Control Plane v0.0.56, Apr 9 25

Control Plane v0.0.56 published on Wednesday, Apr 9, 2025 by pulumiverse

cpln.getSecret

Explore with Pulumi AI

Control Plane v0.0.56 published on Wednesday, Apr 9, 2025 by pulumiverse

pulumiverse/pulumi-cpln

Required

name (String) Name of the secret.

Outputs

The following attributes are exported:

cpln_id (String) The ID, in GUID format, of the secret.
name (String) Name of the secret.
description (String) Description of the secret.
tags (Map of String) Key-value map of resource tags.
self_link (String) Full link to this resource. Can be referenced by other resources.
secret_link (String) Output used when linking a secret to an environment variable or volume, in the format: cpln://secret/SECRET_NAME.
dictionary_as_envs (Map of String) If a dictionary secret is defined, this output will be a key-value map in the following format: key = cpln://secret/SECRET_NAME.key.
aws (Block List, Max: 1) (see below) Reference Page.
azure_connector (Block List, Max: 1) (see below) Reference Page.
azure_sdk (String, Sensitive) JSON string containing the Docker secret. Reference Page.
dictionary (Map of String) List of unique key-value pairs. Reference Page.
docker (String, Sensitive) JSON string containing the Docker secret. Reference Page.
ecr (Block List, Max: 1) (see below).
gcp (String, Sensitive) JSON string containing the GCP secret. Reference Page
keypair (Block List, Max: 1) (see below) Reference Page.
nats_account (Block List, Max: 1) (see below) Reference Page.
opaque (Block List, Max: 1) (see below) Reference Page.
tls (Block List, Max: 1) (see below) Reference Page.
userpass (Block List, Max: 1) (see below) Reference Page.

`aws`

Optional:

access_key (String, Sensitive) Access Key provided by AWS.
role_arn (String) Role ARN provided by AWS.
secret_key (String, Sensitive) Secret Key provided by AWS.
external_id (String) AWS IAM Role External ID.

`azure_connector`

Optional:

code (String, Sensitive) Code/Key to authenticate to deployment URL.
url (String, Sensitive) Deployment URL.

`ecr`

Reference Page

Optional:

access_key (String) Access Key provided by AWS.
repos (Set of String) List of ECR repositories.
role_arn (String) Role ARN provided by AWS.
secret_key (String, Sensitive) Secret Key provided by AWS.
external_id (String) AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.

`keypair`

Optional:

passphrase (String, Sensitive) Passphrase for private key.
public_key (String) Public Key.
secret_key (String, Sensitive) Secret/Private Key.

`nats_account`

Required:

account_id (String) Account ID.
private_key (String) Private Key.

`opaque`

Optional:

encoding (String) Available encodings: plain, base64. Default: plain.
payload (String, Sensitive) Plain text or base64 encoded string. Use encoding attribute to specify encoding.

`tls`

Optional:

cert (String) Public Certificate.
chain (String) Chain Certificate.
key (String, Sensitive) Private Certificate.

`userpass`

Optional:

encoding (String) Available encodings: plain, base64. Default: plain.
password (String, Sensitive) Password.
username (String) Username.

import * as pulumi from "@pulumi/pulumi";
import * as cpln from "@pulumi/cpln";

export = async () => {
    const example = await cpln.getSecret({
        name: "example-secret-opaque",
    });
    return {
        "example-secret-payload": example.opaque?.payload,
    };
}

import pulumi
import pulumi_cpln as cpln

example = cpln.get_secret(name="example-secret-opaque")
pulumi.export("example-secret-payload", example.opaque.payload)

package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumiverse/pulumi-cpln/sdk/go/cpln"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := cpln.LookupSecret(ctx, &cpln.LookupSecretArgs{
			Name: "example-secret-opaque",
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("example-secret-payload", example.Opaque.Payload)
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cpln = Pulumi.Cpln;

return await Deployment.RunAsync(() => 
{
    var example = Cpln.GetSecret.Invoke(new()
    {
        Name = "example-secret-opaque",
    });

    return new Dictionary<string, object?>
    {
        ["example-secret-payload"] = example.Apply(getSecretResult => getSecretResult.Opaque?.Payload),
    };
});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cpln.CplnFunctions;
import com.pulumi.cpln.inputs.GetSecretArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = CplnFunctions.getSecret(GetSecretArgs.builder()
            .name("example-secret-opaque")
            .build());

        ctx.export("example-secret-payload", example.applyValue(getSecretResult -> getSecretResult.opaque().payload()));
    }
}

variables:
  example:
    fn::invoke:
      function: cpln:getSecret
      arguments:
        name: example-secret-opaque
outputs:
  example-secret-payload: ${example.opaque.payload}

Using getSecret

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

TypeScript
Python
Go
C#
Java
YAML

function getSecret(args: GetSecretArgs, opts?: InvokeOptions): Promise<GetSecretResult>
function getSecretOutput(args: GetSecretOutputArgs, opts?: InvokeOptions): Output<GetSecretResult>

def get_secret(aws: Optional[GetSecretAws] = None,
               azure_connector: Optional[GetSecretAzureConnector] = None,
               azure_sdk: Optional[str] = None,
               description: Optional[str] = None,
               dictionary: Optional[Mapping[str, str]] = None,
               docker: Optional[str] = None,
               ecr: Optional[GetSecretEcr] = None,
               gcp: Optional[str] = None,
               keypair: Optional[GetSecretKeypair] = None,
               name: Optional[str] = None,
               nats_account: Optional[GetSecretNatsAccount] = None,
               opaque: Optional[GetSecretOpaque] = None,
               tags: Optional[Mapping[str, str]] = None,
               tls: Optional[GetSecretTls] = None,
               userpass: Optional[GetSecretUserpass] = None,
               opts: Optional[InvokeOptions] = None) -> GetSecretResult
def get_secret_output(aws: Optional[pulumi.Input[GetSecretAwsArgs]] = None,
               azure_connector: Optional[pulumi.Input[GetSecretAzureConnectorArgs]] = None,
               azure_sdk: Optional[pulumi.Input[str]] = None,
               description: Optional[pulumi.Input[str]] = None,
               dictionary: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
               docker: Optional[pulumi.Input[str]] = None,
               ecr: Optional[pulumi.Input[GetSecretEcrArgs]] = None,
               gcp: Optional[pulumi.Input[str]] = None,
               keypair: Optional[pulumi.Input[GetSecretKeypairArgs]] = None,
               name: Optional[pulumi.Input[str]] = None,
               nats_account: Optional[pulumi.Input[GetSecretNatsAccountArgs]] = None,
               opaque: Optional[pulumi.Input[GetSecretOpaqueArgs]] = None,
               tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
               tls: Optional[pulumi.Input[GetSecretTlsArgs]] = None,
               userpass: Optional[pulumi.Input[GetSecretUserpassArgs]] = None,
               opts: Optional[InvokeOptions] = None) -> Output[GetSecretResult]

func LookupSecret(ctx *Context, args *LookupSecretArgs, opts ...InvokeOption) (*LookupSecretResult, error)
func LookupSecretOutput(ctx *Context, args *LookupSecretOutputArgs, opts ...InvokeOption) LookupSecretResultOutput

> Note: This function is named LookupSecret in the Go SDK.

public static class GetSecret 
{
    public static Task<GetSecretResult> InvokeAsync(GetSecretArgs args, InvokeOptions? opts = null)
    public static Output<GetSecretResult> Invoke(GetSecretInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetSecretResult> getSecret(GetSecretArgs args, InvokeOptions options)
public static Output<GetSecretResult> getSecret(GetSecretArgs args, InvokeOptions options)

fn::invoke:
  function: cpln:index/getSecret:getSecret
  arguments:
    # arguments dictionary

The following arguments are supported:

Name string
Aws Pulumiverse.Cpln.Inputs.GetSecretAws
AzureConnector Pulumiverse.Cpln.Inputs.GetSecretAzureConnector
AzureSdk string
Description string
Dictionary Dictionary<string, string>
Docker string
Ecr Pulumiverse.Cpln.Inputs.GetSecretEcr
Gcp string
Keypair Pulumiverse.Cpln.Inputs.GetSecretKeypair
NatsAccount Pulumiverse.Cpln.Inputs.GetSecretNatsAccount
Opaque Pulumiverse.Cpln.Inputs.GetSecretOpaque
Tags Dictionary<string, string>
Tls Pulumiverse.Cpln.Inputs.GetSecretTls
Userpass Pulumiverse.Cpln.Inputs.GetSecretUserpass

Name string
Aws GetSecretAws
AzureConnector GetSecretAzureConnector
AzureSdk string
Description string
Dictionary map[string]string
Docker string
Ecr GetSecretEcr
Gcp string
Keypair GetSecretKeypair
NatsAccount GetSecretNatsAccount
Opaque GetSecretOpaque
Tags map[string]string
Tls GetSecretTls
Userpass GetSecretUserpass

name String
aws GetSecretAws
azureConnector GetSecretAzureConnector
azureSdk String
description String
dictionary Map<String,String>
docker String
ecr GetSecretEcr
gcp String
keypair GetSecretKeypair
natsAccount GetSecretNatsAccount
opaque GetSecretOpaque
tags Map<String,String>
tls GetSecretTls
userpass GetSecretUserpass

name string
aws GetSecretAws
azureConnector GetSecretAzureConnector
azureSdk string
description string
dictionary {[key: string]: string}
docker string
ecr GetSecretEcr
gcp string
keypair GetSecretKeypair
natsAccount GetSecretNatsAccount
opaque GetSecretOpaque
tags {[key: string]: string}
tls GetSecretTls
userpass GetSecretUserpass

name str
aws GetSecretAws
azure_connector GetSecretAzureConnector
azure_sdk str
description str
dictionary Mapping[str, str]
docker str
ecr GetSecretEcr
gcp str
keypair GetSecretKeypair
nats_account GetSecretNatsAccount
opaque GetSecretOpaque
tags Mapping[str, str]
tls GetSecretTls
userpass GetSecretUserpass

name String
aws Property Map
azureConnector Property Map
azureSdk String
description String
dictionary Map<String>
docker String
ecr Property Map
gcp String
keypair Property Map
natsAccount Property Map
opaque Property Map
tags Map<String>
tls Property Map
userpass Property Map

getSecret Result

The following output properties are available:

CplnId string
DictionaryAsEnvs Dictionary<string, string>
Id string: The provider-assigned unique ID for this managed resource.
Name string
SecretLink string
SelfLink string
Aws Pulumiverse.Cpln.Outputs.GetSecretAws
AzureConnector Pulumiverse.Cpln.Outputs.GetSecretAzureConnector
AzureSdk string
Description string
Dictionary Dictionary<string, string>
Docker string
Ecr Pulumiverse.Cpln.Outputs.GetSecretEcr
Gcp string
Keypair Pulumiverse.Cpln.Outputs.GetSecretKeypair
NatsAccount Pulumiverse.Cpln.Outputs.GetSecretNatsAccount
Opaque Pulumiverse.Cpln.Outputs.GetSecretOpaque
Tags Dictionary<string, string>
Tls Pulumiverse.Cpln.Outputs.GetSecretTls
Userpass Pulumiverse.Cpln.Outputs.GetSecretUserpass

CplnId string
DictionaryAsEnvs map[string]string
Id string: The provider-assigned unique ID for this managed resource.
Name string
SecretLink string
SelfLink string
Aws GetSecretAws
AzureConnector GetSecretAzureConnector
AzureSdk string
Description string
Dictionary map[string]string
Docker string
Ecr GetSecretEcr
Gcp string
Keypair GetSecretKeypair
NatsAccount GetSecretNatsAccount
Opaque GetSecretOpaque
Tags map[string]string
Tls GetSecretTls
Userpass GetSecretUserpass

cplnId String
dictionaryAsEnvs Map<String,String>
id String: The provider-assigned unique ID for this managed resource.
name String
secretLink String
selfLink String
aws GetSecretAws
azureConnector GetSecretAzureConnector
azureSdk String
description String
dictionary Map<String,String>
docker String
ecr GetSecretEcr
gcp String
keypair GetSecretKeypair
natsAccount GetSecretNatsAccount
opaque GetSecretOpaque
tags Map<String,String>
tls GetSecretTls
userpass GetSecretUserpass

