions.
userManaged UserManagedResponse
The Secret will only be replicated into the locations specified.
automatic AutomaticResponse
The Secret will automatically be replicated without any restrictions.
user_managed UserManagedResponse
The Secret will only be replicated into the locations specified.

Rotation

NextRotationTime string
Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years). next_rotation_time MUST be set if rotation_period is set.
RotationPeriod string
Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotation_period is set, next_rotation_time must be set. next_rotation_time will be advanced by this period when the service automatically sends rotation notifications.
NextRotationTime string
Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years). next_rotation_time MUST be set if rotation_period is set.
RotationPeriod string
Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotation_period is set, next_rotation_time must be set. next_rotation_time will be advanced by this period when the service automatically sends rotation notifications.
nextRotationTime string
Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years). next_rotation_time MUST be set if rotation_period is set.
rotationPeriod string
Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotation_period is set, next_rotation_time must be set. next_rotation_time will be advanced by this period when the service automatically sends rotation notifications.
next_rotation_time str
Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years). next_rotation_time MUST be set if rotation_period is set.
rotation_period str
Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotation_period is set, next_rotation_time must be set. next_rotation_time will be advanced by this period when the service automatically sends rotation notifications.

RotationResponse

NextRotationTime string
Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years). next_rotation_time MUST be set if rotation_period is set.
RotationPeriod string
Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotation_period is set, next_rotation_time must be set. next_rotation_time will be advanced by this period when the service automatically sends rotation notifications.
NextRotationTime string
Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years). next_rotation_time MUST be set if rotation_period is set.
RotationPeriod string
Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotation_period is set, next_rotation_time must be set. next_rotation_time will be advanced by this period when the service automatically sends rotation notifications.
nextRotationTime string
Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years). next_rotation_time MUST be set if rotation_period is set.
rotationPeriod string
Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotation_period is set, next_rotation_time must be set. next_rotation_time will be advanced by this period when the service automatically sends rotation notifications.
next_rotation_time str
Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years). next_rotation_time MUST be set if rotation_period is set.
rotation_period str
Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotation_period is set, next_rotation_time must be set. next_rotation_time will be advanced by this period when the service automatically sends rotation notifications.

Topic

Name string
The resource name of the Pub/Sub topic that will be published to, in the following format: projects//topics/. For publication to succeed, the Secret Manager P4SA must have pubsub.publisher permissions on the topic.
Name string
The resource name of the Pub/Sub topic that will be published to, in the following format: projects//topics/. For publication to succeed, the Secret Manager P4SA must have pubsub.publisher permissions on the topic.
name string
The resource name of the Pub/Sub topic that will be published to, in the following format: projects//topics/. For publication to succeed, the Secret Manager P4SA must have pubsub.publisher permissions on the topic.
name str
The resource name of the Pub/Sub topic that will be published to, in the following format: projects//topics/. For publication to succeed, the Secret Manager P4SA must have pubsub.publisher permissions on the topic.

TopicResponse

Name string
The resource name of the Pub/Sub topic that will be published to, in the following format: projects//topics/. For publication to succeed, the Secret Manager P4SA must have pubsub.publisher permissions on the topic.
Name string
The resource name of the Pub/Sub topic that will be published to, in the following format: projects//topics/. For publication to succeed, the Secret Manager P4SA must have pubsub.publisher permissions on the topic.
name string
The resource name of the Pub/Sub topic that will be published to, in the following format: projects//topics/. For publication to succeed, the Secret Manager P4SA must have pubsub.publisher permissions on the topic.
name str
The resource name of the Pub/Sub topic that will be published to, in the following format: projects//topics/. For publication to succeed, the Secret Manager P4SA must have pubsub.publisher permissions on the topic.

UserManaged

Replicas List<Pulumi.GoogleNative.SecretManager.V1.Inputs.Replica>
The list of Replicas for this Secret. Cannot be empty.
Replicas []Replica
The list of Replicas for this Secret. Cannot be empty.
replicas Replica[]
The list of Replicas for this Secret. Cannot be empty.
replicas Sequence[Replica]
The list of Replicas for this Secret. Cannot be empty.

UserManagedResponse

Replicas List<Pulumi.GoogleNative.SecretManager.V1.Inputs.ReplicaResponse>
The list of Replicas for this Secret. Cannot be empty.
Replicas []ReplicaResponse
The list of Replicas for this Secret. Cannot be empty.
replicas ReplicaResponse[]
The list of Replicas for this Secret. Cannot be empty.
replicas Sequence[ReplicaResponse]
The list of Replicas for this Secret. Cannot be empty.

Package Details

Repository
https://github.com/pulumi/pulumi-google-native
License
Apache-2.0