1. Packages
  2. HashiCorp Vault
  3. API Docs
  4. kv
  5. getSecretSubkeysV2
HashiCorp Vault v5.20.0 published on Tuesday, Feb 20, 2024 by Pulumi

vault.kv.getSecretSubkeysV2

Explore with Pulumi AI

vault logo
HashiCorp Vault v5.20.0 published on Tuesday, Feb 20, 2024 by Pulumi

    Required Vault Capabilities

    Use of this resource requires the read capability on the given path.

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using System.Text.Json;
    using Pulumi;
    using Vault = Pulumi.Vault;
    
    return await Deployment.RunAsync(() => 
    {
        var kvv2 = new Vault.Mount("kvv2", new()
        {
            Path = "kvv2",
            Type = "kv",
            Options = 
            {
                { "version", "2" },
            },
            Description = "KV Version 2 secret engine mount",
        });
    
        var awsSecret = new Vault.Kv.SecretV2("awsSecret", new()
        {
            Mount = kvv2.Path,
            DataJson = JsonSerializer.Serialize(new Dictionary<string, object?>
            {
                ["zip"] = "zap",
                ["foo"] = "bar",
            }),
        });
    
        var test = Vault.kv.GetSecretSubkeysV2.Invoke(new()
        {
            Mount = kvv2.Path,
            Name = awsSecret.Name,
        });
    
    });
    
    package main
    
    import (
    	"encoding/json"
    
    	"github.com/pulumi/pulumi-vault/sdk/v5/go/vault"
    	"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/kv"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		kvv2, err := vault.NewMount(ctx, "kvv2", &vault.MountArgs{
    			Path: pulumi.String("kvv2"),
    			Type: pulumi.String("kv"),
    			Options: pulumi.Map{
    				"version": pulumi.Any("2"),
    			},
    			Description: pulumi.String("KV Version 2 secret engine mount"),
    		})
    		if err != nil {
    			return err
    		}
    		tmpJSON0, err := json.Marshal(map[string]interface{}{
    			"zip": "zap",
    			"foo": "bar",
    		})
    		if err != nil {
    			return err
    		}
    		json0 := string(tmpJSON0)
    		awsSecret, err := kv.NewSecretV2(ctx, "awsSecret", &kv.SecretV2Args{
    			Mount:    kvv2.Path,
    			DataJson: pulumi.String(json0),
    		})
    		if err != nil {
    			return err
    		}
    		_ = kv.GetSecretSubkeysV2Output(ctx, kv.GetSecretSubkeysV2OutputArgs{
    			Mount: kvv2.Path,
    			Name:  awsSecret.Name,
    		}, nil)
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.vault.Mount;
    import com.pulumi.vault.MountArgs;
    import com.pulumi.vault.kv.SecretV2;
    import com.pulumi.vault.kv.SecretV2Args;
    import com.pulumi.vault.kv.KvFunctions;
    import com.pulumi.vault.kv.inputs.GetSecretSubkeysV2Args;
    import static com.pulumi.codegen.internal.Serialization.*;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var kvv2 = new Mount("kvv2", MountArgs.builder()        
                .path("kvv2")
                .type("kv")
                .options(Map.of("version", "2"))
                .description("KV Version 2 secret engine mount")
                .build());
    
            var awsSecret = new SecretV2("awsSecret", SecretV2Args.builder()        
                .mount(kvv2.path())
                .dataJson(serializeJson(
                    jsonObject(
                        jsonProperty("zip", "zap"),
                        jsonProperty("foo", "bar")
                    )))
                .build());
    
            final var test = KvFunctions.getSecretSubkeysV2(GetSecretSubkeysV2Args.builder()
                .mount(kvv2.path())
                .name(awsSecret.name())
                .build());
    
