1. Packages
  2. Pulumi Vault Provider
  3. API Docs
  4. secrets
  5. SyncAssociation
HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi

vault.secrets.SyncAssociation

Explore with Pulumi AI

vault logo
HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as vault from "@pulumi/vault";
    
    const kvv2 = new vault.Mount("kvv2", {
        path: "kvv2",
        type: "kv",
        options: {
            version: "2",
        },
        description: "KV Version 2 secret engine mount",
    });
    const token = new vault.kv.SecretV2("token", {
        mount: kvv2.path,
        name: "token",
        dataJson: JSON.stringify({
            dev: "B!gS3cr3t",
            prod: "S3cureP4$$",
        }),
    });
    const gh = new vault.secrets.SyncGhDestination("gh", {
        name: "gh-dest",
        accessToken: accessToken,
        repositoryOwner: repoOwner,
        repositoryName: "repo-name-example",
        secretNameTemplate: "vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
    });
    const ghToken = new vault.secrets.SyncAssociation("gh_token", {
        name: gh.name,
        type: gh.type,
        mount: kvv2.path,
        secretName: token.name,
    });
    
    import pulumi
    import json
    import pulumi_vault as vault
    
    kvv2 = vault.Mount("kvv2",
        path="kvv2",
        type="kv",
        options={
            "version": "2",
        },
        description="KV Version 2 secret engine mount")
    token = vault.kv.SecretV2("token",
        mount=kvv2.path,
        name="token",
        data_json=json.dumps({
            "dev": "B!gS3cr3t",
            "prod": "S3cureP4$$",
        }))
    gh = vault.secrets.SyncGhDestination("gh",
        name="gh-dest",
        access_token=access_token,
        repository_owner=repo_owner,
        repository_name="repo-name-example",
        secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}")
    gh_token = vault.secrets.SyncAssociation("gh_token",
        name=gh.name,
        type=gh.type,
        mount=kvv2.path,
        secret_name=token.name)
    
    package main
    
    import (
    	"encoding/json"
    
    	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
    	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/kv"
    	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/secrets"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		kvv2, err := vault.NewMount(ctx, "kvv2", &vault.MountArgs{
    			Path: pulumi.String("kvv2"),
    			Type: pulumi.String("kv"),
    			Options: pulumi.StringMap{
    				"version": pulumi.String("2"),
    			},
    			Description: pulumi.String("KV Version 2 secret engine mount"),
    		})
    		if err != nil {
    			return err
    		}
    		tmpJSON0, err := json.Marshal(map[string]interface{}{
    			"dev":  "B!gS3cr3t",
    			"prod": "S3cureP4$$",
    		})
    		if err != nil {
    			return err
    		}
    		json0 := string(tmpJSON0)
    		token, err := kv.NewSecretV2(ctx, "token", &kv.SecretV2Args{
    			Mount:    kvv2.Path,
    			Name:     pulumi.String("token"),
    			DataJson: pulumi.String(json0),
    		})
    		if err != nil {
    			return err
    		}
    		gh, err := secrets.NewSyncGhDestination(ctx, "gh", &secrets.SyncGhDestinationArgs{
    			Name:               pulumi.String("gh-dest"),
    			AccessToken:        pulumi.Any(accessToken),
    			RepositoryOwner:    pulumi.Any(repoOwner),
    			RepositoryName:     pulumi.String("repo-name-example"),
    			SecretNameTemplate: pulumi.String("vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = secrets.NewSyncAssociation(ctx, "gh_token", &secrets.SyncAssociationArgs{
    			Name:       gh.Name,
    			Type:       gh.Type,
    			Mount:      kvv2.Path,
    			SecretName: token.Name,
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using System.Text.Json;
    using Pulumi;
    using Vault = Pulumi.Vault;
    
    return await Deployment.RunAsync(() => 
    {
        var kvv2 = new Vault.Mount("kvv2", new()
        {
            Path = "kvv2",
            Type = "kv",
            Options = 
            {
                { "version", "2" },
            },
            Description = "KV Version 2 secret engine mount",
        });
    
        var token = new Vault.Kv.SecretV2("token", new()
        {
            Mount = kvv2.Path,
            Name = "token",
            DataJson = JsonSerializer.Serialize(new Dictionary<string, object?>
            {
                ["dev"] = "B!gS3cr3t",
                ["prod"] = "S3cureP4$$",
            }),
        });
    
        var gh = new Vault.Secrets.SyncGhDestination("gh", new()
        {
            Name = "gh-dest",
            AccessToken = accessToken,
            RepositoryOwner = repoOwner,
            RepositoryName = "repo-name-example",
            SecretNameTemplate = "vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
        });
    
        var ghToken = new Vault.Secrets.SyncAssociation("gh_token", new()
        {
            Name = gh.Name,
            Type = gh.Type,
            Mount = kvv2.Path,
            SecretName = token.Name,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.vault.Mount;
    import com.pulumi.vault.MountArgs;
    import com.pulumi.vault.kv.SecretV2;
    import com.pulumi.vault.kv.SecretV2Args;
    import com.pulumi.vault.secrets.SyncGhDestination;
    import com.pulumi.vault.secrets.SyncGhDestinationArgs;
    import com.pulumi.vault.secrets.SyncAssociation;
    import com.pulumi.vault.secrets.SyncAssociationArgs;
    import static com.pulumi.codegen.internal.Serialization.*;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var kvv2 = new Mount("kvv2", MountArgs.builder()
                .path("kvv2")
                .type("kv")
                .options(Map.of("version", "2"))
                .description("KV Version 2 secret engine mount")
                .build());
    
            var token = new SecretV2("token", SecretV2Args.builder()
                .mount(kvv2.path())
                .name("token")
                .dataJson(serializeJson(
                    jsonObject(
                        jsonProperty("dev", "B!gS3cr3t"),
                        jsonProperty("prod", "S3cureP4$$")
                    )))
                .build());
    
            var gh = new SyncGhDestination("gh", SyncGhDestinationArgs.builder()
                .name("gh-dest")
                .accessToken(accessToken)
                .repositoryOwner(repoOwner)
                .repositoryName("repo-name-example")
                .secretNameTemplate("vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}")
                .build());
    
            var ghToken = new SyncAssociation("ghToken", SyncAssociationArgs.builder()
                .name(gh.name())
                .type(gh.type())
                .mount(kvv2.path())
                .secretName(token.name())
                .build());
    
        }
    }
    
    resources:
      kvv2:
        type: vault:Mount
        properties:
          path: kvv2
          type: kv
          options:
            version: '2'
          description: KV Version 2 secret engine mount
      token:
        type: vault:kv:SecretV2
        properties:
          mount: ${kvv2.path}
          name: token
          dataJson:
            fn::toJSON:
              dev: B!gS3cr3t
              prod: S3cureP4$$
      gh:
        type: vault:secrets:SyncGhDestination
        properties:
          name: gh-dest
          accessToken: ${accessToken}
          repositoryOwner: ${repoOwner}
          repositoryName: repo-name-example
          secretNameTemplate: vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}
      ghToken:
        type: vault:secrets:SyncAssociation
        name: gh_token
        properties:
          name: ${gh.name}
          type: ${gh.type}
          mount: ${kvv2.path}
          secretName: ${token.name}
    

    Create SyncAssociation Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new SyncAssociation(name: string, args: SyncAssociationArgs, opts?: CustomResourceOptions);
    @overload
    def SyncAssociation(resource_name: str,
                        args: SyncAssociationArgs,
                        opts: Optional[ResourceOptions] = None)
    
    @overload
    def SyncAssociation(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        mount: Optional[str] = None,
                        secret_name: Optional[str] = None,
                        type: Optional[str] = None,
                        name: Optional[str] = None,
                        namespace: Optional[str] = None)
    func NewSyncAssociation(ctx *Context, name string, args SyncAssociationArgs, opts ...ResourceOption) (*SyncAssociation, error)
    public SyncAssociation(string name, SyncAssociationArgs args, CustomResourceOptions? opts = null)
    public SyncAssociation(String name, SyncAssociationArgs args)
    public SyncAssociation(String name, SyncAssociationArgs args, CustomResourceOptions options)
    
    type: vault:secrets:SyncAssociation
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args SyncAssociationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SyncAssociationArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SyncAssociationArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SyncAssociationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SyncAssociationArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var syncAssociationResource = new Vault.Secrets.SyncAssociation("syncAssociationResource", new()
    {
        Mount = "string",
        SecretName = "string",
        Type = "string",
        Name = "string",
        Namespace = "string",
    });
    
    example, err := secrets.NewSyncAssociation(ctx, "syncAssociationResource", &secrets.SyncAssociationArgs{
    	Mount:      pulumi.String("string"),
    	SecretName: pulumi.String("string"),
    	Type:       pulumi.String("string"),
    	Name:       pulumi.String("string"),
    	Namespace:  pulumi.String("string"),
    })
    
