Docs Home
Harness v0.7.1 published on Saturday, Mar 29, 2025 by Pulumi
harness.EncryptedText
Explore with Pulumi AI
Resource for creating an encrypted text secret
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as harness from "@pulumi/harness";
const _default = harness.getSecretManager({
"default": true,
});
const example = new harness.EncryptedText("example", {
name: "example-secret",
value: "someval",
secretManagerId: _default.then(_default => _default.id),
usageScopes: [
{
environmentFilterType: "PRODUCTION_ENVIRONMENTS",
},
{
environmentFilterType: "NON_PRODUCTION_ENVIRONMENTS",
},
],
});
import pulumi
import pulumi_harness as harness
default = harness.get_secret_manager(default=True)
example = harness.EncryptedText("example",
name="example-secret",
value="someval",
secret_manager_id=default.id,
usage_scopes=[
{
"environment_filter_type": "PRODUCTION_ENVIRONMENTS",
},
{
"environment_filter_type": "NON_PRODUCTION_ENVIRONMENTS",
},
])
package main
import (
"github.com/pulumi/pulumi-harness/sdk/go/harness"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := harness.GetSecretManager(ctx, &harness.GetSecretManagerArgs{
Default: pulumi.BoolRef(true),
}, nil)
if err != nil {
return err
}
_, err = harness.NewEncryptedText(ctx, "example", &harness.EncryptedTextArgs{
Name: pulumi.String("example-secret"),
Value: pulumi.String("someval"),
SecretManagerId: pulumi.String(_default.Id),
UsageScopes: harness.EncryptedTextUsageScopeArray{
&harness.EncryptedTextUsageScopeArgs{
EnvironmentFilterType: pulumi.String("PRODUCTION_ENVIRONMENTS"),
},
&harness.EncryptedTextUsageScopeArgs{
EnvironmentFilterType: pulumi.String("NON_PRODUCTION_ENVIRONMENTS"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Harness = Pulumi.Harness;
return await Deployment.RunAsync(() =>
{
var @default = Harness.GetSecretManager.Invoke(new()
{
Default = true,
});
var example = new Harness.EncryptedText("example", new()
{
Name = "example-secret",
Value = "someval",
SecretManagerId = @default.Apply(@default => @default.Apply(getSecretManagerResult => getSecretManagerResult.Id)),
UsageScopes = new[]
{
new Harness.Inputs.EncryptedTextUsageScopeArgs
{
EnvironmentFilterType = "PRODUCTION_ENVIRONMENTS",
},
new Harness.Inputs.EncryptedTextUsageScopeArgs
{
EnvironmentFilterType = "NON_PRODUCTION_ENVIRONMENTS",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.harness.HarnessFunctions;
import com.pulumi.harness.inputs.GetSecretManagerArgs;
import com.pulumi.harness.EncryptedText;
import com.pulumi.harness.EncryptedTextArgs;
import com.pulumi.harness.inputs.EncryptedTextUsageScopeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var default = HarnessFunctions.getSecretManager(GetSecretManagerArgs.builder()
.default_(true)
.build());
var example = new EncryptedText("example", EncryptedTextArgs.builder()
.name("example-secret")
.value("someval")
.secretManagerId(default_.id())
.usageScopes(
EncryptedTextUsageScopeArgs.builder()
.environmentFilterType("PRODUCTION_ENVIRONMENTS")
.build(),
EncryptedTextUsageScopeArgs.builder()
.environmentFilterType("NON_PRODUCTION_ENVIRONMENTS")
.build())
.build());
}
}
resources:
example:
type: harness:EncryptedText
properties:
name: example-secret
value: someval
secretManagerId: ${default.id}
usageScopes:
- environmentFilterType: PRODUCTION_ENVIRONMENTS
- environmentFilterType: NON_PRODUCTION_ENVIRONMENTS
variables:
default:
fn::invoke:
function: harness:getSecretManager
arguments:
default: true
Create EncryptedText Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new EncryptedText(name: string, args: EncryptedTextArgs, opts?: CustomResourceOptions);@overload
def EncryptedText(resource_name: str,
args: EncryptedTextArgs,
opts: Optional[ResourceOptions] = None)
@overload
def EncryptedText(resource_name: str,
opts: Optional[ResourceOptions] = None,
secret_manager_id: Optional[str] = None,
inherit_scopes_from_secret_manager: Optional[bool] = None,
name: Optional[str] = None,
scoped_to_account: Optional[bool] = None,
secret_reference: Optional[str] = None,