        }
    }
    
    import pulumi
    import json
    import pulumi_vault as vault
    
    kvv2 = vault.Mount("kvv2",
        path="kvv2",
        type="kv",
        options={
            "version": "2",
        },
        description="KV Version 2 secret engine mount")
    aws_secret = vault.kv.SecretV2("awsSecret",
        mount=kvv2.path,
        data_json=json.dumps({
            "zip": "zap",
            "foo": "bar",
        }))
    test = vault.kv.get_secret_subkeys_v2_output(mount=kvv2.path,
        name=aws_secret.name)
    
    import * as pulumi from "@pulumi/pulumi";
    import * as vault from "@pulumi/vault";
    
    const kvv2 = new vault.Mount("kvv2", {
        path: "kvv2",
        type: "kv",
        options: {
            version: "2",
        },
        description: "KV Version 2 secret engine mount",
    });
    const awsSecret = new vault.kv.SecretV2("awsSecret", {
        mount: kvv2.path,
        dataJson: JSON.stringify({
            zip: "zap",
            foo: "bar",
        }),
    });
    const test = vault.kv.getSecretSubkeysV2Output({
        mount: kvv2.path,
        name: awsSecret.name,
    });
    
    resources:
      kvv2:
        type: vault:Mount
        properties:
          path: kvv2
          type: kv
          options:
            version: '2'
          description: KV Version 2 secret engine mount
      awsSecret:
        type: vault:kv:SecretV2
        properties:
          mount: ${kvv2.path}
          dataJson:
            fn::toJSON:
              zip: zap
              foo: bar
    variables:
      test:
        fn::invoke:
          Function: vault:kv:getSecretSubkeysV2
          Arguments:
            mount: ${kvv2.path}
            name: ${awsSecret.name}
    

    Using getSecretSubkeysV2

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getSecretSubkeysV2(args: GetSecretSubkeysV2Args, opts?: InvokeOptions): Promise<GetSecretSubkeysV2Result>
    function getSecretSubkeysV2Output(args: GetSecretSubkeysV2OutputArgs, opts?: InvokeOptions): Output<GetSecretSubkeysV2Result>
    def get_secret_subkeys_v2(depth: Optional[int] = None,
                              mount: Optional[str] = None,
                              name: Optional[str] = None,
                              namespace: Optional[str] = None,
                              version: Optional[int] = None,
                              opts: Optional[InvokeOptions] = None) -> GetSecretSubkeysV2Result
    def get_secret_subkeys_v2_output(depth: Optional[pulumi.Input[int]] = None,
                              mount: Optional[pulumi.Input[str]] = None,
                              name: Optional[pulumi.Input[str]] = None,
                              namespace: Optional[pulumi.Input[str]] = None,
                              version: Optional[pulumi.Input[int]] = None,
                              opts: Optional[InvokeOptions] = None) -> Output[GetSecretSubkeysV2Result]
    func GetSecretSubkeysV2(ctx *Context, args *GetSecretSubkeysV2Args, opts ...InvokeOption) (*GetSecretSubkeysV2Result, error)
    func GetSecretSubkeysV2Output(ctx *Context, args *GetSecretSubkeysV2OutputArgs, opts ...InvokeOption) GetSecretSubkeysV2ResultOutput

    > Note: This function is named GetSecretSubkeysV2 in the Go SDK.

    public static class GetSecretSubkeysV2 
    {
        public static Task<GetSecretSubkeysV2Result> InvokeAsync(GetSecretSubkeysV2Args args, InvokeOptions? opts = null)
        public static Output<GetSecretSubkeysV2Result> Invoke(GetSecretSubkeysV2InvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetSecretSubkeysV2Result> getSecretSubkeysV2(GetSecretSubkeysV2Args args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: vault:kv/getSecretSubkeysV2:getSecretSubkeysV2
      arguments:
        # arguments dictionary

    The following arguments are supported:

