1. Packages
  2. Oracle Cloud Infrastructure
  3. API Docs
  4. Vault
  5. Secret
Oracle Cloud Infrastructure v2.28.0 published on Thursday, Mar 27, 2025 by Pulumi

oci.Vault.Secret

Explore with Pulumi AI

This resource provides the Secret resource in Oracle Cloud Infrastructure Vault service.

Creates a new secret according to the details of the request.

Create Secret Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Secret(name: string, args: SecretArgs, opts?: CustomResourceOptions);
@overload
def Secret(resource_name: str,
           args: SecretArgs,
           opts: Optional[ResourceOptions] = None)

@overload
def Secret(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           key_id: Optional[str] = None,
           vault_id: Optional[str] = None,
           secret_name: Optional[str] = None,
           compartment_id: Optional[str] = None,
           metadata: Optional[Mapping[str, str]] = None,
           freeform_tags: Optional[Mapping[str, str]] = None,
           enable_auto_generation: Optional[bool] = None,
           rotation_config: Optional[_vault.SecretRotationConfigArgs] = None,
           secret_content: Optional[_vault.SecretSecretContentArgs] = None,
           secret_generation_context: Optional[_vault.SecretSecretGenerationContextArgs] = None,
           description: Optional[str] = None,
           secret_rules: Optional[Sequence[_vault.SecretSecretRuleArgs]] = None,
           defined_tags: Optional[Mapping[str, str]] = None)
func NewSecret(ctx *Context, name string, args SecretArgs, opts ...ResourceOption) (*Secret, error)
public Secret(string name, SecretArgs args, CustomResourceOptions? opts = null)
public Secret(String name, SecretArgs args)
public Secret(String name, SecretArgs args, CustomResourceOptions options)
type: oci:Vault:Secret
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. SecretArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. SecretArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. SecretArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. SecretArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. SecretArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var secretResource = new Oci.Vault.Secret("secretResource", new()
{
    KeyId = "string",
    VaultId = "string",
    SecretName = "string",
    CompartmentId = "string",
    Metadata = 
    {
        { "string", "string" },
    },
    FreeformTags = 
    {
        { "string", "string" },
    },
    EnableAutoGeneration = false,
    RotationConfig = new Oci.Vault.Inputs.SecretRotationConfigArgs
    {
        TargetSystemDetails = new Oci.Vault.Inputs.SecretRotationConfigTargetSystemDetailsArgs
        {
            TargetSystemType = "string",
            AdbId = "string",
            FunctionId = "string",
        },
        IsScheduledRotationEnabled = false,
        RotationInterval = "string",
    },
    SecretContent = new Oci.Vault.Inputs.SecretSecretContentArgs
    {
        ContentType = "string",
        Content = "string",
        Name = "string",
        Stage = "string",
    },
    SecretGenerationContext = new Oci.Vault.Inputs.SecretSecretGenerationContextArgs
    {
        GenerationTemplate = "string",
        GenerationType = "string",
        PassphraseLength = 0,
        SecretTemplate = "string",
    },
    Description = "string",
    SecretRules = new[]
    {
        new Oci.Vault.Inputs.SecretSecretRuleArgs
        {
            RuleType = "string",
            IsEnforcedOnDeletedSecretVersions = false,
            IsSecretContentRetrievalBlockedOnExpiry = false,
            SecretVersionExpiryInterval = "string",
            TimeOfAbsoluteExpiry = "string",
        },
    },
    DefinedTags = 
    {
        { "string", "string" },
    },
});
Copy
example, err := Vault.NewSecret(ctx, "secretResource", &Vault.SecretArgs{
	KeyId:         pulumi.String("string"),
	VaultId:       pulumi.String("string"),
	SecretName:    pulumi.String("string"),
	CompartmentId: pulumi.String("string"),
	Metadata: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	FreeformTags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	EnableAutoGeneration: pulumi.Bool(false),
	RotationConfig: &vault.SecretRotationConfigArgs{
		TargetSystemDetails: &vault.SecretRotationConfigTargetSystemDetailsArgs{
			TargetSystemType: pulumi.String("string"),
			AdbId:            pulumi.String("string"),
			FunctionId:       pulumi.String("string"),
		},
		IsScheduledRotationEnabled: pulumi.Bool(false),
		RotationInterval:           pulumi.String("string"),
	},
	SecretContent: &vault.SecretSecretContentArgs{
		ContentType: pulumi.String("string"),
		Content:     pulumi.String("string"),
		Name:        pulumi.String("string"),
		Stage:       pulumi.String("string"),
	},
	SecretGenerationContext: &vault.SecretSecretGenerationContextArgs{
		GenerationTemplate: pulumi.String("string"),
		GenerationType:     pulumi.String("string"),
		PassphraseLength:   pulumi.Int(0),
		SecretTemplate:     pulumi.String("string"),
	},
	Description: pulumi.String("string"),
	SecretRules: vault.SecretSecretRuleArray{
		&vault.SecretSecretRuleArgs{
			RuleType:                                pulumi.String("string"),
			IsEnforcedOnDeletedSecretVersions:       pulumi.Bool(false),
			IsSecretContentRetrievalBlockedOnExpiry: pulumi.Bool(false),
			SecretVersionExpiryInterval:             pulumi.String("string"),
			TimeOfAbsoluteExpiry:                    pulumi.String("string"),
		},
	},
	DefinedTags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
})
Copy
var secretResource = new Secret("secretResource", SecretArgs.builder()
    .keyId("string")
    .vaultId("string")
    .secretName("string")
    .compartmentId("string")
    .metadata(Map.of("string", "string"))
    .freeformTags(Map.of("string", "string"))
    .enableAutoGeneration(false)
    .rotationConfig(SecretRotationConfigArgs.builder()
        .targetSystemDetails(SecretRotationConfigTargetSystemDetailsArgs.builder()
            .targetSystemType("string")
            .adbId("string")
            .functionId("string")
            .build())
        .isScheduledRotationEnabled(false)
        .rotationInterval("string")
        .build())
    .secretContent(SecretSecretContentArgs.builder()
        .contentType("string")
        .content("string")
        .name("string")
        .stage("string")
        .build())
    .secretGenerationContext(SecretSecretGenerationContextArgs.builder()
        .generationTemplate("string")
        .generationType("string")
        .passphraseLength(0)
        .secretTemplate("string")
        .build())
    .description("string")
    .secretRules(SecretSecretRuleArgs.builder()
        .ruleType("string")
        .isEnforcedOnDeletedSecretVersions(false)
        .isSecretContentRetrievalBlockedOnExpiry(false)
        .secretVersionExpiryInterval("string")
        .timeOfAbsoluteExpiry("string")
        .build())
    .definedTags(Map.of("string", "string"))
    .build());
Copy
secret_resource = oci.vault.Secret("secretResource",
    key_id="string",
    vault_id="string",
    secret_name="string",
    compartment_id="string",
    metadata={
        "string": "string",
    },
    freeform_tags={
        "string": "string",
    },
    enable_auto_generation=False,
    rotation_config={
        "target_system_details": {
            "target_system_type": "string",
            "adb_id": "string",
            "function_id": "string",
        },
        "is_scheduled_rotation_enabled": False,
        "rotation_interval": "string",
    },
    secret_content={
        "content_type": "string",
        "content": "string",
        "name": "string",
        "stage": "string",
    },
    secret_generation_context={
        "generation_template": "string",
        "generation_type": "string",
        "passphrase_length": 0,
        "secret_template": "string",
    },
    description="string",
    secret_rules=[{
        "rule_type": "string",
        "is_enforced_on_deleted_secret_versions": False,
        "is_secret_content_retrieval_blocked_on_expiry": False,
        "secret_version_expiry_interval": "string",
        "time_of_absolute_expiry": "string",
    }],
    defined_tags={
        "string": "string",
    })
Copy
const secretResource = new oci.vault.Secret("secretResource", {
    keyId: "string",
    vaultId: "string",
    secretName: "string",
    compartmentId: "string",
    metadata: {
        string: "string",
    },
    freeformTags: {
        string: "string",
    },
    enableAutoGeneration: false,
    rotationConfig: {
        targetSystemDetails: {
            targetSystemType: "string",
            adbId: "string",
            functionId: "string",
        },
        isScheduledRotationEnabled: false,
        rotationInterval: "string",
    },
    secretContent: {
        contentType: "string",
        content: "string",
        name: "string",
        stage: "string",
    },
    secretGenerationContext: {
        generationTemplate: "string",
        generationType: "string",
        passphraseLength: 0,
        secretTemplate: "string",
    },
    description: "string",
    secretRules: [{
        ruleType: "string",
        isEnforcedOnDeletedSecretVersions: false,
        isSecretContentRetrievalBlockedOnExpiry: false,
        secretVersionExpiryInterval: "string",
        timeOfAbsoluteExpiry: "string",
    }],
    definedTags: {
        string: "string",
    },
});
Copy
type: oci:Vault:Secret
properties:
    compartmentId: string
    definedTags:
        string: string
    description: string
    enableAutoGeneration: false
    freeformTags:
        string: string
    keyId: string
    metadata:
        string: string
    rotationConfig:
        isScheduledRotationEnabled: false
        rotationInterval: string
        targetSystemDetails:
            adbId: string
            functionId: string
            targetSystemType: string
    secretContent:
        content: string
        contentType: string
        name: string
        stage: string
    secretGenerationContext:
        generationTemplate: string
        generationType: string
        passphraseLength: 0
        secretTemplate: string
    secretName: string
    secretRules:
        - isEnforcedOnDeletedSecretVersions: false
          isSecretContentRetrievalBlockedOnExpiry: false
          ruleType: string
          secretVersionExpiryInterval: string
          timeOfAbsoluteExpiry: string
    vaultId: string
Copy

Secret Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Secret resource accepts the following input properties:

CompartmentId This property is required. string
(Updatable) The OCID of the compartment where you want to create the secret.
KeyId
This property is required.
Changes to this property will trigger replacement.
string
The OCID of the master encryption key that is used to encrypt the secret. You must specify a symmetric key to encrypt the secret during import to the vault. You cannot encrypt secrets with asymmetric keys. Furthermore, the key must exist in the vault that you specify.
SecretName
This property is required.
Changes to this property will trigger replacement.
string
A user-friendly name for the secret. Secret names should be unique within a vault. Avoid entering confidential information. Valid characters are uppercase or lowercase letters, numbers, hyphens, underscores, and periods.
VaultId
This property is required.
Changes to this property will trigger replacement.
string

The OCID of the vault where you want to create the secret.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

DefinedTags Dictionary<string, string>
(Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
Description string
(Updatable) A brief description of the secret. Avoid entering confidential information.
EnableAutoGeneration bool
(Updatable) The value of this flag determines whether or not secret content will be generated automatically. If not set, it defaults to false.
FreeformTags Dictionary<string, string>
(Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
Metadata Dictionary<string, string>
(Updatable) Additional metadata that you can use to provide context about how to use the secret during rotation or other administrative tasks. For example, for a secret that you use to connect to a database, the additional metadata might specify the connection endpoint and the connection string. Provide additional metadata as key-value pairs.
RotationConfig SecretRotationConfig
(Updatable) Defines the frequency of the rotation and the information about the target system
SecretContent SecretSecretContent
(Updatable) The content of the secret and metadata to help identify it.
SecretGenerationContext SecretSecretGenerationContext
(Updatable) Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.
SecretRules List<SecretSecretRule>
(Updatable) A list of rules to control how the secret is used and managed.
CompartmentId This property is required. string
(Updatable) The OCID of the compartment where you want to create the secret.
KeyId
This property is required.
Changes to this property will trigger replacement.
string
The OCID of the master encryption key that is used to encrypt the secret. You must specify a symmetric key to encrypt the secret during import to the vault. You cannot encrypt secrets with asymmetric keys. Furthermore, the key must exist in the vault that you specify.
SecretName
This property is required.
Changes to this property will trigger replacement.
string
A user-friendly name for the secret. Secret names should be unique within a vault. Avoid entering confidential information. Valid characters are uppercase or lowercase letters, numbers, hyphens, underscores, and periods.
VaultId
This property is required.
Changes to this property will trigger replacement.
string

The OCID of the vault where you want to create the secret.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

DefinedTags map[string]string
(Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
Description string
(Updatable) A brief description of the secret. Avoid entering confidential information.
EnableAutoGeneration bool
(Updatable) The value of this flag determines whether or not secret content will be generated automatically. If not set, it defaults to false.
FreeformTags map[string]string
(Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
Metadata map[string]string
(Updatable) Additional metadata that you can use to provide context about how to use the secret during rotation or other administrative tasks. For example, for a secret that you use to connect to a database, the additional metadata might specify the connection endpoint and the connection string. Provide additional metadata as key-value pairs.
RotationConfig SecretRotationConfigArgs
(Updatable) Defines the frequency of the rotation and the information about the target system
SecretContent SecretSecretContentArgs
(Updatable) The content of the secret and metadata to help identify it.
SecretGenerationContext SecretSecretGenerationContextArgs
(Updatable) Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.
SecretRules []SecretSecretRuleArgs
(Updatable) A list of rules to control how the secret is used and managed.
compartmentId This property is required. String
(Updatable) The OCID of the compartment where you want to create the secret.
keyId
This property is required.
Changes to this property will trigger replacement.
String
The OCID of the master encryption key that is used to encrypt the secret. You must specify a symmetric key to encrypt the secret during import to the vault. You cannot encrypt secrets with asymmetric keys. Furthermore, the key must exist in the vault that you specify.
secretName
This property is required.
Changes to this property will trigger replacement.
String
A user-friendly name for the secret. Secret names should be unique within a vault. Avoid entering confidential information. Valid characters are uppercase or lowercase letters, numbers, hyphens, underscores, and periods.
vaultId
This property is required.
Changes to this property will trigger replacement.
String

The OCID of the vault where you want to create the secret.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

definedTags Map<String,String>
(Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
description String
(Updatable) A brief description of the secret. Avoid entering confidential information.
enableAutoGeneration Boolean
(Updatable) The value of this flag determines whether or not secret content will be generated automatically. If not set, it defaults to false.
freeformTags Map<String,String>
(Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
metadata Map<String,String>
(Updatable) Additional metadata that you can use to provide context about how to use the secret during rotation or other administrative tasks. For example, for a secret that you use to connect to a database, the additional metadata might specify the connection endpoint and the connection string. Provide additional metadata as key-value pairs.
rotationConfig SecretRotationConfig
(Updatable) Defines the frequency of the rotation and the information about the target system
secretContent SecretSecretContent
(Updatable) The content of the secret and metadata to help identify it.
secretGenerationContext SecretSecretGenerationContext
(Updatable) Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.
secretRules List<SecretSecretRule>
(Updatable) A list of rules to control how the secret is used and managed.
compartmentId This property is required. string
(Updatable) The OCID of the compartment where you want to create the secret.
keyId
This property is required.
Changes to this property will trigger replacement.
string
The OCID of the master encryption key that is used to encrypt the secret. You must specify a symmetric key to encrypt the secret during import to the vault. You cannot encrypt secrets with asymmetric keys. Furthermore, the key must exist in the vault that you specify.
secretName
This property is required.
Changes to this property will trigger replacement.
string
A user-friendly name for the secret. Secret names should be unique within a vault. Avoid entering confidential information. Valid characters are uppercase or lowercase letters, numbers, hyphens, underscores, and periods.
vaultId
This property is required.
Changes to this property will trigger replacement.
string

The OCID of the vault where you want to create the secret.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

definedTags {[key: string]: string}
(Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
description string
(Updatable) A brief description of the secret. Avoid entering confidential information.
enableAutoGeneration boolean
(Updatable) The value of this flag determines whether or not secret content will be generated automatically. If not set, it defaults to false.
freeformTags {[key: string]: string}
(Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
metadata {[key: string]: string}
(Updatable) Additional metadata that you can use to provide context about how to use the secret during rotation or other administrative tasks. For example, for a secret that you use to connect to a database, the additional metadata might specify the connection endpoint and the connection string. Provide additional metadata as key-value pairs.
rotationConfig SecretRotationConfig
(Updatable) Defines the frequency of the rotation and the information about the target system
secretContent SecretSecretContent
(Updatable) The content of the secret and metadata to help identify it.
secretGenerationContext SecretSecretGenerationContext
(Updatable) Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.
secretRules SecretSecretRule[]
(Updatable) A list of rules to control how the secret is used and managed.
compartment_id This property is required. str
(Updatable) The OCID of the compartment where you want to create the secret.
key_id
This property is required.
Changes to this property will trigger replacement.
str
The OCID of the master encryption key that is used to encrypt the secret. You must specify a symmetric key to encrypt the secret during import to the vault. You cannot encrypt secrets with asymmetric keys. Furthermore, the key must exist in the vault that you specify.
secret_name
This property is required.
Changes to this property will trigger replacement.
str
A user-friendly name for the secret. Secret names should be unique within a vault. Avoid entering confidential information. Valid characters are uppercase or lowercase letters, numbers, hyphens, underscores, and periods.
vault_id
This property is required.
Changes to this property will trigger replacement.
str

The OCID of the vault where you want to create the secret.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

defined_tags Mapping[str, str]
(Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
description str
(Updatable) A brief description of the secret. Avoid entering confidential information.
enable_auto_generation bool
(Updatable) The value of this flag determines whether or not secret content will be generated automatically. If not set, it defaults to false.
freeform_tags Mapping[str, str]
(Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
metadata Mapping[str, str]
(Updatable) Additional metadata that you can use to provide context about how to use the secret during rotation or other administrative tasks. For example, for a secret that you use to connect to a database, the additional metadata might specify the connection endpoint and the connection string. Provide additional metadata as key-value pairs.
rotation_config vault.SecretRotationConfigArgs
(Updatable) Defines the frequency of the rotation and the information about the target system
secret_content vault.SecretSecretContentArgs
(Updatable) The content of the secret and metadata to help identify it.
secret_generation_context vault.SecretSecretGenerationContextArgs
(Updatable) Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.
secret_rules Sequence[vault.SecretSecretRuleArgs]
(Updatable) A list of rules to control how the secret is used and managed.
compartmentId This property is required. String
(Updatable) The OCID of the compartment where you want to create the secret.
keyId
This property is required.
Changes to this property will trigger replacement.
String
The OCID of the master encryption key that is used to encrypt the secret. You must specify a symmetric key to encrypt the secret during import to the vault. You cannot encrypt secrets with asymmetric keys. Furthermore, the key must exist in the vault that you specify.
secretName
This property is required.
Changes to this property will trigger replacement.
String
A user-friendly name for the secret. Secret names should be unique within a vault. Avoid entering confidential information. Valid characters are uppercase or lowercase letters, numbers, hyphens, underscores, and periods.
vaultId
This property is required.
Changes to this property will trigger replacement.
String

