subcategory : “Key Management Service (KMS)”
ovh.Okms.Secret (Resource)
Manages a secret stored in OVHcloud KMS.
WARNING:
version.datais marked Sensitive but still ends up in the state file. To mitigate that, it is recommended to protect your state with encryption and access controls. Avoid committing it to source control.
Create Secret Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Secret(name: string, args: SecretArgs, opts?: CustomResourceOptions);@overload
def Secret(resource_name: str,
args: SecretArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Secret(resource_name: str,
opts: Optional[ResourceOptions] = None,
okms_id: Optional[str] = None,
path: Optional[str] = None,
version: Optional[SecretVersionArgs] = None,
cas: Optional[float] = None,
include_data: Optional[bool] = None,
metadata: Optional[SecretMetadataArgs] = None)func NewSecret(ctx *Context, name string, args SecretArgs, opts ...ResourceOption) (*Secret, error)public Secret(string name, SecretArgs args, CustomResourceOptions? opts = null)
public Secret(String name, SecretArgs args)
public Secret(String name, SecretArgs args, CustomResourceOptions options)
type: ovh:Okms:Secret
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecretArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecretArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecretArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecretArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecretArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var secretResource = new Ovh.Okms.Secret("secretResource", new()
{
OkmsId = "string",
Path = "string",
Version = new Ovh.Okms.Inputs.SecretVersionArgs
{
Data = "string",
CreatedAt = "string",
DeactivatedAt = "string",
Id = 0,
State = "string",
},
Cas = 0,
Metadata = new Ovh.Okms.Inputs.SecretMetadataArgs
{
CasRequired = false,
CreatedAt = "string",
CurrentVersion = 0,
CustomMetadata =
{
{ "string", "string" },
},
DeactivateVersionAfter = "string",
MaxVersions = 0,
OldestVersion = 0,
UpdatedAt = "string",
},
});
example, err := okms.NewSecret(ctx, "secretResource", &okms.SecretArgs{
OkmsId: pulumi.String("string"),
Path: pulumi.String("string"),
Version: &okms.SecretVersionArgs{
Data: pulumi.String("string"),
CreatedAt: pulumi.String("string"),
DeactivatedAt: pulumi.String("string"),
Id: pulumi.Float64(0),
State: pulumi.String("string"),
},
Cas: pulumi.Float64(0),
Metadata: &okms.SecretMetadataArgs{
CasRequired: pulumi.Bool(false),
CreatedAt: pulumi.String("string"),
CurrentVersion: pulumi.Float64(0),
CustomMetadata: pulumi.StringMap{
"string": pulumi.String("string"),
},
DeactivateVersionAfter: pulumi.String("string"),
MaxVersions: pulumi.Float64(0),
OldestVersion: pulumi.Float64(0),
UpdatedAt: pulumi.String("string"),
},
})
var secretResource = new Secret("secretResource", SecretArgs.builder()
.okmsId("string")
.path("string")
.version(SecretVersionArgs.builder()
.data("string")
.createdAt("string")
.deactivatedAt("string")
.id(0.0)
.state("string")
.build())
.cas(0.0)
.metadata(SecretMetadataArgs.builder()
.casRequired(false)
.createdAt("string")
.currentVersion(0.0)
.customMetadata(Map.of("string", "string"))
.deactivateVersionAfter("string")
.maxVersions(0.0)
.oldestVersion(0.0)
.updatedAt("string")
.build())
.build());
secret_resource = ovh.okms.Secret("secretResource",
okms_id="string",
path="string",
version={
"data": "string",
"created_at": "string",
"deactivated_at": "string",
"id": 0,
"state": "string",
},
cas=0,
metadata={
"cas_required": False,
"created_at": "string",
"current_version": 0,
"custom_metadata": {
"string": "string",
},
"deactivate_version_after": "string",
"max_versions": 0,
"oldest_version": 0,
"updated_at": "string",
})
const secretResource = new ovh.okms.Secret("secretResource", {
okmsId: "string",
path: "string",
version: {
data: "string",
createdAt: "string",
deactivatedAt: "string",
id: 0,
state: "string",
},
cas: 0,
metadata: {
casRequired: false,
createdAt: "string",
currentVersion: 0,
customMetadata: {
string: "string",
},
deactivateVersionAfter: "string",
maxVersions: 0,
oldestVersion: 0,
updatedAt: "string",
},
});
type: ovh:Okms:Secret
properties:
cas: 0
metadata:
casRequired: false
createdAt: string
currentVersion: 0
customMetadata:
string: string
deactivateVersionAfter: string
maxVersions: 0
oldestVersion: 0
updatedAt: string
okmsId: string
path: string
version:
createdAt: string
data: string
deactivatedAt: string
id: 0
state: string
Secret Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Secret resource accepts the following input properties:
- Okms
Id string - Okms ID
- Path string
- Secret path
- Version
Secret
Version - Create an OKMS secret version
- Cas double
- Check-and-set guard. Only used on update operations: must equal the current secret version for the update to succeed. Ignored on create.
- Include
Data bool - Metadata
Secret
Metadata - Create a secret metadata
- Okms
Id string - Okms ID
- Path string
- Secret path
- Version
Secret
Version Args - Create an OKMS secret version
- Cas float64
- Check-and-set guard. Only used on update operations: must equal the current secret version for the update to succeed. Ignored on create.
- Include
Data bool - Metadata
Secret
Metadata Args - Create a secret metadata
- okms
Id String - Okms ID
- path String
- Secret path
- version
Secret
Version - Create an OKMS secret version
- cas Double
- Check-and-set guard. Only used on update operations: must equal the current secret version for the update to succeed. Ignored on create.
- include
Data Boolean - metadata
Secret
Metadata - Create a secret metadata
- okms
Id string - Okms ID
- path string
- Secret path
- version
Secret
Version - Create an OKMS secret version
- cas number
- Check-and-set guard. Only used on update operations: must equal the current secret version for the update to succeed. Ignored on create.
- include
Data boolean - metadata
Secret
Metadata - Create a secret metadata
- okms_
id str - Okms ID
- path str
- Secret path
- version
Secret
Version Args - Create an OKMS secret version
- cas float
- Check-and-set guard. Only used on update operations: must equal the current secret version for the update to succeed. Ignored on create.
- include_
data bool - metadata
Secret
Metadata Args - Create a secret metadata
- okms
Id String - Okms ID
- path String
- Secret path
- version Property Map
- Create an OKMS secret version
- cas Number
- Check-and-set guard. Only used on update operations: must equal the current secret version for the update to succeed. Ignored on create.
- include
Data Boolean - metadata Property Map
- Create a secret metadata
Outputs
All input properties are implicitly available as output properties. Additionally, the Secret resource produces the following output properties:
- iam Property Map
- IAM resource metadata embedded in services models
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Secret Resource
Get an existing Secret resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecretState, opts?: CustomResourceOptions): Secret@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
cas: Optional[float] = None,
iam: Optional[SecretIamArgs] = None,
include_data: Optional[bool] = None,
metadata: Optional[SecretMetadataArgs] = None,
okms_id: Optional[str] = None,
path: Optional[str] = None,
version: Optional[SecretVersionArgs] = None) -> Secretfunc GetSecret(ctx *Context, name string, id IDInput, state *SecretState, opts ...ResourceOption) (*Secret, error)public static Secret Get(string name, Input<string> id, SecretState? state, CustomResourceOptions? opts = null)public static Secret get(String name, Output<String> id, SecretState state, CustomResourceOptions options)resources: _: type: ovh:Okms:Secret get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Cas double
- Check-and-set guard. Only used on update operations: must equal the current secret version for the update to succeed. Ignored on create.
- Iam
Secret
Iam - IAM resource metadata embedded in services models
- Include
Data bool - Metadata
Secret
Metadata - Create a secret metadata
- Okms
Id string - Okms ID
- Path string
- Secret path
- Version
Secret
Version - Create an OKMS secret version
- Cas float64
- Check-and-set guard. Only used on update operations: must equal the current secret version for the update to succeed. Ignored on create.
- Iam
Secret
Iam Args - IAM resource metadata embedded in services models
- Include
Data bool - Metadata
Secret
Metadata Args - Create a secret metadata
- Okms
Id string - Okms ID
- Path string
- Secret path
- Version
Secret
Version Args - Create an OKMS secret version
- cas Double
- Check-and-set guard. Only used on update operations: must equal the current secret version for the update to succeed. Ignored on create.
- iam
Secret
Iam - IAM resource metadata embedded in services models
- include
Data Boolean - metadata
Secret
Metadata - Create a secret metadata
- okms
Id String - Okms ID
- path String
- Secret path
- version
Secret
Version - Create an OKMS secret version
- cas number
- Check-and-set guard. Only used on update operations: must equal the current secret version for the update to succeed. Ignored on create.
- iam
Secret
Iam - IAM resource metadata embedded in services models
- include
Data boolean - metadata
Secret
Metadata - Create a secret metadata
- okms
Id string - Okms ID
- path string
- Secret path
- version
Secret
Version - Create an OKMS secret version
- cas float
- Check-and-set guard. Only used on update operations: must equal the current secret version for the update to succeed. Ignored on create.
- iam
Secret
Iam Args - IAM resource metadata embedded in services models
- include_
data bool - metadata
Secret
Metadata Args - Create a secret metadata
- okms_
id str - Okms ID
- path str
- Secret path
- version
Secret
Version Args - Create an OKMS secret version
- cas Number
- Check-and-set guard. Only used on update operations: must equal the current secret version for the update to succeed. Ignored on create.
- iam Property Map
- IAM resource metadata embedded in services models
- include
Data Boolean - metadata Property Map
- Create a secret metadata
- okms
Id String - Okms ID
- path String
- Secret path
- version Property Map
- Create an OKMS secret version
Supporting Types
SecretIam, SecretIamArgs
- Display
Name string - Resource display name
- Id string
- Unique identifier of the resource
- Dictionary<string, string>
- Resource tags. Tags that were internally computed are prefixed with ovh:
- Urn string
- Unique resource name used in policies
- Display
Name string - Resource display name
- Id string
- Unique identifier of the resource
- map[string]string
- Resource tags. Tags that were internally computed are prefixed with ovh:
- Urn string
- Unique resource name used in policies
- display
Name String - Resource display name
- id String
- Unique identifier of the resource
- Map<String,String>
- Resource tags. Tags that were internally computed are prefixed with ovh:
- urn String
- Unique resource name used in policies
- display
Name string - Resource display name
- id string
- Unique identifier of the resource
- {[key: string]: string}
- Resource tags. Tags that were internally computed are prefixed with ovh:
- urn string
- Unique resource name used in policies
- display_
name str - Resource display name
- id str
- Unique identifier of the resource
- Mapping[str, str]
- Resource tags. Tags that were internally computed are prefixed with ovh:
- urn str
- Unique resource name used in policies
- display
Name String - Resource display name
- id String
- Unique identifier of the resource
- Map<String>
- Resource tags. Tags that were internally computed are prefixed with ovh:
- urn String
- Unique resource name used in policies
SecretMetadata, SecretMetadataArgs
- Cas
Required bool - The “Cas” parameter will be required for each write request if set to true. When the “cas” (Check and set) is specified, the current version of the secret is verified before updating it.
