1. Packages
  2. HashiCorp Vault
  3. API Docs
  4. generic
  5. getSecret
HashiCorp Vault v6.2.0 published on Friday, Jun 21, 2024 by Pulumi

vault.generic.getSecret

Explore with Pulumi AI

vault logo
HashiCorp Vault v6.2.0 published on Friday, Jun 21, 2024 by Pulumi

    Example Usage

    Generic secret

    import * as pulumi from "@pulumi/pulumi";
    import * as vault from "@pulumi/vault";
    
    const rundeckAuth = vault.generic.getSecret({
        path: "secret/rundeck_auth",
    });
    
    import pulumi
    import pulumi_vault as vault
    
    rundeck_auth = vault.generic.get_secret(path="secret/rundeck_auth")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/generic"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := generic.LookupSecret(ctx, &generic.LookupSecretArgs{
    			Path: "secret/rundeck_auth",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Vault = Pulumi.Vault;
    
    return await Deployment.RunAsync(() => 
    {
        var rundeckAuth = Vault.Generic.GetSecret.Invoke(new()
        {
            Path = "secret/rundeck_auth",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.vault.generic.GenericFunctions;
    import com.pulumi.vault.generic.inputs.GetSecretArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var rundeckAuth = GenericFunctions.getSecret(GetSecretArgs.builder()
                .path("secret/rundeck_auth")
                .build());
    
        }
    }
    
    variables:
      rundeckAuth:
        fn::invoke:
          Function: vault:generic:getSecret
          Arguments:
            path: secret/rundeck_auth
    

    KV

    For this example, consider example as a path for a KV engine.

    import * as pulumi from "@pulumi/pulumi";
    import * as vault from "@pulumi/vault";
    
    function notImplemented(message: string) {
        throw new Error(message);
    }
    
    const exampleCreds = vault.generic.getSecret({
        path: "example/creds",
    });
    const exampleTemplate = notImplemented("The template_file data resource is not yet supported.");
    
    import pulumi
    import pulumi_vault as vault
    
    
    def not_implemented(msg):
        raise NotImplementedError(msg)
    
    example_creds = vault.generic.get_secret(path="example/creds")
    example_template = not_implemented("The template_file data resource is not yet supported.")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/generic"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func notImplemented(message string) pulumi.AnyOutput {
    	panic(message)
    }
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := generic.LookupSecret(ctx, &generic.LookupSecretArgs{
    			Path: "example/creds",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_ = notImplemented("The template_file data resource is not yet supported.")
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Vault = Pulumi.Vault;
    
    	
    object NotImplemented(string errorMessage) 
    {
        throw new System.NotImplementedException(errorMessage);
    }
    
    return await Deployment.RunAsync(() => 
    {
        var exampleCreds = Vault.Generic.GetSecret.Invoke(new()
        {
            Path = "example/creds",
        });
    
        var exampleTemplate = NotImplemented("The template_file data resource is not yet supported.");
    
    });
    
    Coming soon!
    
    Coming soon!
    

    Required Vault Capabilities

    Use of this resource requires the read capability on the given path.

    Using getSecret

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getSecret(args: GetSecretArgs, opts?: InvokeOptions): Promise<GetSecretResult>
    function getSecretOutput(args: GetSecretOutputArgs, opts?: InvokeOptions): Output<GetSecretResult>
    def get_secret(namespace: Optional[str] = None,
                   path: Optional[str] = None,
                   version: Optional[int] = None,
                   with_lease_start_time: Optional[bool] = None,
                   opts: Optional[InvokeOptions] = None) -> GetSecretResult
    def get_secret_output(namespace: Optional[pulumi.Input[str]] = None,
                   path: Optional[pulumi.Input[str]] = None,
                   version: Optional[pulumi.Input[int]] = None,
                   with_lease_start_time: Optional[pulumi.Input[bool]] = None,
                   opts: Optional[InvokeOptions] = None) -> Output[GetSecretResult]
    func LookupSecret(ctx *Context, args *LookupSecretArgs, opts ...InvokeOption) (*LookupSecretResult, error)
    func LookupSecretOutput(ctx *Context, args *LookupSecretOutputArgs, opts ...InvokeOption) LookupSecretResultOutput

    > Note: This function is named LookupSecret in the Go SDK.

    public static class GetSecret 
    {
        public static Task<GetSecretResult> InvokeAsync(GetSecretArgs args, InvokeOptions? opts = null)
        public static Output<GetSecretResult> Invoke(GetSecretInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetSecretResult> getSecret(GetSecretArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: vault:generic/getSecret:getSecret
      arguments:
        # arguments dictionary

    The following arguments are supported:

    Path string
    The full logical path from which to request data. To read data from the "generic" secret backend mounted in Vault by default, this should be prefixed with secret/. Reading from other backends with this data source is possible; consult each backend's documentation to see which endpoints support the GET method.
    Namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    Version int
    The version of the secret to read. This is used by the Vault KV secrets engine - version 2 to indicate which version of the secret to read.
    WithLeaseStartTime bool
    If set to true, stores lease_start_time in the TF state. Note that storing the lease_start_time in the TF state will cause a persistent drift on every pulumi preview and will require a pulumi up.
    Path string
    The full logical path from which to request data. To read data from the "generic" secret backend mounted in Vault by default, this should be prefixed with secret/. Reading from other backends with this data source is possible; consult each backend's documentation to see which endpoints support the GET method.
    Namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    Version int
    The version of the secret to read. This is used by the Vault KV secrets engine - version 2 to indicate which version of the secret to read.
    WithLeaseStartTime bool
    If set to true, stores lease_start_time in the TF state. Note that storing the lease_start_time in the TF state will cause a persistent drift on every pulumi preview and will require a pulumi up.
    path String
    The full logical path from which to request data. To read data from the "generic" secret backend mounted in Vault by default, this should be prefixed with secret/. Reading from other backends with this data source is possible; consult each backend's documentation to see which endpoints support the GET method.
    namespace String
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    version Integer
    The version of the secret to read. This is used by the Vault KV secrets engine - version 2 to indicate which version of the secret to read.
    withLeaseStartTime Boolean
    If set to true, stores lease_start_time in the TF state. Note that storing the lease_start_time in the TF state will cause a persistent drift on every pulumi preview and will require a pulumi up.
    path string
    The full logical path from which to request data. To read data from the "generic" secret backend mounted in Vault by default, this should be prefixed with secret/. Reading from other backends with this data source is possible; consult each backend's documentation to see which endpoints support the GET method.
    namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    version number
    The version of the secret to read. This is used by the Vault KV secrets engine - version 2 to indicate which version of the secret to read.
    withLeaseStartTime boolean
    If set to true, stores lease_start_time in the TF state. Note that storing the lease_start_time in the TF state will cause a persistent drift on every pulumi preview and will require a pulumi up.
    path str
    The full logical path from which to request data. To read data from the "generic" secret backend mounted in Vault by default, this should be prefixed with secret/. Reading from other backends with this data source is possible; consult each backend's documentation to see which endpoints support the GET method.
    namespace str
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    version int
    The version of the secret to read. This is used by the Vault KV secrets engine - version 2 to indicate which version of the secret to read.
    with_lease_start_time bool
    If set to true, stores lease_start_time in the TF state. Note that storing the lease_start_time in the TF state will cause a persistent drift on every pulumi preview and will require a pulumi up.
    path String
    The full logical path from which to request data. To read data from the "generic" secret backend mounted in Vault by default, this should be prefixed with secret/. Reading from other backends with this data source is possible; consult each backend's documentation to see which endpoints support the GET method.
    namespace String
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    version Number
    The version of the secret to read. This is used by the Vault KV secrets engine - version 2 to indicate which version of the secret to read.
    withLeaseStartTime Boolean
    If set to true, stores lease_start_time in the TF state. Note that storing the lease_start_time in the TF state will cause a persistent drift on every pulumi preview and will require a pulumi up.

    getSecret Result

    The following output properties are available:

    Data Dictionary<string, object>
    A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
    DataJson string
    A string containing the full data payload retrieved from Vault, serialized in JSON format.
    Id string
    The provider-assigned unique ID for this managed resource.
    LeaseDuration int
    The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
    LeaseId string
    The lease identifier assigned by Vault, if any.
    LeaseRenewable bool
    LeaseStartTime string
    Path string
    Namespace string
    Version int
    WithLeaseStartTime bool
    Data map[string]interface{}
    A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
    DataJson string
    A string containing the full data payload retrieved from Vault, serialized in JSON format.
    Id string
    The provider-assigned unique ID for this managed resource.
    LeaseDuration int
    The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
    LeaseId string
    The lease identifier assigned by Vault, if any.
    LeaseRenewable bool
    LeaseStartTime string
    Path string
    Namespace string
    Version int
    WithLeaseStartTime bool
    data Map<String,Object>
    A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
    dataJson String
    A string containing the full data payload retrieved from Vault, serialized in JSON format.
    id String
    The provider-assigned unique ID for this managed resource.
    leaseDuration Integer
    The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
    leaseId String
    The lease identifier assigned by Vault, if any.
    leaseRenewable Boolean
    leaseStartTime String
    path String
    namespace String
    version Integer
    withLeaseStartTime Boolean
    data {[key: string]: any}
    A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
    dataJson string
    A string containing the full data payload retrieved from Vault, serialized in JSON format.
    id string
    The provider-assigned unique ID for this managed resource.
    leaseDuration number
    The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
    leaseId string
    The lease identifier assigned by Vault, if any.
    leaseRenewable boolean
    leaseStartTime string
    path string
    namespace string
    version number
    withLeaseStartTime boolean
    data Mapping[str, Any]
    A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
    data_json str
    A string containing the full data payload retrieved from Vault, serialized in JSON format.
    id str
    The provider-assigned unique ID for this managed resource.
    lease_duration int
    The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
    lease_id str
    The lease identifier assigned by Vault, if any.
    lease_renewable bool
    lease_start_time str
    path str
    namespace str
    version int
    with_lease_start_time bool
    data Map<Any>
    A mapping whose keys are the top-level data keys returned from Vault and whose values are the corresponding values. This map can only represent string data, so any non-string values returned from Vault are serialized as JSON.
    dataJson String
    A string containing the full data payload retrieved from Vault, serialized in JSON format.
    id String
    The provider-assigned unique ID for this managed resource.
    leaseDuration Number
    The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
    leaseId String
    The lease identifier assigned by Vault, if any.
    leaseRenewable Boolean
    leaseStartTime String
    path String
    namespace String
    version Number
    withLeaseStartTime Boolean

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the vault Terraform Provider.
    vault logo
    HashiCorp Vault v6.2.0 published on Friday, Jun 21, 2024 by Pulumi