Docs Home
We recommend using Azure Native.
Azure v6.21.0 published on Friday, Mar 7, 2025 by Pulumi
azure.keyvault.Secret
Explore with Pulumi AI
Manages a Key Vault Secret.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const current = azure.core.getClientConfig({});
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleKeyVault = new azure.keyvault.KeyVault("example", {
name: "examplekeyvault",
location: example.location,
resourceGroupName: example.name,
tenantId: current.then(current => current.tenantId),
skuName: "premium",
softDeleteRetentionDays: 7,
accessPolicies: [{
tenantId: current.then(current => current.tenantId),
objectId: current.then(current => current.objectId),
keyPermissions: [
"Create",
"Get",
],
secretPermissions: [
"Set",
"Get",
"Delete",
"Purge",
"Recover",
],
}],
});
const exampleSecret = new azure.keyvault.Secret("example", {
name: "secret-sauce",
value: "szechuan",
keyVaultId: exampleKeyVault.id,
});
import pulumi
import pulumi_azure as azure
current = azure.core.get_client_config()
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_key_vault = azure.keyvault.KeyVault("example",
name="examplekeyvault",
location=example.location,
resource_group_name=example.name,
tenant_id=current.tenant_id,
sku_name="premium",
soft_delete_retention_days=7,
access_policies=[{
"tenant_id": current.tenant_id,
"object_id": current.object_id,
"key_permissions": [
"Create",
"Get",
],
"secret_permissions": [
"Set",
"Get",
"Delete",
"Purge",
"Recover",
],
}])
example_secret = azure.keyvault.Secret("example",
name="secret-sauce",
value="szechuan",
key_vault_id=example_key_vault.id)
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := core.GetClientConfig(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
Name: pulumi.String("examplekeyvault"),
Location: example.Location,
ResourceGroupName: example.Name,
TenantId: pulumi.String(current.TenantId),
SkuName: pulumi.String("premium"),
SoftDeleteRetentionDays: pulumi.Int(7),
AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
&keyvault.KeyVaultAccessPolicyArgs{
TenantId: pulumi.String(current.TenantId),
ObjectId: pulumi.String(current.ObjectId),
KeyPermissions: pulumi.StringArray{
pulumi.String("Create"),
pulumi.String("Get"),
},
SecretPermissions: pulumi.StringArray{
pulumi.String("Set"),
pulumi.String("Get"),
pulumi.String("Delete"),
pulumi.String("Purge"),
pulumi.String("Recover"),
},
},
},
})
if err != nil {
return err
}
_, err = keyvault.NewSecret(ctx, "example", &keyvault.SecretArgs{
Name: pulumi.String("secret-sauce"),
Value: pulumi.String("szechuan"),
KeyVaultId: exampleKeyVault.ID(),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var current = Azure.Core.GetClientConfig.Invoke();
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
{
Name = "examplekeyvault",
Location = example.Location,
ResourceGroupName = example.Name,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
SkuName = "premium",
SoftDeleteRetentionDays = 7,
AccessPolicies = new[]
{
new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
{
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
KeyPermissions = new[]
{
"Create",
"Get",
},
SecretPermissions = new[]
{
"Set",
"Get",
"Delete",
"Purge",
"Recover",
},
},
},
});
var exampleSecret = new Azure.KeyVault.Secret("example", new()
{
Name = "secret-sauce",
Value = "szechuan",
KeyVaultId = exampleKeyVault.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
import com.pulumi.azure.keyvault.Secret;
import com.pulumi.azure.keyvault.SecretArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = CoreFunctions.getClientConfig();
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
.name("examplekeyvault")
.location(example.location())
.resourceGroupName(example.name())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.skuName("premium")
.softDeleteRetentionDays(7)
.accessPolicies(KeyVaultAccessPolicyArgs.builder()
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
.keyPermissions(
"Create",
"Get")
.secretPermissions(
"Set",
"Get",
"Delete",
"Purge",
"Recover")
.build())
.build());
var exampleSecret = new Secret("exampleSecret", SecretArgs.builder()
.name("secret-sauce")
.value("szechuan")
.keyVaultId(exampleKeyVault.id())
.build());
}
}
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleKeyVault:
type: azure:keyvault:KeyVault
name: example
properties:
name: examplekeyvault
location: ${example.location}
resourceGroupName: ${example.name}
tenantId: ${current.tenantId}
skuName: premium
softDeleteRetentionDays: 7
accessPolicies:
- tenantId: ${current.tenantId}
objectId: ${current.objectId}
keyPermissions:
- Create
- Get
secretPermissions:
- Set
- Get
- Delete
- Purge
- Recover
exampleSecret:
type: azure:keyvault:Secret
name: example
properties:
name: secret-sauce
value: szechuan
keyVaultId: ${exampleKeyVault.id}
variables:
current:
fn::invoke:
function: azure:core:getClientConfig
arguments: {}
Create Secret Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Secret(name: string, args: SecretArgs, opts?: CustomResourceOptions);@overload
def Secret(resource_name: str,
args: SecretArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Secret(resource_name: str,
opts: Optional[ResourceOptions] = None,
key_vault_id: Optional[str] = None,
value: Optional[str] = None,
content_type: Optional[str] = None,
expiration_date: Optional[str] = None,
name: Optional[str] = None,
not_before_date: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)func NewSecret(ctx *Context, name string, args SecretArgs, opts ...ResourceOption) (*Secret, error)public Secret(string name, SecretArgs args, CustomResourceOptions? opts = null)
public Secret(String name, SecretArgs args)
public Secret(String name, SecretArgs args, CustomResourceOptions options)
type: azure:keyvault:Secret
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecretArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecretArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecretArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecretArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecretArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var secretResource = new Azure.KeyVault.Secret("secretResource", new()
{
KeyVaultId = "string",
Value = "string",
ContentType = "string",
ExpirationDate = "string",
Name = "string",
NotBeforeDate = "string",
Tags =
{
{ "string", "string" },
},
});
example, err := keyvault.NewSecret(ctx, "secretResource", &keyvault.SecretArgs{
KeyVaultId: pulumi.String("string"),
Value: pulumi.String("string"),
ContentType: pulumi.String("string"),
ExpirationDate: pulumi.String("string"),
Name: pulumi.String("string"),
NotBeforeDate: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var secretResource = new Secret("secretResource", SecretArgs.builder()
.keyVaultId("string")
.value("string")
.contentType("string")
.expirationDate("string")
.name("string")
.notBeforeDate("string")
.tags(Map.of("string", "string"))
.build());
secret_resource = azure.keyvault.Secret("secretResource",
key_vault_id="string",
value="string",
content_type="string",
expiration_date="string",
name="string",
not_before_date="string",
tags={
"string": "string",
})
const secretResource = new azure.keyvault.Secret("secretResource", {
keyVaultId: "string",
value: "string",
contentType: "string",
expirationDate: "string",
name: "string",
notBeforeDate: "string",
tags: {
string: "string",
},
});
type: azure:keyvault:Secret
properties:
contentType: string
expirationDate: string
keyVaultId: string
name: string
notBeforeDate: string
tags:
string: string
value: string
Secret Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Secret resource accepts the following input properties:
- Key
Vault stringId - The ID of the Key Vault where the Secret should be created. Changing this forces a new resource to be created.
- Value string
Specifies the value of the Key Vault Secret. Changing this will create a new version of the Key Vault Secret.
Note: Key Vault strips newlines. To preserve newlines in multi-line secrets try replacing them with
\nor by base 64 encoding them withreplace(file("my_secret_file"), "/\n/", "\n")orbase64encode(file("my_secret_file")), respectively.- Content
Type string - Specifies the content type for the Key Vault Secret.
- Expiration
Date string - Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). Removing this forces a new resource to be created.
- Name string
- Specifies the name of the Key Vault Secret. Changing this forces a new resource to be created.
- Not
Before stringDate - Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
- Dictionary<string, string>
- A mapping of tags to assign to the resource.
- Key
Vault stringId - The ID of the Key Vault where the Secret should be created. Changing this forces a new resource to be created.
- Value string
Specifies the value of the Key Vault Secret. Changing this will create a new version of the Key Vault Secret.
Note: Key Vault strips newlines. To preserve newlines in multi-line secrets try replacing them with
\nor by base 64 encoding them withreplace(file("my_secret_file"), "/\n/", "\n")orbase64encode(file("my_secret_file")), respectively.- Content
Type string - Specifies the content type for the Key Vault Secret.
- Expiration
Date string - Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). Removing this forces a new resource to be created.
- Name string
- Specifies the name of the Key Vault Secret. Changing this forces a new resource to be created.
- Not
Before stringDate - Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
- map[string]string
- A mapping of tags to assign to the resource.
- key
Vault StringId - The ID of the Key Vault where the Secret should be created. Changing this forces a new resource to be created.
- value String
Specifies the value of the Key Vault Secret. Changing this will create a new version of the Key Vault Secret.
Note: Key Vault strips newlines. To preserve newlines in multi-line secrets try replacing them with
\nor by base 64 encoding them withreplace(file("my_secret_file"), "/\n/", "\n")orbase64encode(file("my_secret_file")), respectively.- content
Type String - Specifies the content type for the Key Vault Secret.
- expiration
Date String - Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). Removing this forces a new resource to be created.
- name String
- Specifies the name of the Key Vault Secret. Changing this forces a new resource to be created.
- not
Before StringDate - Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
- Map<String,String>
- A mapping of tags to assign to the resource.
- key
Vault stringId - The ID of the Key Vault where the Secret should be created. Changing this forces a new resource to be created.
- value string
Specifies the value of the Key Vault Secret. Changing this will create a new version of the Key Vault Secret.
Note: Key Vault strips newlines. To preserve newlines in multi-line secrets try replacing them with
\nor by base 64 encoding them withreplace(file("my_secret_file"), "/\n/", "\n")orbase64encode(file("my_secret_file")), respectively.- content
Type string - Specifies the content type for the Key Vault Secret.
- expiration
Date string - Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). Removing this forces a new resource to be created.
- name string
- Specifies the name of the Key Vault Secret. Changing this forces a new resource to be created.
- not
Before stringDate - Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
- {[key: string]: string}
- A mapping of tags to assign to the resource.
- key_
vault_ strid - The ID of the Key Vault where the Secret should be created. Changing this forces a new resource to be created.
- value str
Specifies the value of the Key Vault Secret. Changing this will create a new version of the Key Vault Secret.
Note: Key Vault strips newlines. To preserve newlines in multi-line secrets try replacing them with
\nor by base 64 encoding them withreplace(file("my_secret_file"), "/\n/", "\n")orbase64encode(file("my_secret_file")), respectively.- content_
type str - Specifies the content type for the Key Vault Secret.
- expiration_
date str - Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). Removing this forces a new resource to be created.
- name str
- Specifies the name of the Key Vault Secret. Changing this forces a new resource to be created.
- not_
before_ strdate - Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
- Mapping[str, str]
- A mapping of tags to assign to the resource.
- key
Vault StringId - The ID of the Key Vault where the Secret should be created. Changing this forces a new resource to be created.
- value String
Specifies the value of the Key Vault Secret. Changing this will create a new version of the Key Vault Secret.
Note: Key Vault strips newlines. To preserve newlines in multi-line secrets try replacing them with
\nor by base 64 encoding them withreplace(file("my_secret_file"), "/\n/", "\n")orbase64encode(file("my_secret_file")), respectively.- content
Type String - Specifies the content type for the Key Vault Secret.
- expiration
Date String - Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). Removing this forces a new resource to be created.
- name String
- Specifies the name of the Key Vault Secret. Changing this forces a new resource to be created.
- not
Before StringDate - Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
- Map<String>
- A mapping of tags to assign to the resource.
Outputs
All input properties are implicitly available as output properties. Additionally, the Secret resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Resource
Id string - The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.
- Resource
Versionless stringId - The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.
- Version string
- The current version of the Key Vault Secret.
- Versionless
Id string - The Base ID of the Key Vault Secret.
- Id string
- The provider-assigned unique ID for this managed resource.
- Resource
Id string - The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.
- Resource
Versionless stringId - The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.
- Version string
- The current version of the Key Vault Secret.
- Versionless
Id string - The Base ID of the Key Vault Secret.
- id String
- The provider-assigned unique ID for this managed resource.
- resource
Id String - The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.
- resource
Versionless StringId - The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.
- version String
- The current version of the Key Vault Secret.
- versionless
Id String - The Base ID of the Key Vault Secret.
- id string
- The provider-assigned unique ID for this managed resource.
- resource
Id string - The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.
- resource
Versionless stringId - The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.
- version string
- The current version of the Key Vault Secret.
- versionless
Id string - The Base ID of the Key Vault Secret.
- id str
- The provider-assigned unique ID for this managed resource.
- resource_
id str - The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.
- resource_
versionless_ strid - The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.
- version str
- The current version of the Key Vault Secret.
- versionless_
id str - The Base ID of the Key Vault Secret.
- id String
- The provider-assigned unique ID for this managed resource.
- resource
Id String - The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.
- resource
Versionless StringId - The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.
- version String
- The current version of the Key Vault Secret.
- versionless
Id String - The Base ID of the Key Vault Secret.
Look up Existing Secret Resource
Get an existing Secret resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecretState, opts?: CustomResourceOptions): Secret@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
content_type: Optional[str] = None,
expiration_date: Optional[str] = None,
key_vault_id: Optional[str] = None,
name: Optional[str] = None,
not_before_date: Optional[str] = None,
resource_id: Optional[str] = None,
resource_versionless_id: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
value: Optional[str] = None,
version: Optional[str] = None,
versionless_id: Optional[str] = None) -> Secretfunc GetSecret(ctx *Context, name string, id IDInput, state *SecretState, opts ...ResourceOption) (*Secret, error)public static Secret Get(string name, Input<string> id, SecretState? state, CustomResourceOptions? opts = null)public static Secret get(String name, Output<String> id, SecretState state, CustomResourceOptions options)resources: _: type: azure:keyvault:Secret get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Content
Type string - Specifies the content type for the Key Vault Secret.
- Expiration
Date string - Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). Removing this forces a new resource to be created.
- Key
Vault stringId - The ID of the Key Vault where the Secret should be created. Changing this forces a new resource to be created.
- Name string
- Specifies the name of the Key Vault Secret. Changing this forces a new resource to be created.
- Not
Before stringDate - Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
- Resource
Id string - The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.
- Resource
Versionless stringId - The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.
- Dictionary<string, string>
- A mapping of tags to assign to the resource.
- Value string
Specifies the value of the Key Vault Secret. Changing this will create a new version of the Key Vault Secret.
Note: Key Vault strips newlines. To preserve newlines in multi-line secrets try replacing them with
\nor by base 64 encoding them withreplace(file("my_secret_file"), "/\n/", "\n")orbase64encode(file("my_secret_file")), respectively.- Version string
- The current version of the Key Vault Secret.
- Versionless
Id string - The Base ID of the Key Vault Secret.
- Content
Type string - Specifies the content type for the Key Vault Secret.
- Expiration
Date string - Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). Removing this forces a new resource to be created.
- Key
Vault stringId - The ID of the Key Vault where the Secret should be created. Changing this forces a new resource to be created.
- Name string
- Specifies the name of the Key Vault Secret. Changing this forces a new resource to be created.
- Not
Before stringDate - Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
- Resource
Id string - The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.
- Resource
Versionless stringId - The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.
- map[string]string
- A mapping of tags to assign to the resource.
- Value string
Specifies the value of the Key Vault Secret. Changing this will create a new version of the Key Vault Secret.
Note: Key Vault strips newlines. To preserve newlines in multi-line secrets try replacing them with
\nor by base 64 encoding them withreplace(file("my_secret_file"), "/\n/", "\n")orbase64encode(file("my_secret_file")), respectively.- Version string
- The current version of the Key Vault Secret.
- Versionless
Id string - The Base ID of the Key Vault Secret.
- content
Type String - Specifies the content type for the Key Vault Secret.
- expiration
Date String - Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). Removing this forces a new resource to be created.
- key
Vault StringId - The ID of the Key Vault where the Secret should be created. Changing this forces a new resource to be created.
- name String
- Specifies the name of the Key Vault Secret. Changing this forces a new resource to be created.
- not
Before StringDate - Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
- resource
Id String - The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.
- resource
Versionless StringId - The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.
- Map<String,String>
- A mapping of tags to assign to the resource.
- value String
Specifies the value of the Key Vault Secret. Changing this will create a new version of the Key Vault Secret.
Note: Key Vault strips newlines. To preserve newlines in multi-line secrets try replacing them with
\nor by base 64 encoding them withreplace(file("my_secret_file"), "/\n/", "\n")orbase64encode(file("my_secret_file")), respectively.- version String
- The current version of the Key Vault Secret.
- versionless
Id String - The Base ID of the Key Vault Secret.
- content
Type string - Specifies the content type for the Key Vault Secret.
- expiration
Date string - Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). Removing this forces a new resource to be created.
- key
Vault stringId - The ID of the Key Vault where the Secret should be created. Changing this forces a new resource to be created.
- name string
- Specifies the name of the Key Vault Secret. Changing this forces a new resource to be created.
- not
Before stringDate - Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
- resource
Id string - The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.
- resource
Versionless stringId - The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.
- {[key: string]: string}
- A mapping of tags to assign to the resource.
- value string
Specifies the value of the Key Vault Secret. Changing this will create a new version of the Key Vault Secret.
Note: Key Vault strips newlines. To preserve newlines in multi-line secrets try replacing them with
\nor by base 64 encoding them withreplace(file("my_secret_file"), "/\n/", "\n")orbase64encode(file("my_secret_file")), respectively.- version string
- The current version of the Key Vault Secret.
- versionless
Id string - The Base ID of the Key Vault Secret.
- content_
type str - Specifies the content type for the Key Vault Secret.
- expiration_
date str - Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). Removing this forces a new resource to be created.
- key_
vault_ strid - The ID of the Key Vault where the Secret should be created. Changing this forces a new resource to be created.
- name str
- Specifies the name of the Key Vault Secret. Changing this forces a new resource to be created.
- not_
before_ strdate - Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
- resource_
id str - The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.
- resource_
versionless_ strid - The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.
- Mapping[str, str]
- A mapping of tags to assign to the resource.
- value str
Specifies the value of the Key Vault Secret. Changing this will create a new version of the Key Vault Secret.
Note: Key Vault strips newlines. To preserve newlines in multi-line secrets try replacing them with
\nor by base 64 encoding them withreplace(file("my_secret_file"), "/\n/", "\n")orbase64encode(file("my_secret_file")), respectively.- version str
- The current version of the Key Vault Secret.
- versionless_
id str - The Base ID of the Key Vault Secret.
- content
Type String - Specifies the content type for the Key Vault Secret.
- expiration
Date String - Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). Removing this forces a new resource to be created.
- key
Vault StringId - The ID of the Key Vault where the Secret should be created. Changing this forces a new resource to be created.
- name String
- Specifies the name of the Key Vault Secret. Changing this forces a new resource to be created.
- not
Before StringDate - Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
- resource
Id String - The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.
- resource
Versionless StringId - The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.
- Map<String>
- A mapping of tags to assign to the resource.
- value String
Specifies the value of the Key Vault Secret. Changing this will create a new version of the Key Vault Secret.
Note: Key Vault strips newlines. To preserve newlines in multi-line secrets try replacing them with
\nor by base 64 encoding them withreplace(file("my_secret_file"), "/\n/", "\n")orbase64encode(file("my_secret_file")), respectively.- version String
- The current version of the Key Vault Secret.
- versionless
Id String - The Base ID of the Key Vault Secret.
Import
Key Vault Secrets which are Enabled can be imported using the resource id, e.g.
$ pulumi import azure:keyvault/secret:Secret example "https://example-keyvault.vault.azure.net/secrets/example/fdf067c93bbb4b22bff4d8b7a9a56217"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurermTerraform Provider.