cplnId string
dictionaryAsEnvs {[key: string]: string}
id string: The provider-assigned unique ID for this managed resource.
name string
secretLink string
selfLink string
aws GetSecretAws
azureConnector GetSecretAzureConnector
azureSdk string
description string
dictionary {[key: string]: string}
docker string
ecr GetSecretEcr
gcp string
keypair GetSecretKeypair
natsAccount GetSecretNatsAccount
opaque GetSecretOpaque
tags {[key: string]: string}
tls GetSecretTls
userpass GetSecretUserpass

cpln_id str
dictionary_as_envs Mapping[str, str]
id str: The provider-assigned unique ID for this managed resource.
name str
secret_link str
self_link str
aws GetSecretAws
azure_connector GetSecretAzureConnector
azure_sdk str
description str
dictionary Mapping[str, str]
docker str
ecr GetSecretEcr
gcp str
keypair GetSecretKeypair
nats_account GetSecretNatsAccount
opaque GetSecretOpaque
tags Mapping[str, str]
tls GetSecretTls
userpass GetSecretUserpass

cplnId String
dictionaryAsEnvs Map<String>
id String: The provider-assigned unique ID for this managed resource.
name String
secretLink String
selfLink String
aws Property Map
azureConnector Property Map
azureSdk String
description String
dictionary Map<String>
docker String
ecr Property Map
gcp String
keypair Property Map
natsAccount Property Map
opaque Property Map
tags Map<String>
tls Property Map
userpass Property Map

Supporting Types

GetSecretAws

AccessKey string: Access Key provided by AWS.
SecretKey string: Secret Key provided by AWS.
ExternalId string: AWS IAM Role External ID.
RoleArn string: Role ARN provided by AWS.

AccessKey string: Access Key provided by AWS.
SecretKey string: Secret Key provided by AWS.
ExternalId string: AWS IAM Role External ID.
RoleArn string: Role ARN provided by AWS.

accessKey String: Access Key provided by AWS.
secretKey String: Secret Key provided by AWS.
externalId String: AWS IAM Role External ID.
roleArn String: Role ARN provided by AWS.

accessKey string: Access Key provided by AWS.
secretKey string: Secret Key provided by AWS.
externalId string: AWS IAM Role External ID.
roleArn string: Role ARN provided by AWS.

access_key str: Access Key provided by AWS.
secret_key str: Secret Key provided by AWS.
external_id str: AWS IAM Role External ID.
role_arn str: Role ARN provided by AWS.

accessKey String: Access Key provided by AWS.
secretKey String: Secret Key provided by AWS.
externalId String: AWS IAM Role External ID.
roleArn String: Role ARN provided by AWS.

GetSecretAzureConnector

Code string: Code/Key to authenticate to deployment URL.
Url string: Deployment URL.

Code string: Code/Key to authenticate to deployment URL.
Url string: Deployment URL.

code String: Code/Key to authenticate to deployment URL.
url String: Deployment URL.

code string: Code/Key to authenticate to deployment URL.
url string: Deployment URL.

code str: Code/Key to authenticate to deployment URL.
url str: Deployment URL.

code String: Code/Key to authenticate to deployment URL.
url String: Deployment URL.

GetSecretEcr

AccessKey string: Access Key provided by AWS.
Repos List<string>: List of ECR repositories.
SecretKey string: Secret Key provided by AWS.
ExternalId string: AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
RoleArn string: Role ARN provided by AWS.

AccessKey string: Access Key provided by AWS.
Repos []string: List of ECR repositories.
SecretKey string: Secret Key provided by AWS.
ExternalId string: AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
RoleArn string: Role ARN provided by AWS.

accessKey String: Access Key provided by AWS.
repos List<String>: List of ECR repositories.
secretKey String: Secret Key provided by AWS.
externalId String: AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
roleArn String: Role ARN provided by AWS.

accessKey string: Access Key provided by AWS.
repos string[]: List of ECR repositories.
secretKey string: Secret Key provided by AWS.
externalId string: AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
roleArn string: Role ARN provided by AWS.

access_key str: Access Key provided by AWS.
repos Sequence[str]: List of ECR repositories.
secret_key str: Secret Key provided by AWS.
external_id str: AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
role_arn str: Role ARN provided by AWS.

accessKey String: Access Key provided by AWS.
repos List<String>: List of ECR repositories.
secretKey String: Secret Key provided by AWS.
externalId String: AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
roleArn String: Role ARN provided by AWS.

GetSecretKeypair

SecretKey string: Secret/Private Key.
Passphrase string: Passphrase for private key.
PublicKey string: Public Key.

SecretKey string: Secret/Private Key.
Passphrase string: Passphrase for private key.
PublicKey string: Public Key.

secretKey String: Secret/Private Key.
passphrase String: Passphrase for private key.
publicKey String: Public Key.

secretKey string: Secret/Private Key.
passphrase string: Passphrase for private key.
publicKey string: Public Key.

secret_key str: Secret/Private Key.
passphrase str: Passphrase for private key.
public_key str: Public Key.

secretKey String: Secret/Private Key.
passphrase String: Passphrase for private key.
publicKey String: Public Key.

GetSecretNatsAccount

AccountId string: Account ID.
PrivateKey string: Private Key.

AccountId string: Account ID.
PrivateKey string: Private Key.

accountId String: Account ID.
privateKey String: Private Key.

accountId string: Account ID.
privateKey string: Private Key.

account_id str: Account ID.
private_key str: Private Key.

accountId String: Account ID.
privateKey String: Private Key.

GetSecretOpaque

Payload string: Plain text or base64 encoded string. Use encoding attribute to specify encoding.
Encoding string: Available encodings: plain, base64. Default: plain.

Payload string: Plain text or base64 encoded string. Use encoding attribute to specify encoding.
Encoding string: Available encodings: plain, base64. Default: plain.

payload String: Plain text or base64 encoded string. Use encoding attribute to specify encoding.
encoding String: Available encodings: plain, base64. Default: plain.

payload string: Plain text or base64 encoded string. Use encoding attribute to specify encoding.
encoding string: Available encodings: plain, base64. Default: plain.

payload str: Plain text or base64 encoded string. Use encoding attribute to specify encoding.
encoding str: Available encodings: plain, base64. Default: plain.

payload String: Plain text or base64 encoded string. Use encoding attribute to specify encoding.
encoding String: Available encodings: plain, base64. Default: plain.

GetSecretTls

Cert string: Public Certificate.
Key string: Private Certificate.
Chain string: Chain Certificate.

Cert string: Public Certificate.
Key string: Private Certificate.
Chain string: Chain Certificate.

cert String: Public Certificate.
key String: Private Certificate.
chain String: Chain Certificate.

cert string: Public Certificate.
key string: Private Certificate.
chain string: Chain Certificate.

cert str: Public Certificate.
key str: Private Certificate.
chain str: Chain Certificate.

cert String: Public Certificate.
key String: Private Certificate.
chain String: Chain Certificate.

GetSecretUserpass

Password string: Password.
Username string: Username.
Encoding string: Available encodings: plain, base64. Default: plain.

Password string: Password.
Username string: Username.
Encoding string: Available encodings: plain, base64. Default: plain.

password String: Password.
username String: Username.
encoding String: Available encodings: plain, base64. Default: plain.

password string: Password.
username string: Username.
encoding string: Available encodings: plain, base64. Default: plain.

password str: Password.
username str: Username.
encoding str: Available encodings: plain, base64. Default: plain.

password String: Password.
username String: Username.
encoding String: Available encodings: plain, base64. Default: plain.

Package Details

Repository: cpln pulumiverse/pulumi-cpln
License: Apache-2.0
Notes: This Pulumi package is based on the cpln Terraform Provider.

Control Plane v0.0.56 published on Wednesday, Apr 9, 2025 by pulumiverse

pulumiverse/pulumi-cpln

cpln.getSecret

On this page

On this page

Required

Outputs

`aws`

`azure_connector`

`ecr`

`keypair`

`nats_account`

`opaque`

`tls`

`userpass`

Example Usage

Using getSecret

getSecret Result

Supporting Types

GetSecretAws

GetSecretAzureConnector

GetSecretEcr

GetSecretKeypair

GetSecretNatsAccount

GetSecretOpaque

GetSecretTls

GetSecretUserpass

Package Details

On this page

On this page