import * as pulumi from "@pulumi/pulumi"; /** * Manages a Key Vault Secret. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const current = azure.core.getClientConfig({}); * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleKeyVault = new azure.keyvault.KeyVault("example", { * name: "examplekeyvault", * location: example.location, * resourceGroupName: example.name, * tenantId: current.then(current => current.tenantId), * skuName: "premium", * softDeleteRetentionDays: 7, * accessPolicies: [{ * tenantId: current.then(current => current.tenantId), * objectId: current.then(current => current.objectId), * keyPermissions: [ * "Create", * "Get", * ], * secretPermissions: [ * "Set", * "Get", * "Delete", * "Purge", * "Recover", * ], * }], * }); * const exampleSecret = new azure.keyvault.Secret("example", { * name: "secret-sauce", * value: "szechuan", * keyVaultId: exampleKeyVault.id, * }); * ``` * * ## Import * * Key Vault Secrets which are Enabled can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:keyvault/secret:Secret example "https://example-keyvault.vault.azure.net/secrets/example/fdf067c93bbb4b22bff4d8b7a9a56217" * ``` */ export declare class Secret extends pulumi.CustomResource { /** * Get an existing Secret resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: SecretState, opts?: pulumi.CustomResourceOptions): Secret; /** * Returns true if the given object is an instance of Secret. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Secret; /** * Specifies the content type for the Key Vault Secret. */ readonly contentType: pulumi.Output; /** * Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). */ readonly expirationDate: pulumi.Output; /** * The ID of the Key Vault where the Secret should be created. Changing this forces a new resource to be created. */ readonly keyVaultId: pulumi.Output; /** * Specifies the name of the Key Vault Secret. Changing this forces a new resource to be created. */ readonly name: pulumi.Output; /** * Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z'). */ readonly notBeforeDate: pulumi.Output; /** * The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services. */ readonly resourceId: pulumi.Output; /** * The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated. */ readonly resourceVersionlessId: pulumi.Output; /** * A mapping of tags to assign to the resource. */ readonly tags: pulumi.Output<{ [key: string]: string; } | undefined>; /** * Specifies the value of the Key Vault Secret. Changing this will create a new version of the Key Vault Secret. */ readonly value: pulumi.Output; /** * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations. * Specifies the value of the Key Vault Secret. Changing this will create a new version of the Key Vault Secret. * * > **Note:** One of `value` or `valueWo` must be specified. */ readonly valueWo: pulumi.Output; /** * An integer value used to trigger an update for `valueWo`. This property should be incremented when updating `valueWo`. * * > **Note:** Key Vault strips newlines. To preserve newlines in multi-line secrets try replacing them with `\n` or by base 64 encoding them with `replace(file("mySecretFile"), "/\n/", "\n")` or `base64encode(file("mySecretFile"))`, respectively. */ readonly valueWoVersion: pulumi.Output; /** * The current version of the Key Vault Secret. */ readonly version: pulumi.Output; /** * The Base ID of the Key Vault Secret. */ readonly versionlessId: pulumi.Output; /** * Create a Secret resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: SecretArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Secret resources. */ export interface SecretState { /** * Specifies the content type for the Key Vault Secret. */ contentType?: pulumi.Input; /** * Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). */ expirationDate?: pulumi.Input; /** * The ID of the Key Vault where the Secret should be created. Changing this forces a new resource to be created. */ keyVaultId?: pulumi.Input; /** * Specifies the name of the Key Vault Secret. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z'). */ notBeforeDate?: pulumi.Input; /** * The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services. */ resourceId?: pulumi.Input; /** * The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated. */ resourceVersionlessId?: pulumi.Input; /** * A mapping of tags to assign to the resource. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Specifies the value of the Key Vault Secret. Changing this will create a new version of the Key Vault Secret. */ value?: pulumi.Input; /** * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations. * Specifies the value of the Key Vault Secret. Changing this will create a new version of the Key Vault Secret. * * > **Note:** One of `value` or `valueWo` must be specified. */ valueWo?: pulumi.Input; /** * An integer value used to trigger an update for `valueWo`. This property should be incremented when updating `valueWo`. * * > **Note:** Key Vault strips newlines. To preserve newlines in multi-line secrets try replacing them with `\n` or by base 64 encoding them with `replace(file("mySecretFile"), "/\n/", "\n")` or `base64encode(file("mySecretFile"))`, respectively. */ valueWoVersion?: pulumi.Input; /** * The current version of the Key Vault Secret. */ version?: pulumi.Input; /** * The Base ID of the Key Vault Secret. */ versionlessId?: pulumi.Input; } /** * The set of arguments for constructing a Secret resource. */ export interface SecretArgs { /** * Specifies the content type for the Key Vault Secret. */ contentType?: pulumi.Input; /** * Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). */ expirationDate?: pulumi.Input; /** * The ID of the Key Vault where the Secret should be created. Changing this forces a new resource to be created. */ keyVaultId: pulumi.Input; /** * Specifies the name of the Key Vault Secret. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z'). */ notBeforeDate?: pulumi.Input; /** * A mapping of tags to assign to the resource. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Specifies the value of the Key Vault Secret. Changing this will create a new version of the Key Vault Secret. */ value?: pulumi.Input; /** * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations. * Specifies the value of the Key Vault Secret. Changing this will create a new version of the Key Vault Secret. * * > **Note:** One of `value` or `valueWo` must be specified. */ valueWo?: pulumi.Input; /** * An integer value used to trigger an update for `valueWo`. This property should be incremented when updating `valueWo`. * * > **Note:** Key Vault strips newlines. To preserve newlines in multi-line secrets try replacing them with `\n` or by base 64 encoding them with `replace(file("mySecretFile"), "/\n/", "\n")` or `base64encode(file("mySecretFile"))`, respectively. */ valueWoVersion?: pulumi.Input; }