usage_scopes: Optional[Sequence[EncryptedTextUsageScopeArgs]] = None,
value: Optional[str] = None)func NewEncryptedText(ctx *Context, name string, args EncryptedTextArgs, opts ...ResourceOption) (*EncryptedText, error)public EncryptedText(string name, EncryptedTextArgs args, CustomResourceOptions? opts = null)public EncryptedText(String name, EncryptedTextArgs args)
public EncryptedText(String name, EncryptedTextArgs args, CustomResourceOptions options)
type: harness:EncryptedText
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. EncryptedTextArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. EncryptedTextArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. EncryptedTextArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. EncryptedTextArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. EncryptedTextArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var encryptedTextResource = new Harness.EncryptedText("encryptedTextResource", new()
{
SecretManagerId = "string",
InheritScopesFromSecretManager = false,
Name = "string",
ScopedToAccount = false,
SecretReference = "string",
UsageScopes = new[]
{
new Harness.Inputs.EncryptedTextUsageScopeArgs
{
ApplicationId = "string",
EnvironmentFilterType = "string",
EnvironmentId = "string",
},
},
Value = "string",
});
example, err := harness.NewEncryptedText(ctx, "encryptedTextResource", &harness.EncryptedTextArgs{
SecretManagerId: pulumi.String("string"),
InheritScopesFromSecretManager: pulumi.Bool(false),
Name: pulumi.String("string"),
ScopedToAccount: pulumi.Bool(false),
SecretReference: pulumi.String("string"),
UsageScopes: harness.EncryptedTextUsageScopeArray{
&harness.EncryptedTextUsageScopeArgs{
ApplicationId: pulumi.String("string"),
EnvironmentFilterType: pulumi.String("string"),
EnvironmentId: pulumi.String("string"),
},
},
Value: pulumi.String("string"),
})
var encryptedTextResource = new EncryptedText("encryptedTextResource", EncryptedTextArgs.builder()
.secretManagerId("string")
.inheritScopesFromSecretManager(false)
.name("string")
.scopedToAccount(false)
.secretReference("string")
.usageScopes(EncryptedTextUsageScopeArgs.builder()
.applicationId("string")
.environmentFilterType("string")
.environmentId("string")
.build())
.value("string")
.build());
encrypted_text_resource = harness.EncryptedText("encryptedTextResource",
secret_manager_id="string",
inherit_scopes_from_secret_manager=False,
name="string",
scoped_to_account=False,
secret_reference="string",
usage_scopes=[{
"application_id": "string",
"environment_filter_type": "string",
"environment_id": "string",
}],
value="string")
const encryptedTextResource = new harness.EncryptedText("encryptedTextResource", {
secretManagerId: "string",
inheritScopesFromSecretManager: false,
name: "string",
scopedToAccount: false,
secretReference: "string",
usageScopes: [{
applicationId: "string",
environmentFilterType: "string",
environmentId: "string",
}],
value: "string",
});
type: harness:EncryptedText
properties:
inheritScopesFromSecretManager: false
name: string
scopedToAccount: false
secretManagerId: string
secretReference: string
usageScopes:
- applicationId: string
environmentFilterType: string
environmentId: string
value: string
EncryptedText Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The EncryptedText resource accepts the following input properties:
- Secret
Manager Id stringThis property is required. 
Changes to this property will trigger replacement. - The id of the secret manager to associate the secret with. Once set, this field cannot be changed.
- Inherit
Scopes boolFrom Secret Manager - Boolean that indicates whether or not to inherit the usage scopes from the secret manager
- Name string
- Name of the encrypted text secret
- Scoped
To boolAccount - Boolean that indicates whether or not the secret is scoped to the account
- Secret
Reference string - Name of the existing secret. If you already have secrets created in a secrets manager such as HashiCorp Vault or AWS Secrets Manager, you do not need to re-create the existing secrets in Harness.
- Usage
Scopes List<EncryptedText Usage Scope> - This block is used for scoping the resource to a specific set of applications or environments.
- Value string
- The value of the secret.
- Secret
Manager Id stringThis property is required. Changes to this property will trigger replacement. - The id of the secret manager to associate the secret with. Once set, this field cannot be changed.
- Inherit
Scopes boolFrom Secret Manager - Boolean that indicates whether or not to inherit the usage scopes from the secret manager
- Name string
- Name of the encrypted text secret
- Scoped
To boolAccount - Boolean that indicates whether or not the secret is scoped to the account
- Secret
Reference string - Name of the existing secret. If you already have secrets created in a secrets manager such as HashiCorp Vault or AWS Secrets Manager, you do not need to re-create the existing secrets in Harness.
- Usage
Scopes []EncryptedText Usage Scope Args - This block is used for scoping the resource to a specific set of applications or environments.
- Value string
- The value of the secret.
- secret
Manager Id StringThis property is required. Changes to this property will trigger replacement. - The id of the secret manager to associate the secret with. Once set, this field cannot be changed.
- inherit
Scopes BooleanFrom Secret Manager - Boolean that indicates whether or not to inherit the usage scopes from the secret manager
- name String
- Name of the encrypted text secret
- scoped
To BooleanAccount - Boolean that indicates whether or not the secret is scoped to the account
- secret
Reference String - Name of the existing secret. If you already have secrets created in a secrets manager such as HashiCorp Vault or AWS Secrets Manager, you do not need to re-create the existing secrets in Harness.
- usage
Scopes List<EncryptedText Usage Scope> - This block is used for scoping the resource to a specific set of applications or environments.
- value String
- The value of the secret.
- secret
Manager Id stringThis property is required. Changes to this property will trigger replacement. - The id of the secret manager to associate the secret with. Once set, this field cannot be changed.
- inherit
Scopes booleanFrom Secret Manager - Boolean that indicates whether or not to inherit the usage scopes from the secret manager
- name string
- Name of the encrypted text secret
- scoped
To booleanAccount - Boolean that indicates whether or not the secret is scoped to the account
- secret
Reference string - Name of the existing secret. If you already have secrets created in a secrets manager such as HashiCorp Vault or AWS Secrets Manager, you do not need to re-create the existing secrets in Harness.
- usage
Scopes EncryptedText Usage Scope[] - This block is used for scoping the resource to a specific set of applications or environments.
- value string
- The value of the secret.
- secret_
manager_ id strThis property is required. Changes to this property will trigger replacement. - The id of the secret manager to associate the secret with. Once set, this field cannot be changed.
- inherit_
scopes_ boolfrom_ secret_ manager - Boolean that indicates whether or not to inherit the usage scopes from the secret manager
- name str
- Name of the encrypted text secret
- scoped_
to_ boolaccount - Boolean that indicates whether or not the secret is scoped to the account
- secret_
reference str - Name of the existing secret. If you already have secrets created in a secrets manager such as HashiCorp Vault or AWS Secrets Manager, you do not need to re-create the existing secrets in Harness.
- usage_
scopes Sequence[EncryptedText Usage Scope Args] - This block is used for scoping the resource to a specific set of applications or environments.
- value str
- The value of the secret.
- secret
Manager Id StringThis property is required. Changes to this property will trigger replacement. - The id of the secret manager to associate the secret with. Once set, this field cannot be changed.
- inherit
Scopes BooleanFrom Secret Manager - Boolean that indicates whether or not to inherit the usage scopes from the secret manager
- name String
- Name of the encrypted text secret
- scoped
To BooleanAccount - Boolean that indicates whether or not the secret is scoped to the account
- secret
Reference String - Name of the existing secret. If you already have secrets created in a secrets manager such as HashiCorp Vault or AWS Secrets Manager, you do not need to re-create the existing secrets in Harness.
- usage
Scopes List<Property Map> - This block is used for scoping the resource to a specific set of applications or environments.
- value String
- The value of the secret.
Outputs
All input properties are implicitly available as output properties. Additionally, the EncryptedText resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing EncryptedText Resource
Get an existing EncryptedText resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: EncryptedTextState, opts?: CustomResourceOptions): EncryptedText@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
inherit_scopes_from_secret_manager: Optional[bool] = None,
name: Optional[str] = None,
scoped_to_account: Optional[bool] = None,
secret_manager_id: Optional[str] = None,
secret_reference: Optional[str] = None,
usage_scopes: Optional[Sequence[EncryptedTextUsageScopeArgs]] = None,
value: Optional[str] = None) -> EncryptedTextfunc GetEncryptedText(ctx *Context, name string, id IDInput, state *EncryptedTextState, opts ...ResourceOption) (*EncryptedText, error)public static EncryptedText Get(string name, Input<string> id, EncryptedTextState? state, CustomResourceOptions? opts = null)public static EncryptedText get(String name, Output<String> id, EncryptedTextState state, CustomResourceOptions options)resources: _: type: harness:EncryptedText get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Inherit
Scopes boolFrom Secret Manager - Boolean that indicates whether or not to inherit the usage scopes from the secret manager
- Name string
- Name of the encrypted text secret
- Scoped
To boolAccount - Boolean that indicates whether or not the secret is scoped to the account
- Secret
Manager Id - The id of the secret manager to associate the secret with. Once set, this field cannot be changed.
- Secret
Reference string - Name of the existing secret. If you already have secrets created in a secrets manager such as HashiCorp Vault or AWS Secrets Manager, you do not need to re-create the existing secrets in Harness.
- Usage
Scopes List<EncryptedText Usage Scope> - This block is used for scoping the resource to a specific set of applications or environments.
- Value string
- The value of the secret.
- Inherit
Scopes boolFrom Secret Manager - Boolean that indicates whether or not to inherit the usage scopes from the secret manager
- Name string
- Name of the encrypted text secret
- Scoped
To boolAccount - Boolean that indicates whether or not the secret is scoped to the account
- Secret
Manager Id - The id of the secret manager to associate the secret with. Once set, this field cannot be changed.
- Secret
Reference string - Name of the existing secret. If you already have secrets created in a secrets manager such as HashiCorp Vault or AWS Secrets Manager, you do not need to re-create the existing secrets in Harness.
- Usage
Scopes []EncryptedText Usage Scope Args - This block is used for scoping the resource to a specific set of applications or environments.
- Value string
- The value of the secret.
- inherit
Scopes BooleanFrom Secret Manager - Boolean that indicates whether or not to inherit the usage scopes from the secret manager
- name String
- Name of the encrypted text secret
- scoped
To BooleanAccount - Boolean that indicates whether or not the secret is scoped to the account
- secret
Manager Id - The id of the secret manager to associate the secret with. Once set, this field cannot be changed.
- secret
Reference String - Name of the existing secret. If you already have secrets created in a secrets manager such as HashiCorp Vault or AWS Secrets Manager, you do not need to re-create the existing secrets in Harness.
- usage
Scopes List<EncryptedText Usage Scope> - This block is used for scoping the resource to a specific set of applications or environments.
- value String
- The value of the secret.
- inherit
Scopes booleanFrom Secret Manager - Boolean that indicates whether or not to inherit the usage scopes from the secret manager
- name string
- Name of the encrypted text secret
- scoped
To booleanAccount - Boolean that indicates whether or not the secret is scoped to the account
- secret
Manager Id - The id of the secret manager to associate the secret with. Once set, this field cannot be changed.
- secret
Reference string - Name of the existing secret. If you already have secrets created in a secrets manager such as HashiCorp Vault or AWS Secrets Manager, you do not need to re-create the existing secrets in Harness.
- usage
Scopes EncryptedText Usage Scope[] - This block is used for scoping the resource to a specific set of applications or environments.
- value string
- The value of the secret.
- inherit_
scopes_ boolfrom_ secret_ manager - Boolean that indicates whether or not to inherit the usage scopes from the secret manager
- name str
- Name of the encrypted text secret
- scoped_
to_ boolaccount - Boolean that indicates whether or not the secret is scoped to the account
- secret_
manager_ id - The id of the secret manager to associate the secret with. Once set, this field cannot be changed.
- secret_
reference str - Name of the existing secret. If you already have secrets created in a secrets manager such as HashiCorp Vault or AWS Secrets Manager, you do not need to re-create the existing secrets in Harness.
- usage_
scopes Sequence[EncryptedText Usage Scope Args] - This block is used for scoping the resource to a specific set of applications or environments.
- value str
- The value of the secret.
- inherit
Scopes BooleanFrom Secret Manager - Boolean that indicates whether or not to inherit the usage scopes from the secret manager
- name String
- Name of the encrypted text secret
- scoped
To BooleanAccount - Boolean that indicates whether or not the secret is scoped to the account
- secret
Manager Id - The id of the secret manager to associate the secret with. Once set, this field cannot be changed.
- secret
Reference String - Name of the existing secret. If you already have secrets created in a secrets manager such as HashiCorp Vault or AWS Secrets Manager, you do not need to re-create the existing secrets in Harness.
- usage
Scopes List<Property Map> - This block is used for scoping the resource to a specific set of applications or environments.
- value String
- The value of the secret.
Supporting Types
EncryptedTextUsageScope, EncryptedTextUsageScopeArgs
, EncryptedTextUsageScopeArgs
- Application
Id string - Id of the application to scope to. If empty then this scope applies to all applications.
- Environment
Filter stringType - Type of environment filter applied. Cannot be used with
environment_id. Valid options are NONPRODUCTIONENVIRONMENTS, PRODUCTION_ENVIRONMENTS. - Environment
Id string - Id of the id of the specific environment to scope to. Cannot be used with
environment_filter_type.
- Application
Id string - Id of the application to scope to. If empty then this scope applies to all applications.
- Environment
Filter stringType - Type of environment filter applied. Cannot be used with
environment_id. Valid options are NONPRODUCTIONENVIRONMENTS, PRODUCTION_ENVIRONMENTS. - Environment
Id string - Id of the id of the specific environment to scope to. Cannot be used with
environment_filter_type.
- application
Id String - Id of the application to scope to. If empty then this scope applies to all applications.
- environment
Filter StringType - Type of environment filter applied. Cannot be used with
environment_id. Valid options are NONPRODUCTIONENVIRONMENTS, PRODUCTION_ENVIRONMENTS. - environment
Id String - Id of the id of the specific environment to scope to. Cannot be used with
environment_filter_type.
- application
Id string - Id of the application to scope to. If empty then this scope applies to all applications.
- environment
Filter stringType - Type of environment filter applied. Cannot be used with
environment_id. Valid options are NONPRODUCTIONENVIRONMENTS, PRODUCTION_ENVIRONMENTS. - environment
Id string - Id of the id of the specific environment to scope to. Cannot be used with
environment_filter_type.
- application_
id str - Id of the application to scope to. If empty then this scope applies to all applications.
- environment_
filter_ strtype - Type of environment filter applied. Cannot be used with
environment_id. Valid options are NONPRODUCTIONENVIRONMENTS, PRODUCTION_ENVIRONMENTS. - environment_
id str - Id of the id of the specific environment to scope to. Cannot be used with
environment_filter_type.
- application
Id String - Id of the application to scope to. If empty then this scope applies to all applications.
- environment
Filter StringType - Type of environment filter applied. Cannot be used with
environment_id. Valid options are NONPRODUCTIONENVIRONMENTS, PRODUCTION_ENVIRONMENTS. - environment
Id String - Id of the id of the specific environment to scope to. Cannot be used with
environment_filter_type.
Import
Import using the Harness encrypted text format.
NOTE: The secret value cannot be decrypted and imported.
$ pulumi import harness:index/encryptedText:EncryptedText example <secret_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- harness pulumi/pulumi-harness
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
harnessTerraform Provider.