ibm 1.78.0, Apr 30 25

ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud

ibm.getSmIamCredentialsSecret

Explore with Pulumi AI

ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud

ibm-cloud/terraform-provider-ibm

Example Usage

By secret id

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const iamSecret = ibm.getSmIamCredentialsSecret({
    instanceId: ibm_resource_instance.sm_instance.guid,
    region: "us-south",
    secretId: "0b5571f7-21e6-42b7-91c5-3f5ac9793a46",
});

import pulumi
import pulumi_ibm as ibm

iam_secret = ibm.get_sm_iam_credentials_secret(instance_id=ibm_resource_instance["sm_instance"]["guid"],
    region="us-south",
    secret_id="0b5571f7-21e6-42b7-91c5-3f5ac9793a46")

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ibm.LookupSmIamCredentialsSecret(ctx, &ibm.LookupSmIamCredentialsSecretArgs{
			InstanceId: ibm_resource_instance.Sm_instance.Guid,
			Region:     pulumi.StringRef("us-south"),
			SecretId:   pulumi.StringRef("0b5571f7-21e6-42b7-91c5-3f5ac9793a46"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var iamSecret = Ibm.GetSmIamCredentialsSecret.Invoke(new()
    {
        InstanceId = ibm_resource_instance.Sm_instance.Guid,
        Region = "us-south",
        SecretId = "0b5571f7-21e6-42b7-91c5-3f5ac9793a46",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IbmFunctions;
import com.pulumi.ibm.inputs.GetSmIamCredentialsSecretArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var iamSecret = IbmFunctions.getSmIamCredentialsSecret(GetSmIamCredentialsSecretArgs.builder()
            .instanceId(ibm_resource_instance.sm_instance().guid())
            .region("us-south")
            .secretId("0b5571f7-21e6-42b7-91c5-3f5ac9793a46")
            .build());

    }
}

variables:
  iamSecret:
    fn::invoke:
      function: ibm:getSmIamCredentialsSecret
      arguments:
        instanceId: ${ibm_resource_instance.sm_instance.guid}
        region: us-south
        secretId: 0b5571f7-21e6-42b7-91c5-3f5ac9793a46

By secret name and group name

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const iamSecret = ibm.getSmIamCredentialsSecret({
    instanceId: ibm_resource_instance.sm_instance.guid,
    region: "us-south",
    name: "secret-name",
    secretGroupName: "group-name",
});

import pulumi
import pulumi_ibm as ibm

iam_secret = ibm.get_sm_iam_credentials_secret(instance_id=ibm_resource_instance["sm_instance"]["guid"],
    region="us-south",
    name="secret-name",
    secret_group_name="group-name")

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ibm.LookupSmIamCredentialsSecret(ctx, &ibm.LookupSmIamCredentialsSecretArgs{
			InstanceId:      ibm_resource_instance.Sm_instance.Guid,
			Region:          pulumi.StringRef("us-south"),
			Name:            pulumi.StringRef("secret-name"),
			SecretGroupName: pulumi.StringRef("group-name"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var iamSecret = Ibm.GetSmIamCredentialsSecret.Invoke(new()
    {
        InstanceId = ibm_resource_instance.Sm_instance.Guid,
        Region = "us-south",
        Name = "secret-name",
        SecretGroupName = "group-name",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IbmFunctions;
import com.pulumi.ibm.inputs.GetSmIamCredentialsSecretArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var iamSecret = IbmFunctions.getSmIamCredentialsSecret(GetSmIamCredentialsSecretArgs.builder()
            .instanceId(ibm_resource_instance.sm_instance().guid())
            .region("us-south")
            .name("secret-name")
            .secretGroupName("group-name")
            .build());

    }
}

variables:
  iamSecret:
    fn::invoke:
      function: ibm:getSmIamCredentialsSecret
      arguments:
        instanceId: ${ibm_resource_instance.sm_instance.guid}
        region: us-south
        name: secret-name
        secretGroupName: group-name

Using getSmIamCredentialsSecret

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getSmIamCredentialsSecret(args: GetSmIamCredentialsSecretArgs, opts?: InvokeOptions): Promise<GetSmIamCredentialsSecretResult>
function getSmIamCredentialsSecretOutput(args: GetSmIamCredentialsSecretOutputArgs, opts?: InvokeOptions): Output<GetSmIamCredentialsSecretResult>

def get_sm_iam_credentials_secret(endpoint_type: Optional[str] = None,
                                  id: Optional[str] = None,
                                  instance_id: Optional[str] = None,
                                  name: Optional[str] = None,
                                  region: Optional[str] = None,
                                  secret_group_name: Optional[str] = None,
                                  secret_id: Optional[str] = None,
                                  opts: Optional[InvokeOptions] = None) -> GetSmIamCredentialsSecretResult
def get_sm_iam_credentials_secret_output(endpoint_type: Optional[pulumi.Input[str]] = None,
                                  id: Optional[pulumi.Input[str]] = None,
                                  instance_id: Optional[pulumi.Input[str]] = None,
                                  name: Optional[pulumi.Input[str]] = None,
                                  region: Optional[pulumi.Input[str]] = None,
                                  secret_group_name: Optional[pulumi.Input[str]] = None,
                                  secret_id: Optional[pulumi.Input[str]] = None,
                                  opts: Optional[InvokeOptions] = None) -> Output[GetSmIamCredentialsSecretResult]

func LookupSmIamCredentialsSecret(ctx *Context, args *LookupSmIamCredentialsSecretArgs, opts ...InvokeOption) (*LookupSmIamCredentialsSecretResult, error)
func LookupSmIamCredentialsSecretOutput(ctx *Context, args *LookupSmIamCredentialsSecretOutputArgs, opts ...InvokeOption) LookupSmIamCredentialsSecretResultOutput

> Note: This function is named LookupSmIamCredentialsSecret in the Go SDK.

public static class GetSmIamCredentialsSecret 
{
    public static Task<GetSmIamCredentialsSecretResult> InvokeAsync(GetSmIamCredentialsSecretArgs args, InvokeOptions? opts = null)
    public static Output<GetSmIamCredentialsSecretResult> Invoke(GetSmIamCredentialsSecretInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetSmIamCredentialsSecretResult> getSmIamCredentialsSecret(GetSmIamCredentialsSecretArgs args, InvokeOptions options)
public static Output<GetSmIamCredentialsSecretResult> getSmIamCredentialsSecret(GetSmIamCredentialsSecretArgs args, InvokeOptions options)

fn::invoke:
  function: ibm:index/getSmIamCredentialsSecret:getSmIamCredentialsSecret
  arguments:
    # arguments dictionary

The following arguments are supported:

InstanceId string

The GUID of the Secrets Manager instance.

EndpointType string

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

Id string

Name string

The human-readable name of your secret. To be used in combination with secret_group_name.

Constraints: The maximum length is 256 characters. The minimum length is 2 characters. The value must match regular expression ^[A-Za-z0-9][A-Za-z0-9]*(?:_*-*\\.*[A-Za-z0-9]+)*$.

Region string

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

SecretGroupName string

The name of your existing secret group. To be used in combination with name.

Constraints: The maximum length is 64 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

SecretId string

The ID of the secret.

Constraints: The maximum length is 36 characters. The minimum length is 36 characters. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

InstanceId string

The GUID of the Secrets Manager instance.

EndpointType string

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

Id string

Name string

The human-readable name of your secret. To be used in combination with secret_group_name.

Constraints: The maximum length is 256 characters. The minimum length is 2 characters. The value must match regular expression ^[A-Za-z0-9][A-Za-z0-9]*(?:_*-*\\.*[A-Za-z0-9]+)*$.

Region string

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

SecretGroupName string

The name of your existing secret group. To be used in combination with name.

Constraints: The maximum length is 64 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

SecretId string

The ID of the secret.

Constraints: The maximum length is 36 characters. The minimum length is 36 characters. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

instanceId String

The GUID of the Secrets Manager instance.

endpointType String

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

id String

name String

The human-readable name of your secret. To be used in combination with secret_group_name.

Constraints: The maximum length is 256 characters. The minimum length is 2 characters. The value must match regular expression ^[A-Za-z0-9][A-Za-z0-9]*(?:_*-*\\.*[A-Za-z0-9]+)*$.

region String

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

secretGroupName String

The name of your existing secret group. To be used in combination with name.

Constraints: The maximum length is 64 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

secretId String

The ID of the secret.

Constraints: The maximum length is 36 characters. The minimum length is 36 characters. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

instanceId string

The GUID of the Secrets Manager instance.

endpointType string

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

id string

name string

The human-readable name of your secret. To be used in combination with secret_group_name.

