openstack.keymanager.getSecret

OpenStack v5.4.2, Apr 10 26

Viewing docs for OpenStack v5.4.2
published on Friday, Apr 10, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-openstack

Viewing docs for OpenStack v5.4.2
published on Friday, Apr 10, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-openstack

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const example = openstack.keymanager.getSecret({
    mode: "cbc",
    secretType: "passphrase",
});

import pulumi
import pulumi_openstack as openstack

example = openstack.keymanager.get_secret(mode="cbc",
    secret_type="passphrase")

package main

import (
	"github.com/pulumi/pulumi-openstack/sdk/v5/go/openstack/keymanager"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := keymanager.GetSecret(ctx, &keymanager.GetSecretArgs{
			Mode:       pulumi.StringRef("cbc"),
			SecretType: pulumi.StringRef("passphrase"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using OpenStack = Pulumi.OpenStack;

return await Deployment.RunAsync(() => 
{
    var example = OpenStack.KeyManager.GetSecret.Invoke(new()
    {
        Mode = "cbc",
        SecretType = "passphrase",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.openstack.keymanager.KeymanagerFunctions;
import com.pulumi.openstack.keymanager.inputs.GetSecretArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = KeymanagerFunctions.getSecret(GetSecretArgs.builder()
            .mode("cbc")
            .secretType("passphrase")
            .build());

    }
}

variables:
  example:
    fn::invoke:
      function: openstack:keymanager:getSecret
      arguments:
        mode: cbc
        secretType: passphrase

Date Filters

The values for the expirationFilter, createdAtFilter, and updatedAtFilter parameters are comma-separated lists of time stamps in RFC3339 format. The time stamps can be prefixed with any of these comparison operators: gt: (greater-than), gte: (greater-than-or-equal), lt: (less-than), lte: (less-than-or-equal).

For example, to get a passphrase a Secret with CBC moda, that will expire in January of 2020:

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const dateFilterExample = openstack.keymanager.getSecret({
    mode: "cbc",
    secretType: "passphrase",
    expirationFilter: "gt:2020-01-01T00:00:00Z",
});

import pulumi
import pulumi_openstack as openstack

date_filter_example = openstack.keymanager.get_secret(mode="cbc",
    secret_type="passphrase",
    expiration_filter="gt:2020-01-01T00:00:00Z")

package main

import (
	"github.com/pulumi/pulumi-openstack/sdk/v5/go/openstack/keymanager"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := keymanager.GetSecret(ctx, &keymanager.GetSecretArgs{
			Mode:             pulumi.StringRef("cbc"),
			SecretType:       pulumi.StringRef("passphrase"),
			ExpirationFilter: pulumi.StringRef("gt:2020-01-01T00:00:00Z"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using OpenStack = Pulumi.OpenStack;

return await Deployment.RunAsync(() => 
{
    var dateFilterExample = OpenStack.KeyManager.GetSecret.Invoke(new()
    {
        Mode = "cbc",
        SecretType = "passphrase",
        ExpirationFilter = "gt:2020-01-01T00:00:00Z",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.openstack.keymanager.KeymanagerFunctions;
import com.pulumi.openstack.keymanager.inputs.GetSecretArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var dateFilterExample = KeymanagerFunctions.getSecret(GetSecretArgs.builder()
            .mode("cbc")
            .secretType("passphrase")
            .expirationFilter("gt:2020-01-01T00:00:00Z")
            .build());

    }
}

variables:
  dateFilterExample:
    fn::invoke:
      function: openstack:keymanager:getSecret
      arguments:
        mode: cbc
        secretType: passphrase
        expirationFilter: gt:2020-01-01T00:00:00Z

