1. Packages
  2. Pulumi Vault Provider
  3. API Docs
  4. kv
  5. getSecretV2
HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi

vault.kv.getSecretV2

Explore with Pulumi AI

vault logo
HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as vault from "@pulumi/vault";
    
    const kvv2 = new vault.Mount("kvv2", {
        path: "kvv2",
        type: "kv",
        options: {
            version: "2",
        },
        description: "KV Version 2 secret engine mount",
    });
    const exampleSecretV2 = new vault.kv.SecretV2("example", {
        mount: kvv2.path,
        name: "secret",
        deleteAllVersions: true,
        dataJson: JSON.stringify({
            zip: "zap",
            foo: "bar",
        }),
    });
    const example = vault.kv.getSecretV2Output({
        mount: kvv2.path,
        name: exampleSecretV2.name,
    });
    
    import pulumi
    import json
    import pulumi_vault as vault
    
    kvv2 = vault.Mount("kvv2",
        path="kvv2",
        type="kv",
        options={
            "version": "2",
        },
        description="KV Version 2 secret engine mount")
    example_secret_v2 = vault.kv.SecretV2("example",
        mount=kvv2.path,
        name="secret",
        delete_all_versions=True,
        data_json=json.dumps({
            "zip": "zap",
            "foo": "bar",
        }))
    example = vault.kv.get_secret_v2_output(mount=kvv2.path,
        name=example_secret_v2.name)
    
    package main
    
    import (
    	"encoding/json"
    
    	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
    	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/kv"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		kvv2, err := vault.NewMount(ctx, "kvv2", &vault.MountArgs{
    			Path: pulumi.String("kvv2"),
    			Type: pulumi.String("kv"),
    			Options: pulumi.StringMap{
    				"version": pulumi.String("2"),
    			},
    			Description: pulumi.String("KV Version 2 secret engine mount"),
    		})
    		if err != nil {
    			return err
    		}
    		tmpJSON0, err := json.Marshal(map[string]interface{}{
    			"zip": "zap",
    			"foo": "bar",
    		})
    		if err != nil {
    			return err
    		}
    		json0 := string(tmpJSON0)
    		exampleSecretV2, err := kv.NewSecretV2(ctx, "example", &kv.SecretV2Args{
    			Mount:             kvv2.Path,
    			Name:              pulumi.String("secret"),
    			DeleteAllVersions: pulumi.Bool(true),
    			DataJson:          pulumi.String(json0),
    		})
    		if err != nil {
    			return err
    		}
    		_ = kv.LookupSecretV2Output(ctx, kv.GetSecretV2OutputArgs{
    			Mount: kvv2.Path,
    			Name:  exampleSecretV2.Name,
    		}, nil)
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using System.Text.Json;
    using Pulumi;
    using Vault = Pulumi.Vault;
    
    return await Deployment.RunAsync(() => 
    {
        var kvv2 = new Vault.Mount("kvv2", new()
        {
            Path = "kvv2",
            Type = "kv",
            Options = 
            {
                { "version", "2" },
            },
            Description = "KV Version 2 secret engine mount",
        });
    
        var exampleSecretV2 = new Vault.Kv.SecretV2("example", new()
        {
            Mount = kvv2.Path,
            Name = "secret",
            DeleteAllVersions = true,
            DataJson = JsonSerializer.Serialize(new Dictionary<string, object?>
            {
                ["zip"] = "zap",
                ["foo"] = "bar",
            }),
        });
    
        var example = Vault.kv.GetSecretV2.Invoke(new()
        {
            Mount = kvv2.Path,
            Name = exampleSecretV2.Name,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.vault.Mount;
    import com.pulumi.vault.MountArgs;
    import com.pulumi.vault.kv.SecretV2;
    import com.pulumi.vault.kv.SecretV2Args;
    import com.pulumi.vault.kv.KvFunctions;
    import com.pulumi.vault.kv.inputs.GetSecretV2Args;
    import static com.pulumi.codegen.internal.Serialization.*;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var kvv2 = new Mount("kvv2", MountArgs.builder()
                .path("kvv2")
                .type("kv")
                .options(Map.of("version", "2"))
                .description("KV Version 2 secret engine mount")
                .build());
    
