HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi
vault.kv.getSecretV2
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const kvv2 = new vault.Mount("kvv2", {
path: "kvv2",
type: "kv",
options: {
version: "2",
},
description: "KV Version 2 secret engine mount",
});
const exampleSecretV2 = new vault.kv.SecretV2("example", {
mount: kvv2.path,
name: "secret",
deleteAllVersions: true,
dataJson: JSON.stringify({
zip: "zap",
foo: "bar",
}),
});
const example = vault.kv.getSecretV2Output({
mount: kvv2.path,
name: exampleSecretV2.name,
});
import pulumi
import json
import pulumi_vault as vault
kvv2 = vault.Mount("kvv2",
path="kvv2",
type="kv",
options={
"version": "2",
},
description="KV Version 2 secret engine mount")
example_secret_v2 = vault.kv.SecretV2("example",
mount=kvv2.path,
name="secret",
delete_all_versions=True,
data_json=json.dumps({
"zip": "zap",
"foo": "bar",
}))
example = vault.kv.get_secret_v2_output(mount=kvv2.path,
name=example_secret_v2.name)
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/kv"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
kvv2, err := vault.NewMount(ctx, "kvv2", &vault.MountArgs{
Path: pulumi.String("kvv2"),
Type: pulumi.String("kv"),
Options: pulumi.StringMap{
"version": pulumi.String("2"),
},
Description: pulumi.String("KV Version 2 secret engine mount"),
})
if err != nil {
return err
}
tmpJSON0, err := json.Marshal(map[string]interface{}{
"zip": "zap",
"foo": "bar",
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
exampleSecretV2, err := kv.NewSecretV2(ctx, "example", &kv.SecretV2Args{
Mount: kvv2.Path,
Name: pulumi.String("secret"),
DeleteAllVersions: pulumi.Bool(true),
DataJson: pulumi.String(json0),
})
if err != nil {
return err
}
_ = kv.LookupSecretV2Output(ctx, kv.GetSecretV2OutputArgs{
Mount: kvv2.Path,
Name: exampleSecretV2.Name,
}, nil)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var kvv2 = new Vault.Mount("kvv2", new()
{
Path = "kvv2",
Type = "kv",
Options =
{
{ "version", "2" },
},
Description = "KV Version 2 secret engine mount",
});
var exampleSecretV2 = new Vault.Kv.SecretV2("example", new()
{
Mount = kvv2.Path,
Name = "secret",
DeleteAllVersions = true,
DataJson = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["zip"] = "zap",
["foo"] = "bar",
}),
});
var example = Vault.kv.GetSecretV2.Invoke(new()
{
Mount = kvv2.Path,
Name = exampleSecretV2.Name,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import com.pulumi.vault.kv.SecretV2;
import com.pulumi.vault.kv.SecretV2Args;
import com.pulumi.vault.kv.KvFunctions;
import com.pulumi.vault.kv.inputs.GetSecretV2Args;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var kvv2 = new Mount("kvv2", MountArgs.builder()
.path("kvv2")
.type("kv")
.options(Map.of("version", "2"))
.description("KV Version 2 secret engine mount")
.build());
var exampleSecretV2 = new SecretV2("exampleSecretV2", SecretV2Args.builder()
.mount(kvv2.path())
.name("secret")
.deleteAllVersions(true)
.dataJson(serializeJson(
jsonObject(
jsonProperty("zip", "zap"),
jsonProperty("foo", "bar")
)))
.build());
final var example = KvFunctions.getSecretV2(GetSecretV2Args.builder()
.mount(kvv2.path())
.name(exampleSecretV2.name())
.build());
}
}
resources:
kvv2:
type: vault:Mount
properties:
path: kvv2
type: kv
options:
version: '2'
description: KV Version 2 secret engine mount
exampleSecretV2:
type: vault:kv:SecretV2
name: example
properties:
mount: ${kvv2.path}
name: secret
deleteAllVersions: true
dataJson:
fn::toJSON:
zip: zap
foo: bar
variables:
example:
fn::invoke:
Function: vault:kv:getSecretV2
Arguments:
mount: ${kvv2.path}
name: ${exampleSecretV2.name}
Required Vault Capabilities
Use of this resource requires the read
capability on the given path.
Using getSecretV2
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getSecretV2(args: GetSecretV2Args, opts?: InvokeOptions): Promise<GetSecretV2Result>
function getSecretV2Output(args: GetSecretV2OutputArgs, opts?: InvokeOptions): Output<GetSecretV2Result>
def get_secret_v2(mount: Optional[str] = None,
name: Optional[str] = None,
namespace: Optional[str] = None,
version: Optional[int] = None,
opts: Optional[InvokeOptions] = None) -> GetSecretV2Result
def get_secret_v2_output(mount: Optional[pulumi.Input[str]] = None,
name: Optional[pulumi.Input[str]] = None,
namespace: Optional[pulumi.Input[str]] = None,
version: Optional[pulumi.Input[int]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetSecretV2Result]
func LookupSecretV2(ctx *Context, args *LookupSecretV2Args, opts ...InvokeOption) (*LookupSecretV2Result, error)
func LookupSecretV2Output(ctx *Context, args *LookupSecretV2OutputArgs, opts ...InvokeOption) LookupSecretV2ResultOutput
> Note: This function is named LookupSecretV2
in the Go SDK.
public static class GetSecretV2
{
public static Task<GetSecretV2Result> InvokeAsync(GetSecretV2Args args, InvokeOptions? opts = null)
public static Output<GetSecretV2Result> Invoke(GetSecretV2InvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetSecretV2Result> getSecretV2(GetSecretV2Args args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: vault:kv/getSecretV2:getSecretV2
arguments:
# arguments dictionary
The following arguments are supported:
- Mount string
- Path where KV-V2 engine is mounted.
- Name string
- Full name of the secret. For a nested secret
the name is the nested path excluding the mount and data
prefix. For example, for a secret at
kvv2/data/foo/bar/baz
the name isfoo/bar/baz
. - Namespace string
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - Version int
- Version of the secret to retrieve.
- Mount string
- Path where KV-V2 engine is mounted.
- Name string
- Full name of the secret. For a nested secret
the name is the nested path excluding the mount and data
prefix. For example, for a secret at
kvv2/data/foo/bar/baz
the name isfoo/bar/baz
. - Namespace string
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - Version int
- Version of the secret to retrieve.
- mount String
- Path where KV-V2 engine is mounted.
- name String
- Full name of the secret. For a nested secret
the name is the nested path excluding the mount and data
prefix. For example, for a secret at
kvv2/data/foo/bar/baz
the name isfoo/bar/baz
. - namespace String
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - version Integer
- Version of the secret to retrieve.
- mount string
- Path where KV-V2 engine is mounted.
- name string
- Full name of the secret. For a nested secret
the name is the nested path excluding the mount and data
prefix. For example, for a secret at
kvv2/data/foo/bar/baz
the name isfoo/bar/baz
. - namespace string
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - version number
- Version of the secret to retrieve.
- mount str
- Path where KV-V2 engine is mounted.
- name str
- Full name of the secret. For a nested secret
the name is the nested path excluding the mount and data
prefix. For example, for a secret at
kvv2/data/foo/bar/baz
the name isfoo/bar/baz
. - namespace str
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - version int
- Version of the secret to retrieve.
- mount String
- Path where KV-V2 engine is mounted.
- name String
- Full name of the secret. For a nested secret
the name is the nested path excluding the mount and data
prefix. For example, for a secret at
kvv2/data/foo/bar/baz
the name isfoo/bar/baz
. - namespace String
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - version Number
- Version of the secret to retrieve.
getSecretV2 Result
The following output properties are available:
- Created
Time string - Time at which secret was created.
- Custom
Metadata Dictionary<string, string> - Custom metadata for the secret.
- Data Dictionary<string, string>
- A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
- Data
Json string - JSON-encoded string that that is read as the secret data at the given path.
- Deletion
Time string - Deletion time for the secret.
- Destroyed bool
- Indicates whether the secret has been destroyed.
- Id string
- The provider-assigned unique ID for this managed resource.
- Mount string
- Name string
- Path string
- Full path where the KVV2 secret is written.
- Namespace string
- Version int
- Version of the secret.
- Created
Time string - Time at which secret was created.
- Custom
Metadata map[string]string - Custom metadata for the secret.
- Data map[string]string
- A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
- Data
Json string - JSON-encoded string that that is read as the secret data at the given path.
- Deletion
Time string - Deletion time for the secret.
- Destroyed bool
- Indicates whether the secret has been destroyed.
- Id string
- The provider-assigned unique ID for this managed resource.
- Mount string
- Name string
- Path string
- Full path where the KVV2 secret is written.
- Namespace string
- Version int
- Version of the secret.
- created
Time String - Time at which secret was created.
- custom
Metadata Map<String,String> - Custom metadata for the secret.
- data Map<String,String>
- A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
- data
Json String - JSON-encoded string that that is read as the secret data at the given path.
- deletion
Time String - Deletion time for the secret.
- destroyed Boolean
- Indicates whether the secret has been destroyed.
- id String
- The provider-assigned unique ID for this managed resource.
- mount String
- name String
- path String
- Full path where the KVV2 secret is written.
- namespace String
- version Integer
- Version of the secret.
- created
Time string - Time at which secret was created.
- custom
Metadata {[key: string]: string} - Custom metadata for the secret.
- data {[key: string]: string}
- A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
- data
Json string - JSON-encoded string that that is read as the secret data at the given path.
- deletion
Time string - Deletion time for the secret.
- destroyed boolean
- Indicates whether the secret has been destroyed.
- id string
- The provider-assigned unique ID for this managed resource.
- mount string
- name string
- path string
- Full path where the KVV2 secret is written.
- namespace string
- version number
- Version of the secret.
- created_
time str - Time at which secret was created.
- custom_
metadata Mapping[str, str] - Custom metadata for the secret.
- data Mapping[str, str]
- A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
- data_
json str - JSON-encoded string that that is read as the secret data at the given path.
- deletion_
time str - Deletion time for the secret.
- destroyed bool
- Indicates whether the secret has been destroyed.
- id str
- The provider-assigned unique ID for this managed resource.
- mount str
- name str
- path str
- Full path where the KVV2 secret is written.
- namespace str
- version int
- Version of the secret.
- created
Time String - Time at which secret was created.
- custom
Metadata Map<String> - Custom metadata for the secret.
- data Map<String>
- A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
- data
Json String - JSON-encoded string that that is read as the secret data at the given path.
- deletion
Time String - Deletion time for the secret.
- destroyed Boolean
- Indicates whether the secret has been destroyed.
- id String
- The provider-assigned unique ID for this managed resource.
- mount String
- name String
- path String
- Full path where the KVV2 secret is written.
- namespace String
- version Number
- Version of the secret.
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
vault
Terraform Provider.