Constraints: The maximum length is 256 characters. The minimum length is 2 characters. The value must match regular expression ^[A-Za-z0-9][A-Za-z0-9]*(?:_*-*\\.*[A-Za-z0-9]+)*$.

region string

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

secretGroupName string

The name of your existing secret group. To be used in combination with name.

Constraints: The maximum length is 64 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

secretId string

The ID of the secret.

Constraints: The maximum length is 36 characters. The minimum length is 36 characters. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

instance_id str

The GUID of the Secrets Manager instance.

endpoint_type str

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

id str

name str

The human-readable name of your secret. To be used in combination with secret_group_name.

Constraints: The maximum length is 256 characters. The minimum length is 2 characters. The value must match regular expression ^[A-Za-z0-9][A-Za-z0-9]*(?:_*-*\\.*[A-Za-z0-9]+)*$.

region str

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

secret_group_name str

The name of your existing secret group. To be used in combination with name.

Constraints: The maximum length is 64 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

secret_id str

The ID of the secret.

Constraints: The maximum length is 36 characters. The minimum length is 36 characters. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

instanceId String

The GUID of the Secrets Manager instance.

endpointType String

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

id String

name String

The human-readable name of your secret. To be used in combination with secret_group_name.

Constraints: The maximum length is 256 characters. The minimum length is 2 characters. The value must match regular expression ^[A-Za-z0-9][A-Za-z0-9]*(?:_*-*\\.*[A-Za-z0-9]+)*$.

region String

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

secretGroupName String

The name of your existing secret group. To be used in combination with name.

Constraints: The maximum length is 64 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

secretId String

The ID of the secret.

Constraints: The maximum length is 36 characters. The minimum length is 36 characters. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

getSmIamCredentialsSecret Result

The following output properties are available:

AccessGroups List<string>

(List) Access Groups that you can use for an iam_credentials secret.Up to 10 Access Groups can be used for each secret.

Constraints: The list items must match regular expression /^AccessGroupId-[a-z0-9-]+[a-z0-9]$/. The maximum length is 10 items. The minimum length is 1 item.

AccountId string

(String) The ID of the account in which the IAM credentials are created. This field is omitted if the target account is the same as the account of the Secrets Manager instance.

ApiKey string

(String) The API key that is generated for this secret. After the secret reaches the end of its lease (see the ttl field), the API key is deleted automatically.

Constraints: The maximum length is 60 characters. The minimum length is 5 characters. The value must match regular expression /^(?:[A-Za-z0-9_\\-]{4})*(?:[A-Za-z0-9_\\-]{2}==|[A-Za-z0-9_\\-]{3}=)?$/.

ApiKeyId string

(String) The ID of the API key that is generated for this secret.

CreatedAt string

(String) The date when a resource was created. The date format follows RFC 3339.

CreatedBy string

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

Crn string

(String) A CRN that uniquely identifies an IBM Cloud resource.

Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression /^crn:v0-9*+,;=@\/]|%[0-9A-Z]{2})*){8}$/.

CustomMetadata Dictionary<string, string>

(Map) The secret metadata that a user can customize.

Description string

(String) An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group.

Constraints: The maximum length is 1024 characters. The minimum length is 0 characters. The value must match regular expression /(.*?)/.

Downloaded bool

(Boolean) Indicates whether the secret data that is associated with a secret version was retrieved in a call to the service API.

ExpirationDate string

(String) The date a secret is expired. The date format follows RFC 3339.

Id string

InstanceId string

Labels List<string>

(List) Labels that you can use to search for secrets in your instance.Up to 30 labels can be created.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 30 items. The minimum length is 0 items.

LocksTotal double

(Integer) The number of locks of the secret.

Constraints: The maximum value is 1000. The minimum value is 0.

Name string

(String) The human-readable name of your secret.

Constraints: The maximum length is 256 characters. The minimum length is 2 characters.

NextRotationDate string

(String) The date that the secret is scheduled for automatic rotation.The service automatically creates a new version of the secret on its next rotation date. This field exists only for secrets that have an existing rotation policy.

Region string

ReuseApiKey bool

Rotations List<GetSmIamCredentialsSecretRotation>

(List) Determines whether Secrets Manager rotates your secrets automatically. Nested scheme for rotation:

SecretGroupId string

(String) A UUID identifier, or default secret group.

Constraints: The maximum length is 36 characters. The minimum length is 7 characters. The value must match regular expression /^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|default)$/.

SecretId string

SecretType string

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

ServiceId string

(String) The service ID under which the API key (see the api_key field) is created.If you omit this parameter, Secrets Manager generates a new service ID for your secret at its creation and adds it to the access groups that you assign.Optionally, you can use this field to provide your own service ID if you prefer to manage its access directly or retain the service ID after your secret expires, is rotated, or deleted. If you provide a service ID, do not include the access_groups parameter.

Constraints: The maximum length is 50 characters. The minimum length is 40 characters. The value must match regular expression /^[A-Za-z0-9][A-Za-z0-9]*(?:-?[A-Za-z0-9]+)*$/.

ServiceIdIsStatic bool

(Boolean) Indicates whether an iam_credentials secret was created with a static service ID.If it is set to true, the service ID for the secret was provided by the user at secret creation. If it is set to false, the service ID was generated by Secrets Manager.

State double

(Integer) The secret state that is based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0, Active = 1, Suspended = 2, Deactivated = 3, and Destroyed = 5 values.

Constraints: Allowable values are: 0, 1, 2, 3, 5.

StateDescription string

(String) A text representation of the secret state.

Constraints: Allowable values are: pre_activation, active, suspended, deactivated, destroyed.

Ttl string

(String) The time-to-live (TTL) or lease duration to assign to generated credentials.For iam_credentials secrets, the TTL defines for how long each generated API key remains valid. The value can be either an integer that specifies the number of seconds, or the string representation of a duration, such as 120m or 24h.Minimum duration is 1 minute. Maximum is 90 days.

Constraints: The maximum length is 10 characters. The minimum length is 2 characters. The value must match regular expression /^[0-9]+[s,m,h,d]{0,1}$/.

UpdatedAt string

(String) The date when a resource was recently modified. The date format follows RFC 3339.

VersionsTotal double

(Integer) The number of versions of the secret.

Constraints: The maximum value is 50. The minimum value is 0.

EndpointType string

SecretGroupName string

AccessGroups []string

(List) Access Groups that you can use for an iam_credentials secret.Up to 10 Access Groups can be used for each secret.

Constraints: The list items must match regular expression /^AccessGroupId-[a-z0-9-]+[a-z0-9]$/. The maximum length is 10 items. The minimum length is 1 item.

AccountId string

(String) The ID of the account in which the IAM credentials are created. This field is omitted if the target account is the same as the account of the Secrets Manager instance.

ApiKey string

(String) The API key that is generated for this secret. After the secret reaches the end of its lease (see the ttl field), the API key is deleted automatically.

Constraints: The maximum length is 60 characters. The minimum length is 5 characters. The value must match regular expression /^(?:[A-Za-z0-9_\\-]{4})*(?:[A-Za-z0-9_\\-]{2}==|[A-Za-z0-9_\\-]{3}=)?$/.

ApiKeyId string

(String) The ID of the API key that is generated for this secret.

CreatedAt string

(String) The date when a resource was created. The date format follows RFC 3339.

CreatedBy string

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

Crn string

(String) A CRN that uniquely identifies an IBM Cloud resource.

Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression /^crn:v0-9*+,;=@\/]|%[0-9A-Z]{2})*){8}$/.

CustomMetadata map[string]string

(Map) The secret metadata that a user can customize.

Description string

(String) An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group.

Constraints: The maximum length is 1024 characters. The minimum length is 0 characters. The value must match regular expression /(.*?)/.

Downloaded bool

(Boolean) Indicates whether the secret data that is associated with a secret version was retrieved in a call to the service API.

ExpirationDate string

(String) The date a secret is expired. The date format follows RFC 3339.

Id string

InstanceId string

Labels []string

(List) Labels that you can use to search for secrets in your instance.Up to 30 labels can be created.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 30 items. The minimum length is 0 items.

LocksTotal float64

(Integer) The number of locks of the secret.

Constraints: The maximum value is 1000. The minimum value is 0.

Name string

(String) The human-readable name of your secret.

Constraints: The maximum length is 256 characters. The minimum length is 2 characters.

NextRotationDate string

Region string

ReuseApiKey bool

Rotations []GetSmIamCredentialsSecretRotation

(List) Determines whether Secrets Manager rotates your secrets automatically. Nested scheme for rotation:

SecretGroupId string

(String) A UUID identifier, or default secret group.

Constraints: The maximum length is 36 characters. The minimum length is 7 characters. The value must match regular expression /^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|default)$/.

SecretId string

SecretType string

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

ServiceId string

Constraints: The maximum length is 50 characters. The minimum length is 40 characters. The value must match regular expression /^[A-Za-z0-9][A-Za-z0-9]*(?:-?[A-Za-z0-9]+)*$/.

ServiceIdIsStatic bool

State float64

Constraints: Allowable values are: 0, 1, 2, 3, 5.

StateDescription string

(String) A text representation of the secret state.

Constraints: Allowable values are: pre_activation, active, suspended, deactivated, destroyed.

Ttl string

Constraints: The maximum length is 10 characters. The minimum length is 2 characters. The value must match regular expression /^[0-9]+[s,m,h,d]{0,1}$/.

UpdatedAt string

(String) The date when a resource was recently modified. The date format follows RFC 3339.

VersionsTotal float64

(Integer) The number of versions of the secret.

Constraints: The maximum value is 50. The minimum value is 0.

EndpointType string

SecretGroupName string

accessGroups List<String>

(List) Access Groups that you can use for an iam_credentials secret.Up to 10 Access Groups can be used for each secret.

Constraints: The list items must match regular expression /^AccessGroupId-[a-z0-9-]+[a-z0-9]$/. The maximum length is 10 items. The minimum length is 1 item.

accountId String

(String) The ID of the account in which the IAM credentials are created. This field is omitted if the target account is the same as the account of the Secrets Manager instance.

apiKey String

(String) The API key that is generated for this secret. After the secret reaches the end of its lease (see the ttl field), the API key is deleted automatically.

Constraints: The maximum length is 60 characters. The minimum length is 5 characters. The value must match regular expression /^(?:[A-Za-z0-9_\\-]{4})*(?:[A-Za-z0-9_\\-]{2}==|[A-Za-z0-9_\\-]{3}=)?$/.

apiKeyId String

(String) The ID of the API key that is generated for this secret.

createdAt String

(String) The date when a resource was created. The date format follows RFC 3339.

createdBy String

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

crn String

(String) A CRN that uniquely identifies an IBM Cloud resource.

Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression /^crn:v0-9*+,;=@\/]|%[0-9A-Z]{2})*){8}$/.

customMetadata Map<String,String>

(Map) The secret metadata that a user can customize.

description String

(String) An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group.

Constraints: The maximum length is 1024 characters. The minimum length is 0 characters. The value must match regular expression /(.*?)/.

downloaded Boolean

(Boolean) Indicates whether the secret data that is associated with a secret version was retrieved in a call to the service API.

expirationDate String

(String) The date a secret is expired. The date format follows RFC 3339.

id String

instanceId String

labels List<String>

(List) Labels that you can use to search for secrets in your instance.Up to 30 labels can be created.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 30 items. The minimum length is 0 items.

locksTotal Double

(Integer) The number of locks of the secret.

Constraints: The maximum value is 1000. The minimum value is 0.

name String

(String) The human-readable name of your secret.

Constraints: The maximum length is 256 characters. The minimum length is 2 characters.

nextRotationDate String

region String

reuseApiKey Boolean

rotations List<GetSmIamCredentialsSecretRotation>

(List) Determines whether Secrets Manager rotates your secrets automatically. Nested scheme for rotation:

secretGroupId String

(String) A UUID identifier, or default secret group.

Constraints: The maximum length is 36 characters. The minimum length is 7 characters. The value must match regular expression /^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|default)$/.

secretId String

secretType String

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

serviceId String

Constraints: The maximum length is 50 characters. The minimum length is 40 characters. The value must match regular expression /^[A-Za-z0-9][A-Za-z0-9]*(?:-?[A-Za-z0-9]+)*$/.

serviceIdIsStatic Boolean

state Double

Constraints: Allowable values are: 0, 1, 2, 3, 5.

stateDescription String

(String) A text representation of the secret state.

Constraints: Allowable values are: pre_activation, active, suspended, deactivated, destroyed.

ttl String

Constraints: The maximum length is 10 characters. The minimum length is 2 characters. The value must match regular expression /^[0-9]+[s,m,h,d]{0,1}$/.

updatedAt String

(String) The date when a resource was recently modified. The date format follows RFC 3339.

versionsTotal Double

(Integer) The number of versions of the secret.

Constraints: The maximum value is 50. The minimum value is 0.

endpointType String

secretGroupName String

accessGroups string[]

(List) Access Groups that you can use for an iam_credentials secret.Up to 10 Access Groups can be used for each secret.

Constraints: The list items must match regular expression /^AccessGroupId-[a-z0-9-]+[a-z0-9]$/. The maximum length is 10 items. The minimum length is 1 item.

accountId string

(String) The ID of the account in which the IAM credentials are created. This field is omitted if the target account is the same as the account of the Secrets Manager instance.

apiKey string

(String) The API key that is generated for this secret. After the secret reaches the end of its lease (see the ttl field), the API key is deleted automatically.

Constraints: The maximum length is 60 characters. The minimum length is 5 characters. The value must match regular expression /^(?:[A-Za-z0-9_\\-]{4})*(?:[A-Za-z0-9_\\-]{2}==|[A-Za-z0-9_\\-]{3}=)?$/.

apiKeyId string

(String) The ID of the API key that is generated for this secret.

createdAt string

(String) The date when a resource was created. The date format follows RFC 3339.

createdBy string

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

crn string

(String) A CRN that uniquely identifies an IBM Cloud resource.

Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression /^crn:v0-9*+,;=@\/]|%[0-9A-Z]{2})*){8}$/.

customMetadata {[key: string]: string}

(Map) The secret metadata that a user can customize.

description string

(String) An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group.

Constraints: The maximum length is 1024 characters. The minimum length is 0 characters. The value must match regular expression /(.*?)/.

downloaded boolean

(Boolean) Indicates whether the secret data that is associated with a secret version was retrieved in a call to the service API.

expirationDate string

(String) The date a secret is expired. The date format follows RFC 3339.

id string

instanceId string

labels string[]

(List) Labels that you can use to search for secrets in your instance.Up to 30 labels can be created.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 30 items. The minimum length is 0 items.

locksTotal number

(Integer) The number of locks of the secret.

Constraints: The maximum value is 1000. The minimum value is 0.

name string

(String) The human-readable name of your secret.

Constraints: The maximum length is 256 characters. The minimum length is 2 characters.

nextRotationDate string

region string

reuseApiKey boolean

rotations GetSmIamCredentialsSecretRotation[]

(List) Determines whether Secrets Manager rotates your secrets automatically. Nested scheme for rotation:

secretGroupId string

(String) A UUID identifier, or default secret group.

Constraints: The maximum length is 36 characters. The minimum length is 7 characters. The value must match regular expression /^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|default)$/.

secretId string

secretType string

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

serviceId string

Constraints: The maximum length is 50 characters. The minimum length is 40 characters. The value must match regular expression /^[A-Za-z0-9][A-Za-z0-9]*(?:-?[A-Za-z0-9]+)*$/.

serviceIdIsStatic boolean

state number

Constraints: Allowable values are: 0, 1, 2, 3, 5.

stateDescription string

(String) A text representation of the secret state.

Constraints: Allowable values are: pre_activation, active, suspended, deactivated, destroyed.

ttl string

Constraints: The maximum length is 10 characters. The minimum length is 2 characters. The value must match regular expression /^[0-9]+[s,m,h,d]{0,1}$/.

updatedAt string

(String) The date when a resource was recently modified. The date format follows RFC 3339.

versionsTotal number

(Integer) The number of versions of the secret.

Constraints: The maximum value is 50. The minimum value is 0.

endpointType string

secretGroupName string

access_groups Sequence[str]

(List) Access Groups that you can use for an iam_credentials secret.Up to 10 Access Groups can be used for each secret.

Constraints: The list items must match regular expression /^AccessGroupId-[a-z0-9-]+[a-z0-9]$/. The maximum length is 10 items. The minimum length is 1 item.

account_id str

(String) The ID of the account in which the IAM credentials are created. This field is omitted if the target account is the same as the account of the Secrets Manager instance.

api_key str

(String) The API key that is generated for this secret. After the secret reaches the end of its lease (see the ttl field), the API key is deleted automatically.

Constraints: The maximum length is 60 characters. The minimum length is 5 characters. The value must match regular expression /^(?:[A-Za-z0-9_\\-]{4})*(?:[A-Za-z0-9_\\-]{2}==|[A-Za-z0-9_\\-]{3}=)?$/.

api_key_id str

(String) The ID of the API key that is generated for this secret.

created_at str

(String) The date when a resource was created. The date format follows RFC 3339.

created_by str

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

crn str

(String) A CRN that uniquely identifies an IBM Cloud resource.

Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression /^crn:v0-9*+,;=@\/]|%[0-9A-Z]{2})*){8}$/.

custom_metadata Mapping[str, str]

(Map) The secret metadata that a user can customize.

description str

(String) An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group.

Constraints: The maximum length is 1024 characters. The minimum length is 0 characters. The value must match regular expression /(.*?)/.

downloaded bool

(Boolean) Indicates whether the secret data that is associated with a secret version was retrieved in a call to the service API.

expiration_date str

(String) The date a secret is expired. The date format follows RFC 3339.

id str

instance_id str

labels Sequence[str]

(List) Labels that you can use to search for secrets in your instance.Up to 30 labels can be created.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 30 items. The minimum length is 0 items.

locks_total float

(Integer) The number of locks of the secret.

Constraints: The maximum value is 1000. The minimum value is 0.

name str

(String) The human-readable name of your secret.

Constraints: The maximum length is 256 characters. The minimum length is 2 characters.

next_rotation_date str

region str

reuse_api_key bool

rotations Sequence[GetSmIamCredentialsSecretRotation]

(List) Determines whether Secrets Manager rotates your secrets automatically. Nested scheme for rotation:

secret_group_id str

(String) A UUID identifier, or default secret group.

Constraints: The maximum length is 36 characters. The minimum length is 7 characters. The value must match regular expression /^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|default)$/.

secret_id str

secret_type str

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

service_id str

Constraints: The maximum length is 50 characters. The minimum length is 40 characters. The value must match regular expression /^[A-Za-z0-9][A-Za-z0-9]*(?:-?[A-Za-z0-9]+)*$/.

service_id_is_static bool

state float

Constraints: Allowable values are: 0, 1, 2, 3, 5.

state_description str

(String) A text representation of the secret state.

Constraints: Allowable values are: pre_activation, active, suspended, deactivated, destroyed.

ttl str

Constraints: The maximum length is 10 characters. The minimum length is 2 characters. The value must match regular expression /^[0-9]+[s,m,h,d]{0,1}$/.

updated_at str

(String) The date when a resource was recently modified. The date format follows RFC 3339.

versions_total float

(Integer) The number of versions of the secret.

Constraints: The maximum value is 50. The minimum value is 0.

endpoint_type str

secret_group_name str

accessGroups List<String>

(List) Access Groups that you can use for an iam_credentials secret.Up to 10 Access Groups can be used for each secret.

Constraints: The list items must match regular expression /^AccessGroupId-[a-z0-9-]+[a-z0-9]$/. The maximum length is 10 items. The minimum length is 1 item.

accountId String

(String) The ID of the account in which the IAM credentials are created. This field is omitted if the target account is the same as the account of the Secrets Manager instance.

apiKey String

(String) The API key that is generated for this secret. After the secret reaches the end of its lease (see the ttl field), the API key is deleted automatically.

Constraints: The maximum length is 60 characters. The minimum length is 5 characters. The value must match regular expression /^(?:[A-Za-z0-9_\\-]{4})*(?:[A-Za-z0-9_\\-]{2}==|[A-Za-z0-9_\\-]{3}=)?$/.

apiKeyId String

(String) The ID of the API key that is generated for this secret.

createdAt String

(String) The date when a resource was created. The date format follows RFC 3339.

createdBy String

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

crn String

(String) A CRN that uniquely identifies an IBM Cloud resource.

Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression /^crn:v0-9*+,;=@\/]|%[0-9A-Z]{2})*){8}$/.

customMetadata Map<String>

(Map) The secret metadata that a user can customize.

description String

(String) An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group.

Constraints: The maximum length is 1024 characters. The minimum length is 0 characters. The value must match regular expression /(.*?)/.

downloaded Boolean

(Boolean) Indicates whether the secret data that is associated with a secret version was retrieved in a call to the service API.

expirationDate String

(String) The date a secret is expired. The date format follows RFC 3339.

id String

instanceId String

labels List<String>

(List) Labels that you can use to search for secrets in your instance.Up to 30 labels can be created.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 30 items. The minimum length is 0 items.

locksTotal Number

(Integer) The number of locks of the secret.