    Mount string
    Path where KV-V2 engine is mounted.
    Name string
    Full name of the secret. For a nested secret the name is the nested path excluding the mount and data prefix. For example, for a secret at kvv2/data/foo/bar/baz the name is foo/bar/baz.
    Depth int
    Specifies the deepest nesting level to provide in the output. If non-zero, keys that reside at the specified depth value will be artificially treated as leaves and will thus be null even if further underlying sub-keys exist.
    Namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    Version int
    Specifies the version to return. If not set the latest version is returned.
    Mount string
    Path where KV-V2 engine is mounted.
    Name string
    Full name of the secret. For a nested secret the name is the nested path excluding the mount and data prefix. For example, for a secret at kvv2/data/foo/bar/baz the name is foo/bar/baz.
    Depth int
    Specifies the deepest nesting level to provide in the output. If non-zero, keys that reside at the specified depth value will be artificially treated as leaves and will thus be null even if further underlying sub-keys exist.
    Namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    Version int
    Specifies the version to return. If not set the latest version is returned.
    mount String
    Path where KV-V2 engine is mounted.
    name String
    Full name of the secret. For a nested secret the name is the nested path excluding the mount and data prefix. For example, for a secret at kvv2/data/foo/bar/baz the name is foo/bar/baz.
    depth Integer
    Specifies the deepest nesting level to provide in the output. If non-zero, keys that reside at the specified depth value will be artificially treated as leaves and will thus be null even if further underlying sub-keys exist.
    namespace String
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    version Integer
    Specifies the version to return. If not set the latest version is returned.
    mount string
    Path where KV-V2 engine is mounted.
    name string
    Full name of the secret. For a nested secret the name is the nested path excluding the mount and data prefix. For example, for a secret at kvv2/data/foo/bar/baz the name is foo/bar/baz.
    depth number
    Specifies the deepest nesting level to provide in the output. If non-zero, keys that reside at the specified depth value will be artificially treated as leaves and will thus be null even if further underlying sub-keys exist.
    namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    version number
    Specifies the version to return. If not set the latest version is returned.
    mount str
    Path where KV-V2 engine is mounted.
    name str
    Full name of the secret. For a nested secret the name is the nested path excluding the mount and data prefix. For example, for a secret at kvv2/data/foo/bar/baz the name is foo/bar/baz.
    depth int
    Specifies the deepest nesting level to provide in the output. If non-zero, keys that reside at the specified depth value will be artificially treated as leaves and will thus be null even if further underlying sub-keys exist.
    namespace str
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    version int
    Specifies the version to return. If not set the latest version is returned.
    mount String
    Path where KV-V2 engine is mounted.
    name String
    Full name of the secret. For a nested secret the name is the nested path excluding the mount and data prefix. For example, for a secret at kvv2/data/foo/bar/baz the name is foo/bar/baz.
    depth Number
    Specifies the deepest nesting level to provide in the output. If non-zero, keys that reside at the specified depth value will be artificially treated as leaves and will thus be null even if further underlying sub-keys exist.
    namespace String
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    version Number
    Specifies the version to return. If not set the latest version is returned.

    getSecretSubkeysV2 Result

    The following output properties are available:

    Data Dictionary<string, object>
    Subkeys for the KV-V2 secret stored as a serialized map of strings.
    DataJson string
    Subkeys for the KV-V2 secret read from Vault.
    Id string
    The provider-assigned unique ID for this managed resource.
    Mount string
    Name string
    Path string
    Full path where the KV-V2 secrets are listed.
    Depth int
    Namespace string
    Version int
    Data map[string]interface{}
    Subkeys for the KV-V2 secret stored as a serialized map of strings.
    DataJson string
    Subkeys for the KV-V2 secret read from Vault.
    Id string
    The provider-assigned unique ID for this managed resource.
    Mount string
    Name string
    Path string
    Full path where the KV-V2 secrets are listed.
    Depth int
    Namespace string
    Version int
    data Map<String,Object>
    Subkeys for the KV-V2 secret stored as a serialized map of strings.
    dataJson String
    Subkeys for the KV-V2 secret read from Vault.
    id String
    The provider-assigned unique ID for this managed resource.
    mount String
    name String
    path String
    Full path where the KV-V2 secrets are listed.
    depth Integer
    namespace String
    version Integer
    data {[key: string]: any}
    Subkeys for the KV-V2 secret stored as a serialized map of strings.
    dataJson string
    Subkeys for the KV-V2 secret read from Vault.
    id string
    The provider-assigned unique ID for this managed resource.
    mount string
    name string
    path string
    Full path where the KV-V2 secrets are listed.
    depth number
    namespace string
    version number
    data Mapping[str, Any]
    Subkeys for the KV-V2 secret stored as a serialized map of strings.
    data_json str
    Subkeys for the KV-V2 secret read from Vault.
    id str
    The provider-assigned unique ID for this managed resource.
    mount str
    name str
    path str
    Full path where the KV-V2 secrets are listed.
    depth int
    namespace str
    version int
    data Map<Any>
    Subkeys for the KV-V2 secret stored as a serialized map of strings.
    dataJson String
    Subkeys for the KV-V2 secret read from Vault.
    id String
    The provider-assigned unique ID for this managed resource.
    mount String
    name String
    path String
    Full path where the KV-V2 secrets are listed.
    depth Number
    namespace String
    version Number

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the vault Terraform Provider.
    vault logo
    HashiCorp Vault v5.20.0 published on Tuesday, Feb 20, 2024 by Pulumi