pulumi-vault-kotlin/com.pulumi.vault.kv.kotlin/SecretV2Args

SecretV2Args

data class SecretV2Args(val cas: Output<Int>? = null, val customMetadata: Output<SecretV2CustomMetadataArgs>? = null, val dataJson: Output<String>? = null, val deleteAllVersions: Output<Boolean>? = null, val disableRead: Output<Boolean>? = null, val mount: Output<String>? = null, val name: Output<String>? = null, val namespace: Output<String>? = null, val options: Output<Map<String, String>>? = null) : ConvertibleToJava<SecretV2Args>

Writes a KV-V2 secret to a given path in Vault. For more information on Vault's KV-V2 secret backend see here.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const kvv2 = new vault.Mount("kvv2", {
    path: "kvv2",
    type: "kv",
    options: {
        version: "2",
    },
    description: "KV Version 2 secret engine mount",
});
const example = new vault.kv.SecretV2("example", {
    mount: kvv2.path,
    name: "secret",
    cas: 1,
    deleteAllVersions: true,
    dataJson: JSON.stringify({
        zip: "zap",
        foo: "bar",
    }),
    customMetadata: {
        maxVersions: 5,
        data: {
            foo: "vault@example.com",
            bar: "12345",
        },
    },
});
Content copied to clipboard
import pulumi
import json
import pulumi_vault as vault
kvv2 = vault.Mount("kvv2",
    path="kvv2",
    type="kv",
    options={
        "version": "2",
    },
    description="KV Version 2 secret engine mount")
example = vault.kv.SecretV2("example",
    mount=kvv2.path,
    name="secret",
    cas=1,
    delete_all_versions=True,
    data_json=json.dumps({
        "zip": "zap",
        "foo": "bar",
    }),
    custom_metadata={
        "max_versions": 5,
        "data": {
            "foo": "vault@example.com",
            "bar": "12345",
        },
    })
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
    var kvv2 = new Vault.Mount("kvv2", new()
    {
        Path = "kvv2",
        Type = "kv",
        Options =
        {
            { "version", "2" },
        },
        Description = "KV Version 2 secret engine mount",
    });
    var example = new Vault.Kv.SecretV2("example", new()
    {
        Mount = kvv2.Path,
        Name = "secret",
        Cas = 1,
        DeleteAllVersions = true,
        DataJson = JsonSerializer.Serialize(new Dictionary<string, object?>
        {
            ["zip"] = "zap",
            ["foo"] = "bar",
        }),
        CustomMetadata = new Vault.kv.Inputs.SecretV2CustomMetadataArgs
        {
            MaxVersions = 5,
            Data =
            {
                { "foo", "vault@example.com" },
                { "bar", "12345" },
            },
        },
    });
});
Content copied to clipboard
package main
import (
	"encoding/json"
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/kv"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		kvv2, err := vault.NewMount(ctx, "kvv2", &vault.MountArgs{
			Path: pulumi.String("kvv2"),
			Type: pulumi.String("kv"),
			Options: pulumi.StringMap{
				"version": pulumi.String("2"),
			},
			Description: pulumi.String("KV Version 2 secret engine mount"),
		})
		if err != nil {
			return err
		}
		tmpJSON0, err := json.Marshal(map[string]interface{}{
			"zip": "zap",
			"foo": "bar",
		})
		if err != nil {
			return err
		}
		json0 := string(tmpJSON0)
		_, err = kv.NewSecretV2(ctx, "example", &kv.SecretV2Args{
			Mount:             kvv2.Path,
			Name:              pulumi.String("secret"),
			Cas:               pulumi.Int(1),
			DeleteAllVersions: pulumi.Bool(true),
			DataJson:          pulumi.String(json0),
			CustomMetadata: &kv.SecretV2CustomMetadataArgs{
				MaxVersions: pulumi.Int(5),
				Data: pulumi.StringMap{
					"foo": pulumi.String("vault@example.com"),
					"bar": pulumi.String("12345"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import com.pulumi.vault.kv.SecretV2;
import com.pulumi.vault.kv.SecretV2Args;
import com.pulumi.vault.kv.inputs.SecretV2CustomMetadataArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var kvv2 = new Mount("kvv2", MountArgs.builder()
            .path("kvv2")
            .type("kv")
            .options(Map.of("version", "2"))
            .description("KV Version 2 secret engine mount")
            .build());
        var example = new SecretV2("example", SecretV2Args.builder()
            .mount(kvv2.path())
            .name("secret")
            .cas(1)
            .deleteAllVersions(true)
            .dataJson(serializeJson(
                jsonObject(
                    jsonProperty("zip", "zap"),
                    jsonProperty("foo", "bar")
                )))
            .customMetadata(SecretV2CustomMetadataArgs.builder()
                .maxVersions(5)
                .data(Map.ofEntries(
                    Map.entry("foo", "vault@example.com"),
                    Map.entry("bar", "12345")
                ))
                .build())
            .build());
    }
}
Content copied to clipboard
resources:
  kvv2:
    type: vault:Mount
    properties:
      path: kvv2
      type: kv
      options:
        version: '2'
      description: KV Version 2 secret engine mount
  example:
    type: vault:kv:SecretV2
    properties:
      mount: ${kvv2.path}
      name: secret
      cas: 1
      deleteAllVersions: true
      dataJson:
        fn::toJSON:
          zip: zap
          foo: bar
      customMetadata:
        maxVersions: 5
        data:
          foo: vault@example.com
          bar: '12345'
Content copied to clipboard

Required Vault Capabilities

Use of this resource requires the create or update capability (depending on whether the resource already exists) on the given path, the delete capability if the resource is removed from configuration, and the read capability for drift detection (by default).

Custom Metadata Configuration Options

  • max_versions - (Optional) The number of versions to keep per key.

  • cas_required - (Optional) If true, all keys will require the cas parameter to be set on all write requests.

  • delete_version_after - (Optional) If set, specifies the length of time before a version is deleted. Accepts duration in integer seconds.

  • data - (Optional) A string to string map describing the secret.

Import

KV-V2 secrets can be imported using the path, e.g.

$ pulumi import vault:kv/secretV2:SecretV2 example kvv2/data/secret
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(cas: Output<Int>? = null, customMetadata: Output<SecretV2CustomMetadataArgs>? = null, dataJson: Output<String>? = null, deleteAllVersions: Output<Boolean>? = null, disableRead: Output<Boolean>? = null, mount: Output<String>? = null, name: Output<String>? = null, namespace: Output<String>? = null, options: Output<Map<String, String>>? = null)

Properties

Link copied to clipboard
val cas: Output<Int>? = null

This flag is required if cas_required is set to true on either the secret or the engine's config. In order for a write operation to be successful, cas must be set to the current version of the secret.

Link copied to clipboard
val customMetadata: Output<SecretV2CustomMetadataArgs>? = null

A nested block that allows configuring metadata for the KV secret. Refer to the Configuration Options for more info.

Link copied to clipboard
val dataJson: Output<String>? = null

JSON-encoded string that will be written as the secret data at the given path.

Link copied to clipboard
val deleteAllVersions: Output<Boolean>? = null

If set to true, permanently deletes all versions for the specified key.

Link copied to clipboard
val disableRead: Output<Boolean>? = null

If set to true, disables reading secret from Vault; note: drift won't be detected.

Link copied to clipboard
val mount: Output<String>? = null

Path where KV-V2 engine is mounted.

Link copied to clipboard
val name: Output<String>? = null

Full name of the secret. For a nested secret the name is the nested path excluding the mount and data prefix. For example, for a secret at kvv2/data/foo/bar/baz the name is foo/bar/baz.

Link copied to clipboard
val namespace: Output<String>? = null

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

Link copied to clipboard
val options: Output<Map<String, String>>? = null

An object that holds option settings.

Functions

Link copied to clipboard
open override fun toJava(): SecretV2Args