vault.secrets.SyncAssociation
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const kvv2 = new vault.Mount("kvv2", {
path: "kvv2",
type: "kv",
options: {
version: "2",
},
description: "KV Version 2 secret engine mount",
});
const token = new vault.kv.SecretV2("token", {
mount: kvv2.path,
name: "token",
dataJson: JSON.stringify({
dev: "B!gS3cr3t",
prod: "S3cureP4$$",
}),
});
const gh = new vault.secrets.SyncGhDestination("gh", {
name: "gh-dest",
accessToken: accessToken,
repositoryOwner: repoOwner,
repositoryName: "repo-name-example",
secretNameTemplate: "vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
});
const ghToken = new vault.secrets.SyncAssociation("gh_token", {
name: gh.name,
type: gh.type,
mount: kvv2.path,
secretName: token.name,
});
import pulumi
import json
import pulumi_vault as vault
kvv2 = vault.Mount("kvv2",
path="kvv2",
type="kv",
options={
"version": "2",
},
description="KV Version 2 secret engine mount")
token = vault.kv.SecretV2("token",
mount=kvv2.path,
name="token",
data_json=json.dumps({
"dev": "B!gS3cr3t",
"prod": "S3cureP4$$",
}))
gh = vault.secrets.SyncGhDestination("gh",
name="gh-dest",
access_token=access_token,
repository_owner=repo_owner,
repository_name="repo-name-example",
secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}")
gh_token = vault.secrets.SyncAssociation("gh_token",
name=gh.name,
type=gh.type,
mount=kvv2.path,
secret_name=token.name)
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/kv"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/secrets"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
kvv2, err := vault.NewMount(ctx, "kvv2", &vault.MountArgs{
Path: pulumi.String("kvv2"),
Type: pulumi.String("kv"),
Options: pulumi.StringMap{
"version": pulumi.String("2"),
},
Description: pulumi.String("KV Version 2 secret engine mount"),
})
if err != nil {
return err
}
tmpJSON0, err := json.Marshal(map[string]interface{}{
"dev": "B!gS3cr3t",
"prod": "S3cureP4$$",
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
token, err := kv.NewSecretV2(ctx, "token", &kv.SecretV2Args{
Mount: kvv2.Path,
Name: pulumi.String("token"),
DataJson: pulumi.String(json0),
})
if err != nil {
return err
}
gh, err := secrets.NewSyncGhDestination(ctx, "gh", &secrets.SyncGhDestinationArgs{
Name: pulumi.String("gh-dest"),
AccessToken: pulumi.Any(accessToken),
RepositoryOwner: pulumi.Any(repoOwner),
RepositoryName: pulumi.String("repo-name-example"),
SecretNameTemplate: pulumi.String("vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}"),
})
if err != nil {
return err
}
_, err = secrets.NewSyncAssociation(ctx, "gh_token", &secrets.SyncAssociationArgs{
Name: gh.Name,
Type: gh.Type,
Mount: kvv2.Path,
SecretName: token.Name,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var kvv2 = new Vault.Mount("kvv2", new()
{
Path = "kvv2",
Type = "kv",
Options =
{
{ "version", "2" },
},
Description = "KV Version 2 secret engine mount",
});
var token = new Vault.Kv.SecretV2("token", new()
{
Mount = kvv2.Path,
Name = "token",
DataJson = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["dev"] = "B!gS3cr3t",
["prod"] = "S3cureP4$$",
}),
});
var gh = new Vault.Secrets.SyncGhDestination("gh", new()
{
Name = "gh-dest",
AccessToken = accessToken,
RepositoryOwner = repoOwner,
RepositoryName = "repo-name-example",
SecretNameTemplate = "vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
});
var ghToken = new Vault.Secrets.SyncAssociation("gh_token", new()
{
Name = gh.Name,
Type = gh.Type,
Mount = kvv2.Path,
SecretName = token.Name,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import com.pulumi.vault.kv.SecretV2;
import com.pulumi.vault.kv.SecretV2Args;
import com.pulumi.vault.secrets.SyncGhDestination;
import com.pulumi.vault.secrets.SyncGhDestinationArgs;
import com.pulumi.vault.secrets.SyncAssociation;
import com.pulumi.vault.secrets.SyncAssociationArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var kvv2 = new Mount("kvv2", MountArgs.builder()
.path("kvv2")
.type("kv")
.options(Map.of("version", "2"))
.description("KV Version 2 secret engine mount")
.build());
var token = new SecretV2("token", SecretV2Args.builder()
.mount(kvv2.path())
.name("token")
.dataJson(serializeJson(
jsonObject(
jsonProperty("dev", "B!gS3cr3t"),
jsonProperty("prod", "S3cureP4$$")
)))
.build());
var gh = new SyncGhDestination("gh", SyncGhDestinationArgs.builder()
.name("gh-dest")
.accessToken(accessToken)
.repositoryOwner(repoOwner)
.repositoryName("repo-name-example")
.secretNameTemplate("vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}")
.build());
var ghToken = new SyncAssociation("ghToken", SyncAssociationArgs.builder()
.name(gh.name())
.type(gh.type())
.mount(kvv2.path())
.secretName(token.name())
.build());
}
}
resources:
kvv2:
type: vault:Mount
properties:
path: kvv2
type: kv
options:
version: '2'
description: KV Version 2 secret engine mount
token:
type: vault:kv:SecretV2
properties:
mount: ${kvv2.path}
name: token
dataJson:
fn::toJSON:
dev: B!gS3cr3t
prod: S3cureP4$$
gh:
type: vault:secrets:SyncGhDestination
properties:
name: gh-dest
accessToken: ${accessToken}
repositoryOwner: ${repoOwner}
repositoryName: repo-name-example
secretNameTemplate: vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}
ghToken:
type: vault:secrets:SyncAssociation
name: gh_token
properties:
name: ${gh.name}
type: ${gh.type}
mount: ${kvv2.path}
secretName: ${token.name}
Create SyncAssociation Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SyncAssociation(name: string, args: SyncAssociationArgs, opts?: CustomResourceOptions);
@overload
def SyncAssociation(resource_name: str,
args: SyncAssociationArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SyncAssociation(resource_name: str,
opts: Optional[ResourceOptions] = None,
mount: Optional[str] = None,
secret_name: Optional[str] = None,
type: Optional[str] = None,
name: Optional[str] = None,
namespace: Optional[str] = None)
func NewSyncAssociation(ctx *Context, name string, args SyncAssociationArgs, opts ...ResourceOption) (*SyncAssociation, error)
public SyncAssociation(string name, SyncAssociationArgs args, CustomResourceOptions? opts = null)
public SyncAssociation(String name, SyncAssociationArgs args)
public SyncAssociation(String name, SyncAssociationArgs args, CustomResourceOptions options)
type: vault:secrets:SyncAssociation
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SyncAssociationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SyncAssociationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SyncAssociationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SyncAssociationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SyncAssociationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var syncAssociationResource = new Vault.Secrets.SyncAssociation("syncAssociationResource", new()
{
Mount = "string",
SecretName = "string",
Type = "string",
Name = "string",
Namespace = "string",
});
example, err := secrets.NewSyncAssociation(ctx, "syncAssociationResource", &secrets.SyncAssociationArgs{
Mount: pulumi.String("string"),
SecretName: pulumi.String("string"),
Type: pulumi.String("string"),
Name: pulumi.String("string"),
Namespace: pulumi.String("string"),
})
var syncAssociationResource = new SyncAssociation("syncAssociationResource", SyncAssociationArgs.builder()
.mount("string")
.secretName("string")
.type("string")
.name("string")
.namespace("string")
.build());
sync_association_resource = vault.secrets.SyncAssociation("syncAssociationResource",
mount="string",
secret_name="string",
type="string",
name="string",
namespace="string")
const syncAssociationResource = new vault.secrets.SyncAssociation("syncAssociationResource", {
mount: "string",
secretName: "string",
type: "string",
name: "string",
namespace: "string",
});
type: vault:secrets:SyncAssociation
properties:
mount: string
name: string
namespace: string
secretName: string
type: string
SyncAssociation Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SyncAssociation resource accepts the following input properties:
- Mount string
- Specifies the mount where the secret is located.
- Secret
Name string - Specifies the name of the secret to synchronize.
- Type string
- Specifies the destination type.
- Name string
- Specifies the name of the destination.
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace.
- Mount string
- Specifies the mount where the secret is located.
- Secret
Name string - Specifies the name of the secret to synchronize.
- Type string
- Specifies the destination type.
- Name string
- Specifies the name of the destination.
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace.
- mount String
- Specifies the mount where the secret is located.
- secret
Name String - Specifies the name of the secret to synchronize.
- type String
- Specifies the destination type.
- name String
- Specifies the name of the destination.
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace.
- mount string
- Specifies the mount where the secret is located.
- secret
Name string - Specifies the name of the secret to synchronize.
- type string
- Specifies the destination type.
- name string
- Specifies the name of the destination.
- namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace.
- mount str
- Specifies the mount where the secret is located.
- secret_
name str - Specifies the name of the secret to synchronize.
- type str
- Specifies the destination type.
- name str
- Specifies the name of the destination.
- namespace str
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace.
- mount String
- Specifies the mount where the secret is located.
- secret
Name String - Specifies the name of the secret to synchronize.
- type String
- Specifies the destination type.
- name String
- Specifies the name of the destination.
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace.
Outputs
All input properties are implicitly available as output properties. Additionally, the SyncAssociation resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Metadatas
List<Sync
Association Metadata> - Metadata for each subkey of the associated secret.
- Id string
- The provider-assigned unique ID for this managed resource.
- Metadatas
[]Sync
Association Metadata - Metadata for each subkey of the associated secret.
- id String
- The provider-assigned unique ID for this managed resource.
- metadatas
List<Sync
Association Metadata> - Metadata for each subkey of the associated secret.
- id string
- The provider-assigned unique ID for this managed resource.
- metadatas
Sync
Association Metadata[] - Metadata for each subkey of the associated secret.
- id str
- The provider-assigned unique ID for this managed resource.
- metadatas
Sequence[Sync
Association Metadata] - Metadata for each subkey of the associated secret.
- id String
- The provider-assigned unique ID for this managed resource.
- metadatas List<Property Map>
- Metadata for each subkey of the associated secret.
Look up Existing SyncAssociation Resource
Get an existing SyncAssociation resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SyncAssociationState, opts?: CustomResourceOptions): SyncAssociation
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
metadatas: Optional[Sequence[SyncAssociationMetadataArgs]] = None,
mount: Optional[str] = None,
name: Optional[str] = None,
namespace: Optional[str] = None,
secret_name: Optional[str] = None,
type: Optional[str] = None) -> SyncAssociation
func GetSyncAssociation(ctx *Context, name string, id IDInput, state *SyncAssociationState, opts ...ResourceOption) (*SyncAssociation, error)
public static SyncAssociation Get(string name, Input<string> id, SyncAssociationState? state, CustomResourceOptions? opts = null)
public static SyncAssociation get(String name, Output<String> id, SyncAssociationState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Metadatas
List<Sync
Association Metadata> - Metadata for each subkey of the associated secret.
- Mount string
- Specifies the mount where the secret is located.
- Name string
- Specifies the name of the destination.
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. - Secret
Name string - Specifies the name of the secret to synchronize.
- Type string
- Specifies the destination type.
- Metadatas
[]Sync
Association Metadata Args - Metadata for each subkey of the associated secret.
- Mount string
- Specifies the mount where the secret is located.
- Name string
- Specifies the name of the destination.
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. - Secret
Name string - Specifies the name of the secret to synchronize.
- Type string
- Specifies the destination type.
- metadatas
List<Sync
Association Metadata> - Metadata for each subkey of the associated secret.
- mount String
- Specifies the mount where the secret is located.
- name String
- Specifies the name of the destination.
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. - secret
Name String - Specifies the name of the secret to synchronize.
- type String
- Specifies the destination type.
- metadatas
Sync
Association Metadata[] - Metadata for each subkey of the associated secret.
- mount string
- Specifies the mount where the secret is located.
- name string
- Specifies the name of the destination.
- namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. - secret
Name string - Specifies the name of the secret to synchronize.
- type string
- Specifies the destination type.
- metadatas
Sequence[Sync
Association Metadata Args] - Metadata for each subkey of the associated secret.
- mount str
- Specifies the mount where the secret is located.
- name str
- Specifies the name of the destination.
- namespace str
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. - secret_
name str - Specifies the name of the secret to synchronize.
- type str
- Specifies the destination type.
- metadatas List<Property Map>
- Metadata for each subkey of the associated secret.
- mount String
- Specifies the mount where the secret is located.
- name String
- Specifies the name of the destination.
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. - secret
Name String - Specifies the name of the secret to synchronize.
- type String
- Specifies the destination type.
Supporting Types
SyncAssociationMetadata, SyncAssociationMetadataArgs
- Sub
Key string - Subkey of the associated secret.
- Sync
Status string - A map of sync statuses for each subkey of the associated secret
(for ex.
{kv_624bea/aws-token/dev: "SYNCED", kv_624bea/aws-token/prod: "SYNCED"}
). - Updated
At string - A map of duration strings specifying when each subkey of the associated
secret was last updated.
(for ex.
{kv_624bea/aws-token/dev: "2024-03-21T12:42:02.558533-07:00", kv_624bea/aws-token/prod: "2024-03-21T12:42:02.558533-07:00"}
).
- Sub
Key string - Subkey of the associated secret.
- Sync
Status string - A map of sync statuses for each subkey of the associated secret
(for ex.
{kv_624bea/aws-token/dev: "SYNCED", kv_624bea/aws-token/prod: "SYNCED"}
). - Updated
At string - A map of duration strings specifying when each subkey of the associated
secret was last updated.
(for ex.
{kv_624bea/aws-token/dev: "2024-03-21T12:42:02.558533-07:00", kv_624bea/aws-token/prod: "2024-03-21T12:42:02.558533-07:00"}
).
- sub
Key String - Subkey of the associated secret.
- sync
Status String - A map of sync statuses for each subkey of the associated secret
(for ex.
{kv_624bea/aws-token/dev: "SYNCED", kv_624bea/aws-token/prod: "SYNCED"}
). - updated
At String - A map of duration strings specifying when each subkey of the associated
secret was last updated.
(for ex.
{kv_624bea/aws-token/dev: "2024-03-21T12:42:02.558533-07:00", kv_624bea/aws-token/prod: "2024-03-21T12:42:02.558533-07:00"}
).
- sub
Key string - Subkey of the associated secret.
- sync
Status string - A map of sync statuses for each subkey of the associated secret
(for ex.
{kv_624bea/aws-token/dev: "SYNCED", kv_624bea/aws-token/prod: "SYNCED"}
). - updated
At string - A map of duration strings specifying when each subkey of the associated
secret was last updated.
(for ex.
{kv_624bea/aws-token/dev: "2024-03-21T12:42:02.558533-07:00", kv_624bea/aws-token/prod: "2024-03-21T12:42:02.558533-07:00"}
).
- sub_
key str - Subkey of the associated secret.
- sync_
status str - A map of sync statuses for each subkey of the associated secret
(for ex.
{kv_624bea/aws-token/dev: "SYNCED", kv_624bea/aws-token/prod: "SYNCED"}
). - updated_
at str - A map of duration strings specifying when each subkey of the associated
secret was last updated.
(for ex.
{kv_624bea/aws-token/dev: "2024-03-21T12:42:02.558533-07:00", kv_624bea/aws-token/prod: "2024-03-21T12:42:02.558533-07:00"}
).
- sub
Key String - Subkey of the associated secret.
- sync
Status String - A map of sync statuses for each subkey of the associated secret
(for ex.
{kv_624bea/aws-token/dev: "SYNCED", kv_624bea/aws-token/prod: "SYNCED"}
). - updated
At String - A map of duration strings specifying when each subkey of the associated
secret was last updated.
(for ex.
{kv_624bea/aws-token/dev: "2024-03-21T12:42:02.558533-07:00", kv_624bea/aws-token/prod: "2024-03-21T12:42:02.558533-07:00"}
).
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
vault
Terraform Provider.