    var syncAssociationResource = new SyncAssociation("syncAssociationResource", SyncAssociationArgs.builder()
        .mount("string")
        .secretName("string")
        .type("string")
        .name("string")
        .namespace("string")
        .build());
    
    sync_association_resource = vault.secrets.SyncAssociation("syncAssociationResource",
        mount="string",
        secret_name="string",
        type="string",
        name="string",
        namespace="string")
    
    const syncAssociationResource = new vault.secrets.SyncAssociation("syncAssociationResource", {
        mount: "string",
        secretName: "string",
        type: "string",
        name: "string",
        namespace: "string",
    });
    
    type: vault:secrets:SyncAssociation
    properties:
        mount: string
        name: string
        namespace: string
        secretName: string
        type: string
    

    SyncAssociation Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The SyncAssociation resource accepts the following input properties:

    Mount string
    Specifies the mount where the secret is located.
    SecretName string
    Specifies the name of the secret to synchronize.
    Type string
    Specifies the destination type.
    Name string
    Specifies the name of the destination.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace.
    Mount string
    Specifies the mount where the secret is located.
    SecretName string
    Specifies the name of the secret to synchronize.
    Type string
    Specifies the destination type.
    Name string
    Specifies the name of the destination.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace.
    mount String
    Specifies the mount where the secret is located.
    secretName String
    Specifies the name of the secret to synchronize.
    type String
    Specifies the destination type.
    name String
    Specifies the name of the destination.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace.
    mount string
    Specifies the mount where the secret is located.
    secretName string
    Specifies the name of the secret to synchronize.
    type string
    Specifies the destination type.
    name string
    Specifies the name of the destination.
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace.
    mount str
    Specifies the mount where the secret is located.
    secret_name str
    Specifies the name of the secret to synchronize.
    type str
    Specifies the destination type.
    name str
    Specifies the name of the destination.
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace.
    mount String
    Specifies the mount where the secret is located.
    secretName String
    Specifies the name of the secret to synchronize.
    type String
    Specifies the destination type.
    name String
    Specifies the name of the destination.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the SyncAssociation resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Metadatas List<SyncAssociationMetadata>
    Metadata for each subkey of the associated secret.
    Id string
    The provider-assigned unique ID for this managed resource.
    Metadatas []SyncAssociationMetadata
    Metadata for each subkey of the associated secret.
    id String
    The provider-assigned unique ID for this managed resource.
    metadatas List<SyncAssociationMetadata>
    Metadata for each subkey of the associated secret.
    id string
    The provider-assigned unique ID for this managed resource.
    metadatas SyncAssociationMetadata[]
    Metadata for each subkey of the associated secret.
    id str
    The provider-assigned unique ID for this managed resource.
    metadatas Sequence[SyncAssociationMetadata]
    Metadata for each subkey of the associated secret.
    id String
    The provider-assigned unique ID for this managed resource.
    metadatas List<Property Map>
    Metadata for each subkey of the associated secret.

    Look up Existing SyncAssociation Resource

    Get an existing SyncAssociation resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SyncAssociationState, opts?: CustomResourceOptions): SyncAssociation
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            metadatas: Optional[Sequence[SyncAssociationMetadataArgs]] = None,
            mount: Optional[str] = None,
            name: Optional[str] = None,
            namespace: Optional[str] = None,
            secret_name: Optional[str] = None,
            type: Optional[str] = None) -> SyncAssociation
    func GetSyncAssociation(ctx *Context, name string, id IDInput, state *SyncAssociationState, opts ...ResourceOption) (*SyncAssociation, error)
    public static SyncAssociation Get(string name, Input<string> id, SyncAssociationState? state, CustomResourceOptions? opts = null)
    public static SyncAssociation get(String name, Output<String> id, SyncAssociationState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Metadatas List<SyncAssociationMetadata>
    Metadata for each subkey of the associated secret.
    Mount string
    Specifies the mount where the secret is located.
    Name string
    Specifies the name of the destination.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace.
    SecretName string
    Specifies the name of the secret to synchronize.
    Type string
    Specifies the destination type.
    Metadatas []SyncAssociationMetadataArgs
    Metadata for each subkey of the associated secret.
    Mount string
    Specifies the mount where the secret is located.
    Name string
    Specifies the name of the destination.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace.
    SecretName string
    Specifies the name of the secret to synchronize.
    Type string
    Specifies the destination type.
    metadatas List<SyncAssociationMetadata>
    Metadata for each subkey of the associated secret.
    mount String
    Specifies the mount where the secret is located.
    name String
    Specifies the name of the destination.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace.
    secretName String
    Specifies the name of the secret to synchronize.
    type String
    Specifies the destination type.
    metadatas SyncAssociationMetadata[]
    Metadata for each subkey of the associated secret.
    mount string
    Specifies the mount where the secret is located.
    name string
    Specifies the name of the destination.
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace.
    secretName string
    Specifies the name of the secret to synchronize.
    type string
    Specifies the destination type.
    metadatas Sequence[SyncAssociationMetadataArgs]
    Metadata for each subkey of the associated secret.
    mount str
    Specifies the mount where the secret is located.
    name str
    Specifies the name of the destination.
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace.
    secret_name str
    Specifies the name of the secret to synchronize.
    type str
    Specifies the destination type.
    metadatas List<Property Map>
    Metadata for each subkey of the associated secret.
    mount String
    Specifies the mount where the secret is located.
    name String
    Specifies the name of the destination.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace.
    secretName String
    Specifies the name of the secret to synchronize.
    type String
    Specifies the destination type.

