Google Cloud Native is in preview. Google Cloud Classic is fully supported.
google-native.secretmanager/v1.Secret
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Creates a new Secret containing no SecretVersions. Auto-naming is currently not supported for this resource.
Create Secret Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Secret(name: string, args: SecretArgs, opts?: CustomResourceOptions);
@overload
def Secret(resource_name: str,
args: SecretArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Secret(resource_name: str,
opts: Optional[ResourceOptions] = None,
replication: Optional[ReplicationArgs] = None,
secret_id: Optional[str] = None,
annotations: Optional[Mapping[str, str]] = None,
etag: Optional[str] = None,
expire_time: Optional[str] = None,
labels: Optional[Mapping[str, str]] = None,
project: Optional[str] = None,
rotation: Optional[RotationArgs] = None,
topics: Optional[Sequence[TopicArgs]] = None,
ttl: Optional[str] = None,
version_aliases: Optional[Mapping[str, str]] = None)
func NewSecret(ctx *Context, name string, args SecretArgs, opts ...ResourceOption) (*Secret, error)
public Secret(string name, SecretArgs args, CustomResourceOptions? opts = null)
public Secret(String name, SecretArgs args)
public Secret(String name, SecretArgs args, CustomResourceOptions options)
type: google-native:secretmanager/v1:Secret
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecretArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecretArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecretArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecretArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecretArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var secretResource = new GoogleNative.SecretManager.V1.Secret("secretResource", new()
{
Replication = new GoogleNative.SecretManager.V1.Inputs.ReplicationArgs
{
Automatic = new GoogleNative.SecretManager.V1.Inputs.AutomaticArgs
{
CustomerManagedEncryption = new GoogleNative.SecretManager.V1.Inputs.CustomerManagedEncryptionArgs
{
KmsKeyName = "string",
},
},
UserManaged = new GoogleNative.SecretManager.V1.Inputs.UserManagedArgs
{
Replicas = new[]
{
new GoogleNative.SecretManager.V1.Inputs.ReplicaArgs
{
CustomerManagedEncryption = new GoogleNative.SecretManager.V1.Inputs.CustomerManagedEncryptionArgs
{
KmsKeyName = "string",
},
Location = "string",
},
},
},
},
SecretId = "string",
Annotations =
{
{ "string", "string" },
},
Etag = "string",
ExpireTime = "string",
Labels =
{
{ "string", "string" },
},
Project = "string",
Rotation = new GoogleNative.SecretManager.V1.Inputs.RotationArgs
{
NextRotationTime = "string",
RotationPeriod = "string",
},
Topics = new[]
{
new GoogleNative.SecretManager.V1.Inputs.TopicArgs
{
Name = "string",
},
},
Ttl = "string",
VersionAliases =
{
{ "string", "string" },
},
});
example, err := secretmanager.NewSecret(ctx, "secretResource", &secretmanager.SecretArgs{
Replication: &secretmanager.ReplicationArgs{
Automatic: &secretmanager.AutomaticArgs{
CustomerManagedEncryption: &secretmanager.CustomerManagedEncryptionArgs{
KmsKeyName: pulumi.String("string"),
},
},
UserManaged: &secretmanager.UserManagedArgs{
Replicas: secretmanager.ReplicaArray{
&secretmanager.ReplicaArgs{
CustomerManagedEncryption: &secretmanager.CustomerManagedEncryptionArgs{
KmsKeyName: pulumi.String("string"),
},
Location: pulumi.String("string"),
},
},
},
},
SecretId: pulumi.String("string"),
Annotations: pulumi.StringMap{
"string": pulumi.String("string"),
},
Etag: pulumi.String("string"),
ExpireTime: pulumi.String("string"),
Labels: pulumi.StringMap{
"string": pulumi.String("string"),
},
Project: pulumi.String("string"),
Rotation: &secretmanager.RotationArgs{
NextRotationTime: pulumi.String("string"),
RotationPeriod: pulumi.String("string"),
},
Topics: secretmanager.TopicArray{
&secretmanager.TopicArgs{
Name: pulumi.String("string"),
},
},
Ttl: pulumi.String("string"),
VersionAliases: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var secretResource = new Secret("secretResource", SecretArgs.builder()
.replication(ReplicationArgs.builder()
