Docs Home
Google Cloud v8.21.0 published on Wednesday, Mar 5, 2025 by Pulumi
gcp.secretmanager.getSecret
Explore with Pulumi AI
Use this data source to get information about a Secret Manager Secret
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const qa = gcp.secretmanager.getSecret({
secretId: "foobar",
});
import pulumi
import pulumi_gcp as gcp
qa = gcp.secretmanager.get_secret(secret_id="foobar")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := secretmanager.LookupSecret(ctx, &secretmanager.LookupSecretArgs{
SecretId: "foobar",
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var qa = Gcp.SecretManager.GetSecret.Invoke(new()
{
SecretId = "foobar",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.secretmanager.SecretmanagerFunctions;
import com.pulumi.gcp.secretmanager.inputs.GetSecretArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var qa = SecretmanagerFunctions.getSecret(GetSecretArgs.builder()
.secretId("foobar")
.build());
}
}
variables:
qa:
fn::invoke:
function: gcp:secretmanager:getSecret
arguments:
secretId: foobar
Using getSecret
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getSecret(args: GetSecretArgs, opts?: InvokeOptions): Promise<GetSecretResult>
function getSecretOutput(args: GetSecretOutputArgs, opts?: InvokeOptions): Output<GetSecretResult>def get_secret(project: Optional[str] = None,
secret_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetSecretResult
def get_secret_output(project: Optional[pulumi.Input[str]] = None,
secret_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetSecretResult]func LookupSecret(ctx *Context, args *LookupSecretArgs, opts ...InvokeOption) (*LookupSecretResult, error)
func LookupSecretOutput(ctx *Context, args *LookupSecretOutputArgs, opts ...InvokeOption) LookupSecretResultOutput> Note: This function is named LookupSecret in the Go SDK.
public static class GetSecret
{
public static Task<GetSecretResult> InvokeAsync(GetSecretArgs args, InvokeOptions? opts = null)
public static Output<GetSecretResult> Invoke(GetSecretInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetSecretResult> getSecret(GetSecretArgs args, InvokeOptions options)
public static Output<GetSecretResult> getSecret(GetSecretArgs args, InvokeOptions options)
fn::invoke:
function: gcp:secretmanager/getSecret:getSecret
arguments:
# arguments dictionaryThe following arguments are supported:
getSecret Result
The following output properties are available:
- Annotations Dictionary<string, string>
- Create
Time string - Effective
Annotations Dictionary<string, string> - Effective
Labels Dictionary<string, string> - Expire
Time string - Id string
- The provider-assigned unique ID for this managed resource.
- Labels Dictionary<string, string>
- Name string
- Pulumi
Labels Dictionary<string, string> - Replications
List<Get
Secret Replication> - Rotations
List<Get
Secret Rotation> - Secret
Id string - Topics
List<Get
Secret Topic> - Ttl string
- Version
Aliases Dictionary<string, string> - Version
Destroy stringTtl - Project string
- Annotations map[string]string
- Create
Time string - Effective
Annotations map[string]string - Effective
Labels map[string]string - Expire
Time string - Id string
- The provider-assigned unique ID for this managed resource.
- Labels map[string]string
- Name string
- Pulumi
Labels map[string]string - Replications
[]Get
Secret Replication - Rotations
[]Get
Secret Rotation - Secret
Id string - Topics
[]Get
Secret Topic - Ttl string
- Version
Aliases map[string]string - Version
Destroy stringTtl - Project string
- annotations Map<String,String>
- create
Time String - effective
Annotations Map<String,String> - effective
Labels Map<String,String> - expire
Time String - id String
- The provider-assigned unique ID for this managed resource.
- labels Map<String,String>
- name String
- pulumi
Labels Map<String,String> - replications
List<Get
Secret Replication> - rotations
List<Get
Secret Rotation> - secret
Id String - topics
List<Get
Secret Topic> - ttl String
- version
Aliases Map<String,String> - version
Destroy StringTtl - project String
- annotations {[key: string]: string}
- create
Time string - effective
Annotations {[key: string]: string} - effective
Labels {[key: string]: string} - expire
Time string - id string
- The provider-assigned unique ID for this managed resource.
- labels {[key: string]: string}
- name string
- pulumi
Labels {[key: string]: string} - replications
Get
Secret Replication[] - rotations
Get
Secret Rotation[] - secret
Id string - topics
Get
Secret Topic[] - ttl string
- version
Aliases {[key: string]: string} - version
Destroy stringTtl - project string
- annotations Mapping[str, str]
- create_
time str - effective_
annotations Mapping[str, str] - effective_
labels Mapping[str, str] - expire_
time str - id str
- The provider-assigned unique ID for this managed resource.
- labels Mapping[str, str]
- name str
- pulumi_
labels Mapping[str, str] - replications
Sequence[Get
Secret Replication] - rotations
Sequence[Get
Secret Rotation] - secret_
id str - topics
Sequence[Get
Secret Topic] - ttl str
- version_
aliases Mapping[str, str] - version_
destroy_ strttl - project str
- annotations Map<String>
- create
Time String - effective
Annotations Map<String> - effective
Labels Map<String> - expire
Time String - id String
- The provider-assigned unique ID for this managed resource.
- labels Map<String>
- name String
- pulumi
Labels Map<String> - replications List<Property Map>
- rotations List<Property Map>
- secret
Id String - topics List<Property Map>
- ttl String
- version
Aliases Map<String> - version
Destroy StringTtl - project String
Supporting Types
GetSecretReplication
- Autos
List<Get
Secret Replication Auto> - The Secret will automatically be replicated without any restrictions.
- User
Manageds List<GetSecret Replication User Managed> - The Secret will be replicated to the regions specified by the user.
- Autos
[]Get
Secret Replication Auto - The Secret will automatically be replicated without any restrictions.
- User
Manageds []GetSecret Replication User Managed - The Secret will be replicated to the regions specified by the user.
- autos
List<Get
Secret Replication Auto> - The Secret will automatically be replicated without any restrictions.
- user
Manageds List<GetSecret Replication User Managed> - The Secret will be replicated to the regions specified by the user.
- autos
Get
Secret Replication Auto[] - The Secret will automatically be replicated without any restrictions.
- user
Manageds GetSecret Replication User Managed[] - The Secret will be replicated to the regions specified by the user.
- autos
Sequence[Get
Secret Replication Auto] - The Secret will automatically be replicated without any restrictions.
- user_
manageds Sequence[GetSecret Replication User Managed] - The Secret will be replicated to the regions specified by the user.
- autos List<Property Map>
- The Secret will automatically be replicated without any restrictions.
- user
Manageds List<Property Map> - The Secret will be replicated to the regions specified by the user.
GetSecretReplicationAuto
- Customer
Managed List<GetEncryptions Secret Replication Auto Customer Managed Encryption> - The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used.
- Customer
Managed []GetEncryptions Secret Replication Auto Customer Managed Encryption - The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used.
- customer
Managed List<GetEncryptions Secret Replication Auto Customer Managed Encryption> - The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used.
- customer
Managed GetEncryptions Secret Replication Auto Customer Managed Encryption[] - The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used.
- customer_
managed_ Sequence[Getencryptions Secret Replication Auto Customer Managed Encryption] - The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used.
- customer
Managed List<Property Map>Encryptions - The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used.
GetSecretReplicationAutoCustomerManagedEncryption
- Kms
Key stringName - The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads.
- Kms
Key stringName - The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads.
- kms
Key StringName - The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads.
- kms
Key stringName - The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads.
- kms_
key_ strname - The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads.
- kms
Key StringName - The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads.
GetSecretReplicationUserManaged
- Replicas
List<Get
Secret Replication User Managed Replica> - The list of Replicas for this Secret. Cannot be empty.
- Replicas
[]Get
Secret Replication User Managed Replica - The list of Replicas for this Secret. Cannot be empty.
- replicas
List<Get
Secret Replication User Managed Replica> - The list of Replicas for this Secret. Cannot be empty.
- replicas
Get
Secret Replication User Managed Replica[] - The list of Replicas for this Secret. Cannot be empty.
- replicas
Sequence[Get
Secret Replication User Managed Replica] - The list of Replicas for this Secret. Cannot be empty.
- replicas List<Property Map>
- The list of Replicas for this Secret. Cannot be empty.
GetSecretReplicationUserManagedReplica
- Customer
Managed List<GetEncryptions Secret Replication User Managed Replica Customer Managed Encryption> - Customer Managed Encryption for the secret.
- Location string
- The canonical IDs of the location to replicate data. For example: "us-east1".
- Customer
Managed []GetEncryptions Secret Replication User Managed Replica Customer Managed Encryption - Customer Managed Encryption for the secret.
- Location string
- The canonical IDs of the location to replicate data. For example: "us-east1".
- customer
Managed List<GetEncryptions Secret Replication User Managed Replica Customer Managed Encryption> - Customer Managed Encryption for the secret.
- location String
- The canonical IDs of the location to replicate data. For example: "us-east1".
- customer
Managed GetEncryptions Secret Replication User Managed Replica Customer Managed Encryption[] - Customer Managed Encryption for the secret.
- location string
- The canonical IDs of the location to replicate data. For example: "us-east1".
- customer_
managed_ Sequence[Getencryptions Secret Replication User Managed Replica Customer Managed Encryption] - Customer Managed Encryption for the secret.
- location str
- The canonical IDs of the location to replicate data. For example: "us-east1".
- customer
Managed List<Property Map>Encryptions - Customer Managed Encryption for the secret.
- location String
- The canonical IDs of the location to replicate data. For example: "us-east1".
GetSecretReplicationUserManagedReplicaCustomerManagedEncryption
- Kms
Key stringName - Describes the Cloud KMS encryption key that will be used to protect destination secret.
- Kms
Key stringName - Describes the Cloud KMS encryption key that will be used to protect destination secret.
- kms
Key StringName - Describes the Cloud KMS encryption key that will be used to protect destination secret.
- kms
Key stringName - Describes the Cloud KMS encryption key that will be used to protect destination secret.
- kms_
key_ strname - Describes the Cloud KMS encryption key that will be used to protect destination secret.
- kms
Key StringName - Describes the Cloud KMS encryption key that will be used to protect destination secret.
GetSecretRotation
- Next
Rotation stringTime - Timestamp in UTC at which the Secret is scheduled to rotate. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- Rotation
Period string - The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications.
- Next
Rotation stringTime - Timestamp in UTC at which the Secret is scheduled to rotate. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- Rotation
Period string - The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications.
- next
Rotation StringTime - Timestamp in UTC at which the Secret is scheduled to rotate. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- rotation
Period String - The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications.
- next
Rotation stringTime - Timestamp in UTC at which the Secret is scheduled to rotate. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- rotation
Period string - The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications.
- next_
rotation_ strtime - Timestamp in UTC at which the Secret is scheduled to rotate. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- rotation_
period str - The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications.
- next
Rotation StringTime - Timestamp in UTC at which the Secret is scheduled to rotate. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
- rotation
Period String - The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications.
GetSecretTopic
- Name string
- The resource name of the Pub/Sub topic that will be published to, in the following format: projects//topics/. For publication to succeed, the Secret Manager Service Agent service account must have pubsub.publisher permissions on the topic.
- Name string
- The resource name of the Pub/Sub topic that will be published to, in the following format: projects//topics/. For publication to succeed, the Secret Manager Service Agent service account must have pubsub.publisher permissions on the topic.
- name String
- The resource name of the Pub/Sub topic that will be published to, in the following format: projects//topics/. For publication to succeed, the Secret Manager Service Agent service account must have pubsub.publisher permissions on the topic.
- name string
- The resource name of the Pub/Sub topic that will be published to, in the following format: projects//topics/. For publication to succeed, the Secret Manager Service Agent service account must have pubsub.publisher permissions on the topic.
- name str
- The resource name of the Pub/Sub topic that will be published to, in the following format: projects//topics/. For publication to succeed, the Secret Manager Service Agent service account must have pubsub.publisher permissions on the topic.
- name String
- The resource name of the Pub/Sub topic that will be published to, in the following format: projects//topics/. For publication to succeed, the Secret Manager Service Agent service account must have pubsub.publisher permissions on the topic.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.