    Supporting Types

    SyncAssociationMetadata, SyncAssociationMetadataArgs

    SubKey string
    Subkey of the associated secret.
    SyncStatus string
    A map of sync statuses for each subkey of the associated secret (for ex. {kv_624bea/aws-token/dev: "SYNCED", kv_624bea/aws-token/prod: "SYNCED"}).
    UpdatedAt string
    A map of duration strings specifying when each subkey of the associated secret was last updated. (for ex. {kv_624bea/aws-token/dev: "2024-03-21T12:42:02.558533-07:00", kv_624bea/aws-token/prod: "2024-03-21T12:42:02.558533-07:00"}).
    SubKey string
    Subkey of the associated secret.
    SyncStatus string
    A map of sync statuses for each subkey of the associated secret (for ex. {kv_624bea/aws-token/dev: "SYNCED", kv_624bea/aws-token/prod: "SYNCED"}).
    UpdatedAt string
    A map of duration strings specifying when each subkey of the associated secret was last updated. (for ex. {kv_624bea/aws-token/dev: "2024-03-21T12:42:02.558533-07:00", kv_624bea/aws-token/prod: "2024-03-21T12:42:02.558533-07:00"}).
    subKey String
    Subkey of the associated secret.
    syncStatus String
    A map of sync statuses for each subkey of the associated secret (for ex. {kv_624bea/aws-token/dev: "SYNCED", kv_624bea/aws-token/prod: "SYNCED"}).
    updatedAt String
    A map of duration strings specifying when each subkey of the associated secret was last updated. (for ex. {kv_624bea/aws-token/dev: "2024-03-21T12:42:02.558533-07:00", kv_624bea/aws-token/prod: "2024-03-21T12:42:02.558533-07:00"}).
    subKey string
    Subkey of the associated secret.
    syncStatus string
    A map of sync statuses for each subkey of the associated secret (for ex. {kv_624bea/aws-token/dev: "SYNCED", kv_624bea/aws-token/prod: "SYNCED"}).
    updatedAt string
    A map of duration strings specifying when each subkey of the associated secret was last updated. (for ex. {kv_624bea/aws-token/dev: "2024-03-21T12:42:02.558533-07:00", kv_624bea/aws-token/prod: "2024-03-21T12:42:02.558533-07:00"}).
    sub_key str
    Subkey of the associated secret.
    sync_status str
    A map of sync statuses for each subkey of the associated secret (for ex. {kv_624bea/aws-token/dev: "SYNCED", kv_624bea/aws-token/prod: "SYNCED"}).
    updated_at str
    A map of duration strings specifying when each subkey of the associated secret was last updated. (for ex. {kv_624bea/aws-token/dev: "2024-03-21T12:42:02.558533-07:00", kv_624bea/aws-token/prod: "2024-03-21T12:42:02.558533-07:00"}).
    subKey String
    Subkey of the associated secret.
    syncStatus String
    A map of sync statuses for each subkey of the associated secret (for ex. {kv_624bea/aws-token/dev: "SYNCED", kv_624bea/aws-token/prod: "SYNCED"}).
    updatedAt String
    A map of duration strings specifying when each subkey of the associated secret was last updated. (for ex. {kv_624bea/aws-token/dev: "2024-03-21T12:42:02.558533-07:00", kv_624bea/aws-token/prod: "2024-03-21T12:42:02.558533-07:00"}).

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the vault Terraform Provider.
    vault logo
    HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi