HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi
vault.kv.getSecretsListV2
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const kvv2 = new vault.Mount("kvv2", {
path: "kvv2",
type: "kv",
options: {
version: "2",
},
description: "KV Version 2 secret engine mount",
});
const awsSecret = new vault.kv.SecretV2("aws_secret", {
mount: kvv2.path,
name: "aws_secret",
dataJson: JSON.stringify({
zip: "zap",
}),
});
const azureSecret = new vault.kv.SecretV2("azure_secret", {
mount: kvv2.path,
name: "azure_secret",
dataJson: JSON.stringify({
foo: "bar",
}),
});
const nestedSecret = new vault.kv.SecretV2("nested_secret", {
mount: kvv2.path,
name: pulumi.interpolate`${azureSecret.name}/dev`,
dataJson: JSON.stringify({
password: "test",
}),
});
const secrets = vault.kv.getSecretsListV2Output({
mount: kvv2.path,
});
const nestedSecrets = kvv2.path.apply(path => vault.kv.getSecretsListV2Output({
mount: path,
name: test2.name,
}));
import pulumi
import json
import pulumi_vault as vault
kvv2 = vault.Mount("kvv2",
path="kvv2",
type="kv",
options={
"version": "2",
},
description="KV Version 2 secret engine mount")
aws_secret = vault.kv.SecretV2("aws_secret",
mount=kvv2.path,
name="aws_secret",
data_json=json.dumps({
"zip": "zap",
}))
azure_secret = vault.kv.SecretV2("azure_secret",
mount=kvv2.path,
name="azure_secret",
data_json=json.dumps({
"foo": "bar",
}))
nested_secret = vault.kv.SecretV2("nested_secret",
mount=kvv2.path,
name=azure_secret.name.apply(lambda name: f"{name}/dev"),
data_json=json.dumps({
"password": "test",
}))
secrets = vault.kv.get_secrets_list_v2_output(mount=kvv2.path)
nested_secrets = kvv2.path.apply(lambda path: vault.kv.get_secrets_list_v2_output(mount=path,
name=test2["name"]))
package main
import (
"encoding/json"
"fmt"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/kv"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
kvv2, err := vault.NewMount(ctx, "kvv2", &vault.MountArgs{
Path: pulumi.String("kvv2"),
Type: pulumi.String("kv"),
Options: pulumi.StringMap{
"version": pulumi.String("2"),
},
Description: pulumi.String("KV Version 2 secret engine mount"),
})
if err != nil {
return err
}
tmpJSON0, err := json.Marshal(map[string]interface{}{
"zip": "zap",
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = kv.NewSecretV2(ctx, "aws_secret", &kv.SecretV2Args{
Mount: kvv2.Path,
Name: pulumi.String("aws_secret"),
DataJson: pulumi.String(json0),
})
if err != nil {
return err
}
tmpJSON1, err := json.Marshal(map[string]interface{}{
"foo": "bar",
})
if err != nil {
return err
}
json1 := string(tmpJSON1)
azureSecret, err := kv.NewSecretV2(ctx, "azure_secret", &kv.SecretV2Args{
Mount: kvv2.Path,
Name: pulumi.String("azure_secret"),
DataJson: pulumi.String(json1),
})
if err != nil {
return err
}
tmpJSON2, err := json.Marshal(map[string]interface{}{
"password": "test",
})
if err != nil {
return err
}
json2 := string(tmpJSON2)
_, err = kv.NewSecretV2(ctx, "nested_secret", &kv.SecretV2Args{
Mount: kvv2.Path,
Name: azureSecret.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("%v/dev", name), nil
}).(pulumi.StringOutput),
DataJson: pulumi.String(json2),
})
if err != nil {
return err
}
_ = kv.GetSecretsListV2Output(ctx, kv.GetSecretsListV2OutputArgs{
Mount: kvv2.Path,
}, nil)
_ = kvv2.Path.ApplyT(func(path string) (kv.GetSecretsListV2Result, error) {
return kv.GetSecretsListV2Result(interface{}(kv.GetSecretsListV2Output(ctx, kv.GetSecretsListV2OutputArgs{
Mount: path,
Name: test2.Name,
}, nil))), nil
}).(kv.GetSecretsListV2ResultOutput)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var kvv2 = new Vault.Mount("kvv2", new()
{
Path = "kvv2",
Type = "kv",
Options =
{
{ "version", "2" },
},
Description = "KV Version 2 secret engine mount",
});
var awsSecret = new Vault.Kv.SecretV2("aws_secret", new()
{
Mount = kvv2.Path,
Name = "aws_secret",
DataJson = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["zip"] = "zap",
}),
});
var azureSecret = new Vault.Kv.SecretV2("azure_secret", new()
{
Mount = kvv2.Path,
Name = "azure_secret",
DataJson = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["foo"] = "bar",
}),
});
var nestedSecret = new Vault.Kv.SecretV2("nested_secret", new()
{
Mount = kvv2.Path,
Name = azureSecret.Name.Apply(name => $"{name}/dev"),
DataJson = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["password"] = "test",
}),
});
var secrets = Vault.kv.GetSecretsListV2.Invoke(new()
{
Mount = kvv2.Path,
});
var nestedSecrets = Vault.kv.GetSecretsListV2.Invoke(new()
{
Mount = kvv2.Path,
Name = test2.Name,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import com.pulumi.vault.kv.SecretV2;
import com.pulumi.vault.kv.SecretV2Args;
import com.pulumi.vault.kv.KvFunctions;
import com.pulumi.vault.kv.inputs.GetSecretsListV2Args;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var kvv2 = new Mount("kvv2", MountArgs.builder()
.path("kvv2")
.type("kv")
.options(Map.of("version", "2"))
.description("KV Version 2 secret engine mount")
.build());
var awsSecret = new SecretV2("awsSecret", SecretV2Args.builder()
.mount(kvv2.path())
.name("aws_secret")
.dataJson(serializeJson(
jsonObject(
jsonProperty("zip", "zap")
)))
.build());
var azureSecret = new SecretV2("azureSecret", SecretV2Args.builder()
.mount(kvv2.path())
.name("azure_secret")
.dataJson(serializeJson(
jsonObject(
jsonProperty("foo", "bar")
)))
.build());
var nestedSecret = new SecretV2("nestedSecret", SecretV2Args.builder()
.mount(kvv2.path())
.name(azureSecret.name().applyValue(name -> String.format("%s/dev", name)))
.dataJson(serializeJson(
jsonObject(
jsonProperty("password", "test")
)))
.build());
final var secrets = KvFunctions.getSecretsListV2(GetSecretsListV2Args.builder()
.mount(kvv2.path())
.build());
final var nestedSecrets = KvFunctions.getSecretsListV2(GetSecretsListV2Args.builder()
.mount(kvv2.path())
.name(test2.name())
.build());
}
}
resources:
kvv2:
type: vault:Mount
properties:
path: kvv2
type: kv
options:
version: '2'
description: KV Version 2 secret engine mount
awsSecret:
type: vault:kv:SecretV2
name: aws_secret
properties:
mount: ${kvv2.path}
name: aws_secret
dataJson:
fn::toJSON:
zip: zap
azureSecret:
type: vault:kv:SecretV2
name: azure_secret
properties:
mount: ${kvv2.path}
name: azure_secret
dataJson:
fn::toJSON:
foo: bar
nestedSecret:
type: vault:kv:SecretV2
name: nested_secret
properties:
mount: ${kvv2.path}
name: ${azureSecret.name}/dev
dataJson:
fn::toJSON:
password: test
variables:
secrets:
fn::invoke:
Function: vault:kv:getSecretsListV2
Arguments:
mount: ${kvv2.path}
nestedSecrets:
fn::invoke:
Function: vault:kv:getSecretsListV2
Arguments:
mount: ${kvv2.path}
name: ${test2.name}
Required Vault Capabilities
Use of this resource requires the read
capability on the given path.
Using getSecretsListV2
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getSecretsListV2(args: GetSecretsListV2Args, opts?: InvokeOptions): Promise<GetSecretsListV2Result>
function getSecretsListV2Output(args: GetSecretsListV2OutputArgs, opts?: InvokeOptions): Output<GetSecretsListV2Result>
def get_secrets_list_v2(mount: Optional[str] = None,
name: Optional[str] = None,
namespace: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetSecretsListV2Result
def get_secrets_list_v2_output(mount: Optional[pulumi.Input[str]] = None,
name: Optional[pulumi.Input[str]] = None,
namespace: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetSecretsListV2Result]
func GetSecretsListV2(ctx *Context, args *GetSecretsListV2Args, opts ...InvokeOption) (*GetSecretsListV2Result, error)
func GetSecretsListV2Output(ctx *Context, args *GetSecretsListV2OutputArgs, opts ...InvokeOption) GetSecretsListV2ResultOutput
> Note: This function is named GetSecretsListV2
in the Go SDK.
public static class GetSecretsListV2
{
public static Task<GetSecretsListV2Result> InvokeAsync(GetSecretsListV2Args args, InvokeOptions? opts = null)
public static Output<GetSecretsListV2Result> Invoke(GetSecretsListV2InvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetSecretsListV2Result> getSecretsListV2(GetSecretsListV2Args args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: vault:kv/getSecretsListV2:getSecretsListV2
arguments:
# arguments dictionary
The following arguments are supported:
- Mount string
- Path where KV-V2 engine is mounted.
- Name string
- Full name of the secret. For a nested secret
the name is the nested path excluding the mount and data
prefix. For example, for a secret at
kvv2/data/foo/bar/baz
the name isfoo/bar/baz
. - Namespace string
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.
- Mount string
- Path where KV-V2 engine is mounted.
- Name string
- Full name of the secret. For a nested secret
the name is the nested path excluding the mount and data
prefix. For example, for a secret at
kvv2/data/foo/bar/baz
the name isfoo/bar/baz
. - Namespace string
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.
- mount String
- Path where KV-V2 engine is mounted.
- name String
- Full name of the secret. For a nested secret
the name is the nested path excluding the mount and data
prefix. For example, for a secret at
kvv2/data/foo/bar/baz
the name isfoo/bar/baz
. - namespace String
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.
- mount string
- Path where KV-V2 engine is mounted.
- name string
- Full name of the secret. For a nested secret
the name is the nested path excluding the mount and data
prefix. For example, for a secret at
kvv2/data/foo/bar/baz
the name isfoo/bar/baz
. - namespace string
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.
- mount str
- Path where KV-V2 engine is mounted.
- name str
- Full name of the secret. For a nested secret
the name is the nested path excluding the mount and data
prefix. For example, for a secret at
kvv2/data/foo/bar/baz
the name isfoo/bar/baz
. - namespace str
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.
- mount String
- Path where KV-V2 engine is mounted.
- name String
- Full name of the secret. For a nested secret
the name is the nested path excluding the mount and data
prefix. For example, for a secret at
kvv2/data/foo/bar/baz
the name isfoo/bar/baz
. - namespace String
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.
getSecretsListV2 Result
The following output properties are available:
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
vault
Terraform Provider.