Using getSecret

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getSecret(args: GetSecretArgs, opts?: InvokeOptions): Promise<GetSecretResult>
function getSecretOutput(args: GetSecretOutputArgs, opts?: InvokeOptions): Output<GetSecretResult>

def get_secret(acl_only: Optional[bool] = None,
               algorithm: Optional[str] = None,
               bit_length: Optional[int] = None,
               created_at_filter: Optional[str] = None,
               expiration_filter: Optional[str] = None,
               mode: Optional[str] = None,
               name: Optional[str] = None,
               region: Optional[str] = None,
               secret_type: Optional[str] = None,
               updated_at_filter: Optional[str] = None,
               opts: Optional[InvokeOptions] = None) -> GetSecretResult
def get_secret_output(acl_only: pulumi.Input[Optional[bool]] = None,
               algorithm: pulumi.Input[Optional[str]] = None,
               bit_length: pulumi.Input[Optional[int]] = None,
               created_at_filter: pulumi.Input[Optional[str]] = None,
               expiration_filter: pulumi.Input[Optional[str]] = None,
               mode: pulumi.Input[Optional[str]] = None,
               name: pulumi.Input[Optional[str]] = None,
               region: pulumi.Input[Optional[str]] = None,
               secret_type: pulumi.Input[Optional[str]] = None,
               updated_at_filter: pulumi.Input[Optional[str]] = None,
               opts: Optional[InvokeOptions] = None) -> Output[GetSecretResult]

func GetSecret(ctx *Context, args *GetSecretArgs, opts ...InvokeOption) (*GetSecretResult, error)
func GetSecretOutput(ctx *Context, args *GetSecretOutputArgs, opts ...InvokeOption) GetSecretResultOutput

> Note: This function is named GetSecret in the Go SDK.

public static class GetSecret 
{
    public static Task<GetSecretResult> InvokeAsync(GetSecretArgs args, InvokeOptions? opts = null)
    public static Output<GetSecretResult> Invoke(GetSecretInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetSecretResult> getSecret(GetSecretArgs args, InvokeOptions options)
public static Output<GetSecretResult> getSecret(GetSecretArgs args, InvokeOptions options)

fn::invoke:
  function: openstack:keymanager/getSecret:getSecret
  arguments:
    # arguments dictionary

The following arguments are supported:

AclOnly bool: Select the Secret with an ACL that contains the user. Project scope is ignored. Defaults to false.
Algorithm string: The Secret algorithm.
BitLength int: The Secret bit length.
CreatedAtFilter string: Date filter to select the Secret with created matching the specified criteria. See Date Filters below for more detail.
ExpirationFilter string: Date filter to select the Secret with expiration matching the specified criteria. See Date Filters below for more detail.
Mode string: The Secret mode.
Name string: The Secret name.
Region string: The region in which to obtain the V1 KeyManager client. A KeyManager client is needed to fetch a secret. If omitted, the region argument of the provider is used.
SecretType string: The Secret type. For more information see Secret types.
UpdatedAtFilter string: Date filter to select the Secret with updated matching the specified criteria. See Date Filters below for more detail.

AclOnly bool: Select the Secret with an ACL that contains the user. Project scope is ignored. Defaults to false.
Algorithm string: The Secret algorithm.
BitLength int: The Secret bit length.
CreatedAtFilter string: Date filter to select the Secret with created matching the specified criteria. See Date Filters below for more detail.
ExpirationFilter string: Date filter to select the Secret with expiration matching the specified criteria. See Date Filters below for more detail.
Mode string: The Secret mode.
Name string: The Secret name.
Region string: The region in which to obtain the V1 KeyManager client. A KeyManager client is needed to fetch a secret. If omitted, the region argument of the provider is used.
SecretType string: The Secret type. For more information see Secret types.
UpdatedAtFilter string: Date filter to select the Secret with updated matching the specified criteria. See Date Filters below for more detail.

aclOnly Boolean: Select the Secret with an ACL that contains the user. Project scope is ignored. Defaults to false.
algorithm String: The Secret algorithm.
bitLength Integer: The Secret bit length.
createdAtFilter String: Date filter to select the Secret with created matching the specified criteria. See Date Filters below for more detail.
expirationFilter String: Date filter to select the Secret with expiration matching the specified criteria. See Date Filters below for more detail.
mode String: The Secret mode.
name String: The Secret name.
region String: The region in which to obtain the V1 KeyManager client. A KeyManager client is needed to fetch a secret. If omitted, the region argument of the provider is used.
secretType String: The Secret type. For more information see Secret types.
updatedAtFilter String: Date filter to select the Secret with updated matching the specified criteria. See Date Filters below for more detail.

aclOnly boolean: Select the Secret with an ACL that contains the user. Project scope is ignored. Defaults to false.
algorithm string: The Secret algorithm.
bitLength number: The Secret bit length.
createdAtFilter string: Date filter to select the Secret with created matching the specified criteria. See Date Filters below for more detail.
expirationFilter string: Date filter to select the Secret with expiration matching the specified criteria. See Date Filters below for more detail.
mode string: The Secret mode.
name string: The Secret name.
region string: The region in which to obtain the V1 KeyManager client. A KeyManager client is needed to fetch a secret. If omitted, the region argument of the provider is used.
secretType string: The Secret type. For more information see Secret types.
updatedAtFilter string: Date filter to select the Secret with updated matching the specified criteria. See Date Filters below for more detail.

acl_only bool: Select the Secret with an ACL that contains the user. Project scope is ignored. Defaults to false.
algorithm str: The Secret algorithm.
bit_length int: The Secret bit length.
created_at_filter str: Date filter to select the Secret with created matching the specified criteria. See Date Filters below for more detail.
expiration_filter str: Date filter to select the Secret with expiration matching the specified criteria. See Date Filters below for more detail.
mode str: The Secret mode.
name str: The Secret name.
region str: The region in which to obtain the V1 KeyManager client. A KeyManager client is needed to fetch a secret. If omitted, the region argument of the provider is used.
secret_type str: The Secret type. For more information see Secret types.
updated_at_filter str: Date filter to select the Secret with updated matching the specified criteria. See Date Filters below for more detail.

aclOnly Boolean: Select the Secret with an ACL that contains the user. Project scope is ignored. Defaults to false.
algorithm String: The Secret algorithm.
bitLength Number: The Secret bit length.
createdAtFilter String: Date filter to select the Secret with created matching the specified criteria. See Date Filters below for more detail.
expirationFilter String: Date filter to select the Secret with expiration matching the specified criteria. See Date Filters below for more detail.
mode String: The Secret mode.
name String: The Secret name.
region String: The region in which to obtain the V1 KeyManager client. A KeyManager client is needed to fetch a secret. If omitted, the region argument of the provider is used.
secretType String: The Secret type. For more information see Secret types.
updatedAtFilter String: Date filter to select the Secret with updated matching the specified criteria. See Date Filters below for more detail.

getSecret Result

The following output properties are available:

Acls List<Pulumi.OpenStack.KeyManager.Outputs.GetSecretAcl>: The list of ACLs assigned to a secret. The read structure is described below.
ContentTypes Dictionary<string, string>: The map of the content types, assigned on the secret.
CreatedAt string: The date the secret ACL was created.
CreatorId string: The creator of the secret.
Expiration string: The date the secret will expire.
Id string: The provider-assigned unique ID for this managed resource.
Metadata Dictionary<string, string>: The map of metadata, assigned on the secret, which has been explicitly and implicitly added.
Payload string: The secret payload.
PayloadContentEncoding string: The Secret encoding.
PayloadContentType string: The Secret content type.
SecretRef string: The secret reference / where to find the secret.
Status string: The status of the secret.
UpdatedAt string: The date the secret ACL was last updated.
AclOnly bool: See Argument Reference above.
Algorithm string: See Argument Reference above.
BitLength int: See Argument Reference above.
CreatedAtFilter string: See Argument Reference above.
ExpirationFilter string: See Argument Reference above.
Mode string: See Argument Reference above.
Name string: See Argument Reference above.
Region string: See Argument Reference above.
SecretType string: See Argument Reference above.
UpdatedAtFilter string: See Argument Reference above.

Acls []GetSecretAcl: The list of ACLs assigned to a secret. The read structure is described below.
ContentTypes map[string]string: The map of the content types, assigned on the secret.
CreatedAt string: The date the secret ACL was created.
CreatorId string: The creator of the secret.
Expiration string: The date the secret will expire.
Id string: The provider-assigned unique ID for this managed resource.
Metadata map[string]string: The map of metadata, assigned on the secret, which has been explicitly and implicitly added.
Payload string: The secret payload.
PayloadContentEncoding string: The Secret encoding.
PayloadContentType string: The Secret content type.
SecretRef string: The secret reference / where to find the secret.
Status string: The status of the secret.
UpdatedAt string: The date the secret ACL was last updated.
AclOnly bool: See Argument Reference above.
Algorithm string: See Argument Reference above.
BitLength int: See Argument Reference above.
CreatedAtFilter string: See Argument Reference above.
ExpirationFilter string: See Argument Reference above.
Mode string: See Argument Reference above.
Name string: See Argument Reference above.
Region string: See Argument Reference above.
SecretType string: See Argument Reference above.
UpdatedAtFilter string: See Argument Reference above.

acls List<GetSecretAcl>: The list of ACLs assigned to a secret. The read structure is described below.
contentTypes Map<String,String>: The map of the content types, assigned on the secret.
createdAt String: The date the secret ACL was created.
creatorId String: The creator of the secret.
expiration String: The date the secret will expire.
id String: The provider-assigned unique ID for this managed resource.
metadata Map<String,String>: The map of metadata, assigned on the secret, which has been explicitly and implicitly added.
payload String: The secret payload.
payloadContentEncoding String: The Secret encoding.
payloadContentType String: The Secret content type.
secretRef String: The secret reference / where to find the secret.
status String: The status of the secret.
updatedAt String: The date the secret ACL was last updated.
aclOnly Boolean: See Argument Reference above.
algorithm String: See Argument Reference above.
bitLength Integer: See Argument Reference above.
createdAtFilter String: See Argument Reference above.
expirationFilter String: See Argument Reference above.
mode String: See Argument Reference above.
name String: See Argument Reference above.
region String: See Argument Reference above.
secretType String: See Argument Reference above.
updatedAtFilter String: See Argument Reference above.

acls GetSecretAcl[]: The list of ACLs assigned to a secret. The read structure is described below.
contentTypes {[key: string]: string}: The map of the content types, assigned on the secret.
createdAt string: The date the secret ACL was created.
creatorId string: The creator of the secret.
expiration string: The date the secret will expire.
id string: The provider-assigned unique ID for this managed resource.
metadata {[key: string]: string}: The map of metadata, assigned on the secret, which has been explicitly and implicitly added.
payload string: The secret payload.
payloadContentEncoding string: The Secret encoding.
payloadContentType string: The Secret content type.
secretRef string: The secret reference / where to find the secret.
status string: The status of the secret.
updatedAt string: The date the secret ACL was last updated.
aclOnly boolean: See Argument Reference above.
algorithm string: See Argument Reference above.
bitLength number: See Argument Reference above.
createdAtFilter string: See Argument Reference above.
expirationFilter string: See Argument Reference above.
mode string: See Argument Reference above.
name string: See Argument Reference above.
region string: See Argument Reference above.
secretType string: See Argument Reference above.
updatedAtFilter string: See Argument Reference above.

acls Sequence[GetSecretAcl]: The list of ACLs assigned to a secret. The read structure is described below.
content_types Mapping[str, str]: The map of the content types, assigned on the secret.
created_at str: The date the secret ACL was created.
creator_id str: The creator of the secret.
expiration str: The date the secret will expire.
id str: The provider-assigned unique ID for this managed resource.
metadata Mapping[str, str]: The map of metadata, assigned on the secret, which has been explicitly and implicitly added.
payload str: The secret payload.
payload_content_encoding str: The Secret encoding.
payload_content_type str: The Secret content type.
secret_ref str: The secret reference / where to find the secret.
status str: The status of the secret.
updated_at str: The date the secret ACL was last updated.
acl_only bool: See Argument Reference above.
algorithm str: See Argument Reference above.
bit_length int: See Argument Reference above.
created_at_filter str: See Argument Reference above.
expiration_filter str: See Argument Reference above.
mode str: See Argument Reference above.
name str: See Argument Reference above.
region str: See Argument Reference above.
secret_type str: See Argument Reference above.
updated_at_filter str: See Argument Reference above.

acls List<Property Map>: The list of ACLs assigned to a secret. The read structure is described below.
contentTypes Map<String>: The map of the content types, assigned on the secret.
createdAt String: The date the secret ACL was created.
creatorId String: The creator of the secret.
expiration String: The date the secret will expire.
id String: The provider-assigned unique ID for this managed resource.
metadata Map<String>: The map of metadata, assigned on the secret, which has been explicitly and implicitly added.
payload String: The secret payload.
payloadContentEncoding String: The Secret encoding.
payloadContentType String: The Secret content type.
secretRef String: The secret reference / where to find the secret.
status String: The status of the secret.
updatedAt String: The date the secret ACL was last updated.
aclOnly Boolean: See Argument Reference above.
algorithm String: See Argument Reference above.
bitLength Number: See Argument Reference above.
createdAtFilter String: See Argument Reference above.
expirationFilter String: See Argument Reference above.
mode String: See Argument Reference above.
name String: See Argument Reference above.
region String: See Argument Reference above.
secretType String: See Argument Reference above.
updatedAtFilter String: See Argument Reference above.

Supporting Types

GetSecretAcl

Read Pulumi.OpenStack.KeyManager.Inputs.GetSecretAclRead

Read GetSecretAclRead

read GetSecretAclRead

read GetSecretAclRead

read GetSecretAclRead

read Property Map

GetSecretAclRead

CreatedAt string: The date the secret ACL was created.
UpdatedAt string: The date the secret ACL was last updated.
ProjectAccess bool: Whether the secret is accessible project wide.
Users List<string>: The list of user IDs, which are allowed to access the secret, when projectAccess is set to false.

CreatedAt string: The date the secret ACL was created.
UpdatedAt string: The date the secret ACL was last updated.
ProjectAccess bool: Whether the secret is accessible project wide.
Users []string: The list of user IDs, which are allowed to access the secret, when projectAccess is set to false.

createdAt String: The date the secret ACL was created.
updatedAt String: The date the secret ACL was last updated.
projectAccess Boolean: Whether the secret is accessible project wide.
users List<String>: The list of user IDs, which are allowed to access the secret, when projectAccess is set to false.

createdAt string: The date the secret ACL was created.
updatedAt string: The date the secret ACL was last updated.
projectAccess boolean: Whether the secret is accessible project wide.
users string[]: The list of user IDs, which are allowed to access the secret, when projectAccess is set to false.

created_at str: The date the secret ACL was created.
updated_at str: The date the secret ACL was last updated.
project_access bool: Whether the secret is accessible project wide.
users Sequence[str]: The list of user IDs, which are allowed to access the secret, when projectAccess is set to false.

createdAt String: The date the secret ACL was created.
updatedAt String: The date the secret ACL was last updated.
projectAccess Boolean: Whether the secret is accessible project wide.
users List<String>: The list of user IDs, which are allowed to access the secret, when projectAccess is set to false.

Package Details

Repository: OpenStack pulumi/pulumi-openstack
License: Apache-2.0
Notes: This Pulumi package is based on the openstack Terraform Provider.

Viewing docs for OpenStack v5.4.2
published on Friday, Apr 10, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-openstack

openstack.keymanager.getSecret

On this page

On this page

Example Usage

Date Filters

Using getSecret

getSecret Result

Supporting Types

GetSecretAcl

GetSecretAclRead

Package Details

On this page

On this page