.automatic(AutomaticArgs.builder()
.customerManagedEncryption(CustomerManagedEncryptionArgs.builder()
.kmsKeyName("string")
.build())
.build())
.userManaged(UserManagedArgs.builder()
.replicas(ReplicaArgs.builder()
.customerManagedEncryption(CustomerManagedEncryptionArgs.builder()
.kmsKeyName("string")
.build())
.location("string")
.build())
.build())
.build())
.secretId("string")
.annotations(Map.of("string", "string"))
.etag("string")
.expireTime("string")
.labels(Map.of("string", "string"))
.project("string")
.rotation(RotationArgs.builder()
.nextRotationTime("string")
.rotationPeriod("string")
.build())
.topics(TopicArgs.builder()
.name("string")
.build())
.ttl("string")
.versionAliases(Map.of("string", "string"))
.build());
secret_resource = google_native.secretmanager.v1.Secret("secretResource",
replication={
"automatic": {
"customer_managed_encryption": {
"kms_key_name": "string",
},
},
"user_managed": {
"replicas": [{
"customer_managed_encryption": {
"kms_key_name": "string",
},
"location": "string",
}],
},
},
secret_id="string",
annotations={
"string": "string",
},
etag="string",
expire_time="string",
labels={
"string": "string",
},
project="string",
rotation={
"next_rotation_time": "string",
"rotation_period": "string",
},
topics=[{
"name": "string",
}],
ttl="string",
version_aliases={
"string": "string",
})
const secretResource = new google_native.secretmanager.v1.Secret("secretResource", {
replication: {
automatic: {
customerManagedEncryption: {
kmsKeyName: "string",
},
},
userManaged: {
replicas: [{
customerManagedEncryption: {
kmsKeyName: "string",
},
location: "string",
}],
},
},
secretId: "string",
annotations: {
string: "string",
},
etag: "string",
expireTime: "string",
labels: {
string: "string",
},
project: "string",
rotation: {
nextRotationTime: "string",
rotationPeriod: "string",
},
topics: [{
name: "string",
}],
ttl: "string",
versionAliases: {
string: "string",
},
});
type: google-native:secretmanager/v1:Secret
properties:
annotations:
string: string
etag: string
expireTime: string
labels:
string: string
project: string
replication:
automatic:
customerManagedEncryption:
kmsKeyName: string
userManaged:
replicas:
- customerManagedEncryption:
kmsKeyName: string
location: string
rotation:
nextRotationTime: string
rotationPeriod: string
secretId: string
topics:
- name: string
ttl: string
versionAliases:
string: string
Secret Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Secret resource accepts the following input properties:
- Replication
Pulumi.
Google Native. Secret Manager. V1. Inputs. Replication - Immutable. The replication policy of the secret data attached to the Secret. The replication policy cannot be changed after the Secret has been created.
- Secret
Id string - Required. This must be unique within the project. A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (
-
) and underscore (_
) characters. - Annotations Dictionary<string, string>
- Optional. Custom metadata about the secret. Annotations are distinct from various forms of labels. Annotations exist to allow client tools to store their own state information without requiring a database. Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and may have dashes (-), underscores (_), dots (.), and alphanumerics in between these symbols. The total size of annotation keys and values must be less than 16KiB.
- Etag string
- Optional. Etag of the currently stored Secret.
- Expire
Time string - Optional. Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.
- Labels Dictionary<string, string>
- The labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression:
\p{Ll}\p{Lo}{0,62}
Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression:[\p{Ll}\p{Lo}\p{N}_-]{0,63}
No more than 64 labels can be assigned to a given resource. - Project string
- Rotation
Pulumi.
Google Native. Secret Manager. V1. Inputs. Rotation - Optional. Rotation policy attached to the Secret. May be excluded if there is no rotation policy.
- Topics
List<Pulumi.
Google Native. Secret Manager. V1. Inputs. Topic> - Optional. A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.
- Ttl string
- Input only. The TTL for the Secret.
- Version
Aliases Dictionary<string, string> - Optional. Mapping from version alias to version name. A version alias is a string with a maximum length of 63 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (
-
) and underscore ('_') characters. An alias string must start with a letter and cannot be the string 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. Version-Alias pairs will be viewable via GetSecret and modifiable via UpdateSecret. At launch Access by Allias will only be supported on GetSecretVersion and AccessSecretVersion.
- Replication
Replication
Args - Immutable. The replication policy of the secret data attached to the Secret. The replication policy cannot be changed after the Secret has been created.
- Secret
Id string - Required. This must be unique within the project. A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (
-
) and underscore (_
) characters. - Annotations map[string]string
- Optional. Custom metadata about the secret. Annotations are distinct from various forms of labels. Annotations exist to allow client tools to store their own state information without requiring a database. Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and may have dashes (-), underscores (_), dots (.), and alphanumerics in between these symbols. The total size of annotation keys and values must be less than 16KiB.
- Etag string
- Optional. Etag of the currently stored Secret.
- Expire
Time string - Optional. Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.
- Labels map[string]string
- The labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression:
\p{Ll}\p{Lo}{0,62}
Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression:[\p{Ll}\p{Lo}\p{N}_-]{0,63}
No more than 64 labels can be assigned to a given resource. - Project string
- Rotation
Rotation
Args - Optional. Rotation policy attached to the Secret. May be excluded if there is no rotation policy.
- Topics
[]Topic
Args - Optional. A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.
- Ttl string
- Input only. The TTL for the Secret.
- Version
Aliases map[string]string - Optional. Mapping from version alias to version name. A version alias is a string with a maximum length of 63 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (
-
) and underscore ('_') characters. An alias string must start with a letter and cannot be the string 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. Version-Alias pairs will be viewable via GetSecret and modifiable via UpdateSecret. At launch Access by Allias will only be supported on GetSecretVersion and AccessSecretVersion.
- replication Replication
- Immutable. The replication policy of the secret data attached to the Secret. The replication policy cannot be changed after the Secret has been created.
- secret
Id String - Required. This must be unique within the project. A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (
-
) and underscore (_
) characters. - annotations Map<String,String>
- Optional. Custom metadata about the secret. Annotations are distinct from various forms of labels. Annotations exist to allow client tools to store their own state information without requiring a database. Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and may have dashes (-), underscores (_), dots (.), and alphanumerics in between these symbols. The total size of annotation keys and values must be less than 16KiB.
- etag String
- Optional. Etag of the currently stored Secret.
- expire
Time String - Optional. Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.
- labels Map<String,String>
- The labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression:
\p{Ll}\p{Lo}{0,62}
Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression:[\p{Ll}\p{Lo}\p{N}_-]{0,63}
No more than 64 labels can be assigned to a given resource. - project String
- rotation Rotation
- Optional. Rotation policy attached to the Secret. May be excluded if there is no rotation policy.
- topics List<Topic>
- Optional. A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.
- ttl String
- Input only. The TTL for the Secret.
- version
Aliases Map<String,String> - Optional. Mapping from version alias to version name. A version alias is a string with a maximum length of 63 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (
-
) and underscore ('_') characters. An alias string must start with a letter and cannot be the string 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. Version-Alias pairs will be viewable via GetSecret and modifiable via UpdateSecret. At launch Access by Allias will only be supported on GetSecretVersion and AccessSecretVersion.
- replication Replication
- Immutable. The replication policy of the secret data attached to the Secret. The replication policy cannot be changed after the Secret has been created.
- secret
Id string - Required. This must be unique within the project. A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (
-
) and underscore (_
) characters. - annotations {[key: string]: string}
- Optional. Custom metadata about the secret. Annotations are distinct from various forms of labels. Annotations exist to allow client tools to store their own state information without requiring a database. Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and may have dashes (-), underscores (_), dots (.), and alphanumerics in between these symbols. The total size of annotation keys and values must be less than 16KiB.
- etag string
- Optional. Etag of the currently stored Secret.
- expire
Time string - Optional. Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.
- labels {[key: string]: string}
- The labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression:
\p{Ll}\p{Lo}{0,62}
Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression:[\p{Ll}\p{Lo}\p{N}_-]{0,63}
No more than 64 labels can be assigned to a given resource. - project string
- rotation Rotation
- Optional. Rotation policy attached to the Secret. May be excluded if there is no rotation policy.
- topics Topic[]
- Optional. A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.
- ttl string
- Input only. The TTL for the Secret.
- version
Aliases {[key: string]: string} - Optional. Mapping from version alias to version name. A version alias is a string with a maximum length of 63 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (
-
) and underscore ('_') characters. An alias string must start with a letter and cannot be the string 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. Version-Alias pairs will be viewable via GetSecret and modifiable via UpdateSecret. At launch Access by Allias will only be supported on GetSecretVersion and AccessSecretVersion.
- replication
Replication
Args - Immutable. The replication policy of the secret data attached to the Secret. The replication policy cannot be changed after the Secret has been created.
- secret_
id str - Required. This must be unique within the project. A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (
-
) and underscore (_
) characters. - annotations Mapping[str, str]
- Optional. Custom metadata about the secret. Annotations are distinct from various forms of labels. Annotations exist to allow client tools to store their own state information without requiring a database. Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and may have dashes (-), underscores (_), dots (.), and alphanumerics in between these symbols. The total size of annotation keys and values must be less than 16KiB.
- etag str
- Optional. Etag of the currently stored Secret.
- expire_
time str - Optional. Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.
- labels Mapping[str, str]
- The labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression:
\p{Ll}\p{Lo}{0,62}
Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression:[\p{Ll}\p{Lo}\p{N}_-]{0,63}
No more than 64 labels can be assigned to a given resource. - project str
- rotation
Rotation
Args - Optional. Rotation policy attached to the Secret. May be excluded if there is no rotation policy.
- topics
Sequence[Topic
Args] - Optional. A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.
- ttl str
- Input only. The TTL for the Secret.
- version_
aliases Mapping[str, str] - Optional. Mapping from version alias to version name. A version alias is a string with a maximum length of 63 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (
-
) and underscore ('_') characters. An alias string must start with a letter and cannot be the string 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. Version-Alias pairs will be viewable via GetSecret and modifiable via UpdateSecret. At launch Access by Allias will only be supported on GetSecretVersion and AccessSecretVersion.
- replication Property Map
- Immutable. The replication policy of the secret data attached to the Secret. The replication policy cannot be changed after the Secret has been created.
- secret
Id String - Required. This must be unique within the project. A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (
-
) and underscore (_
) characters. - annotations Map<String>
- Optional. Custom metadata about the secret. Annotations are distinct from various forms of labels. Annotations exist to allow client tools to store their own state information without requiring a database. Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and may have dashes (-), underscores (_), dots (.), and alphanumerics in between these symbols. The total size of annotation keys and values must be less than 16KiB.
- etag String
- Optional. Etag of the currently stored Secret.
- expire
Time String - Optional. Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.
- labels Map<String>
- The labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression:
\p{Ll}\p{Lo}{0,62}
Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression:[\p{Ll}\p{Lo}\p{N}_-]{0,63}
No more than 64 labels can be assigned to a given resource. - project String
- rotation Property Map
- Optional. Rotation policy attached to the Secret. May be excluded if there is no rotation policy.
- topics List<Property Map>
- Optional. A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.
- ttl String
- Input only. The TTL for the Secret.
- version
Aliases Map<String> - Optional. Mapping from version alias to version name. A version alias is a string with a maximum length of 63 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (
-
) and underscore ('_') characters. An alias string must start with a letter and cannot be the string 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. Version-Alias pairs will be viewable via GetSecret and modifiable via UpdateSecret. At launch Access by Allias will only be supported on GetSecretVersion and AccessSecretVersion.
Outputs
All input properties are implicitly available as output properties. Additionally, the Secret resource produces the following output properties:
- Create
Time string - The time at which the Secret was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- The resource name of the Secret in the format
projects/*/secrets/*
.
- Create
Time string - The time at which the Secret was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- The resource name of the Secret in the format
projects/*/secrets/*
.
- create
Time String - The time at which the Secret was created.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- The resource name of the Secret in the format
projects/*/secrets/*
.
- create
Time string - The time at which the Secret was created.
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- The resource name of the Secret in the format
projects/*/secrets/*
.
- create_
time str - The time at which the Secret was created.
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- The resource name of the Secret in the format
projects/*/secrets/*
.
- create
Time String - The time at which the Secret was created.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- The resource name of the Secret in the format
projects/*/secrets/*
.
Supporting Types
Automatic, AutomaticArgs
- Customer
Managed Pulumi.Encryption Google Native. Secret Manager. V1. Inputs. Customer Managed Encryption - Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
- Customer
Managed CustomerEncryption Managed Encryption - Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
- customer
Managed CustomerEncryption Managed Encryption - Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
- customer
Managed CustomerEncryption Managed Encryption - Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
- customer_
managed_ Customerencryption Managed Encryption - Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
- customer
Managed Property MapEncryption - Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
AutomaticResponse, AutomaticResponseArgs
- Customer
Managed Pulumi.Encryption Google Native. Secret Manager. V1. Inputs. Customer Managed Encryption Response - Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
- Customer
Managed CustomerEncryption Managed Encryption Response - Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
- customer
Managed CustomerEncryption Managed Encryption Response - Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
- customer
Managed CustomerEncryption Managed Encryption Response - Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
- customer_
managed_ Customerencryption Managed Encryption Response - Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
- customer
Managed Property MapEncryption - Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
CustomerManagedEncryption, CustomerManagedEncryptionArgs
- Kms
Key stringName - The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the replica location. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in
global
. The expected format isprojects/*/locations/*/keyRings/*/cryptoKeys/*
.
- Kms
Key stringName - The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the replica location. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in
global
. The expected format isprojects/*/locations/*/keyRings/*/cryptoKeys/*
.
- kms
Key StringName - The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the replica location. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in
global
. The expected format isprojects/*/locations/*/keyRings/*/cryptoKeys/*
.
- kms
Key stringName - The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the replica location. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in
global
. The expected format isprojects/*/locations/*/keyRings/*/cryptoKeys/*
.
- kms_
key_ strname - The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the replica location. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in
global
. The expected format isprojects/*/locations/*/keyRings/*/cryptoKeys/*
.
- kms
Key StringName - The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the replica location. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in
global
. The expected format isprojects/*/locations/*/keyRings/*/cryptoKeys/*
.
CustomerManagedEncryptionResponse, CustomerManagedEncryptionResponseArgs
- Kms
Key stringName - The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the replica location. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in
global
. The expected format isprojects/*/locations/*/keyRings/*/cryptoKeys/*
.
- Kms
Key stringName - The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the replica location. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in
global
. The expected format isprojects/*/locations/*/keyRings/*/cryptoKeys/*
.
- kms
Key StringName - The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the replica location. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in
global
. The expected format isprojects/*/locations/*/keyRings/*/cryptoKeys/*
.
- kms
Key stringName - The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the replica location. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in
global
. The expected format isprojects/*/locations/*/keyRings/*/cryptoKeys/*
.
- kms_
key_ strname - The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the replica location. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in
global
. The expected format isprojects/*/locations/*/keyRings/*/cryptoKeys/*
.
- kms
Key StringName - The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the replica location. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in
global
. The expected format isprojects/*/locations/*/keyRings/*/cryptoKeys/*
.
Replica, ReplicaArgs
- Customer
Managed Pulumi.Encryption Google Native. Secret Manager. V1. Inputs. Customer Managed Encryption - Optional. The customer-managed encryption configuration of the User-Managed Replica. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
- Location string
- The canonical IDs of the location to replicate data. For example:
"us-east1"
.
- Customer
Managed CustomerEncryption Managed Encryption - Optional. The customer-managed encryption configuration of the User-Managed Replica. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
- Location string
- The canonical IDs of the location to replicate data. For example:
"us-east1"
.
- customer
Managed CustomerEncryption Managed Encryption - Optional. The customer-managed encryption configuration of the User-Managed Replica. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
- location String
- The canonical IDs of the location to replicate data. For example:
"us-east1"
.
- customer
Managed CustomerEncryption Managed Encryption - Optional. The customer-managed encryption configuration of the User-Managed Replica. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
- location string
- The canonical IDs of the location to replicate data. For example:
"us-east1"
.
- customer_
managed_ Customerencryption Managed Encryption - Optional. The customer-managed encryption configuration of the User-Managed Replica. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
- location str
- The canonical IDs of the location to replicate data. For example:
"us-east1"
.
- customer
Managed Property MapEncryption - Optional. The customer-managed encryption configuration of the User-Managed Replica. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
- location String
- The canonical IDs of the location to replicate data. For example:
"us-east1"
.
ReplicaResponse, ReplicaResponseArgs
- Customer
Managed Pulumi.Encryption Google Native. Secret Manager. V1. Inputs. Customer Managed Encryption Response - Optional. The customer-managed encryption configuration of the User-Managed Replica. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
- Location string
- The canonical IDs of the location to replicate data. For example:
"us-east1"
.
- Customer
Managed CustomerEncryption Managed Encryption Response - Optional. The customer-managed encryption configuration of the User-Managed Replica. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
- Location string
- The canonical IDs of the location to replicate data. For example:
"us-east1"
.
- customer
Managed CustomerEncryption Managed Encryption Response - Optional. The customer-managed encryption configuration of the User-Managed Replica. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
- location String
- The canonical IDs of the location to replicate data. For example:
"us-east1"
.
- customer
Managed CustomerEncryption Managed Encryption Response - Optional. The customer-managed encryption configuration of the User-Managed Replica. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
- location string
- The canonical IDs of the location to replicate data. For example:
"us-east1"
.
- customer_
managed_ Customerencryption Managed Encryption Response - Optional. The customer-managed encryption configuration of the User-Managed Replica. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
- location str
- The canonical IDs of the location to replicate data. For example:
"us-east1"
.
- customer
Managed Property MapEncryption - Optional. The customer-managed encryption configuration of the User-Managed Replica. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
- location String
- The canonical IDs of the location to replicate data. For example:
"us-east1"
.
Replication, ReplicationArgs
- Automatic
Pulumi.
Google Native. Secret Manager. V1. Inputs. Automatic - The Secret will automatically be replicated without any restrictions.
- User
Managed Pulumi.Google Native. Secret Manager. V1. Inputs. User Managed - The Secret will only be replicated into the locations specified.
- Automatic Automatic
- The Secret will automatically be replicated without any restrictions.
- User
Managed UserManaged - The Secret will only be replicated into the locations specified.
- automatic Automatic
- The Secret will automatically be replicated without any restrictions.
- user
Managed UserManaged - The Secret will only be replicated into the locations specified.
- automatic Automatic
- The Secret will automatically be replicated without any restrictions.
- user
Managed UserManaged - The Secret will only be replicated into the locations specified.
- automatic Automatic
- The Secret will automatically be replicated without any restrictions.
- user_
managed UserManaged - The Secret will only be replicated into the locations specified.
- automatic Property Map
- The Secret will automatically be replicated without any restrictions.
- user
Managed Property Map - The Secret will only be replicated into the locations specified.
ReplicationResponse, ReplicationResponseArgs
- Automatic
Pulumi.
Google Native. Secret Manager. V1. Inputs. Automatic Response - The Secret will automatically be replicated without any restrictions.
- User
Managed Pulumi.Google Native. Secret Manager. V1. Inputs. User Managed Response - The Secret will only be replicated into the locations specified.
- Automatic
Automatic
Response - The Secret will automatically be replicated without any restrictions.
- User
Managed UserManaged Response - The Secret will only be replicated into the locations specified.
- automatic
Automatic
Response - The Secret will automatically be replicated without any restrictions.
- user
Managed UserManaged Response - The Secret will only be replicated into the locations specified.
- automatic
Automatic
Response - The Secret will automatically be replicated without any restrictions.
- user
Managed UserManaged Response - The Secret will only be replicated into the locations specified.
- automatic
Automatic
Response - The Secret will automatically be replicated without any restrictions.
- user_
managed UserManaged Response - The Secret will only be replicated into the locations specified.
- automatic Property Map
- The Secret will automatically be replicated without any restrictions.
- user
Managed Property Map - The Secret will only be replicated into the locations specified.
Rotation, RotationArgs
- Next
Rotation stringTime - Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years). next_rotation_time MUST be set if rotation_period is set.
- Rotation
Period string - Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotation_period is set, next_rotation_time must be set. next_rotation_time will be advanced by this period when the service automatically sends rotation notifications.
- Next
Rotation stringTime - Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years). next_rotation_time MUST be set if rotation_period is set.
- Rotation
Period string - Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotation_period is set, next_rotation_time must be set. next_rotation_time will be advanced by this period when the service automatically sends rotation notifications.
- next
Rotation StringTime - Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years). next_rotation_time MUST be set if rotation_period is set.
- rotation
Period String - Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotation_period is set, next_rotation_time must be set. next_rotation_time will be advanced by this period when the service automatically sends rotation notifications.
- next
Rotation stringTime - Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years). next_rotation_time MUST be set if rotation_period is set.
- rotation
Period string - Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotation_period is set, next_rotation_time must be set. next_rotation_time will be advanced by this period when the service automatically sends rotation notifications.
- next_
rotation_ strtime - Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years). next_rotation_time MUST be set if rotation_period is set.
- rotation_
period str - Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotation_period is set, next_rotation_time must be set. next_rotation_time will be advanced by this period when the service automatically sends rotation notifications.
- next
Rotation StringTime - Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years). next_rotation_time MUST be set if rotation_period is set.
- rotation
Period String - Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotation_period is set, next_rotation_time must be set. next_rotation_time will be advanced by this period when the service automatically sends rotation notifications.
RotationResponse, RotationResponseArgs
- Next
Rotation stringTime - Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years). next_rotation_time MUST be set if rotation_period is set.
- Rotation
Period string - Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotation_period is set, next_rotation_time must be set. next_rotation_time will be advanced by this period when the service automatically sends rotation notifications.
- Next
Rotation stringTime - Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years). next_rotation_time MUST be set if rotation_period is set.
- Rotation
Period string - Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotation_period is set, next_rotation_time must be set. next_rotation_time will be advanced by this period when the service automatically sends rotation notifications.
- next
Rotation StringTime - Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years). next_rotation_time MUST be set if rotation_period is set.
- rotation
Period String - Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotation_period is set, next_rotation_time must be set. next_rotation_time will be advanced by this period when the service automatically sends rotation notifications.
- next
Rotation stringTime - Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years). next_rotation_time MUST be set if rotation_period is set.
- rotation
Period string - Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotation_period is set, next_rotation_time must be set. next_rotation_time will be advanced by this period when the service automatically sends rotation notifications.
- next_
rotation_ strtime - Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years). next_rotation_time MUST be set if rotation_period is set.
- rotation_
period str - Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotation_period is set, next_rotation_time must be set. next_rotation_time will be advanced by this period when the service automatically sends rotation notifications.
- next
Rotation StringTime - Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years). next_rotation_time MUST be set if rotation_period is set.
- rotation
Period String - Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotation_period is set, next_rotation_time must be set. next_rotation_time will be advanced by this period when the service automatically sends rotation notifications.
Topic, TopicArgs
- Name string
- The resource name of the Pub/Sub topic that will be published to, in the following format:
projects/*/topics/*
. For publication to succeed, the Secret Manager service agent must have thepubsub.topic.publish
permission on the topic. The Pub/Sub Publisher role (roles/pubsub.publisher
) includes this permission.
- Name string
- The resource name of the Pub/Sub topic that will be published to, in the following format:
projects/*/topics/*
. For publication to succeed, the Secret Manager service agent must have thepubsub.topic.publish
permission on the topic. The Pub/Sub Publisher role (roles/pubsub.publisher
) includes this permission.
- name String
- The resource name of the Pub/Sub topic that will be published to, in the following format:
projects/*/topics/*
. For publication to succeed, the Secret Manager service agent must have thepubsub.topic.publish
permission on the topic. The Pub/Sub Publisher role (roles/pubsub.publisher
) includes this permission.
- name string
- The resource name of the Pub/Sub topic that will be published to, in the following format:
projects/*/topics/*
. For publication to succeed, the Secret Manager service agent must have thepubsub.topic.publish
permission on the topic. The Pub/Sub Publisher role (roles/pubsub.publisher
) includes this permission.
- name str
- The resource name of the Pub/Sub topic that will be published to, in the following format:
projects/*/topics/*
. For publication to succeed, the Secret Manager service agent must have thepubsub.topic.publish
permission on the topic. The Pub/Sub Publisher role (roles/pubsub.publisher
) includes this permission.
- name String
- The resource name of the Pub/Sub topic that will be published to, in the following format:
projects/*/topics/*
. For publication to succeed, the Secret Manager service agent must have thepubsub.topic.publish
permission on the topic. The Pub/Sub Publisher role (roles/pubsub.publisher
) includes this permission.
TopicResponse, TopicResponseArgs
- Name string
- The resource name of the Pub/Sub topic that will be published to, in the following format:
projects/*/topics/*
. For publication to succeed, the Secret Manager service agent must have thepubsub.topic.publish
permission on the topic. The Pub/Sub Publisher role (roles/pubsub.publisher
) includes this permission.
- Name string
- The resource name of the Pub/Sub topic that will be published to, in the following format:
projects/*/topics/*
. For publication to succeed, the Secret Manager service agent must have thepubsub.topic.publish
permission on the topic. The Pub/Sub Publisher role (roles/pubsub.publisher
) includes this permission.
- name String
- The resource name of the Pub/Sub topic that will be published to, in the following format:
projects/*/topics/*
. For publication to succeed, the Secret Manager service agent must have thepubsub.topic.publish
permission on the topic. The Pub/Sub Publisher role (roles/pubsub.publisher
) includes this permission.
- name string
- The resource name of the Pub/Sub topic that will be published to, in the following format:
projects/*/topics/*
. For publication to succeed, the Secret Manager service agent must have thepubsub.topic.publish
permission on the topic. The Pub/Sub Publisher role (roles/pubsub.publisher
) includes this permission.
- name str
- The resource name of the Pub/Sub topic that will be published to, in the following format:
projects/*/topics/*
. For publication to succeed, the Secret Manager service agent must have thepubsub.topic.publish
permission on the topic. The Pub/Sub Publisher role (roles/pubsub.publisher
) includes this permission.
- name String
- The resource name of the Pub/Sub topic that will be published to, in the following format:
projects/*/topics/*
. For publication to succeed, the Secret Manager service agent must have thepubsub.topic.publish
permission on the topic. The Pub/Sub Publisher role (roles/pubsub.publisher
) includes this permission.
UserManaged, UserManagedArgs
- Replicas
List<Pulumi.
Google Native. Secret Manager. V1. Inputs. Replica> - The list of Replicas for this Secret. Cannot be empty.
- replicas List<Replica>
- The list of Replicas for this Secret. Cannot be empty.
- replicas Sequence[Replica]
- The list of Replicas for this Secret. Cannot be empty.
- replicas List<Property Map>
- The list of Replicas for this Secret. Cannot be empty.
UserManagedResponse, UserManagedResponseArgs
- Replicas
List<Pulumi.
Google Native. Secret Manager. V1. Inputs. Replica Response> - The list of Replicas for this Secret. Cannot be empty.
- Replicas
[]Replica
Response - The list of Replicas for this Secret. Cannot be empty.
- replicas
List<Replica
Response> - The list of Replicas for this Secret. Cannot be empty.
- replicas
Replica
Response[] - The list of Replicas for this Secret. Cannot be empty.
- replicas
Sequence[Replica
Response] - The list of Replicas for this Secret. Cannot be empty.
- replicas List<Property Map>
- The list of Replicas for this Secret. Cannot be empty.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.