            var exampleSecretV2 = new SecretV2("exampleSecretV2", SecretV2Args.builder()
                .mount(kvv2.path())
                .name("secret")
                .deleteAllVersions(true)
                .dataJson(serializeJson(
                    jsonObject(
                        jsonProperty("zip", "zap"),
                        jsonProperty("foo", "bar")
                    )))
                .build());
    
            final var example = KvFunctions.getSecretV2(GetSecretV2Args.builder()
                .mount(kvv2.path())
                .name(exampleSecretV2.name())
                .build());
    
        }
    }
    
    resources:
      kvv2:
        type: vault:Mount
        properties:
          path: kvv2
          type: kv
          options:
            version: '2'
          description: KV Version 2 secret engine mount
      exampleSecretV2:
        type: vault:kv:SecretV2
        name: example
        properties:
          mount: ${kvv2.path}
          name: secret
          deleteAllVersions: true
          dataJson:
            fn::toJSON:
              zip: zap
              foo: bar
    variables:
      example:
        fn::invoke:
          Function: vault:kv:getSecretV2
          Arguments:
            mount: ${kvv2.path}
            name: ${exampleSecretV2.name}
    

    Required Vault Capabilities

    Use of this resource requires the read capability on the given path.

    Using getSecretV2

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getSecretV2(args: GetSecretV2Args, opts?: InvokeOptions): Promise<GetSecretV2Result>
    function getSecretV2Output(args: GetSecretV2OutputArgs, opts?: InvokeOptions): Output<GetSecretV2Result>
    def get_secret_v2(mount: Optional[str] = None,
                      name: Optional[str] = None,
                      namespace: Optional[str] = None,
                      version: Optional[int] = None,
                      opts: Optional[InvokeOptions] = None) -> GetSecretV2Result
    def get_secret_v2_output(mount: Optional[pulumi.Input[str]] = None,
                      name: Optional[pulumi.Input[str]] = None,
                      namespace: Optional[pulumi.Input[str]] = None,
                      version: Optional[pulumi.Input[int]] = None,
                      opts: Optional[InvokeOptions] = None) -> Output[GetSecretV2Result]
    func LookupSecretV2(ctx *Context, args *LookupSecretV2Args, opts ...InvokeOption) (*LookupSecretV2Result, error)
    func LookupSecretV2Output(ctx *Context, args *LookupSecretV2OutputArgs, opts ...InvokeOption) LookupSecretV2ResultOutput

    > Note: This function is named LookupSecretV2 in the Go SDK.

    public static class GetSecretV2 
    {
        public static Task<GetSecretV2Result> InvokeAsync(GetSecretV2Args args, InvokeOptions? opts = null)
        public static Output<GetSecretV2Result> Invoke(GetSecretV2InvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetSecretV2Result> getSecretV2(GetSecretV2Args args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: vault:kv/getSecretV2:getSecretV2
      arguments:
        # arguments dictionary

    The following arguments are supported:

    Mount string
    Path where KV-V2 engine is mounted.
    Name string
    Full name of the secret. For a nested secret the name is the nested path excluding the mount and data prefix. For example, for a secret at kvv2/data/foo/bar/baz the name is foo/bar/baz.
    Namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    Version int
    Version of the secret to retrieve.
    Mount string
    Path where KV-V2 engine is mounted.
    Name string
    Full name of the secret. For a nested secret the name is the nested path excluding the mount and data prefix. For example, for a secret at kvv2/data/foo/bar/baz the name is foo/bar/baz.
    Namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    Version int
    Version of the secret to retrieve.
    mount String
    Path where KV-V2 engine is mounted.
    name String
    Full name of the secret. For a nested secret the name is the nested path excluding the mount and data prefix. For example, for a secret at kvv2/data/foo/bar/baz the name is foo/bar/baz.
    namespace String
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    version Integer
    Version of the secret to retrieve.
    mount string
    Path where KV-V2 engine is mounted.
    name string
    Full name of the secret. For a nested secret the name is the nested path excluding the mount and data prefix. For example, for a secret at kvv2/data/foo/bar/baz the name is foo/bar/baz.
    namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    version number
    Version of the secret to retrieve.
    mount str
    Path where KV-V2 engine is mounted.
    name str
    Full name of the secret. For a nested secret the name is the nested path excluding the mount and data prefix. For example, for a secret at kvv2/data/foo/bar/baz the name is foo/bar/baz.
    namespace str
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    version int
    Version of the secret to retrieve.
    mount String
    Path where KV-V2 engine is mounted.
    name String
    Full name of the secret. For a nested secret the name is the nested path excluding the mount and data prefix. For example, for a secret at kvv2/data/foo/bar/baz the name is foo/bar/baz.
    namespace String
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    version Number
    Version of the secret to retrieve.

    getSecretV2 Result

    The following output properties are available:

    CreatedTime string
    Time at which secret was created.
    CustomMetadata Dictionary<string, string>
    Custom metadata for the secret.
    Data Dictionary<string, string>
    A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
    DataJson string
    JSON-encoded string that that is read as the secret data at the given path.
    DeletionTime string
    Deletion time for the secret.
    Destroyed bool
    Indicates whether the secret has been destroyed.
    Id string
    The provider-assigned unique ID for this managed resource.
    Mount string
    Name string
    Path string
    Full path where the KVV2 secret is written.
    Namespace string
    Version int
    Version of the secret.
    CreatedTime string
    Time at which secret was created.
    CustomMetadata map[string]string
    Custom metadata for the secret.
    Data map[string]string
    A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
    DataJson string
    JSON-encoded string that that is read as the secret data at the given path.
    DeletionTime string
    Deletion time for the secret.
    Destroyed bool
    Indicates whether the secret has been destroyed.
    Id string
    The provider-assigned unique ID for this managed resource.
    Mount string
    Name string
    Path string
    Full path where the KVV2 secret is written.
    Namespace string
    Version int
    Version of the secret.
    createdTime String
    Time at which secret was created.
    customMetadata Map<String,String>
    Custom metadata for the secret.
    data Map<String,String>
    A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
    dataJson String
    JSON-encoded string that that is read as the secret data at the given path.
    deletionTime String
    Deletion time for the secret.
    destroyed Boolean
    Indicates whether the secret has been destroyed.
    id String
    The provider-assigned unique ID for this managed resource.
    mount String
    name String
    path String
    Full path where the KVV2 secret is written.
    namespace String
    version Integer
    Version of the secret.
    createdTime string
    Time at which secret was created.
    customMetadata {[key: string]: string}
    Custom metadata for the secret.
    data {[key: string]: string}
    A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
    dataJson string
    JSON-encoded string that that is read as the secret data at the given path.
    deletionTime string
    Deletion time for the secret.
    destroyed boolean
    Indicates whether the secret has been destroyed.
    id string
    The provider-assigned unique ID for this managed resource.
    mount string
    name string
    path string
    Full path where the KVV2 secret is written.
    namespace string
    version number
    Version of the secret.
    created_time str
    Time at which secret was created.
    custom_metadata Mapping[str, str]
    Custom metadata for the secret.
    data Mapping[str, str]
    A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
    data_json str
    JSON-encoded string that that is read as the secret data at the given path.
    deletion_time str
    Deletion time for the secret.
    destroyed bool
    Indicates whether the secret has been destroyed.
    id str
    The provider-assigned unique ID for this managed resource.
    mount str
    name str
    path str
    Full path where the KVV2 secret is written.
    namespace str
    version int
    Version of the secret.
    createdTime String
    Time at which secret was created.
    customMetadata Map<String>
    Custom metadata for the secret.
    data Map<String>
    A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
    dataJson String
    JSON-encoded string that that is read as the secret data at the given path.
    deletionTime String
    Deletion time for the secret.
    destroyed Boolean
    Indicates whether the secret has been destroyed.
    id String
    The provider-assigned unique ID for this managed resource.
    mount String
    name String
    path String
    Full path where the KVV2 secret is written.
    namespace String
    version Number
    Version of the secret.

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the vault Terraform Provider.
    vault logo
    HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi