Viewing docs for MongoDB Atlas v4.5.0
published on Thursday, Mar 12, 2026 by Pulumi
published on Thursday, Mar 12, 2026 by Pulumi
Viewing docs for MongoDB Atlas v4.5.0
published on Thursday, Mar 12, 2026 by Pulumi
published on Thursday, Mar 12, 2026 by Pulumi
mongodbatlas.ServiceAccountSecret describes a Service Account Secret.
IMPORTANT WARNING: Managing Service Accounts with Terraform exposes sensitive organizational secrets in Terraform’s state. We suggest following Terraform’s best practices.
Example Usage
S
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const thisServiceAccount = new mongodbatlas.ServiceAccount("this", {
orgId: orgId,
name: "example-service-account",
description: "Example Service Account",
roles: ["ORG_READ_ONLY"],
secretExpiresAfterHours: 2160,
});
const thisServiceAccountSecret = new mongodbatlas.ServiceAccountSecret("this", {
orgId: orgId,
clientId: thisServiceAccount.clientId,
secretExpiresAfterHours: 2160,
});
const _this = pulumi.all([thisServiceAccount.clientId, thisServiceAccountSecret.secretId]).apply(([clientId, secretId]) => mongodbatlas.getServiceAccountSecretOutput({
orgId: orgId,
clientId: clientId,
secretId: secretId,
}));
export const secretId = thisServiceAccountSecret.secretId;
export const secret = thisServiceAccountSecret.secret;
export const secretExpiresAt = _this.apply(_this => _this.expiresAt);
import pulumi
import pulumi_mongodbatlas as mongodbatlas
this_service_account = mongodbatlas.ServiceAccount("this",
org_id=org_id,
name="example-service-account",
description="Example Service Account",
roles=["ORG_READ_ONLY"],
secret_expires_after_hours=2160)
this_service_account_secret = mongodbatlas.ServiceAccountSecret("this",
org_id=org_id,
client_id=this_service_account.client_id,
secret_expires_after_hours=2160)
this = pulumi.Output.all(
client_id=this_service_account.client_id,
secret_id=this_service_account_secret.secret_id
).apply(lambda resolved_outputs: mongodbatlas.get_service_account_secret_output(org_id=org_id,
client_id=resolved_outputs['client_id'],
secret_id=resolved_outputs['secret_id']))
pulumi.export("secretId", this_service_account_secret.secret_id)
pulumi.export("secret", this_service_account_secret.secret)
pulumi.export("secretExpiresAt", this.expires_at)
package main
import (
"github.com/pulumi/pulumi-mongodbatlas/sdk/v4/go/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
thisServiceAccount, err := mongodbatlas.NewServiceAccount(ctx, "this", &mongodbatlas.ServiceAccountArgs{
OrgId: pulumi.Any(orgId),
Name: pulumi.String("example-service-account"),
Description: pulumi.String("Example Service Account"),
Roles: pulumi.StringArray{
pulumi.String("ORG_READ_ONLY"),
},
SecretExpiresAfterHours: pulumi.Int(2160),
})
if err != nil {
return err
}
thisServiceAccountSecret, err := mongodbatlas.NewServiceAccountSecret(ctx, "this", &mongodbatlas.ServiceAccountSecretArgs{
OrgId: pulumi.Any(orgId),
ClientId: thisServiceAccount.ClientId,
SecretExpiresAfterHours: pulumi.Int(2160),
})
if err != nil {
return err
}
this := pulumi.All(thisServiceAccount.ClientId, thisServiceAccountSecret.SecretId).ApplyT(func(_args []interface{}) (mongodbatlas.GetServiceAccountSecretResult, error) {
clientId := _args[0].(string)
secretId := _args[1].(string)
return mongodbatlas.GetServiceAccountSecretResult(interface{}(mongodbatlas.LookupServiceAccountSecret(ctx, &mongodbatlas.LookupServiceAccountSecretArgs{
OrgId: orgId,
ClientId: clientId,
SecretId: secretId,
}, nil))), nil
}).(mongodbatlas.GetServiceAccountSecretResultOutput)
ctx.Export("secretId", thisServiceAccountSecret.SecretId)
ctx.Export("secret", thisServiceAccountSecret.Secret)
ctx.Export("secretExpiresAt", this.ApplyT(func(this mongodbatlas.GetServiceAccountSecretResult) (*string, error) {
return &this.ExpiresAt, nil
}).(pulumi.StringPtrOutput))
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
return await Deployment.RunAsync(() =>
{
var thisServiceAccount = new Mongodbatlas.ServiceAccount("this", new()
{
OrgId = orgId,
Name = "example-service-account",