Constraints: The maximum value is 1000. The minimum value is 0.

name String

(String) The human-readable name of your secret.

Constraints: The maximum length is 256 characters. The minimum length is 2 characters.

nextRotationDate String

region String

reuseApiKey Boolean

rotations List<Property Map>

(List) Determines whether Secrets Manager rotates your secrets automatically. Nested scheme for rotation:

secretGroupId String

(String) A UUID identifier, or default secret group.

Constraints: The maximum length is 36 characters. The minimum length is 7 characters. The value must match regular expression /^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|default)$/.

secretId String

secretType String

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

serviceId String

Constraints: The maximum length is 50 characters. The minimum length is 40 characters. The value must match regular expression /^[A-Za-z0-9][A-Za-z0-9]*(?:-?[A-Za-z0-9]+)*$/.

serviceIdIsStatic Boolean

state Number

Constraints: Allowable values are: 0, 1, 2, 3, 5.

stateDescription String

(String) A text representation of the secret state.

Constraints: Allowable values are: pre_activation, active, suspended, deactivated, destroyed.

ttl String

Constraints: The maximum length is 10 characters. The minimum length is 2 characters. The value must match regular expression /^[0-9]+[s,m,h,d]{0,1}$/.

updatedAt String

(String) The date when a resource was recently modified. The date format follows RFC 3339.

versionsTotal Number

(Integer) The number of versions of the secret.

Constraints: The maximum value is 50. The minimum value is 0.

endpointType String

secretGroupName String

Supporting Types

GetSmIamCredentialsSecretRotation

AutoRotate bool

(Boolean) Determines whether Secrets Manager rotates your secret automatically.Default is false. If auto_rotate is set to true the service rotates your secret based on the defined interval.

Interval double

(Integer) The length of the secret rotation time interval.

Constraints: The minimum value is 1.

Unit string

(String) The units for the secret rotation time interval.

Constraints: Allowable values are: day, month.

AutoRotate bool

(Boolean) Determines whether Secrets Manager rotates your secret automatically.Default is false. If auto_rotate is set to true the service rotates your secret based on the defined interval.

Interval float64

(Integer) The length of the secret rotation time interval.

Constraints: The minimum value is 1.

Unit string

(String) The units for the secret rotation time interval.

Constraints: Allowable values are: day, month.

autoRotate Boolean

(Boolean) Determines whether Secrets Manager rotates your secret automatically.Default is false. If auto_rotate is set to true the service rotates your secret based on the defined interval.

interval Double

(Integer) The length of the secret rotation time interval.

Constraints: The minimum value is 1.

unit String

(String) The units for the secret rotation time interval.

Constraints: Allowable values are: day, month.

autoRotate boolean

(Boolean) Determines whether Secrets Manager rotates your secret automatically.Default is false. If auto_rotate is set to true the service rotates your secret based on the defined interval.

interval number

(Integer) The length of the secret rotation time interval.

Constraints: The minimum value is 1.

unit string

(String) The units for the secret rotation time interval.

Constraints: Allowable values are: day, month.

auto_rotate bool

(Boolean) Determines whether Secrets Manager rotates your secret automatically.Default is false. If auto_rotate is set to true the service rotates your secret based on the defined interval.

interval float

(Integer) The length of the secret rotation time interval.

Constraints: The minimum value is 1.

unit str

(String) The units for the secret rotation time interval.

Constraints: Allowable values are: day, month.

autoRotate Boolean

(Boolean) Determines whether Secrets Manager rotates your secret automatically.Default is false. If auto_rotate is set to true the service rotates your secret based on the defined interval.

interval Number

(Integer) The length of the secret rotation time interval.

Constraints: The minimum value is 1.

unit String

(String) The units for the secret rotation time interval.

Constraints: Allowable values are: day, month.

Package Details

Repository: ibm ibm-cloud/terraform-provider-ibm
License
Notes: This Pulumi package is based on the ibm Terraform Provider.

ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud

ibm-cloud/terraform-provider-ibm

ibm.getSmIamCredentialsSecret

On this page

On this page

Example Usage

Using getSmIamCredentialsSecret

getSmIamCredentialsSecret Result

Supporting Types

GetSmIamCredentialsSecretRotation

Package Details

On this page

On this page