- Created
At string - Time of creation of the secret
- Current
Version double - The secret version
- Custom
Metadata Dictionary<string, string> - Custom metadata
- Deactivate
Version stringAfter - Time duration before a version is deactivated
- Max
Versions double - The number of versions to keep (10 default)
- Oldest
Version double - The secret oldest version
- Updated
At string - Time of the last update of the secret
- Cas
Required bool - The “Cas” parameter will be required for each write request if set to true. When the “cas” (Check and set) is specified, the current version of the secret is verified before updating it.
- Created
At string - Time of creation of the secret
- Current
Version float64 - The secret version
- Custom
Metadata map[string]string - Custom metadata
- Deactivate
Version stringAfter - Time duration before a version is deactivated
- Max
Versions float64 - The number of versions to keep (10 default)
- Oldest
Version float64 - The secret oldest version
- Updated
At string - Time of the last update of the secret
- cas
Required Boolean - The “Cas” parameter will be required for each write request if set to true. When the “cas” (Check and set) is specified, the current version of the secret is verified before updating it.
- created
At String - Time of creation of the secret
- current
Version Double - The secret version
- custom
Metadata Map<String,String> - Custom metadata
- deactivate
Version StringAfter - Time duration before a version is deactivated
- max
Versions Double - The number of versions to keep (10 default)
- oldest
Version Double - The secret oldest version
- updated
At String - Time of the last update of the secret
- cas
Required boolean - The “Cas” parameter will be required for each write request if set to true. When the “cas” (Check and set) is specified, the current version of the secret is verified before updating it.
- created
At string - Time of creation of the secret
- current
Version number - The secret version
- custom
Metadata {[key: string]: string} - Custom metadata
- deactivate
Version stringAfter - Time duration before a version is deactivated
- max
Versions number - The number of versions to keep (10 default)
- oldest
Version number - The secret oldest version
- updated
At string - Time of the last update of the secret
- cas_
required bool - The “Cas” parameter will be required for each write request if set to true. When the “cas” (Check and set) is specified, the current version of the secret is verified before updating it.
- created_
at str - Time of creation of the secret
- current_
version float - The secret version
- custom_
metadata Mapping[str, str] - Custom metadata
- deactivate_
version_ strafter - Time duration before a version is deactivated
- max_
versions float - The number of versions to keep (10 default)
- oldest_
version float - The secret oldest version
- updated_
at str - Time of the last update of the secret
- cas
Required Boolean - The “Cas” parameter will be required for each write request if set to true. When the “cas” (Check and set) is specified, the current version of the secret is verified before updating it.
- created
At String - Time of creation of the secret
- current
Version Number - The secret version
- custom
Metadata Map<String> - Custom metadata
- deactivate
Version StringAfter - Time duration before a version is deactivated
- max
Versions Number - The number of versions to keep (10 default)
- oldest
Version Number - The secret oldest version
- updated
At String - Time of the last update of the secret
SecretVersion, SecretVersionArgs
- Data string
- Created
At string - Time of creation of the secret version
- Deactivated
At string - Time of deactivation of the secret version
- Id double
- Secret version
- State string
- State of the secret version
- Data string
- Created
At string - Time of creation of the secret version
- Deactivated
At string - Time of deactivation of the secret version
- Id float64
- Secret version
- State string
- State of the secret version
- data String
- created
At String - Time of creation of the secret version
- deactivated
At String - Time of deactivation of the secret version
- id Double
- Secret version
- state String
- State of the secret version
- data string
- created
At string - Time of creation of the secret version
- deactivated
At string - Time of deactivation of the secret version
- id number
- Secret version
- state string
- State of the secret version
- data str
- created_
at str - Time of creation of the secret version
- deactivated_
at str - Time of deactivation of the secret version
- id float
- Secret version
- state str
- State of the secret version
- data String
- created
At String - Time of creation of the secret version
- deactivated
At String - Time of deactivation of the secret version
- id Number
- Secret version
- state String
- State of the secret version
Package Details
- Repository
- ovh ovh/pulumi-ovh
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
ovhTerraform Provider.
