1. Packages
  2. HashiCorp Vault
  3. API Docs
  4. kv
  5. getSecret
HashiCorp Vault v5.20.0 published on Tuesday, Feb 20, 2024 by Pulumi

vault.kv.getSecret

Explore with Pulumi AI

vault logo
HashiCorp Vault v5.20.0 published on Tuesday, Feb 20, 2024 by Pulumi

    Required Vault Capabilities

    Use of this resource requires the read capability on the given path.

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using System.Text.Json;
    using Pulumi;
    using Vault = Pulumi.Vault;
    
    return await Deployment.RunAsync(() => 
    {
        var kvv1 = new Vault.Mount("kvv1", new()
        {
            Path = "kvv1",
            Type = "kv",
            Options = 
            {
                { "version", "1" },
            },
            Description = "KV Version 1 secret engine mount",
        });
    
        var secret = new Vault.Kv.Secret("secret", new()
        {
            Path = kvv1.Path.Apply(path => $"{path}/secret"),
            DataJson = JsonSerializer.Serialize(new Dictionary<string, object?>
            {
                ["zip"] = "zap",
                ["foo"] = "bar",
            }),
        });
    
        var secretData = Vault.kv.GetSecret.Invoke(new()
        {
            Path = secret.Path,
        });
    
    });
    
    package main
    
    import (
    	"encoding/json"
    	"fmt"
    
    	"github.com/pulumi/pulumi-vault/sdk/v5/go/vault"
    	"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/kv"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		kvv1, err := vault.NewMount(ctx, "kvv1", &vault.MountArgs{
    			Path: pulumi.String("kvv1"),
    			Type: pulumi.String("kv"),
    			Options: pulumi.Map{
    				"version": pulumi.Any("1"),
    			},
    			Description: pulumi.String("KV Version 1 secret engine mount"),
    		})
    		if err != nil {
    			return err
    		}
    		tmpJSON0, err := json.Marshal(map[string]interface{}{
    			"zip": "zap",
    			"foo": "bar",
    		})
    		if err != nil {
    			return err
    		}
    		json0 := string(tmpJSON0)
    		secret, err := kv.NewSecret(ctx, "secret", &kv.SecretArgs{
    			Path: kvv1.Path.ApplyT(func(path string) (string, error) {
    				return fmt.Sprintf("%v/secret", path), nil
    			}).(pulumi.StringOutput),
    			DataJson: pulumi.String(json0),
    		})
    		if err != nil {
    			return err
    		}
    		_ = kv.LookupSecretOutput(ctx, kv.GetSecretOutputArgs{
    			Path: secret.Path,
    		}, nil)
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.vault.Mount;
    import com.pulumi.vault.MountArgs;
    import com.pulumi.vault.kv.Secret;
    import com.pulumi.vault.kv.SecretArgs;
    import com.pulumi.vault.kv.KvFunctions;
    import com.pulumi.vault.kv.inputs.GetSecretArgs;
    import static com.pulumi.codegen.internal.Serialization.*;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var kvv1 = new Mount("kvv1", MountArgs.builder()        
                .path("kvv1")
                .type("kv")
                .options(Map.of("version", "1"))
                .description("KV Version 1 secret engine mount")
                .build());
    
            var secret = new Secret("secret", SecretArgs.builder()        
                .path(kvv1.path().applyValue(path -> String.format("%s/secret", path)))
                .dataJson(serializeJson(
                    jsonObject(
                        jsonProperty("zip", "zap"),
                        jsonProperty("foo", "bar")
                    )))
                .build());
    
            final var secretData = KvFunctions.getSecret(GetSecretArgs.builder()
                .path(secret.path())
                .build());
    
        }
    }
    
    import pulumi
    import json
    import pulumi_vault as vault
    
    kvv1 = vault.Mount("kvv1",
        path="kvv1",
        type="kv",
        options={
            "version": "1",
        },
        description="KV Version 1 secret engine mount")
    secret = vault.kv.Secret("secret",
        path=kvv1.path.apply(lambda path: f"{path}/secret"),
        data_json=json.dumps({
            "zip": "zap",
            "foo": "bar",
        }))
    secret_data = vault.kv.get_secret_output(path=secret.path)
    
    import * as pulumi from "@pulumi/pulumi";
    import * as vault from "@pulumi/vault";
    
    const kvv1 = new vault.Mount("kvv1", {
        path: "kvv1",
        type: "kv",
        options: {
            version: "1",
        },
        description: "KV Version 1 secret engine mount",
    });
    const secret = new vault.kv.Secret("secret", {
        path: pulumi.interpolate`${kvv1.path}/secret`,
        dataJson: JSON.stringify({
            zip: "zap",
            foo: "bar",
        }),
    });
    const secretData = vault.kv.getSecretOutput({
        path: secret.path,
    });
    
    resources:
      kvv1:
        type: vault:Mount
        properties:
          path: kvv1
          type: kv
          options:
            version: '1'
          description: KV Version 1 secret engine mount
      secret:
        type: vault:kv:Secret
        properties:
          path: ${kvv1.path}/secret
          dataJson:
            fn::toJSON:
              zip: zap
              foo: bar
    variables:
      secretData:
        fn::invoke:
          Function: vault:kv:getSecret
          Arguments:
            path: ${secret.path}
    

    Using getSecret

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getSecret(args: GetSecretArgs, opts?: InvokeOptions): Promise<GetSecretResult>
    function getSecretOutput(args: GetSecretOutputArgs, opts?: InvokeOptions): Output<GetSecretResult>
    def get_secret(namespace: Optional[str] = None,
                   path: Optional[str] = None,
                   opts: Optional[InvokeOptions] = None) -> GetSecretResult
    def get_secret_output(namespace: Optional[pulumi.Input[str]] = None,
                   path: Optional[pulumi.Input[str]] = None,
                   opts: Optional[InvokeOptions] = None) -> Output[GetSecretResult]
    func LookupSecret(ctx *Context, args *LookupSecretArgs, opts ...InvokeOption) (*LookupSecretResult, error)
    func LookupSecretOutput(ctx *Context, args *LookupSecretOutputArgs, opts ...InvokeOption) LookupSecretResultOutput

    > Note: This function is named LookupSecret in the Go SDK.

    public static class GetSecret 
    {
        public static Task<GetSecretResult> InvokeAsync(GetSecretArgs args, InvokeOptions? opts = null)
        public static Output<GetSecretResult> Invoke(GetSecretInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetSecretResult> getSecret(GetSecretArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: vault:kv/getSecret:getSecret
      arguments:
        # arguments dictionary

    The following arguments are supported:

    Path string
    Full path of the KV-V1 secret.
    Namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    Path string
    Full path of the KV-V1 secret.
    Namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    path String
    Full path of the KV-V1 secret.
    namespace String
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    path string
    Full path of the KV-V1 secret.
    namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    path str
    Full path of the KV-V1 secret.
    namespace str
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    path String
    Full path of the KV-V1 secret.
    namespace String
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    getSecret Result

    The following output properties are available:

    Data Dictionary<string, object>
    A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
    DataJson string
    JSON-encoded string that that is read as the secret data at the given path.
    Id string
    The provider-assigned unique ID for this managed resource.
    LeaseDuration int
    The duration of the secret lease, in seconds. Once this time has passed any plan generated with this data may fail to apply.
    LeaseId string
    The lease identifier assigned by Vault, if any.
    LeaseRenewable bool
    True if the duration of this lease can be extended through renewal.
    Path string
    Namespace string
    Data map[string]interface{}
    A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
    DataJson string
    JSON-encoded string that that is read as the secret data at the given path.
    Id string
    The provider-assigned unique ID for this managed resource.
    LeaseDuration int
    The duration of the secret lease, in seconds. Once this time has passed any plan generated with this data may fail to apply.
    LeaseId string
    The lease identifier assigned by Vault, if any.
    LeaseRenewable bool
    True if the duration of this lease can be extended through renewal.
    Path string
    Namespace string
    data Map<String,Object>
    A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
    dataJson String
    JSON-encoded string that that is read as the secret data at the given path.
    id String
    The provider-assigned unique ID for this managed resource.
    leaseDuration Integer
    The duration of the secret lease, in seconds. Once this time has passed any plan generated with this data may fail to apply.
    leaseId String
    The lease identifier assigned by Vault, if any.
    leaseRenewable Boolean
    True if the duration of this lease can be extended through renewal.
    path String
    namespace String
    data {[key: string]: any}
    A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
    dataJson string
    JSON-encoded string that that is read as the secret data at the given path.
    id string
    The provider-assigned unique ID for this managed resource.
    leaseDuration number
    The duration of the secret lease, in seconds. Once this time has passed any plan generated with this data may fail to apply.
    leaseId string
    The lease identifier assigned by Vault, if any.
    leaseRenewable boolean
    True if the duration of this lease can be extended through renewal.
    path string
    namespace string
    data Mapping[str, Any]
    A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
    data_json str
    JSON-encoded string that that is read as the secret data at the given path.
    id str
    The provider-assigned unique ID for this managed resource.
    lease_duration int
    The duration of the secret lease, in seconds. Once this time has passed any plan generated with this data may fail to apply.
    lease_id str
    The lease identifier assigned by Vault, if any.
    lease_renewable bool
    True if the duration of this lease can be extended through renewal.
    path str
    namespace str
    data Map<Any>
    A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
    dataJson String
    JSON-encoded string that that is read as the secret data at the given path.
    id String
    The provider-assigned unique ID for this managed resource.
    leaseDuration Number
    The duration of the secret lease, in seconds. Once this time has passed any plan generated with this data may fail to apply.
    leaseId String
    The lease identifier assigned by Vault, if any.
    leaseRenewable Boolean
    True if the duration of this lease can be extended through renewal.
    path String
    namespace String

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the vault Terraform Provider.
    vault logo
    HashiCorp Vault v5.20.0 published on Tuesday, Feb 20, 2024 by Pulumi