Viewing docs for MongoDB Atlas v4.5.0
published on Thursday, Mar 12, 2026 by Pulumi
published on Thursday, Mar 12, 2026 by Pulumi
Viewing docs for MongoDB Atlas v4.5.0
published on Thursday, Mar 12, 2026 by Pulumi
published on Thursday, Mar 12, 2026 by Pulumi
mongodbatlas.ProjectServiceAccountSecret describes a Project Service Account Secret.
IMPORTANT WARNING: Managing Service Accounts with Terraform exposes sensitive organizational secrets in Terraform’s state. We suggest following Terraform’s best practices.
Example Usage
S
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const thisProjectServiceAccount = new mongodbatlas.ProjectServiceAccount("this", {
projectId: projectId,
name: "example-project-service-account",
description: "Example Project Service Account",
roles: ["GROUP_READ_ONLY"],
secretExpiresAfterHours: 2160,
});
const thisProjectServiceAccountSecret = new mongodbatlas.ProjectServiceAccountSecret("this", {
projectId: projectId,
clientId: thisProjectServiceAccount.clientId,
secretExpiresAfterHours: 2160,
});
const _this = pulumi.all([thisProjectServiceAccount.clientId, thisProjectServiceAccountSecret.secretId]).apply(([clientId, secretId]) => mongodbatlas.getProjectServiceAccountSecretOutput({
projectId: projectId,
clientId: clientId,
secretId: secretId,
}));
export const secretId = thisProjectServiceAccountSecret.secretId;
export const secret = thisProjectServiceAccountSecret.secret;
export const secretExpiresAt = _this.apply(_this => _this.expiresAt);
import pulumi
import pulumi_mongodbatlas as mongodbatlas
this_project_service_account = mongodbatlas.ProjectServiceAccount("this",
project_id=project_id,
name="example-project-service-account",
description="Example Project Service Account",
roles=["GROUP_READ_ONLY"],
secret_expires_after_hours=2160)
this_project_service_account_secret = mongodbatlas.ProjectServiceAccountSecret("this",
project_id=project_id,
client_id=this_project_service_account.client_id,
secret_expires_after_hours=2160)
this = pulumi.Output.all(
client_id=this_project_service_account.client_id,
secret_id=this_project_service_account_secret.secret_id
).apply(lambda resolved_outputs: mongodbatlas.get_project_service_account_secret_output(project_id=project_id,
client_id=resolved_outputs['client_id'],
secret_id=resolved_outputs['secret_id']))
pulumi.export("secretId", this_project_service_account_secret.secret_id)
pulumi.export("secret", this_project_service_account_secret.secret)
pulumi.export("secretExpiresAt", this.expires_at)
package main
import (
"github.com/pulumi/pulumi-mongodbatlas/sdk/v4/go/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
thisProjectServiceAccount, err := mongodbatlas.NewProjectServiceAccount(ctx, "this", &mongodbatlas.ProjectServiceAccountArgs{
ProjectId: pulumi.Any(projectId),
Name: pulumi.String("example-project-service-account"),
Description: pulumi.String("Example Project Service Account"),
Roles: pulumi.StringArray{
pulumi.String("GROUP_READ_ONLY"),
},
SecretExpiresAfterHours: pulumi.Int(2160),
})
if err != nil {
return err
}
thisProjectServiceAccountSecret, err := mongodbatlas.NewProjectServiceAccountSecret(ctx, "this", &mongodbatlas.ProjectServiceAccountSecretArgs{
ProjectId: pulumi.Any(projectId),
ClientId: thisProjectServiceAccount.ClientId,
SecretExpiresAfterHours: pulumi.Int(2160),
})
if err != nil {
return err
}
this := pulumi.All(thisProjectServiceAccount.ClientId, thisProjectServiceAccountSecret.SecretId).ApplyT(func(_args []interface{}) (mongodbatlas.GetProjectServiceAccountSecretResult, error) {
clientId := _args[0].(string)
secretId := _args[1].(string)
return mongodbatlas.GetProjectServiceAccountSecretResult(interface{}(mongodbatlas.LookupProjectServiceAccountSecret(ctx, &mongodbatlas.LookupProjectServiceAccountSecretArgs{
ProjectId: projectId,
ClientId: clientId,
SecretId: secretId,
}, nil))), nil
}).(mongodbatlas.GetProjectServiceAccountSecretResultOutput)
ctx.Export("secretId", thisProjectServiceAccountSecret.SecretId)
ctx.Export("secret", thisProjectServiceAccountSecret.Secret)
ctx.Export("secretExpiresAt", this.ApplyT(func(this mongodbatlas.GetProjectServiceAccountSecretResult) (*string, error) {
return &this.ExpiresAt, nil
}).(pulumi.StringPtrOutput))
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
return await Deployment.RunAsync(() =>
{
var thisProjectServiceAccount = new Mongodbatlas.ProjectServiceAccount("this", new()
{
ProjectId = projectId,
Name = "example-project-service-account",
Description = "Example Project Service Account",
Roles = new[]
{
"GROUP_READ_ONLY",
},
SecretExpiresAfterHours = 2160,
});
var thisProjectServiceAccountSecret = new Mongodbatlas.ProjectServiceAccountSecret("this", new()
{
ProjectId = projectId,
ClientId = thisProjectServiceAccount.ClientId,
SecretExpiresAfterHours = 2160,
});
var @this = Mongodbatlas.GetProjectServiceAccountSecret.Invoke(new()
{
ProjectId = projectId,
ClientId = thisProjectServiceAccount.ClientId,
SecretId = thisProjectServiceAccountSecret.SecretId,
});
return new Dictionary<string, object?>
{
["secretId"] = thisProjectServiceAccountSecret.SecretId,
["secret"] = thisProjectServiceAccountSecret.Secret,
["secretExpiresAt"] = @this.Apply(@this => @this.Apply(getProjectServiceAccountSecretResult => getProjectServiceAccountSecretResult.ExpiresAt)),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.ProjectServiceAccount;
import com.pulumi.mongodbatlas.ProjectServiceAccountArgs;
import com.pulumi.mongodbatlas.ProjectServiceAccountSecret;
import com.pulumi.mongodbatlas.ProjectServiceAccountSecretArgs;
import com.pulumi.mongodbatlas.MongodbatlasFunctions;
import com.pulumi.mongodbatlas.inputs.GetProjectServiceAccountSecretArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var thisProjectServiceAccount = new ProjectServiceAccount("thisProjectServiceAccount", ProjectServiceAccountArgs.builder()
.projectId(projectId)
.name("example-project-service-account")
.description("Example Project Service Account")
.roles("GROUP_READ_ONLY")
.secretExpiresAfterHours(2160)
.build());
var thisProjectServiceAccountSecret = new ProjectServiceAccountSecret("thisProjectServiceAccountSecret", ProjectServiceAccountSecretArgs.builder()
.projectId(projectId)
.clientId(thisProjectServiceAccount.clientId())
.secretExpiresAfterHours(2160)
.build());
final var this = Output.tuple(thisProjectServiceAccount.clientId(), thisProjectServiceAccountSecret.secretId()).applyValue(values -> {
var clientId = values.t1;
var secretId = values.t2;
return MongodbatlasFunctions.getProjectServiceAccountSecret(GetProjectServiceAccountSecretArgs.builder()
.projectId(projectId)
.clientId(clientId)
.secretId(secretId)
.build());
});
ctx.export("secretId", thisProjectServiceAccountSecret.secretId());
ctx.export("secret", thisProjectServiceAccountSecret.secret());
ctx.export("secretExpiresAt", this_.applyValue(_this_ -> _this_.expiresAt()));
}
}
resources:
thisProjectServiceAccount:
type: mongodbatlas:ProjectServiceAccount
name: this
properties:
projectId: ${projectId}
name: example-project-service-account
description: Example Project Service Account
roles:
- GROUP_READ_ONLY
secretExpiresAfterHours: 2160 # 90 days
thisProjectServiceAccountSecret:
type: mongodbatlas:ProjectServiceAccountSecret
name: this
properties:
projectId: ${projectId}
clientId: ${thisProjectServiceAccount.clientId}
secretExpiresAfterHours: 2160 # 90 days
variables:
this:
fn::invoke:
function: mongodbatlas:getProjectServiceAccountSecret
arguments:
projectId: ${projectId}
clientId: ${thisProjectServiceAccount.clientId}
secretId: ${thisProjectServiceAccountSecret.secretId}
outputs:
secretId: ${thisProjectServiceAccountSecret.secretId}
secret: ${thisProjectServiceAccountSecret.secret}
secretExpiresAt: ${this.expiresAt}
Using getProjectServiceAccountSecret
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getProjectServiceAccountSecret(args: GetProjectServiceAccountSecretArgs, opts?: InvokeOptions): Promise<GetProjectServiceAccountSecretResult>
function getProjectServiceAccountSecretOutput(args: GetProjectServiceAccountSecretOutputArgs, opts?: InvokeOptions): Output<GetProjectServiceAccountSecretResult>def get_project_service_account_secret(client_id: Optional[str] = None,
project_id: Optional[str] = None,
secret_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetProjectServiceAccountSecretResult
def get_project_service_account_secret_output(client_id: Optional[pulumi.Input[str]] = None,
project_id: Optional[pulumi.Input[str]] = None,
secret_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetProjectServiceAccountSecretResult]func LookupProjectServiceAccountSecret(ctx *Context, args *LookupProjectServiceAccountSecretArgs, opts ...InvokeOption) (*LookupProjectServiceAccountSecretResult, error)
func LookupProjectServiceAccountSecretOutput(ctx *Context, args *LookupProjectServiceAccountSecretOutputArgs, opts ...InvokeOption) LookupProjectServiceAccountSecretResultOutput> Note: This function is named LookupProjectServiceAccountSecret in the Go SDK.
public static class GetProjectServiceAccountSecret
{
public static Task<GetProjectServiceAccountSecretResult> InvokeAsync(GetProjectServiceAccountSecretArgs args, InvokeOptions? opts = null)
public static Output<GetProjectServiceAccountSecretResult> Invoke(GetProjectServiceAccountSecretInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetProjectServiceAccountSecretResult> getProjectServiceAccountSecret(GetProjectServiceAccountSecretArgs args, InvokeOptions options)
public static Output<GetProjectServiceAccountSecretResult> getProjectServiceAccountSecret(GetProjectServiceAccountSecretArgs args, InvokeOptions options)
fn::invoke:
function: mongodbatlas:index/getProjectServiceAccountSecret:getProjectServiceAccountSecret
arguments:
# arguments dictionaryThe following arguments are supported:
- client_
id str - The Client ID of the Service Account.
- project_
id str - Unique 24-hexadecimal digit string that identifies your project.
- secret_
id str - Unique 24-hexadecimal digit string that identifies the secret.
getProjectServiceAccountSecret Result
The following output properties are available:
- Client
Id string - The Client ID of the Service Account.
- Created
At string - The date that the secret was created on. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- Expires
At string - The date for the expiration of the secret. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Used stringAt - The last time the secret was used. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- Masked
Secret stringValue - The masked Service Account secret.
- Project
Id string - Unique 24-hexadecimal digit string that identifies your project.
- Secret
Id string - Unique 24-hexadecimal digit string that identifies the secret.
- Client
Id string - The Client ID of the Service Account.
- Created
At string - The date that the secret was created on. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- Expires
At string - The date for the expiration of the secret. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Used stringAt - The last time the secret was used. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- Masked
Secret stringValue - The masked Service Account secret.
- Project
Id string - Unique 24-hexadecimal digit string that identifies your project.
- Secret
Id string - Unique 24-hexadecimal digit string that identifies the secret.
- client
Id String - The Client ID of the Service Account.
- created
At String - The date that the secret was created on. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- expires
At String - The date for the expiration of the secret. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Used StringAt - The last time the secret was used. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- masked
Secret StringValue - The masked Service Account secret.
- project
Id String - Unique 24-hexadecimal digit string that identifies your project.
- secret
Id String - Unique 24-hexadecimal digit string that identifies the secret.
- client
Id string - The Client ID of the Service Account.
- created
At string - The date that the secret was created on. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- expires
At string - The date for the expiration of the secret. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- id string
- The provider-assigned unique ID for this managed resource.
- last
Used stringAt - The last time the secret was used. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- masked
Secret stringValue - The masked Service Account secret.
- project
Id string - Unique 24-hexadecimal digit string that identifies your project.
- secret
Id string - Unique 24-hexadecimal digit string that identifies the secret.
- client_
id str - The Client ID of the Service Account.
- created_
at str - The date that the secret was created on. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- expires_
at str - The date for the expiration of the secret. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- id str
- The provider-assigned unique ID for this managed resource.
- last_
used_ strat - The last time the secret was used. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- masked_
secret_ strvalue - The masked Service Account secret.
- project_
id str - Unique 24-hexadecimal digit string that identifies your project.
- secret_
id str - Unique 24-hexadecimal digit string that identifies the secret.
- client
Id String - The Client ID of the Service Account.
- created
At String - The date that the secret was created on. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- expires
At String - The date for the expiration of the secret. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Used StringAt - The last time the secret was used. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- masked
Secret StringValue - The masked Service Account secret.
- project
Id String - Unique 24-hexadecimal digit string that identifies your project.
- secret
Id String - Unique 24-hexadecimal digit string that identifies the secret.
Package Details
- Repository
- MongoDB Atlas pulumi/pulumi-mongodbatlas
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
mongodbatlasTerraform Provider.
Viewing docs for MongoDB Atlas v4.5.0
published on Thursday, Mar 12, 2026 by Pulumi
published on Thursday, Mar 12, 2026 by Pulumi
