pulumi-vault-kotlin/com.pulumi.vault.kv.kotlin/SecretArgs

SecretArgs

data class SecretArgs(val dataJson: Output<String>? = null, val namespace: Output<String>? = null, val path: Output<String>? = null) : ConvertibleToJava<SecretArgs>

Writes a KV-V1 secret to a given path in Vault. For more information on Vault's KV-V1 secret backend see here.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const kvv1 = new vault.Mount("kvv1", {
    path: "kvv1",
    type: "kv",
    options: {
        version: "1",
    },
    description: "KV Version 1 secret engine mount",
});
const secret = new vault.kv.Secret("secret", {
    path: pulumi.interpolate`${kvv1.path}/secret`,
    dataJson: JSON.stringify({
        zip: "zap",
        foo: "bar",
    }),
});
Content copied to clipboard
import pulumi
import json
import pulumi_vault as vault
kvv1 = vault.Mount("kvv1",
    path="kvv1",
    type="kv",
    options={
        "version": "1",
    },
    description="KV Version 1 secret engine mount")
secret = vault.kv.Secret("secret",
    path=kvv1.path.apply(lambda path: f"{path}/secret"),
    data_json=json.dumps({
        "zip": "zap",
        "foo": "bar",
    }))
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
    var kvv1 = new Vault.Mount("kvv1", new()
    {
        Path = "kvv1",
        Type = "kv",
        Options =
        {
            { "version", "1" },
        },
        Description = "KV Version 1 secret engine mount",
    });
    var secret = new Vault.Kv.Secret("secret", new()
    {
        Path = kvv1.Path.Apply(path => $"{path}/secret"),
        DataJson = JsonSerializer.Serialize(new Dictionary<string, object?>
        {
            ["zip"] = "zap",
            ["foo"] = "bar",
        }),
    });
});
Content copied to clipboard
package main
import (
	"encoding/json"
	"fmt"
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/kv"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		kvv1, err := vault.NewMount(ctx, "kvv1", &vault.MountArgs{
			Path: pulumi.String("kvv1"),
			Type: pulumi.String("kv"),
			Options: pulumi.StringMap{
				"version": pulumi.String("1"),
			},
			Description: pulumi.String("KV Version 1 secret engine mount"),
		})
		if err != nil {
			return err
		}
		tmpJSON0, err := json.Marshal(map[string]interface{}{
			"zip": "zap",
			"foo": "bar",
		})
		if err != nil {
			return err
		}
		json0 := string(tmpJSON0)
		_, err = kv.NewSecret(ctx, "secret", &kv.SecretArgs{
			Path: kvv1.Path.ApplyT(func(path string) (string, error) {
				return fmt.Sprintf("%v/secret", path), nil
			}).(pulumi.StringOutput),
			DataJson: pulumi.String(json0),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import com.pulumi.vault.kv.Secret;
import com.pulumi.vault.kv.SecretArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var kvv1 = new Mount("kvv1", MountArgs.builder()
            .path("kvv1")
            .type("kv")
            .options(Map.of("version", "1"))
            .description("KV Version 1 secret engine mount")
            .build());
        var secret = new Secret("secret", SecretArgs.builder()
            .path(kvv1.path().applyValue(path -> String.format("%s/secret", path)))
            .dataJson(serializeJson(
                jsonObject(
                    jsonProperty("zip", "zap"),
                    jsonProperty("foo", "bar")
                )))
            .build());
    }
}
Content copied to clipboard
resources:
  kvv1:
    type: vault:Mount
    properties:
      path: kvv1
      type: kv
      options:
        version: '1'
      description: KV Version 1 secret engine mount
  secret:
    type: vault:kv:Secret
    properties:
      path: ${kvv1.path}/secret
      dataJson:
        fn::toJSON:
          zip: zap
          foo: bar
Content copied to clipboard

Required Vault Capabilities

Use of this resource requires the create or update capability (depending on whether the resource already exists) on the given path, the delete capability if the resource is removed from configuration, and the read capability for drift detection (by default).

Import

KV-V1 secrets can be imported using the path, e.g.

$ pulumi import vault:kv/secret:Secret secret kvv1/secret
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(dataJson: Output<String>? = null, namespace: Output<String>? = null, path: Output<String>? = null)

Properties

Link copied to clipboard
val dataJson: Output<String>? = null

JSON-encoded string that will be written as the secret data at the given path.

Link copied to clipboard
val namespace: Output<String>? = null

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

Link copied to clipboard
val path: Output<String>? = null

Full path of the KV-V1 secret.

Functions

Link copied to clipboard
open override fun toJava(): SecretArgs