1. Packages
  2. Pulumi Vault Provider
  3. API Docs
  4. kv
  5. getSecretsListV2
HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi

vault.kv.getSecretsListV2

Explore with Pulumi AI

vault logo
HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as vault from "@pulumi/vault";
    
    const kvv2 = new vault.Mount("kvv2", {
        path: "kvv2",
        type: "kv",
        options: {
            version: "2",
        },
        description: "KV Version 2 secret engine mount",
    });
    const awsSecret = new vault.kv.SecretV2("aws_secret", {
        mount: kvv2.path,
        name: "aws_secret",
        dataJson: JSON.stringify({
            zip: "zap",
        }),
    });
    const azureSecret = new vault.kv.SecretV2("azure_secret", {
        mount: kvv2.path,
        name: "azure_secret",
        dataJson: JSON.stringify({
            foo: "bar",
        }),
    });
    const nestedSecret = new vault.kv.SecretV2("nested_secret", {
        mount: kvv2.path,
        name: pulumi.interpolate`${azureSecret.name}/dev`,
        dataJson: JSON.stringify({
            password: "test",
        }),
    });
    const secrets = vault.kv.getSecretsListV2Output({
        mount: kvv2.path,
    });
    const nestedSecrets = kvv2.path.apply(path => vault.kv.getSecretsListV2Output({
        mount: path,
        name: test2.name,
    }));
    
    import pulumi
    import json
    import pulumi_vault as vault
    
    kvv2 = vault.Mount("kvv2",
        path="kvv2",
        type="kv",
        options={
            "version": "2",
        },
        description="KV Version 2 secret engine mount")
    aws_secret = vault.kv.SecretV2("aws_secret",
        mount=kvv2.path,
        name="aws_secret",
        data_json=json.dumps({
            "zip": "zap",
        }))
    azure_secret = vault.kv.SecretV2("azure_secret",
        mount=kvv2.path,
        name="azure_secret",
        data_json=json.dumps({
            "foo": "bar",
        }))
    nested_secret = vault.kv.SecretV2("nested_secret",
        mount=kvv2.path,
        name=azure_secret.name.apply(lambda name: f"{name}/dev"),
        data_json=json.dumps({
            "password": "test",
        }))
    secrets = vault.kv.get_secrets_list_v2_output(mount=kvv2.path)
    nested_secrets = kvv2.path.apply(lambda path: vault.kv.get_secrets_list_v2_output(mount=path,
        name=test2["name"]))
    
    package main
    
    import (
    	"encoding/json"
    	"fmt"
    
    	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
    	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/kv"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		kvv2, err := vault.NewMount(ctx, "kvv2", &vault.MountArgs{
    			Path: pulumi.String("kvv2"),
    			Type: pulumi.String("kv"),
    			Options: pulumi.StringMap{
    				"version": pulumi.String("2"),
    			},
    			Description: pulumi.String("KV Version 2 secret engine mount"),
    		})
    		if err != nil {
    			return err
    		}
    		tmpJSON0, err := json.Marshal(map[string]interface{}{
    			"zip": "zap",
    		})
    		if err != nil {
    			return err
    		}
    		json0 := string(tmpJSON0)
    		_, err = kv.NewSecretV2(ctx, "aws_secret", &kv.SecretV2Args{
    			Mount:    kvv2.Path,
    			Name:     pulumi.String("aws_secret"),
    			DataJson: pulumi.String(json0),
    		})
    		if err != nil {
    			return err
    		}
    		tmpJSON1, err := json.Marshal(map[string]interface{}{
    			"foo": "bar",
    		})
    		if err != nil {
    			return err
    		}
    		json1 := string(tmpJSON1)
    		azureSecret, err := kv.NewSecretV2(ctx, "azure_secret", &kv.SecretV2Args{
    			Mount:    kvv2.Path,
    			Name:     pulumi.String("azure_secret"),
    			DataJson: pulumi.String(json1),
    		})
    		if err != nil {
    			return err
    		}
    		tmpJSON2, err := json.Marshal(map[string]interface{}{
    			"password": "test",
    		})
    		if err != nil {
    			return err
    		}
    		json2 := string(tmpJSON2)
    		_, err = kv.NewSecretV2(ctx, "nested_secret", &kv.SecretV2Args{
    			Mount: kvv2.Path,
    			Name: azureSecret.Name.ApplyT(func(name string) (string, error) {
    				return fmt.Sprintf("%v/dev", name), nil
    			}).(pulumi.StringOutput),
    			DataJson: pulumi.String(json2),
    		})
    		if err != nil {
    			return err
    		}
    		_ = kv.GetSecretsListV2Output(ctx, kv.GetSecretsListV2OutputArgs{
    			Mount: kvv2.Path,
    		}, nil)
    		_ = kvv2.Path.ApplyT(func(path string) (kv.GetSecretsListV2Result, error) {
    			return kv.GetSecretsListV2Result(interface{}(kv.GetSecretsListV2Output(ctx, kv.GetSecretsListV2OutputArgs{
    				Mount: path,
    				Name:  test2.Name,
    			}, nil))), nil
    		}).(kv.GetSecretsListV2ResultOutput)
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using System.Text.Json;
    using Pulumi;
    using Vault = Pulumi.Vault;
    
    return await Deployment.RunAsync(() => 
    {
        var kvv2 = new Vault.Mount("kvv2", new()
        {
            Path = "kvv2",
            Type = "kv",
            Options = 
            {
                { "version", "2" },
            },
            Description = "KV Version 2 secret engine mount",
        });
    
        var awsSecret = new Vault.Kv.SecretV2("aws_secret", new()
        {
            Mount = kvv2.Path,
            Name = "aws_secret",
            DataJson = JsonSerializer.Serialize(new Dictionary<string, object?>
            {
                ["zip"] = "zap",
            }),
        });
    
        var azureSecret = new Vault.Kv.SecretV2("azure_secret", new()
        {
            Mount = kvv2.Path,
            Name = "azure_secret",
            DataJson = JsonSerializer.Serialize(new Dictionary<string, object?>
            {
                ["foo"] = "bar",
            }),
        });
    
        var nestedSecret = new Vault.Kv.SecretV2("nested_secret", new()
        {
            Mount = kvv2.Path,
            Name = azureSecret.Name.Apply(name => $"{name}/dev"),
            DataJson = JsonSerializer.Serialize(new Dictionary<string, object?>
            {
                ["password"] = "test",
            }),
        });
    
        var secrets = Vault.kv.GetSecretsListV2.Invoke(new()
        {
            Mount = kvv2.Path,
        });
    
        var nestedSecrets = Vault.kv.GetSecretsListV2.Invoke(new()
        {
            Mount = kvv2.Path,
            Name = test2.Name,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.vault.Mount;
    import com.pulumi.vault.MountArgs;
    import com.pulumi.vault.kv.SecretV2;
    import com.pulumi.vault.kv.SecretV2Args;
    import com.pulumi.vault.kv.KvFunctions;
    import com.pulumi.vault.kv.inputs.GetSecretsListV2Args;
    import static com.pulumi.codegen.internal.Serialization.*;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var kvv2 = new Mount("kvv2", MountArgs.builder()
                .path("kvv2")
                .type("kv")
                .options(Map.of("version", "2"))
                .description("KV Version 2 secret engine mount")
                .build());
    
            var awsSecret = new SecretV2("awsSecret", SecretV2Args.builder()
                .mount(kvv2.path())
                .name("aws_secret")
                .dataJson(serializeJson(
                    jsonObject(
                        jsonProperty("zip", "zap")
                    )))
                .build());
    
            var azureSecret = new SecretV2("azureSecret", SecretV2Args.builder()
                .mount(kvv2.path())
                .name("azure_secret")
                .dataJson(serializeJson(
                    jsonObject(
                        jsonProperty("foo", "bar")
                    )))
                .build());
    
            var nestedSecret = new SecretV2("nestedSecret", SecretV2Args.builder()
                .mount(kvv2.path())
                .name(azureSecret.name().applyValue(name -> String.format("%s/dev", name)))
                .dataJson(serializeJson(
                    jsonObject(
                        jsonProperty("password", "test")
                    )))
                .build());
    
            final var secrets = KvFunctions.getSecretsListV2(GetSecretsListV2Args.builder()
                .mount(kvv2.path())
                .build());
    
            final var nestedSecrets = KvFunctions.getSecretsListV2(GetSecretsListV2Args.builder()
                .mount(kvv2.path())
                .name(test2.name())
                .build());
    
        }
    }
    
    resources:
      kvv2:
        type: vault:Mount
        properties:
          path: kvv2
          type: kv
          options:
            version: '2'
          description: KV Version 2 secret engine mount
      awsSecret:
        type: vault:kv:SecretV2
        name: aws_secret
        properties:
          mount: ${kvv2.path}
          name: aws_secret
          dataJson:
            fn::toJSON:
              zip: zap
      azureSecret:
        type: vault:kv:SecretV2
        name: azure_secret
        properties:
          mount: ${kvv2.path}
          name: azure_secret
          dataJson:
            fn::toJSON:
              foo: bar
      nestedSecret:
        type: vault:kv:SecretV2
        name: nested_secret
        properties:
          mount: ${kvv2.path}
          name: ${azureSecret.name}/dev
          dataJson:
            fn::toJSON:
              password: test
    variables:
      secrets:
        fn::invoke:
          Function: vault:kv:getSecretsListV2
          Arguments:
            mount: ${kvv2.path}
      nestedSecrets:
        fn::invoke:
          Function: vault:kv:getSecretsListV2
          Arguments:
            mount: ${kvv2.path}
            name: ${test2.name}
    

    Required Vault Capabilities

    Use of this resource requires the read capability on the given path.

    Using getSecretsListV2

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getSecretsListV2(args: GetSecretsListV2Args, opts?: InvokeOptions): Promise<GetSecretsListV2Result>
    function getSecretsListV2Output(args: GetSecretsListV2OutputArgs, opts?: InvokeOptions): Output<GetSecretsListV2Result>
    def get_secrets_list_v2(mount: Optional[str] = None,
                            name: Optional[str] = None,
                            namespace: Optional[str] = None,
                            opts: Optional[InvokeOptions] = None) -> GetSecretsListV2Result
    def get_secrets_list_v2_output(mount: Optional[pulumi.Input[str]] = None,
                            name: Optional[pulumi.Input[str]] = None,
                            namespace: Optional[pulumi.Input[str]] = None,
                            opts: Optional[InvokeOptions] = None) -> Output[GetSecretsListV2Result]
    func GetSecretsListV2(ctx *Context, args *GetSecretsListV2Args, opts ...InvokeOption) (*GetSecretsListV2Result, error)
    func GetSecretsListV2Output(ctx *Context, args *GetSecretsListV2OutputArgs, opts ...InvokeOption) GetSecretsListV2ResultOutput

    > Note: This function is named GetSecretsListV2 in the Go SDK.

    public static class GetSecretsListV2 
    {
        public static Task<GetSecretsListV2Result> InvokeAsync(GetSecretsListV2Args args, InvokeOptions? opts = null)
        public static Output<GetSecretsListV2Result> Invoke(GetSecretsListV2InvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetSecretsListV2Result> getSecretsListV2(GetSecretsListV2Args args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: vault:kv/getSecretsListV2:getSecretsListV2
      arguments:
        # arguments dictionary

    The following arguments are supported:

    Mount string
    Path where KV-V2 engine is mounted.
    Name string
    Full name of the secret. For a nested secret the name is the nested path excluding the mount and data prefix. For example, for a secret at kvv2/data/foo/bar/baz the name is foo/bar/baz.
    Namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    Mount string
    Path where KV-V2 engine is mounted.
    Name string
    Full name of the secret. For a nested secret the name is the nested path excluding the mount and data prefix. For example, for a secret at kvv2/data/foo/bar/baz the name is foo/bar/baz.
    Namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    mount String
    Path where KV-V2 engine is mounted.
    name String
    Full name of the secret. For a nested secret the name is the nested path excluding the mount and data prefix. For example, for a secret at kvv2/data/foo/bar/baz the name is foo/bar/baz.
    namespace String
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    mount string
    Path where KV-V2 engine is mounted.
    name string
    Full name of the secret. For a nested secret the name is the nested path excluding the mount and data prefix. For example, for a secret at kvv2/data/foo/bar/baz the name is foo/bar/baz.
    namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    mount str
    Path where KV-V2 engine is mounted.
    name str
    Full name of the secret. For a nested secret the name is the nested path excluding the mount and data prefix. For example, for a secret at kvv2/data/foo/bar/baz the name is foo/bar/baz.
    namespace str
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    mount String
    Path where KV-V2 engine is mounted.
    name String
    Full name of the secret. For a nested secret the name is the nested path excluding the mount and data prefix. For example, for a secret at kvv2/data/foo/bar/baz the name is foo/bar/baz.
    namespace String
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    getSecretsListV2 Result

    The following output properties are available:

    Id string
    The provider-assigned unique ID for this managed resource.
    Mount string
    Names List<string>
    List of all secret names listed under the given path.
    Path string
    Full path where the KV-V2 secrets are listed.
    Name string
    Namespace string
    Id string
    The provider-assigned unique ID for this managed resource.
    Mount string
    Names []string
    List of all secret names listed under the given path.
    Path string
    Full path where the KV-V2 secrets are listed.
    Name string
    Namespace string
    id String
    The provider-assigned unique ID for this managed resource.
    mount String
    names List<String>
    List of all secret names listed under the given path.
    path String
    Full path where the KV-V2 secrets are listed.
    name String
    namespace String
    id string
    The provider-assigned unique ID for this managed resource.
    mount string
    names string[]
    List of all secret names listed under the given path.
    path string
    Full path where the KV-V2 secrets are listed.
    name string
    namespace string
    id str
    The provider-assigned unique ID for this managed resource.
    mount str
    names Sequence[str]
    List of all secret names listed under the given path.
    path str
    Full path where the KV-V2 secrets are listed.
    name str
    namespace str
    id String
    The provider-assigned unique ID for this managed resource.
    mount String
    names List<String>
    List of all secret names listed under the given path.
    path String
    Full path where the KV-V2 secrets are listed.
    name String
    namespace String

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the vault Terraform Provider.
    vault logo
    HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi