Oracle Cloud Infrastructure v2.33.0, May 1 25

Oracle Cloud Infrastructure v2.33.0 published on Thursday, May 1, 2025 by Pulumi

oci.Vault.Secret

Explore with Pulumi AI

Oracle Cloud Infrastructure v2.33.0 published on Thursday, May 1, 2025 by Pulumi

Create Secret Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Secret(name: string, args: SecretArgs, opts?: CustomResourceOptions);

@overload
def Secret(resource_name: str,
           args: SecretArgs,
           opts: Optional[ResourceOptions] = None)

@overload
def Secret(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           key_id: Optional[str] = None,
           vault_id: Optional[str] = None,
           secret_name: Optional[str] = None,
           compartment_id: Optional[str] = None,
           metadata: Optional[Mapping[str, str]] = None,
           freeform_tags: Optional[Mapping[str, str]] = None,
           enable_auto_generation: Optional[bool] = None,
           rotation_config: Optional[SecretRotationConfigArgs] = None,
           secret_content: Optional[SecretSecretContentArgs] = None,
           secret_generation_context: Optional[SecretSecretGenerationContextArgs] = None,
           description: Optional[str] = None,
           secret_rules: Optional[Sequence[SecretSecretRuleArgs]] = None,
           defined_tags: Optional[Mapping[str, str]] = None)

func NewSecret(ctx *Context, name string, args SecretArgs, opts ...ResourceOption) (*Secret, error)

public Secret(string name, SecretArgs args, CustomResourceOptions? opts = null)

public Secret(String name, SecretArgs args)
public Secret(String name, SecretArgs args, CustomResourceOptions options)

type: oci:Vault:Secret
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var secretResource = new Oci.Vault.Secret("secretResource", new()
{
    KeyId = "string",
    VaultId = "string",
    SecretName = "string",
    CompartmentId = "string",
    Metadata = 
    {
        { "string", "string" },
    },
    FreeformTags = 
    {
        { "string", "string" },
    },
    EnableAutoGeneration = false,
    RotationConfig = new Oci.Vault.Inputs.SecretRotationConfigArgs
    {
        TargetSystemDetails = new Oci.Vault.Inputs.SecretRotationConfigTargetSystemDetailsArgs
        {
            TargetSystemType = "string",
            AdbId = "string",
            FunctionId = "string",
        },
        IsScheduledRotationEnabled = false,
        RotationInterval = "string",
    },
    SecretContent = new Oci.Vault.Inputs.SecretSecretContentArgs
    {
        ContentType = "string",
        Content = "string",
        Name = "string",
        Stage = "string",
    },
    SecretGenerationContext = new Oci.Vault.Inputs.SecretSecretGenerationContextArgs
    {
        GenerationTemplate = "string",
        GenerationType = "string",
        PassphraseLength = 0,
        SecretTemplate = "string",
    },
    Description = "string",
    SecretRules = new[]
    {
        new Oci.Vault.Inputs.SecretSecretRuleArgs
        {
            RuleType = "string",
            IsEnforcedOnDeletedSecretVersions = false,
            IsSecretContentRetrievalBlockedOnExpiry = false,
            SecretVersionExpiryInterval = "string",
            TimeOfAbsoluteExpiry = "string",
        },
    },
    DefinedTags = 
    {
        { "string", "string" },
    },
});

example, err := vault.NewSecret(ctx, "secretResource", &vault.SecretArgs{
	KeyId:         pulumi.String("string"),
	VaultId:       pulumi.String("string"),
	SecretName:    pulumi.String("string"),
	CompartmentId: pulumi.String("string"),
	Metadata: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	FreeformTags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	EnableAutoGeneration: pulumi.Bool(false),
	RotationConfig: &vault.SecretRotationConfigArgs{
		TargetSystemDetails: &vault.SecretRotationConfigTargetSystemDetailsArgs{
			TargetSystemType: pulumi.String("string"),
			AdbId:            pulumi.String("string"),
			FunctionId:       pulumi.String("string"),
		},
		IsScheduledRotationEnabled: pulumi.Bool(false),
		RotationInterval:           pulumi.String("string"),
	},
	SecretContent: &vault.SecretSecretContentArgs{
		ContentType: pulumi.String("string"),
		Content:     pulumi.String("string"),
		Name:        pulumi.String("string"),
		Stage:       pulumi.String("string"),
	},
	SecretGenerationContext: &vault.SecretSecretGenerationContextArgs{
		GenerationTemplate: pulumi.String("string"),
		GenerationType:     pulumi.String("string"),
		PassphraseLength:   pulumi.Int(0),
		SecretTemplate:     pulumi.String("string"),
	},
	Description: pulumi.String("string"),
	SecretRules: vault.SecretSecretRuleArray{
		&vault.SecretSecretRuleArgs{
			RuleType:                                pulumi.String("string"),
			IsEnforcedOnDeletedSecretVersions:       pulumi.Bool(false),
			IsSecretContentRetrievalBlockedOnExpiry: pulumi.Bool(false),
			SecretVersionExpiryInterval:             pulumi.String("string"),
			TimeOfAbsoluteExpiry:                    pulumi.String("string"),
		},
	},
	DefinedTags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
})

var secretResource = new Secret("secretResource", SecretArgs.builder()
    .keyId("string")
    .vaultId("string")
    .secretName("string")
    .compartmentId("string")
    .metadata(Map.of("string", "string"))
    .freeformTags(Map.of("string", "string"))
    .enableAutoGeneration(false)
    .rotationConfig(SecretRotationConfigArgs.builder()
        .targetSystemDetails(SecretRotationConfigTargetSystemDetailsArgs.builder()
            .targetSystemType("string")
            .adbId("string")
            .functionId("string")
            .build())
        .isScheduledRotationEnabled(false)
        .rotationInterval("string")
        .build())
    .secretContent(SecretSecretContentArgs.builder()
        .contentType("string")
        .content("string")
        .name("string")
        .stage("string")
        .build())
    .secretGenerationContext(SecretSecretGenerationContextArgs.builder()
        .generationTemplate("string")
        .generationType("string")
        .passphraseLength(0)
        .secretTemplate("string")
        .build())
    .description("string")
    .secretRules(SecretSecretRuleArgs.builder()
        .ruleType("string")
        .isEnforcedOnDeletedSecretVersions(false)
        .isSecretContentRetrievalBlockedOnExpiry(false)
        .secretVersionExpiryInterval("string")
        .timeOfAbsoluteExpiry("string")
        .build())
    .definedTags(Map.of("string", "string"))
    .build());

secret_resource = oci.vault.Secret("secretResource",
    key_id="string",
    vault_id="string",
    secret_name="string",
    compartment_id="string",
    metadata={
        "string": "string",
    },
    freeform_tags={
        "string": "string",
    },
    enable_auto_generation=False,
    rotation_config={
        "target_system_details": {
            "target_system_type": "string",
            "adb_id": "string",
            "function_id": "string",
        },
        "is_scheduled_rotation_enabled": False,
        "rotation_interval": "string",
    },
    secret_content={
        "content_type": "string",
        "content": "string",
        "name": "string",
        "stage": "string",
    },
    secret_generation_context={
        "generation_template": "string",
        "generation_type": "string",
        "passphrase_length": 0,
        "secret_template": "string",
    },
    description="string",
    secret_rules=[{
        "rule_type": "string",
        "is_enforced_on_deleted_secret_versions": False,
        "is_secret_content_retrieval_blocked_on_expiry": False,
        "secret_version_expiry_interval": "string",
        "time_of_absolute_expiry": "string",
    }],
    defined_tags={
        "string": "string",
    })

const secretResource = new oci.vault.Secret("secretResource", {
    keyId: "string",
    vaultId: "string",
    secretName: "string",
    compartmentId: "string",
    metadata: {
        string: "string",
    },
    freeformTags: {
        string: "string",
    },
    enableAutoGeneration: false,
    rotationConfig: {
        targetSystemDetails: {
            targetSystemType: "string",
            adbId: "string",
            functionId: "string",
        },
        isScheduledRotationEnabled: false,
        rotationInterval: "string",
    },
    secretContent: {
        contentType: "string",
        content: "string",
        name: "string",
        stage: "string",
    },
    secretGenerationContext: {
        generationTemplate: "string",
        generationType: "string",
        passphraseLength: 0,
        secretTemplate: "string",
    },
    description: "string",
    secretRules: [{
        ruleType: "string",
        isEnforcedOnDeletedSecretVersions: false,
        isSecretContentRetrievalBlockedOnExpiry: false,
        secretVersionExpiryInterval: "string",
        timeOfAbsoluteExpiry: "string",
    }],
    definedTags: {
        string: "string",
    },
});

type: oci:Vault:Secret
properties:
    compartmentId: string
    definedTags:
        string: string
    description: string
    enableAutoGeneration: false
    freeformTags:
        string: string
    keyId: string
    metadata:
        string: string
    rotationConfig:
        isScheduledRotationEnabled: false
        rotationInterval: string
        targetSystemDetails:
            adbId: string
            functionId: string
            targetSystemType: string
    secretContent:
        content: string
        contentType: string
        name: string
        stage: string
    secretGenerationContext:
        generationTemplate: string
        generationType: string
        passphraseLength: 0
        secretTemplate: string
    secretName: string
    secretRules:
        - isEnforcedOnDeletedSecretVersions: false
          isSecretContentRetrievalBlockedOnExpiry: false
          ruleType: string
          secretVersionExpiryInterval: string
          timeOfAbsoluteExpiry: string
    vaultId: string

Secret Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Secret resource accepts the following input properties:

CompartmentId string

(Updatable) The OCID of the compartment where you want to create the secret.

KeyId string

The OCID of the master encryption key that is used to encrypt the secret. You must specify a symmetric key to encrypt the secret during import to the vault. You cannot encrypt secrets with asymmetric keys. Furthermore, the key must exist in the vault that you specify.

SecretName string

A user-friendly name for the secret. Secret names should be unique within a vault. Avoid entering confidential information. Valid characters are uppercase or lowercase letters, numbers, hyphens, underscores, and periods.

VaultId string

The OCID of the vault where you want to create the secret.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

DefinedTags Dictionary<string, string>

(Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}

Description string

(Updatable) A brief description of the secret. Avoid entering confidential information.

EnableAutoGeneration bool

(Updatable) The value of this flag determines whether or not secret content will be generated automatically. If not set, it defaults to false.

FreeformTags Dictionary<string, string>

(Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}

Metadata Dictionary<string, string>

(Updatable) Additional metadata that you can use to provide context about how to use the secret during rotation or other administrative tasks. For example, for a secret that you use to connect to a database, the additional metadata might specify the connection endpoint and the connection string. Provide additional metadata as key-value pairs.

RotationConfig SecretRotationConfig

(Updatable) Defines the frequency of the rotation and the information about the target system

SecretContent SecretSecretContent

(Updatable) The content of the secret and metadata to help identify it.

SecretGenerationContext SecretSecretGenerationContext

(Updatable) Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.

SecretRules List<SecretSecretRule>

(Updatable) A list of rules to control how the secret is used and managed.

CompartmentId string

(Updatable) The OCID of the compartment where you want to create the secret.

KeyId string

SecretName string

VaultId string

The OCID of the vault where you want to create the secret.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

DefinedTags map[string]string

(Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}

Description string

(Updatable) A brief description of the secret. Avoid entering confidential information.

EnableAutoGeneration bool

(Updatable) The value of this flag determines whether or not secret content will be generated automatically. If not set, it defaults to false.

FreeformTags map[string]string

Metadata map[string]string

RotationConfig SecretRotationConfigArgs

(Updatable) Defines the frequency of the rotation and the information about the target system

SecretContent SecretSecretContentArgs

(Updatable) The content of the secret and metadata to help identify it.

SecretGenerationContext SecretSecretGenerationContextArgs

(Updatable) Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.

SecretRules []SecretSecretRuleArgs

(Updatable) A list of rules to control how the secret is used and managed.

compartmentId String

(Updatable) The OCID of the compartment where you want to create the secret.

keyId String

secretName String

vaultId String

The OCID of the vault where you want to create the secret.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

definedTags Map<String,String>

(Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}

description String

(Updatable) A brief description of the secret. Avoid entering confidential information.

enableAutoGeneration Boolean

(Updatable) The value of this flag determines whether or not secret content will be generated automatically. If not set, it defaults to false.

freeformTags Map<String,String>

metadata Map<String,String>

rotationConfig SecretRotationConfig

(Updatable) Defines the frequency of the rotation and the information about the target system

secretContent SecretSecretContent

(Updatable) The content of the secret and metadata to help identify it.

secretGenerationContext SecretSecretGenerationContext

(Updatable) Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.

secretRules List<SecretSecretRule>

(Updatable) A list of rules to control how the secret is used and managed.

compartmentId string

(Updatable) The OCID of the compartment where you want to create the secret.

keyId string

secretName string

vaultId string

The OCID of the vault where you want to create the secret.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

definedTags {[key: string]: string}

(Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}

description string

(Updatable) A brief description of the secret. Avoid entering confidential information.

enableAutoGeneration boolean

(Updatable) The value of this flag determines whether or not secret content will be generated automatically. If not set, it defaults to false.

freeformTags {[key: string]: string}

metadata {[key: string]: string}

rotationConfig SecretRotationConfig

(Updatable) Defines the frequency of the rotation and the information about the target system

secretContent SecretSecretContent

(Updatable) The content of the secret and metadata to help identify it.

secretGenerationContext SecretSecretGenerationContext

(Updatable) Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.

secretRules SecretSecretRule[]

(Updatable) A list of rules to control how the secret is used and managed.

compartment_id str

(Updatable) The OCID of the compartment where you want to create the secret.

key_id str

secret_name str

vault_id str

The OCID of the vault where you want to create the secret.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

defined_tags Mapping[str, str]

(Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}

description str

(Updatable) A brief description of the secret. Avoid entering confidential information.

enable_auto_generation bool

(Updatable) The value of this flag determines whether or not secret content will be generated automatically. If not set, it defaults to false.

freeform_tags Mapping[str, str]

metadata Mapping[str, str]

rotation_config SecretRotationConfigArgs

(Updatable) Defines the frequency of the rotation and the information about the target system

secret_content SecretSecretContentArgs

(Updatable) The content of the secret and metadata to help identify it.

secret_generation_context SecretSecretGenerationContextArgs

(Updatable) Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.

secret_rules Sequence[SecretSecretRuleArgs]

(Updatable) A list of rules to control how the secret is used and managed.

compartmentId String

(Updatable) The OCID of the compartment where you want to create the secret.

keyId String

secretName String

vaultId String

The OCID of the vault where you want to create the secret.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

definedTags Map<String>

(Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}

description String

(Updatable) A brief description of the secret. Avoid entering confidential information.

enableAutoGeneration Boolean

(Updatable) The value of this flag determines whether or not secret content will be generated automatically. If not set, it defaults to false.

freeformTags Map<String>

metadata Map<String>

rotationConfig Property Map

(Updatable) Defines the frequency of the rotation and the information about the target system

secretContent Property Map

(Updatable) The content of the secret and metadata to help identify it.

secretGenerationContext Property Map

(Updatable) Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.

secretRules List<Property Map>

(Updatable) A list of rules to control how the secret is used and managed.

Outputs

All input properties are implicitly available as output properties. Additionally, the Secret resource produces the following output properties:

CurrentVersionNumber string: The version number of the secret version that's currently in use.
Id string: The provider-assigned unique ID for this managed resource.
IsAutoGenerationEnabled bool: The value of this flag determines whether or not secret content will be generated automatically.
LastRotationTime string: A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
LifecycleDetails string: Additional information about the current lifecycle state of the secret.
NextRotationTime string: A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
RotationStatus string: Additional information about the status of the secret rotation
State string: The current lifecycle state of the secret.
TimeCreated string: A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
TimeOfCurrentVersionExpiry string: An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
TimeOfDeletion string: An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

CurrentVersionNumber string: The version number of the secret version that's currently in use.
Id string: The provider-assigned unique ID for this managed resource.
IsAutoGenerationEnabled bool: The value of this flag determines whether or not secret content will be generated automatically.
LastRotationTime string: A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
LifecycleDetails string: Additional information about the current lifecycle state of the secret.
NextRotationTime string: A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
RotationStatus string: Additional information about the status of the secret rotation
State string: The current lifecycle state of the secret.
TimeCreated string: A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
TimeOfCurrentVersionExpiry string: An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
TimeOfDeletion string: An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

currentVersionNumber String: The version number of the secret version that's currently in use.
id String: The provider-assigned unique ID for this managed resource.
isAutoGenerationEnabled Boolean: The value of this flag determines whether or not secret content will be generated automatically.
lastRotationTime String: A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
lifecycleDetails String: Additional information about the current lifecycle state of the secret.
nextRotationTime String: A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
rotationStatus String: Additional information about the status of the secret rotation
state String: The current lifecycle state of the secret.
timeCreated String: A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
timeOfCurrentVersionExpiry String: An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
timeOfDeletion String: An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

currentVersionNumber string: The version number of the secret version that's currently in use.
id string: The provider-assigned unique ID for this managed resource.
isAutoGenerationEnabled boolean: The value of this flag determines whether or not secret content will be generated automatically.
lastRotationTime string: A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
lifecycleDetails string: Additional information about the current lifecycle state of the secret.
nextRotationTime string: A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
rotationStatus string: Additional information about the status of the secret rotation
state string: The current lifecycle state of the secret.
timeCreated string: A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
timeOfCurrentVersionExpiry string: An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
timeOfDeletion string: An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

current_version_number str: The version number of the secret version that's currently in use.
id str: The provider-assigned unique ID for this managed resource.
is_auto_generation_enabled bool: The value of this flag determines whether or not secret content will be generated automatically.
last_rotation_time str: A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
lifecycle_details str: Additional information about the current lifecycle state of the secret.
next_rotation_time str: A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
rotation_status str: Additional information about the status of the secret rotation
state str: The current lifecycle state of the secret.
time_created str: A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
time_of_current_version_expiry str: An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
time_of_deletion str: An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

currentVersionNumber String: The version number of the secret version that's currently in use.
id String: The provider-assigned unique ID for this managed resource.
isAutoGenerationEnabled Boolean: The value of this flag determines whether or not secret content will be generated automatically.
lastRotationTime String: A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
lifecycleDetails String: Additional information about the current lifecycle state of the secret.
nextRotationTime String: A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
rotationStatus String: Additional information about the status of the secret rotation
state String: The current lifecycle state of the secret.
timeCreated String: A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
timeOfCurrentVersionExpiry String: An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
timeOfDeletion String: An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

Look up Existing Secret Resource

Get an existing Secret resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecretState, opts?: CustomResourceOptions): Secret

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        compartment_id: Optional[str] = None,
        current_version_number: Optional[str] = None,
        defined_tags: Optional[Mapping[str, str]] = None,
        description: Optional[str] = None,
        enable_auto_generation: Optional[bool] = None,
        freeform_tags: Optional[Mapping[str, str]] = None,
        is_auto_generation_enabled: Optional[bool] = None,
        key_id: Optional[str] = None,
        last_rotation_time: Optional[str] = None,
        lifecycle_details: Optional[str] = None,
        metadata: Optional[Mapping[str, str]] = None,
        next_rotation_time: Optional[str] = None,
        rotation_config: Optional[SecretRotationConfigArgs] = None,
        rotation_status: Optional[str] = None,
        secret_content: Optional[SecretSecretContentArgs] = None,
        secret_generation_context: Optional[SecretSecretGenerationContextArgs] = None,
        secret_name: Optional[str] = None,
        secret_rules: Optional[Sequence[SecretSecretRuleArgs]] = None,
        state: Optional[str] = None,
        time_created: Optional[str] = None,
        time_of_current_version_expiry: Optional[str] = None,
        time_of_deletion: Optional[str] = None,
        vault_id: Optional[str] = None) -> Secret

func GetSecret(ctx *Context, name string, id IDInput, state *SecretState, opts ...ResourceOption) (*Secret, error)

public static Secret Get(string name, Input<string> id, SecretState? state, CustomResourceOptions? opts = null)

public static Secret get(String name, Output<String> id, SecretState state, CustomResourceOptions options)

resources:  _:    type: oci:Vault:Secret    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

CompartmentId string

(Updatable) The OCID of the compartment where you want to create the secret.

CurrentVersionNumber string

The version number of the secret version that's currently in use.

DefinedTags Dictionary<string, string>

(Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}

Description string

(Updatable) A brief description of the secret. Avoid entering confidential information.

EnableAutoGeneration bool

(Updatable) The value of this flag determines whether or not secret content will be generated automatically. If not set, it defaults to false.

FreeformTags Dictionary<string, string>

IsAutoGenerationEnabled bool

The value of this flag determines whether or not secret content will be generated automatically.

KeyId string

LastRotationTime string

A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

LifecycleDetails string

Additional information about the current lifecycle state of the secret.

Metadata Dictionary<string, string>

NextRotationTime string

A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

RotationConfig SecretRotationConfig

(Updatable) Defines the frequency of the rotation and the information about the target system

RotationStatus string

Additional information about the status of the secret rotation

SecretContent SecretSecretContent

(Updatable) The content of the secret and metadata to help identify it.

SecretGenerationContext SecretSecretGenerationContext

(Updatable) Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.

SecretName string

SecretRules List<SecretSecretRule>

(Updatable) A list of rules to control how the secret is used and managed.

State string

The current lifecycle state of the secret.

TimeCreated string

A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

TimeOfCurrentVersionExpiry string

An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

TimeOfDeletion string

An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

VaultId string

The OCID of the vault where you want to create the secret.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

CompartmentId string

(Updatable) The OCID of the compartment where you want to create the secret.

CurrentVersionNumber string

The version number of the secret version that's currently in use.

DefinedTags map[string]string

(Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}

Description string

(Updatable) A brief description of the secret. Avoid entering confidential information.

EnableAutoGeneration bool

(Updatable) The value of this flag determines whether or not secret content will be generated automatically. If not set, it defaults to false.

FreeformTags map[string]string

IsAutoGenerationEnabled bool

The value of this flag determines whether or not secret content will be generated automatically.

KeyId string

LastRotationTime string

A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

LifecycleDetails string

Additional information about the current lifecycle state of the secret.

Metadata map[string]string

NextRotationTime string

A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

RotationConfig SecretRotationConfigArgs

(Updatable) Defines the frequency of the rotation and the information about the target system

RotationStatus string

Additional information about the status of the secret rotation

SecretContent SecretSecretContentArgs

(Updatable) The content of the secret and metadata to help identify it.

SecretGenerationContext SecretSecretGenerationContextArgs

(Updatable) Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.

SecretName string

SecretRules []SecretSecretRuleArgs

(Updatable) A list of rules to control how the secret is used and managed.

State string

The current lifecycle state of the secret.

TimeCreated string

A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

TimeOfCurrentVersionExpiry string

An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

TimeOfDeletion string

An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

VaultId string

The OCID of the vault where you want to create the secret.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

compartmentId String

(Updatable) The OCID of the compartment where you want to create the secret.

currentVersionNumber String

The version number of the secret version that's currently in use.

definedTags Map<String,String>

(Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}

description String

(Updatable) A brief description of the secret. Avoid entering confidential information.

enableAutoGeneration Boolean

(Updatable) The value of this flag determines whether or not secret content will be generated automatically. If not set, it defaults to false.

freeformTags Map<String,String>

isAutoGenerationEnabled Boolean

The value of this flag determines whether or not secret content will be generated automatically.

keyId String

lastRotationTime String

A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

lifecycleDetails String

Additional information about the current lifecycle state of the secret.

metadata Map<String,String>

nextRotationTime String

A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

rotationConfig SecretRotationConfig

(Updatable) Defines the frequency of the rotation and the information about the target system

rotationStatus String

Additional information about the status of the secret rotation

secretContent SecretSecretContent

(Updatable) The content of the secret and metadata to help identify it.

secretGenerationContext SecretSecretGenerationContext

(Updatable) Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.

secretName String

secretRules List<SecretSecretRule>

(Updatable) A list of rules to control how the secret is used and managed.

state String

The current lifecycle state of the secret.

timeCreated String

A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

timeOfCurrentVersionExpiry String

An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

timeOfDeletion String

An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

vaultId String

The OCID of the vault where you want to create the secret.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

compartmentId string

(Updatable) The OCID of the compartment where you want to create the secret.

currentVersionNumber string

The version number of the secret version that's currently in use.

definedTags {[key: string]: string}

(Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}

description string

(Updatable) A brief description of the secret. Avoid entering confidential information.

enableAutoGeneration boolean

(Updatable) The value of this flag determines whether or not secret content will be generated automatically. If not set, it defaults to false.

freeformTags {[key: string]: string}

isAutoGenerationEnabled boolean

The value of this flag determines whether or not secret content will be generated automatically.

keyId string

lastRotationTime string

A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

lifecycleDetails string

Additional information about the current lifecycle state of the secret.

metadata {[key: string]: string}

nextRotationTime string

A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

rotationConfig SecretRotationConfig

(Updatable) Defines the frequency of the rotation and the information about the target system

rotationStatus string

Additional information about the status of the secret rotation

secretContent SecretSecretContent

(Updatable) The content of the secret and metadata to help identify it.

secretGenerationContext SecretSecretGenerationContext

(Updatable) Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.

secretName string

secretRules SecretSecretRule[]

(Updatable) A list of rules to control how the secret is used and managed.

state string

The current lifecycle state of the secret.

timeCreated string

A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

timeOfCurrentVersionExpiry string

An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

timeOfDeletion string

An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

vaultId string

The OCID of the vault where you want to create the secret.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

compartment_id str

(Updatable) The OCID of the compartment where you want to create the secret.

current_version_number str

The version number of the secret version that's currently in use.

defined_tags Mapping[str, str]

(Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}

description str

(Updatable) A brief description of the secret. Avoid entering confidential information.

enable_auto_generation bool

(Updatable) The value of this flag determines whether or not secret content will be generated automatically. If not set, it defaults to false.

freeform_tags Mapping[str, str]

is_auto_generation_enabled bool

The value of this flag determines whether or not secret content will be generated automatically.

key_id str

last_rotation_time str

A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

lifecycle_details str

Additional information about the current lifecycle state of the secret.

metadata Mapping[str, str]

next_rotation_time str

A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

rotation_config SecretRotationConfigArgs

(Updatable) Defines the frequency of the rotation and the information about the target system

rotation_status str

Additional information about the status of the secret rotation

secret_content SecretSecretContentArgs

(Updatable) The content of the secret and metadata to help identify it.

secret_generation_context SecretSecretGenerationContextArgs

(Updatable) Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.

secret_name str

secret_rules Sequence[SecretSecretRuleArgs]

(Updatable) A list of rules to control how the secret is used and managed.

state str

The current lifecycle state of the secret.

time_created str

A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

time_of_current_version_expiry str

An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

time_of_deletion str

An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

vault_id str

The OCID of the vault where you want to create the secret.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

compartmentId String

(Updatable) The OCID of the compartment where you want to create the secret.

currentVersionNumber String

The version number of the secret version that's currently in use.

definedTags Map<String>

(Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}

description String

(Updatable) A brief description of the secret. Avoid entering confidential information.

enableAutoGeneration Boolean

(Updatable) The value of this flag determines whether or not secret content will be generated automatically. If not set, it defaults to false.

freeformTags Map<String>

isAutoGenerationEnabled Boolean

The value of this flag determines whether or not secret content will be generated automatically.

keyId String

lastRotationTime String

A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

lifecycleDetails String

Additional information about the current lifecycle state of the secret.

metadata Map<String>

nextRotationTime String

A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

rotationConfig Property Map

(Updatable) Defines the frequency of the rotation and the information about the target system

rotationStatus String

Additional information about the status of the secret rotation

secretContent Property Map

(Updatable) The content of the secret and metadata to help identify it.

secretGenerationContext Property Map

(Updatable) Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.

secretName String

secretRules List<Property Map>

(Updatable) A list of rules to control how the secret is used and managed.

state String

The current lifecycle state of the secret.

timeCreated String

A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

timeOfCurrentVersionExpiry String

An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

timeOfDeletion String

An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

vaultId String

The OCID of the vault where you want to create the secret.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

Supporting Types

SecretRotationConfig, SecretRotationConfigArgs

TargetSystemDetails SecretRotationConfigTargetSystemDetails: (Updatable) The TargetSystemDetails provides the targetSystem type and type-specific connection metadata
IsScheduledRotationEnabled bool: (Updatable) Enables auto rotation, when set to true rotationInterval must be set.
RotationInterval string: (Updatable) The time interval that indicates the frequency for rotating secret data, as described in ISO 8601 format. The minimum value is 1 day and maximum value is 360 days. For example, if you want to set the time interval for rotating a secret data as 30 days, the duration is expressed as "P30D."

TargetSystemDetails SecretRotationConfigTargetSystemDetails: (Updatable) The TargetSystemDetails provides the targetSystem type and type-specific connection metadata
IsScheduledRotationEnabled bool: (Updatable) Enables auto rotation, when set to true rotationInterval must be set.
RotationInterval string: (Updatable) The time interval that indicates the frequency for rotating secret data, as described in ISO 8601 format. The minimum value is 1 day and maximum value is 360 days. For example, if you want to set the time interval for rotating a secret data as 30 days, the duration is expressed as "P30D."

targetSystemDetails SecretRotationConfigTargetSystemDetails: (Updatable) The TargetSystemDetails provides the targetSystem type and type-specific connection metadata
isScheduledRotationEnabled Boolean: (Updatable) Enables auto rotation, when set to true rotationInterval must be set.
rotationInterval String: (Updatable) The time interval that indicates the frequency for rotating secret data, as described in ISO 8601 format. The minimum value is 1 day and maximum value is 360 days. For example, if you want to set the time interval for rotating a secret data as 30 days, the duration is expressed as "P30D."

targetSystemDetails SecretRotationConfigTargetSystemDetails: (Updatable) The TargetSystemDetails provides the targetSystem type and type-specific connection metadata
isScheduledRotationEnabled boolean: (Updatable) Enables auto rotation, when set to true rotationInterval must be set.
rotationInterval string: (Updatable) The time interval that indicates the frequency for rotating secret data, as described in ISO 8601 format. The minimum value is 1 day and maximum value is 360 days. For example, if you want to set the time interval for rotating a secret data as 30 days, the duration is expressed as "P30D."

target_system_details SecretRotationConfigTargetSystemDetails: (Updatable) The TargetSystemDetails provides the targetSystem type and type-specific connection metadata
is_scheduled_rotation_enabled bool: (Updatable) Enables auto rotation, when set to true rotationInterval must be set.
rotation_interval str: (Updatable) The time interval that indicates the frequency for rotating secret data, as described in ISO 8601 format. The minimum value is 1 day and maximum value is 360 days. For example, if you want to set the time interval for rotating a secret data as 30 days, the duration is expressed as "P30D."

targetSystemDetails Property Map: (Updatable) The TargetSystemDetails provides the targetSystem type and type-specific connection metadata
isScheduledRotationEnabled Boolean: (Updatable) Enables auto rotation, when set to true rotationInterval must be set.
rotationInterval String: (Updatable) The time interval that indicates the frequency for rotating secret data, as described in ISO 8601 format. The minimum value is 1 day and maximum value is 360 days. For example, if you want to set the time interval for rotating a secret data as 30 days, the duration is expressed as "P30D."

SecretRotationConfigTargetSystemDetails, SecretRotationConfigTargetSystemDetailsArgs

TargetSystemType string: (Updatable) Unique identifier of the target system that Vault Secret connects to.
AdbId string: (Updatable) The unique identifier (OCID) for the autonomous database that Vault Secret connects to.
FunctionId string: (Updatable) The unique identifier (OCID) of the Oracle Cloud Infrastructure Functions that vault secret connects to.

TargetSystemType string: (Updatable) Unique identifier of the target system that Vault Secret connects to.
AdbId string: (Updatable) The unique identifier (OCID) for the autonomous database that Vault Secret connects to.
FunctionId string: (Updatable) The unique identifier (OCID) of the Oracle Cloud Infrastructure Functions that vault secret connects to.

targetSystemType String: (Updatable) Unique identifier of the target system that Vault Secret connects to.
adbId String: (Updatable) The unique identifier (OCID) for the autonomous database that Vault Secret connects to.
functionId String: (Updatable) The unique identifier (OCID) of the Oracle Cloud Infrastructure Functions that vault secret connects to.

targetSystemType string: (Updatable) Unique identifier of the target system that Vault Secret connects to.
adbId string: (Updatable) The unique identifier (OCID) for the autonomous database that Vault Secret connects to.
functionId string: (Updatable) The unique identifier (OCID) of the Oracle Cloud Infrastructure Functions that vault secret connects to.

target_system_type str: (Updatable) Unique identifier of the target system that Vault Secret connects to.
adb_id str: (Updatable) The unique identifier (OCID) for the autonomous database that Vault Secret connects to.
function_id str: (Updatable) The unique identifier (OCID) of the Oracle Cloud Infrastructure Functions that vault secret connects to.

targetSystemType String: (Updatable) Unique identifier of the target system that Vault Secret connects to.
adbId String: (Updatable) The unique identifier (OCID) for the autonomous database that Vault Secret connects to.
functionId String: (Updatable) The unique identifier (OCID) of the Oracle Cloud Infrastructure Functions that vault secret connects to.

SecretSecretContent, SecretSecretContentArgs

ContentType string: (Updatable) The base64-encoded content of the secret.
Content string: (Updatable) The base64-encoded content of the secret.
Name string: (Updatable) Names should be unique within a secret. Valid characters are uppercase or lowercase letters, numbers, hyphens, underscores, and periods.
Stage string: (Updatable) The rotation state of the secret content. The default is CURRENT, meaning that the secret is currently in use. A secret version that you mark as PENDING is staged and available for use, but you don't yet want to rotate it into current, active use. For example, you might create or update a secret and mark its rotation state as PENDING if you haven't yet updated the secret on the target system. When creating a secret, only the value CURRENT is applicable, although the value LATEST is also automatically applied. When updating a secret, you can specify a version's rotation state as either CURRENT or PENDING.

ContentType string: (Updatable) The base64-encoded content of the secret.
Content string: (Updatable) The base64-encoded content of the secret.
Name string: (Updatable) Names should be unique within a secret. Valid characters are uppercase or lowercase letters, numbers, hyphens, underscores, and periods.
Stage string: (Updatable) The rotation state of the secret content. The default is CURRENT, meaning that the secret is currently in use. A secret version that you mark as PENDING is staged and available for use, but you don't yet want to rotate it into current, active use. For example, you might create or update a secret and mark its rotation state as PENDING if you haven't yet updated the secret on the target system. When creating a secret, only the value CURRENT is applicable, although the value LATEST is also automatically applied. When updating a secret, you can specify a version's rotation state as either CURRENT or PENDING.

contentType String: (Updatable) The base64-encoded content of the secret.
content String: (Updatable) The base64-encoded content of the secret.
name String: (Updatable) Names should be unique within a secret. Valid characters are uppercase or lowercase letters, numbers, hyphens, underscores, and periods.
stage String: (Updatable) The rotation state of the secret content. The default is CURRENT, meaning that the secret is currently in use. A secret version that you mark as PENDING is staged and available for use, but you don't yet want to rotate it into current, active use. For example, you might create or update a secret and mark its rotation state as PENDING if you haven't yet updated the secret on the target system. When creating a secret, only the value CURRENT is applicable, although the value LATEST is also automatically applied. When updating a secret, you can specify a version's rotation state as either CURRENT or PENDING.

contentType string: (Updatable) The base64-encoded content of the secret.
content string: (Updatable) The base64-encoded content of the secret.
name string: (Updatable) Names should be unique within a secret. Valid characters are uppercase or lowercase letters, numbers, hyphens, underscores, and periods.
stage string: (Updatable) The rotation state of the secret content. The default is CURRENT, meaning that the secret is currently in use. A secret version that you mark as PENDING is staged and available for use, but you don't yet want to rotate it into current, active use. For example, you might create or update a secret and mark its rotation state as PENDING if you haven't yet updated the secret on the target system. When creating a secret, only the value CURRENT is applicable, although the value LATEST is also automatically applied. When updating a secret, you can specify a version's rotation state as either CURRENT or PENDING.

content_type str: (Updatable) The base64-encoded content of the secret.
content str: (Updatable) The base64-encoded content of the secret.
name str: (Updatable) Names should be unique within a secret. Valid characters are uppercase or lowercase letters, numbers, hyphens, underscores, and periods.
stage str: (Updatable) The rotation state of the secret content. The default is CURRENT, meaning that the secret is currently in use. A secret version that you mark as PENDING is staged and available for use, but you don't yet want to rotate it into current, active use. For example, you might create or update a secret and mark its rotation state as PENDING if you haven't yet updated the secret on the target system. When creating a secret, only the value CURRENT is applicable, although the value LATEST is also automatically applied. When updating a secret, you can specify a version's rotation state as either CURRENT or PENDING.

contentType String: (Updatable) The base64-encoded content of the secret.
content String: (Updatable) The base64-encoded content of the secret.
name String: (Updatable) Names should be unique within a secret. Valid characters are uppercase or lowercase letters, numbers, hyphens, underscores, and periods.
stage String: (Updatable) The rotation state of the secret content. The default is CURRENT, meaning that the secret is currently in use. A secret version that you mark as PENDING is staged and available for use, but you don't yet want to rotate it into current, active use. For example, you might create or update a secret and mark its rotation state as PENDING if you haven't yet updated the secret on the target system. When creating a secret, only the value CURRENT is applicable, although the value LATEST is also automatically applied. When updating a secret, you can specify a version's rotation state as either CURRENT or PENDING.

SecretSecretGenerationContext, SecretSecretGenerationContextArgs

GenerationTemplate string: (Updatable) Name of random bytes generation template for generating random byte type secret.
GenerationType string: (Updatable) Name of the predefined secret generation type.
PassphraseLength int: (Updatable) Length of the passphrase to be generated
SecretTemplate string: (Updatable) SecretTemplate captures structure in which customer wants to store secrets. This is optional and a default structure is available for each secret type. The template can have any structure with static values that are not generated. Within the template, you can insert predefined placeholders to store secrets. These placeholders are later replaced with the generated content and saved as a Base64 encoded content.

GenerationTemplate string: (Updatable) Name of random bytes generation template for generating random byte type secret.
GenerationType string: (Updatable) Name of the predefined secret generation type.
PassphraseLength int: (Updatable) Length of the passphrase to be generated
SecretTemplate string: (Updatable) SecretTemplate captures structure in which customer wants to store secrets. This is optional and a default structure is available for each secret type. The template can have any structure with static values that are not generated. Within the template, you can insert predefined placeholders to store secrets. These placeholders are later replaced with the generated content and saved as a Base64 encoded content.

generationTemplate String: (Updatable) Name of random bytes generation template for generating random byte type secret.
generationType String: (Updatable) Name of the predefined secret generation type.
passphraseLength Integer: (Updatable) Length of the passphrase to be generated
secretTemplate String: (Updatable) SecretTemplate captures structure in which customer wants to store secrets. This is optional and a default structure is available for each secret type. The template can have any structure with static values that are not generated. Within the template, you can insert predefined placeholders to store secrets. These placeholders are later replaced with the generated content and saved as a Base64 encoded content.

generationTemplate string: (Updatable) Name of random bytes generation template for generating random byte type secret.
generationType string: (Updatable) Name of the predefined secret generation type.
passphraseLength number: (Updatable) Length of the passphrase to be generated
secretTemplate string: (Updatable) SecretTemplate captures structure in which customer wants to store secrets. This is optional and a default structure is available for each secret type. The template can have any structure with static values that are not generated. Within the template, you can insert predefined placeholders to store secrets. These placeholders are later replaced with the generated content and saved as a Base64 encoded content.

generation_template str: (Updatable) Name of random bytes generation template for generating random byte type secret.
generation_type str: (Updatable) Name of the predefined secret generation type.
passphrase_length int: (Updatable) Length of the passphrase to be generated
secret_template str: (Updatable) SecretTemplate captures structure in which customer wants to store secrets. This is optional and a default structure is available for each secret type. The template can have any structure with static values that are not generated. Within the template, you can insert predefined placeholders to store secrets. These placeholders are later replaced with the generated content and saved as a Base64 encoded content.

generationTemplate String: (Updatable) Name of random bytes generation template for generating random byte type secret.
generationType String: (Updatable) Name of the predefined secret generation type.
passphraseLength Number: (Updatable) Length of the passphrase to be generated
secretTemplate String: (Updatable) SecretTemplate captures structure in which customer wants to store secrets. This is optional and a default structure is available for each secret type. The template can have any structure with static values that are not generated. Within the template, you can insert predefined placeholders to store secrets. These placeholders are later replaced with the generated content and saved as a Base64 encoded content.

SecretSecretRule, SecretSecretRuleArgs

RuleType string: (Updatable) The type of rule, which either controls when the secret contents expire or whether they can be reused.
IsEnforcedOnDeletedSecretVersions bool: (Updatable) A property indicating whether the rule is applied even if the secret version with the content you are trying to reuse was deleted.
IsSecretContentRetrievalBlockedOnExpiry bool: (Updatable) A property indicating whether to block retrieval of the secret content, on expiry. The default is false. If the secret has already expired and you would like to retrieve the secret contents, you need to edit the secret rule to disable this property, to allow reading the secret content.
SecretVersionExpiryInterval string: (Updatable) A property indicating how long the secret contents will be considered valid, expressed in ISO 8601 format. The secret needs to be updated when the secret content expires. The timer resets after you update the secret contents. The minimum value is 1 day and the maximum value is 90 days for this property. Currently, only intervals expressed in days are supported. For example, pass P3D to have the secret version expire every 3 days.
TimeOfAbsoluteExpiry string: (Updatable) An optional property indicating the absolute time when this secret will expire, expressed in RFC 3339 timestamp format. The minimum number of days from current time is 1 day and the maximum number of days from current time is 365 days. Example: 2019-04-03T21:10:29.600Z

RuleType string: (Updatable) The type of rule, which either controls when the secret contents expire or whether they can be reused.
IsEnforcedOnDeletedSecretVersions bool: (Updatable) A property indicating whether the rule is applied even if the secret version with the content you are trying to reuse was deleted.
IsSecretContentRetrievalBlockedOnExpiry bool: (Updatable) A property indicating whether to block retrieval of the secret content, on expiry. The default is false. If the secret has already expired and you would like to retrieve the secret contents, you need to edit the secret rule to disable this property, to allow reading the secret content.
SecretVersionExpiryInterval string: (Updatable) A property indicating how long the secret contents will be considered valid, expressed in ISO 8601 format. The secret needs to be updated when the secret content expires. The timer resets after you update the secret contents. The minimum value is 1 day and the maximum value is 90 days for this property. Currently, only intervals expressed in days are supported. For example, pass P3D to have the secret version expire every 3 days.
TimeOfAbsoluteExpiry string: (Updatable) An optional property indicating the absolute time when this secret will expire, expressed in RFC 3339 timestamp format. The minimum number of days from current time is 1 day and the maximum number of days from current time is 365 days. Example: 2019-04-03T21:10:29.600Z

ruleType String: (Updatable) The type of rule, which either controls when the secret contents expire or whether they can be reused.
isEnforcedOnDeletedSecretVersions Boolean: (Updatable) A property indicating whether the rule is applied even if the secret version with the content you are trying to reuse was deleted.
isSecretContentRetrievalBlockedOnExpiry Boolean: (Updatable) A property indicating whether to block retrieval of the secret content, on expiry. The default is false. If the secret has already expired and you would like to retrieve the secret contents, you need to edit the secret rule to disable this property, to allow reading the secret content.
secretVersionExpiryInterval String: (Updatable) A property indicating how long the secret contents will be considered valid, expressed in ISO 8601 format. The secret needs to be updated when the secret content expires. The timer resets after you update the secret contents. The minimum value is 1 day and the maximum value is 90 days for this property. Currently, only intervals expressed in days are supported. For example, pass P3D to have the secret version expire every 3 days.
timeOfAbsoluteExpiry String: (Updatable) An optional property indicating the absolute time when this secret will expire, expressed in RFC 3339 timestamp format. The minimum number of days from current time is 1 day and the maximum number of days from current time is 365 days. Example: 2019-04-03T21:10:29.600Z

ruleType string: (Updatable) The type of rule, which either controls when the secret contents expire or whether they can be reused.
isEnforcedOnDeletedSecretVersions boolean: (Updatable) A property indicating whether the rule is applied even if the secret version with the content you are trying to reuse was deleted.
isSecretContentRetrievalBlockedOnExpiry boolean: (Updatable) A property indicating whether to block retrieval of the secret content, on expiry. The default is false. If the secret has already expired and you would like to retrieve the secret contents, you need to edit the secret rule to disable this property, to allow reading the secret content.
secretVersionExpiryInterval string: (Updatable) A property indicating how long the secret contents will be considered valid, expressed in ISO 8601 format. The secret needs to be updated when the secret content expires. The timer resets after you update the secret contents. The minimum value is 1 day and the maximum value is 90 days for this property. Currently, only intervals expressed in days are supported. For example, pass P3D to have the secret version expire every 3 days.
timeOfAbsoluteExpiry string: (Updatable) An optional property indicating the absolute time when this secret will expire, expressed in RFC 3339 timestamp format. The minimum number of days from current time is 1 day and the maximum number of days from current time is 365 days. Example: 2019-04-03T21:10:29.600Z

rule_type str: (Updatable) The type of rule, which either controls when the secret contents expire or whether they can be reused.
is_enforced_on_deleted_secret_versions bool: (Updatable) A property indicating whether the rule is applied even if the secret version with the content you are trying to reuse was deleted.
is_secret_content_retrieval_blocked_on_expiry bool: (Updatable) A property indicating whether to block retrieval of the secret content, on expiry. The default is false. If the secret has already expired and you would like to retrieve the secret contents, you need to edit the secret rule to disable this property, to allow reading the secret content.
secret_version_expiry_interval str: (Updatable) A property indicating how long the secret contents will be considered valid, expressed in ISO 8601 format. The secret needs to be updated when the secret content expires. The timer resets after you update the secret contents. The minimum value is 1 day and the maximum value is 90 days for this property. Currently, only intervals expressed in days are supported. For example, pass P3D to have the secret version expire every 3 days.
time_of_absolute_expiry str: (Updatable) An optional property indicating the absolute time when this secret will expire, expressed in RFC 3339 timestamp format. The minimum number of days from current time is 1 day and the maximum number of days from current time is 365 days. Example: 2019-04-03T21:10:29.600Z

ruleType String: (Updatable) The type of rule, which either controls when the secret contents expire or whether they can be reused.
isEnforcedOnDeletedSecretVersions Boolean: (Updatable) A property indicating whether the rule is applied even if the secret version with the content you are trying to reuse was deleted.
isSecretContentRetrievalBlockedOnExpiry Boolean: (Updatable) A property indicating whether to block retrieval of the secret content, on expiry. The default is false. If the secret has already expired and you would like to retrieve the secret contents, you need to edit the secret rule to disable this property, to allow reading the secret content.
secretVersionExpiryInterval String: (Updatable) A property indicating how long the secret contents will be considered valid, expressed in ISO 8601 format. The secret needs to be updated when the secret content expires. The timer resets after you update the secret contents. The minimum value is 1 day and the maximum value is 90 days for this property. Currently, only intervals expressed in days are supported. For example, pass P3D to have the secret version expire every 3 days.
timeOfAbsoluteExpiry String: (Updatable) An optional property indicating the absolute time when this secret will expire, expressed in RFC 3339 timestamp format. The minimum number of days from current time is 1 day and the maximum number of days from current time is 365 days. Example: 2019-04-03T21:10:29.600Z

Import

Secrets can be imported using the id, e.g.

$ pulumi import oci:Vault/secret:Secret test_secret "id"

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: oci pulumi/pulumi-oci
License: Apache-2.0
Notes: This Pulumi package is based on the oci Terraform Provider.

Oracle Cloud Infrastructure v2.33.0 published on Thursday, May 1, 2025 by Pulumi

pulumi/pulumi-oci

oci.Vault.Secret

On this page

On this page

Create Secret Resource

Constructor syntax

Parameters

Constructor example

Secret Resource Properties

Inputs

Outputs

Look up Existing Secret Resource

Supporting Types

SecretRotationConfig, SecretRotationConfigArgs

SecretRotationConfigTargetSystemDetails, SecretRotationConfigTargetSystemDetailsArgs

SecretSecretContent, SecretSecretContentArgs

SecretSecretGenerationContext, SecretSecretGenerationContextArgs

SecretSecretRule, SecretSecretRuleArgs

Import

Package Details

On this page

On this page