Oracle Cloud Infrastructure v2.28.0, Mar 27 25

Oracle Cloud Infrastructure v2.28.0 published on Thursday, Mar 27, 2025 by Pulumi

oci.Vault.getSecrets

Explore with Pulumi AI

Oracle Cloud Infrastructure v2.28.0 published on Thursday, Mar 27, 2025 by Pulumi

Example Usage

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";

const testSecrets = oci.Vault.getSecrets({
    compartmentId: compartmentId,
    name: secretName,
    state: secretState,
    vaultId: testVault.id,
});

import pulumi
import pulumi_oci as oci

test_secrets = oci.Vault.get_secrets(compartment_id=compartment_id,
    name=secret_name,
    state=secret_state,
    vault_id=test_vault["id"])

package main

import (
	"github.com/pulumi/pulumi-oci/sdk/v2/go/oci/vault"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := vault.GetSecrets(ctx, &vault.GetSecretsArgs{
			CompartmentId: compartmentId,
			Name:          pulumi.StringRef(secretName),
			State:         pulumi.StringRef(secretState),
			VaultId:       pulumi.StringRef(testVault.Id),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Oci = Pulumi.Oci;

return await Deployment.RunAsync(() => 
{
    var testSecrets = Oci.Vault.GetSecrets.Invoke(new()
    {
        CompartmentId = compartmentId,
        Name = secretName,
        State = secretState,
        VaultId = testVault.Id,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.Vault.VaultFunctions;
import com.pulumi.oci.Vault.inputs.GetSecretsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var testSecrets = VaultFunctions.getSecrets(GetSecretsArgs.builder()
            .compartmentId(compartmentId)
            .name(secretName)
            .state(secretState)
            .vaultId(testVault.id())
            .build());

    }
}

variables:
  testSecrets:
    fn::invoke:
      function: oci:Vault:getSecrets
      arguments:
        compartmentId: ${compartmentId}
        name: ${secretName}
        state: ${secretState}
        vaultId: ${testVault.id}

Using getSecrets

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

TypeScript
Python
Go
C#
Java
YAML

function getSecrets(args: GetSecretsArgs, opts?: InvokeOptions): Promise<GetSecretsResult>
function getSecretsOutput(args: GetSecretsOutputArgs, opts?: InvokeOptions): Output<GetSecretsResult>

def get_secrets(compartment_id: Optional[str] = None,
                filters: Optional[Sequence[_vault.GetSecretsFilter]] = None,
                name: Optional[str] = None,
                state: Optional[str] = None,
                vault_id: Optional[str] = None,
                opts: Optional[InvokeOptions] = None) -> GetSecretsResult
def get_secrets_output(compartment_id: Optional[pulumi.Input[str]] = None,
                filters: Optional[pulumi.Input[Sequence[pulumi.Input[_vault.GetSecretsFilterArgs]]]] = None,
                name: Optional[pulumi.Input[str]] = None,
                state: Optional[pulumi.Input[str]] = None,
                vault_id: Optional[pulumi.Input[str]] = None,
                opts: Optional[InvokeOptions] = None) -> Output[GetSecretsResult]

func GetSecrets(ctx *Context, args *GetSecretsArgs, opts ...InvokeOption) (*GetSecretsResult, error)
func GetSecretsOutput(ctx *Context, args *GetSecretsOutputArgs, opts ...InvokeOption) GetSecretsResultOutput

> Note: This function is named GetSecrets in the Go SDK.

public static class GetSecrets 
{
    public static Task<GetSecretsResult> InvokeAsync(GetSecretsArgs args, InvokeOptions? opts = null)
    public static Output<GetSecretsResult> Invoke(GetSecretsInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetSecretsResult> getSecrets(GetSecretsArgs args, InvokeOptions options)
public static Output<GetSecretsResult> getSecrets(GetSecretsArgs args, InvokeOptions options)

fn::invoke:
  function: oci:Vault/getSecrets:getSecrets
  arguments:
    # arguments dictionary

The following arguments are supported:

CompartmentId string: The OCID of the compartment.
Filters List<GetSecretsFilter>
Name string: The secret name.
State string: A filter that returns only resources that match the specified lifecycle state. The state value is case-insensitive.
VaultId string: The OCID of the vault.

CompartmentId string: The OCID of the compartment.
Filters []GetSecretsFilter
Name string: The secret name.
State string: A filter that returns only resources that match the specified lifecycle state. The state value is case-insensitive.
VaultId string: The OCID of the vault.

compartmentId String: The OCID of the compartment.
filters List<GetSecretsFilter>
name String: The secret name.
state String: A filter that returns only resources that match the specified lifecycle state. The state value is case-insensitive.
vaultId String: The OCID of the vault.

compartmentId string: The OCID of the compartment.
filters GetSecretsFilter[]
name string: The secret name.
state string: A filter that returns only resources that match the specified lifecycle state. The state value is case-insensitive.
vaultId string: The OCID of the vault.

compartment_id str: The OCID of the compartment.
filters Sequence[vault.GetSecretsFilter]
name str: The secret name.
state str: A filter that returns only resources that match the specified lifecycle state. The state value is case-insensitive.
vault_id str: The OCID of the vault.

compartmentId String: The OCID of the compartment.
filters List<Property Map>
name String: The secret name.
state String: A filter that returns only resources that match the specified lifecycle state. The state value is case-insensitive.
vaultId String: The OCID of the vault.

getSecrets Result

The following output properties are available:

CompartmentId string: The OCID of the compartment where you want to create the secret.
Id string: The provider-assigned unique ID for this managed resource.
Secrets List<GetSecretsSecret>: The list of secrets.
Filters List<GetSecretsFilter>
Name string
State string: The current lifecycle state of the secret.
VaultId string: The OCID of the Vault in which the secret exists

CompartmentId string: The OCID of the compartment where you want to create the secret.
Id string: The provider-assigned unique ID for this managed resource.
Secrets []GetSecretsSecret: The list of secrets.
Filters []GetSecretsFilter
Name string
State string: The current lifecycle state of the secret.
VaultId string: The OCID of the Vault in which the secret exists

compartmentId String: The OCID of the compartment where you want to create the secret.
id String: The provider-assigned unique ID for this managed resource.
secrets List<GetSecretsSecret>: The list of secrets.
filters List<GetSecretsFilter>
name String
state String: The current lifecycle state of the secret.
vaultId String: The OCID of the Vault in which the secret exists

compartmentId string: The OCID of the compartment where you want to create the secret.
id string: The provider-assigned unique ID for this managed resource.
secrets GetSecretsSecret[]: The list of secrets.
filters GetSecretsFilter[]
name string
state string: The current lifecycle state of the secret.
vaultId string: The OCID of the Vault in which the secret exists

compartment_id str: The OCID of the compartment where you want to create the secret.
id str: The provider-assigned unique ID for this managed resource.
secrets Sequence[vault.GetSecretsSecret]: The list of secrets.
filters Sequence[vault.GetSecretsFilter]
name str
state str: The current lifecycle state of the secret.
vault_id str: The OCID of the Vault in which the secret exists

compartmentId String: The OCID of the compartment where you want to create the secret.
id String: The provider-assigned unique ID for this managed resource.
secrets List<Property Map>: The list of secrets.
filters List<Property Map>
name String
state String: The current lifecycle state of the secret.
vaultId String: The OCID of the Vault in which the secret exists

Supporting Types

GetSecretsFilter

Name string: The secret name.
Values List<string>
Regex bool

Name string: The secret name.
Values []string
Regex bool

name String: The secret name.
values List<String>
regex Boolean

name string: The secret name.
values string[]
regex boolean

name str: The secret name.
values Sequence[str]
regex bool

name String: The secret name.
values List<String>
regex Boolean

GetSecretsSecret

CompartmentId string: The OCID of the compartment.
CurrentVersionNumber string: The version number of the secret version that's currently in use.
DefinedTags Dictionary<string, string>: Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
Description string: A brief description of the secret. Avoid entering confidential information.
EnableAutoGeneration bool
FreeformTags Dictionary<string, string>: Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
Id string: The OCID of the secret.
IsAutoGenerationEnabled bool: The value of this flag determines whether or not secret content will be generated automatically.
KeyId string: The OCID of the master encryption key that is used to encrypt the secret. You must specify a symmetric key to encrypt the secret during import to the vault. You cannot encrypt secrets with asymmetric keys. Furthermore, the key must exist in the vault that you specify.
LastRotationTime string: A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
LifecycleDetails string: Additional information about the current lifecycle state of the secret.
Metadata Dictionary<string, string>: Additional metadata that you can use to provide context about how to use the secret or during rotation or other administrative tasks. For example, for a secret that you use to connect to a database, the additional metadata might specify the connection endpoint and the connection string. Provide additional metadata as key-value pairs.
NextRotationTime string: A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
RotationConfigs List<GetSecretsSecretRotationConfig>: Defines the frequency of the rotation and the information about the target system
RotationStatus string: Additional information about the status of the secret rotation
SecretContents List<GetSecretsSecretSecretContent>
SecretGenerationContexts List<GetSecretsSecretSecretGenerationContext>: Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.
SecretName string: The user-friendly name of the secret. Avoid entering confidential information.
SecretRules List<GetSecretsSecretSecretRule>: A list of rules that control how the secret is used and managed.
State string: A filter that returns only resources that match the specified lifecycle state. The state value is case-insensitive.
TimeCreated string: A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
TimeOfCurrentVersionExpiry string: An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
TimeOfDeletion string: An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
VaultId string: The OCID of the vault.

CompartmentId string: The OCID of the compartment.
CurrentVersionNumber string: The version number of the secret version that's currently in use.
DefinedTags map[string]string: Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
Description string: A brief description of the secret. Avoid entering confidential information.
EnableAutoGeneration bool
FreeformTags map[string]string: Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
Id string: The OCID of the secret.
IsAutoGenerationEnabled bool: The value of this flag determines whether or not secret content will be generated automatically.
KeyId string: The OCID of the master encryption key that is used to encrypt the secret. You must specify a symmetric key to encrypt the secret during import to the vault. You cannot encrypt secrets with asymmetric keys. Furthermore, the key must exist in the vault that you specify.
LastRotationTime string: A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
LifecycleDetails string: Additional information about the current lifecycle state of the secret.
Metadata map[string]string: Additional metadata that you can use to provide context about how to use the secret or during rotation or other administrative tasks. For example, for a secret that you use to connect to a database, the additional metadata might specify the connection endpoint and the connection string. Provide additional metadata as key-value pairs.
NextRotationTime string: A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
RotationConfigs []GetSecretsSecretRotationConfig: Defines the frequency of the rotation and the information about the target system
RotationStatus string: Additional information about the status of the secret rotation
SecretContents []GetSecretsSecretSecretContent
SecretGenerationContexts []GetSecretsSecretSecretGenerationContext: Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.
SecretName string: The user-friendly name of the secret. Avoid entering confidential information.
SecretRules []GetSecretsSecretSecretRule: A list of rules that control how the secret is used and managed.
State string: A filter that returns only resources that match the specified lifecycle state. The state value is case-insensitive.
TimeCreated string: A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
TimeOfCurrentVersionExpiry string: An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
TimeOfDeletion string: An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
VaultId string: The OCID of the vault.

compartmentId String: The OCID of the compartment.
currentVersionNumber String: The version number of the secret version that's currently in use.
definedTags Map<String,String>: Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
description String: A brief description of the secret. Avoid entering confidential information.
enableAutoGeneration Boolean
freeformTags Map<String,String>: Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
id String: The OCID of the secret.
isAutoGenerationEnabled Boolean: The value of this flag determines whether or not secret content will be generated automatically.
keyId String: The OCID of the master encryption key that is used to encrypt the secret. You must specify a symmetric key to encrypt the secret during import to the vault. You cannot encrypt secrets with asymmetric keys. Furthermore, the key must exist in the vault that you specify.
lastRotationTime String: A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
lifecycleDetails String: Additional information about the current lifecycle state of the secret.
metadata Map<String,String>: Additional metadata that you can use to provide context about how to use the secret or during rotation or other administrative tasks. For example, for a secret that you use to connect to a database, the additional metadata might specify the connection endpoint and the connection string. Provide additional metadata as key-value pairs.
nextRotationTime String: A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
rotationConfigs List<GetSecretsSecretRotationConfig>: Defines the frequency of the rotation and the information about the target system
rotationStatus String: Additional information about the status of the secret rotation
secretContents List<GetSecretsSecretSecretContent>
secretGenerationContexts List<GetSecretsSecretSecretGenerationContext>: Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.
secretName String: The user-friendly name of the secret. Avoid entering confidential information.
secretRules List<GetSecretsSecretSecretRule>: A list of rules that control how the secret is used and managed.
state String: A filter that returns only resources that match the specified lifecycle state. The state value is case-insensitive.
timeCreated String: A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
timeOfCurrentVersionExpiry String: An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
timeOfDeletion String: An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
vaultId String: The OCID of the vault.

compartmentId string: The OCID of the compartment.
currentVersionNumber string: The version number of the secret version that's currently in use.
definedTags {[key: string]: string}: Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
description string: A brief description of the secret. Avoid entering confidential information.
enableAutoGeneration boolean
freeformTags {[key: string]: string}: Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
id string: The OCID of the secret.
isAutoGenerationEnabled boolean: The value of this flag determines whether or not secret content will be generated automatically.
keyId string: The OCID of the master encryption key that is used to encrypt the secret. You must specify a symmetric key to encrypt the secret during import to the vault. You cannot encrypt secrets with asymmetric keys. Furthermore, the key must exist in the vault that you specify.
lastRotationTime string: A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
lifecycleDetails string: Additional information about the current lifecycle state of the secret.
metadata {[key: string]: string}: Additional metadata that you can use to provide context about how to use the secret or during rotation or other administrative tasks. For example, for a secret that you use to connect to a database, the additional metadata might specify the connection endpoint and the connection string. Provide additional metadata as key-value pairs.
nextRotationTime string: A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
rotationConfigs GetSecretsSecretRotationConfig[]: Defines the frequency of the rotation and the information about the target system
rotationStatus string: Additional information about the status of the secret rotation
secretContents GetSecretsSecretSecretContent[]
secretGenerationContexts GetSecretsSecretSecretGenerationContext[]: Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.
secretName string: The user-friendly name of the secret. Avoid entering confidential information.
secretRules GetSecretsSecretSecretRule[]: A list of rules that control how the secret is used and managed.
state string: A filter that returns only resources that match the specified lifecycle state. The state value is case-insensitive.
timeCreated string: A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
timeOfCurrentVersionExpiry string: An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
timeOfDeletion string: An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
vaultId string: The OCID of the vault.

compartment_id str: The OCID of the compartment.
current_version_number str: The version number of the secret version that's currently in use.
defined_tags Mapping[str, str]: Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
description str: A brief description of the secret. Avoid entering confidential information.
enable_auto_generation bool
freeform_tags Mapping[str, str]: Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
id str: The OCID of the secret.
is_auto_generation_enabled bool: The value of this flag determines whether or not secret content will be generated automatically.
key_id str: The OCID of the master encryption key that is used to encrypt the secret. You must specify a symmetric key to encrypt the secret during import to the vault. You cannot encrypt secrets with asymmetric keys. Furthermore, the key must exist in the vault that you specify.
last_rotation_time str: A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
lifecycle_details str: Additional information about the current lifecycle state of the secret.
metadata Mapping[str, str]: Additional metadata that you can use to provide context about how to use the secret or during rotation or other administrative tasks. For example, for a secret that you use to connect to a database, the additional metadata might specify the connection endpoint and the connection string. Provide additional metadata as key-value pairs.
next_rotation_time str: A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
rotation_configs Sequence[vault.GetSecretsSecretRotationConfig]: Defines the frequency of the rotation and the information about the target system
rotation_status str: Additional information about the status of the secret rotation
secret_contents Sequence[vault.GetSecretsSecretSecretContent]
secret_generation_contexts Sequence[vault.GetSecretsSecretSecretGenerationContext]: Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.
secret_name str: The user-friendly name of the secret. Avoid entering confidential information.
secret_rules Sequence[vault.GetSecretsSecretSecretRule]: A list of rules that control how the secret is used and managed.
state str: A filter that returns only resources that match the specified lifecycle state. The state value is case-insensitive.
time_created str: A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
time_of_current_version_expiry str: An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
time_of_deletion str: An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
vault_id str: The OCID of the vault.

compartmentId String: The OCID of the compartment.
currentVersionNumber String: The version number of the secret version that's currently in use.
definedTags Map<String>: Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
description String: A brief description of the secret. Avoid entering confidential information.
enableAutoGeneration Boolean
freeformTags Map<String>: Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
id String: The OCID of the secret.
isAutoGenerationEnabled Boolean: The value of this flag determines whether or not secret content will be generated automatically.
keyId String: The OCID of the master encryption key that is used to encrypt the secret. You must specify a symmetric key to encrypt the secret during import to the vault. You cannot encrypt secrets with asymmetric keys. Furthermore, the key must exist in the vault that you specify.
lastRotationTime String: A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
lifecycleDetails String: Additional information about the current lifecycle state of the secret.
metadata Map<String>: Additional metadata that you can use to provide context about how to use the secret or during rotation or other administrative tasks. For example, for a secret that you use to connect to a database, the additional metadata might specify the connection endpoint and the connection string. Provide additional metadata as key-value pairs.
nextRotationTime String: A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
rotationConfigs List<Property Map>: Defines the frequency of the rotation and the information about the target system
rotationStatus String: Additional information about the status of the secret rotation
secretContents List<Property Map>
secretGenerationContexts List<Property Map>: Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.
secretName String: The user-friendly name of the secret. Avoid entering confidential information.
secretRules List<Property Map>: A list of rules that control how the secret is used and managed.
state String: A filter that returns only resources that match the specified lifecycle state. The state value is case-insensitive.
timeCreated String: A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
timeOfCurrentVersionExpiry String: An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
timeOfDeletion String: An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
vaultId String: The OCID of the vault.

GetSecretsSecretRotationConfig

IsScheduledRotationEnabled bool: Enables auto rotation, when set to true rotationInterval must be set.
RotationInterval string: The time interval that indicates the frequency for rotating secret data, as described in ISO 8601 format. The minimum value is 1 day and maximum value is 360 days. For example, if you want to set the time interval for rotating a secret data as 30 days, the duration is expressed as "P30D."
TargetSystemDetails List<GetSecretsSecretRotationConfigTargetSystemDetail>: The TargetSystemDetails provides the targetSystem type and type-specific connection metadata

IsScheduledRotationEnabled bool: Enables auto rotation, when set to true rotationInterval must be set.
RotationInterval string: The time interval that indicates the frequency for rotating secret data, as described in ISO 8601 format. The minimum value is 1 day and maximum value is 360 days. For example, if you want to set the time interval for rotating a secret data as 30 days, the duration is expressed as "P30D."
TargetSystemDetails []GetSecretsSecretRotationConfigTargetSystemDetail: The TargetSystemDetails provides the targetSystem type and type-specific connection metadata

isScheduledRotationEnabled Boolean: Enables auto rotation, when set to true rotationInterval must be set.
rotationInterval String: The time interval that indicates the frequency for rotating secret data, as described in ISO 8601 format. The minimum value is 1 day and maximum value is 360 days. For example, if you want to set the time interval for rotating a secret data as 30 days, the duration is expressed as "P30D."
targetSystemDetails List<GetSecretsSecretRotationConfigTargetSystemDetail>: The TargetSystemDetails provides the targetSystem type and type-specific connection metadata

isScheduledRotationEnabled boolean: Enables auto rotation, when set to true rotationInterval must be set.
rotationInterval string: The time interval that indicates the frequency for rotating secret data, as described in ISO 8601 format. The minimum value is 1 day and maximum value is 360 days. For example, if you want to set the time interval for rotating a secret data as 30 days, the duration is expressed as "P30D."
targetSystemDetails GetSecretsSecretRotationConfigTargetSystemDetail[]: The TargetSystemDetails provides the targetSystem type and type-specific connection metadata

is_scheduled_rotation_enabled bool: Enables auto rotation, when set to true rotationInterval must be set.
rotation_interval str: The time interval that indicates the frequency for rotating secret data, as described in ISO 8601 format. The minimum value is 1 day and maximum value is 360 days. For example, if you want to set the time interval for rotating a secret data as 30 days, the duration is expressed as "P30D."
target_system_details Sequence[vault.GetSecretsSecretRotationConfigTargetSystemDetail]: The TargetSystemDetails provides the targetSystem type and type-specific connection metadata

isScheduledRotationEnabled Boolean: Enables auto rotation, when set to true rotationInterval must be set.
rotationInterval String: The time interval that indicates the frequency for rotating secret data, as described in ISO 8601 format. The minimum value is 1 day and maximum value is 360 days. For example, if you want to set the time interval for rotating a secret data as 30 days, the duration is expressed as "P30D."
targetSystemDetails List<Property Map>: The TargetSystemDetails provides the targetSystem type and type-specific connection metadata

GetSecretsSecretRotationConfigTargetSystemDetail

AdbId string: The unique identifier (OCID) for the autonomous database that Vault Secret connects to.
FunctionId string: The unique identifier (OCID) of the Oracle Cloud Infrastructure Functions that vault secret connects to.
TargetSystemType string: Unique identifier of the target system that Vault Secret connects to.

AdbId string: The unique identifier (OCID) for the autonomous database that Vault Secret connects to.
FunctionId string: The unique identifier (OCID) of the Oracle Cloud Infrastructure Functions that vault secret connects to.
TargetSystemType string: Unique identifier of the target system that Vault Secret connects to.

adbId String: The unique identifier (OCID) for the autonomous database that Vault Secret connects to.
functionId String: The unique identifier (OCID) of the Oracle Cloud Infrastructure Functions that vault secret connects to.
targetSystemType String: Unique identifier of the target system that Vault Secret connects to.

adbId string: The unique identifier (OCID) for the autonomous database that Vault Secret connects to.
functionId string: The unique identifier (OCID) of the Oracle Cloud Infrastructure Functions that vault secret connects to.
targetSystemType string: Unique identifier of the target system that Vault Secret connects to.

adb_id str: The unique identifier (OCID) for the autonomous database that Vault Secret connects to.
function_id str: The unique identifier (OCID) of the Oracle Cloud Infrastructure Functions that vault secret connects to.
target_system_type str: Unique identifier of the target system that Vault Secret connects to.

adbId String: The unique identifier (OCID) for the autonomous database that Vault Secret connects to.
functionId String: The unique identifier (OCID) of the Oracle Cloud Infrastructure Functions that vault secret connects to.
targetSystemType String: Unique identifier of the target system that Vault Secret connects to.

GetSecretsSecretSecretContent

Content string
ContentType string
Name string: The secret name.
Stage string

Content string
ContentType string
Name string: The secret name.
Stage string

content String
contentType String
name String: The secret name.
stage String

content string
contentType string
name string: The secret name.
stage string

content str
content_type str
name str: The secret name.
stage str

content String
contentType String
name String: The secret name.
stage String

GetSecretsSecretSecretGenerationContext

GenerationTemplate string: Name of random bytes generation template for generating random byte type secret.
GenerationType string: Name of the predefined secret generation type.
PassphraseLength int: Length of the passphrase to be generated
SecretTemplate string: SecretTemplate captures structure in which customer wants to store secrets. This is optional and a default structure is available for each secret type. The template can have any structure with static values that are not generated. Within the template, you can insert predefined placeholders to store secrets. These placeholders are later replaced with the generated content and saved as a Base64 encoded content.

GenerationTemplate string: Name of random bytes generation template for generating random byte type secret.
GenerationType string: Name of the predefined secret generation type.
PassphraseLength int: Length of the passphrase to be generated
SecretTemplate string: SecretTemplate captures structure in which customer wants to store secrets. This is optional and a default structure is available for each secret type. The template can have any structure with static values that are not generated. Within the template, you can insert predefined placeholders to store secrets. These placeholders are later replaced with the generated content and saved as a Base64 encoded content.

generationTemplate String: Name of random bytes generation template for generating random byte type secret.
generationType String: Name of the predefined secret generation type.
passphraseLength Integer: Length of the passphrase to be generated
secretTemplate String: SecretTemplate captures structure in which customer wants to store secrets. This is optional and a default structure is available for each secret type. The template can have any structure with static values that are not generated. Within the template, you can insert predefined placeholders to store secrets. These placeholders are later replaced with the generated content and saved as a Base64 encoded content.

generationTemplate string: Name of random bytes generation template for generating random byte type secret.
generationType string: Name of the predefined secret generation type.
passphraseLength number: Length of the passphrase to be generated
secretTemplate string: SecretTemplate captures structure in which customer wants to store secrets. This is optional and a default structure is available for each secret type. The template can have any structure with static values that are not generated. Within the template, you can insert predefined placeholders to store secrets. These placeholders are later replaced with the generated content and saved as a Base64 encoded content.

generation_template str: Name of random bytes generation template for generating random byte type secret.
generation_type str: Name of the predefined secret generation type.
passphrase_length int: Length of the passphrase to be generated
secret_template str: SecretTemplate captures structure in which customer wants to store secrets. This is optional and a default structure is available for each secret type. The template can have any structure with static values that are not generated. Within the template, you can insert predefined placeholders to store secrets. These placeholders are later replaced with the generated content and saved as a Base64 encoded content.

generationTemplate String: Name of random bytes generation template for generating random byte type secret.
generationType String: Name of the predefined secret generation type.
passphraseLength Number: Length of the passphrase to be generated
secretTemplate String: SecretTemplate captures structure in which customer wants to store secrets. This is optional and a default structure is available for each secret type. The template can have any structure with static values that are not generated. Within the template, you can insert predefined placeholders to store secrets. These placeholders are later replaced with the generated content and saved as a Base64 encoded content.

GetSecretsSecretSecretRule

IsEnforcedOnDeletedSecretVersions bool: A property indicating whether the rule is applied even if the secret version with the content you are trying to reuse was deleted.
IsSecretContentRetrievalBlockedOnExpiry bool: A property indicating whether to block retrieval of the secret content, on expiry. The default is false. If the secret has already expired and you would like to retrieve the secret contents, you need to edit the secret rule to disable this property, to allow reading the secret content.
RuleType string: The type of rule, which either controls when the secret contents expire or whether they can be reused.
SecretVersionExpiryInterval string: A property indicating how long the secret contents will be considered valid, expressed in ISO 8601 format. The secret needs to be updated when the secret content expires. The timer resets after you update the secret contents. The minimum value is 1 day and the maximum value is 90 days for this property. Currently, only intervals expressed in days are supported. For example, pass P3D to have the secret version expire every 3 days.
TimeOfAbsoluteExpiry string: An optional property indicating the absolute time when this secret will expire, expressed in RFC 3339 timestamp format. The minimum number of days from current time is 1 day and the maximum number of days from current time is 365 days. Example: 2019-04-03T21:10:29.600Z

IsEnforcedOnDeletedSecretVersions bool: A property indicating whether the rule is applied even if the secret version with the content you are trying to reuse was deleted.
IsSecretContentRetrievalBlockedOnExpiry bool: A property indicating whether to block retrieval of the secret content, on expiry. The default is false. If the secret has already expired and you would like to retrieve the secret contents, you need to edit the secret rule to disable this property, to allow reading the secret content.
RuleType string: The type of rule, which either controls when the secret contents expire or whether they can be reused.
SecretVersionExpiryInterval string: A property indicating how long the secret contents will be considered valid, expressed in ISO 8601 format. The secret needs to be updated when the secret content expires. The timer resets after you update the secret contents. The minimum value is 1 day and the maximum value is 90 days for this property. Currently, only intervals expressed in days are supported. For example, pass P3D to have the secret version expire every 3 days.
TimeOfAbsoluteExpiry string: An optional property indicating the absolute time when this secret will expire, expressed in RFC 3339 timestamp format. The minimum number of days from current time is 1 day and the maximum number of days from current time is 365 days. Example: 2019-04-03T21:10:29.600Z

isEnforcedOnDeletedSecretVersions Boolean: A property indicating whether the rule is applied even if the secret version with the content you are trying to reuse was deleted.
isSecretContentRetrievalBlockedOnExpiry Boolean: A property indicating whether to block retrieval of the secret content, on expiry. The default is false. If the secret has already expired and you would like to retrieve the secret contents, you need to edit the secret rule to disable this property, to allow reading the secret content.
ruleType String: The type of rule, which either controls when the secret contents expire or whether they can be reused.
secretVersionExpiryInterval String: A property indicating how long the secret contents will be considered valid, expressed in ISO 8601 format. The secret needs to be updated when the secret content expires. The timer resets after you update the secret contents. The minimum value is 1 day and the maximum value is 90 days for this property. Currently, only intervals expressed in days are supported. For example, pass P3D to have the secret version expire every 3 days.
timeOfAbsoluteExpiry String: An optional property indicating the absolute time when this secret will expire, expressed in RFC 3339 timestamp format. The minimum number of days from current time is 1 day and the maximum number of days from current time is 365 days. Example: 2019-04-03T21:10:29.600Z

isEnforcedOnDeletedSecretVersions boolean: A property indicating whether the rule is applied even if the secret version with the content you are trying to reuse was deleted.
isSecretContentRetrievalBlockedOnExpiry boolean: A property indicating whether to block retrieval of the secret content, on expiry. The default is false. If the secret has already expired and you would like to retrieve the secret contents, you need to edit the secret rule to disable this property, to allow reading the secret content.
ruleType string: The type of rule, which either controls when the secret contents expire or whether they can be reused.
secretVersionExpiryInterval string: A property indicating how long the secret contents will be considered valid, expressed in ISO 8601 format. The secret needs to be updated when the secret content expires. The timer resets after you update the secret contents. The minimum value is 1 day and the maximum value is 90 days for this property. Currently, only intervals expressed in days are supported. For example, pass P3D to have the secret version expire every 3 days.
timeOfAbsoluteExpiry string: An optional property indicating the absolute time when this secret will expire, expressed in RFC 3339 timestamp format. The minimum number of days from current time is 1 day and the maximum number of days from current time is 365 days. Example: 2019-04-03T21:10:29.600Z

is_enforced_on_deleted_secret_versions bool: A property indicating whether the rule is applied even if the secret version with the content you are trying to reuse was deleted.
is_secret_content_retrieval_blocked_on_expiry bool: A property indicating whether to block retrieval of the secret content, on expiry. The default is false. If the secret has already expired and you would like to retrieve the secret contents, you need to edit the secret rule to disable this property, to allow reading the secret content.
rule_type str: The type of rule, which either controls when the secret contents expire or whether they can be reused.
secret_version_expiry_interval str: A property indicating how long the secret contents will be considered valid, expressed in ISO 8601 format. The secret needs to be updated when the secret content expires. The timer resets after you update the secret contents. The minimum value is 1 day and the maximum value is 90 days for this property. Currently, only intervals expressed in days are supported. For example, pass P3D to have the secret version expire every 3 days.
time_of_absolute_expiry str: An optional property indicating the absolute time when this secret will expire, expressed in RFC 3339 timestamp format. The minimum number of days from current time is 1 day and the maximum number of days from current time is 365 days. Example: 2019-04-03T21:10:29.600Z

isEnforcedOnDeletedSecretVersions Boolean: A property indicating whether the rule is applied even if the secret version with the content you are trying to reuse was deleted.
isSecretContentRetrievalBlockedOnExpiry Boolean: A property indicating whether to block retrieval of the secret content, on expiry. The default is false. If the secret has already expired and you would like to retrieve the secret contents, you need to edit the secret rule to disable this property, to allow reading the secret content.
ruleType String: The type of rule, which either controls when the secret contents expire or whether they can be reused.
secretVersionExpiryInterval String: A property indicating how long the secret contents will be considered valid, expressed in ISO 8601 format. The secret needs to be updated when the secret content expires. The timer resets after you update the secret contents. The minimum value is 1 day and the maximum value is 90 days for this property. Currently, only intervals expressed in days are supported. For example, pass P3D to have the secret version expire every 3 days.
timeOfAbsoluteExpiry String: An optional property indicating the absolute time when this secret will expire, expressed in RFC 3339 timestamp format. The minimum number of days from current time is 1 day and the maximum number of days from current time is 365 days. Example: 2019-04-03T21:10:29.600Z

Package Details

Repository: oci pulumi/pulumi-oci
License: Apache-2.0
Notes: This Pulumi package is based on the oci Terraform Provider.

Oracle Cloud Infrastructure v2.28.0 published on Thursday, Mar 27, 2025 by Pulumi

pulumi/pulumi-oci

oci.Vault.getSecrets

On this page

On this page

Example Usage

Using getSecrets

getSecrets Result

Supporting Types

GetSecretsFilter

GetSecretsSecret

GetSecretsSecretRotationConfig

GetSecretsSecretRotationConfigTargetSystemDetail

GetSecretsSecretSecretContent

GetSecretsSecretSecretGenerationContext

GetSecretsSecretSecretRule

Package Details

On this page

On this page