Description = "Example Service Account",
Roles = new[]
{
"ORG_READ_ONLY",
},
SecretExpiresAfterHours = 2160,
});
var thisServiceAccountSecret = new Mongodbatlas.ServiceAccountSecret("this", new()
{
OrgId = orgId,
ClientId = thisServiceAccount.ClientId,
SecretExpiresAfterHours = 2160,
});
var @this = Mongodbatlas.GetServiceAccountSecret.Invoke(new()
{
OrgId = orgId,
ClientId = thisServiceAccount.ClientId,
SecretId = thisServiceAccountSecret.SecretId,
});
return new Dictionary<string, object?>
{
["secretId"] = thisServiceAccountSecret.SecretId,
["secret"] = thisServiceAccountSecret.Secret,
["secretExpiresAt"] = @this.Apply(@this => @this.Apply(getServiceAccountSecretResult => getServiceAccountSecretResult.ExpiresAt)),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.ServiceAccount;
import com.pulumi.mongodbatlas.ServiceAccountArgs;
import com.pulumi.mongodbatlas.ServiceAccountSecret;
import com.pulumi.mongodbatlas.ServiceAccountSecretArgs;
import com.pulumi.mongodbatlas.MongodbatlasFunctions;
import com.pulumi.mongodbatlas.inputs.GetServiceAccountSecretArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var thisServiceAccount = new ServiceAccount("thisServiceAccount", ServiceAccountArgs.builder()
.orgId(orgId)
.name("example-service-account")
.description("Example Service Account")
.roles("ORG_READ_ONLY")
.secretExpiresAfterHours(2160)
.build());
var thisServiceAccountSecret = new ServiceAccountSecret("thisServiceAccountSecret", ServiceAccountSecretArgs.builder()
.orgId(orgId)
.clientId(thisServiceAccount.clientId())
.secretExpiresAfterHours(2160)
.build());
final var this = Output.tuple(thisServiceAccount.clientId(), thisServiceAccountSecret.secretId()).applyValue(values -> {
var clientId = values.t1;
var secretId = values.t2;
return MongodbatlasFunctions.getServiceAccountSecret(GetServiceAccountSecretArgs.builder()
.orgId(orgId)
.clientId(clientId)
.secretId(secretId)
.build());
});
ctx.export("secretId", thisServiceAccountSecret.secretId());
ctx.export("secret", thisServiceAccountSecret.secret());
ctx.export("secretExpiresAt", this_.applyValue(_this_ -> _this_.expiresAt()));
}
}
resources:
thisServiceAccount:
type: mongodbatlas:ServiceAccount
name: this
properties:
orgId: ${orgId}
name: example-service-account
description: Example Service Account
roles:
- ORG_READ_ONLY
secretExpiresAfterHours: 2160 # 90 days
thisServiceAccountSecret:
type: mongodbatlas:ServiceAccountSecret
name: this
properties:
orgId: ${orgId}
clientId: ${thisServiceAccount.clientId}
secretExpiresAfterHours: 2160 # 90 days
variables:
this:
fn::invoke:
function: mongodbatlas:getServiceAccountSecret
arguments:
orgId: ${orgId}
clientId: ${thisServiceAccount.clientId}
secretId: ${thisServiceAccountSecret.secretId}
outputs:
secretId: ${thisServiceAccountSecret.secretId}
secret: ${thisServiceAccountSecret.secret}
secretExpiresAt: ${this.expiresAt}
Using getServiceAccountSecret
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getServiceAccountSecret(args: GetServiceAccountSecretArgs, opts?: InvokeOptions): Promise<GetServiceAccountSecretResult>
function getServiceAccountSecretOutput(args: GetServiceAccountSecretOutputArgs, opts?: InvokeOptions): Output<GetServiceAccountSecretResult>def get_service_account_secret(client_id: Optional[str] = None,
org_id: Optional[str] = None,
secret_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetServiceAccountSecretResult
def get_service_account_secret_output(client_id: Optional[pulumi.Input[str]] = None,
org_id: Optional[pulumi.Input[str]] = None,
secret_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetServiceAccountSecretResult]func LookupServiceAccountSecret(ctx *Context, args *LookupServiceAccountSecretArgs, opts ...InvokeOption) (*LookupServiceAccountSecretResult, error)
func LookupServiceAccountSecretOutput(ctx *Context, args *LookupServiceAccountSecretOutputArgs, opts ...InvokeOption) LookupServiceAccountSecretResultOutput> Note: This function is named LookupServiceAccountSecret in the Go SDK.
public static class GetServiceAccountSecret
{
public static Task<GetServiceAccountSecretResult> InvokeAsync(GetServiceAccountSecretArgs args, InvokeOptions? opts = null)
public static Output<GetServiceAccountSecretResult> Invoke(GetServiceAccountSecretInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetServiceAccountSecretResult> getServiceAccountSecret(GetServiceAccountSecretArgs args, InvokeOptions options)
public static Output<GetServiceAccountSecretResult> getServiceAccountSecret(GetServiceAccountSecretArgs args, InvokeOptions options)
fn::invoke:
function: mongodbatlas:index/getServiceAccountSecret:getServiceAccountSecret
arguments:
# arguments dictionaryThe following arguments are supported:
getServiceAccountSecret Result
The following output properties are available:
- Client
Id string - The Client ID of the Service Account.
- Created
At string - The date that the secret was created on. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- Expires
At string - The date for the expiration of the secret. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Used stringAt - The last time the secret was used. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- Masked
Secret stringValue - The masked Service Account secret.
- Org
Id string - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- Secret
Id string - Unique 24-hexadecimal digit string that identifies the secret.
- Client
Id string - The Client ID of the Service Account.
- Created
At string - The date that the secret was created on. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- Expires
At string - The date for the expiration of the secret. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Used stringAt - The last time the secret was used. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- Masked
Secret stringValue - The masked Service Account secret.
- Org
Id string - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- Secret
Id string - Unique 24-hexadecimal digit string that identifies the secret.
- client
Id String - The Client ID of the Service Account.
- created
At String - The date that the secret was created on. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- expires
At String - The date for the expiration of the secret. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Used StringAt - The last time the secret was used. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- masked
Secret StringValue - The masked Service Account secret.
- org
Id String - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- secret
Id String - Unique 24-hexadecimal digit string that identifies the secret.
- client
Id string - The Client ID of the Service Account.
- created
At string - The date that the secret was created on. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- expires
At string - The date for the expiration of the secret. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- id string
- The provider-assigned unique ID for this managed resource.
- last
Used stringAt - The last time the secret was used. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- masked
Secret stringValue - The masked Service Account secret.
- org
Id string - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- secret
Id string - Unique 24-hexadecimal digit string that identifies the secret.
- client_
id str - The Client ID of the Service Account.
- created_
at str - The date that the secret was created on. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- expires_
at str - The date for the expiration of the secret. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- id str
- The provider-assigned unique ID for this managed resource.
- last_
used_ strat - The last time the secret was used. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- masked_
secret_ strvalue - The masked Service Account secret.
- org_
id str - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- secret_
id str - Unique 24-hexadecimal digit string that identifies the secret.
- client
Id String - The Client ID of the Service Account.
- created
At String - The date that the secret was created on. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- expires
At String - The date for the expiration of the secret. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Used StringAt - The last time the secret was used. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- masked
Secret StringValue - The masked Service Account secret.
- org
Id String - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
- secret
Id String - Unique 24-hexadecimal digit string that identifies the secret.
Package Details
- Repository
- MongoDB Atlas pulumi/pulumi-mongodbatlas
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
mongodbatlasTerraform Provider.
Viewing docs for MongoDB Atlas v4.5.0
published on Thursday, Mar 12, 2026 by Pulumi
published on Thursday, Mar 12, 2026 by Pulumi