The OCID of the vault where you want to create the secret.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

definedTags Map<String>
(Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
description String
(Updatable) A brief description of the secret. Avoid entering confidential information.
enableAutoGeneration Boolean
(Updatable) The value of this flag determines whether or not secret content will be generated automatically. If not set, it defaults to false.
freeformTags Map<String>
(Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
metadata Map<String>
(Updatable) Additional metadata that you can use to provide context about how to use the secret during rotation or other administrative tasks. For example, for a secret that you use to connect to a database, the additional metadata might specify the connection endpoint and the connection string. Provide additional metadata as key-value pairs.
rotationConfig Property Map
(Updatable) Defines the frequency of the rotation and the information about the target system
secretContent Property Map
(Updatable) The content of the secret and metadata to help identify it.
secretGenerationContext Property Map
(Updatable) Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.
secretRules List<Property Map>
(Updatable) A list of rules to control how the secret is used and managed.

Outputs

All input properties are implicitly available as output properties. Additionally, the Secret resource produces the following output properties:

CurrentVersionNumber string
The version number of the secret version that's currently in use.
Id string
The provider-assigned unique ID for this managed resource.
IsAutoGenerationEnabled bool
The value of this flag determines whether or not secret content will be generated automatically.
LastRotationTime string
A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
LifecycleDetails string
Additional information about the current lifecycle state of the secret.
NextRotationTime string
A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
RotationStatus string
Additional information about the status of the secret rotation
State string
The current lifecycle state of the secret.
TimeCreated string
A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
TimeOfCurrentVersionExpiry string
An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
TimeOfDeletion string
An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
CurrentVersionNumber string
The version number of the secret version that's currently in use.
Id string
The provider-assigned unique ID for this managed resource.
IsAutoGenerationEnabled bool
The value of this flag determines whether or not secret content will be generated automatically.
LastRotationTime string
A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
LifecycleDetails string
Additional information about the current lifecycle state of the secret.
NextRotationTime string
A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
RotationStatus string
Additional information about the status of the secret rotation
State string
The current lifecycle state of the secret.
TimeCreated string
A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
TimeOfCurrentVersionExpiry string
An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
TimeOfDeletion string
An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
currentVersionNumber String
The version number of the secret version that's currently in use.
id String
The provider-assigned unique ID for this managed resource.
isAutoGenerationEnabled Boolean
The value of this flag determines whether or not secret content will be generated automatically.
lastRotationTime String
A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
lifecycleDetails String
Additional information about the current lifecycle state of the secret.
nextRotationTime String
A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
rotationStatus String
Additional information about the status of the secret rotation
state String
The current lifecycle state of the secret.
timeCreated String
A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
timeOfCurrentVersionExpiry String
An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
timeOfDeletion String
An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
currentVersionNumber string
The version number of the secret version that's currently in use.
id string
The provider-assigned unique ID for this managed resource.
isAutoGenerationEnabled boolean
The value of this flag determines whether or not secret content will be generated automatically.
lastRotationTime string
A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
lifecycleDetails string
Additional information about the current lifecycle state of the secret.
nextRotationTime string
A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
rotationStatus string
Additional information about the status of the secret rotation
state string
The current lifecycle state of the secret.
timeCreated string
A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
timeOfCurrentVersionExpiry string
An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
timeOfDeletion string
An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
current_version_number str
The version number of the secret version that's currently in use.
id str
The provider-assigned unique ID for this managed resource.
is_auto_generation_enabled bool
The value of this flag determines whether or not secret content will be generated automatically.
last_rotation_time str
A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
lifecycle_details str
Additional information about the current lifecycle state of the secret.
next_rotation_time str
A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
rotation_status str
Additional information about the status of the secret rotation
state str
The current lifecycle state of the secret.
time_created str
A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
time_of_current_version_expiry str
An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
time_of_deletion str
An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
currentVersionNumber String
The version number of the secret version that's currently in use.
id String
The provider-assigned unique ID for this managed resource.
isAutoGenerationEnabled Boolean
The value of this flag determines whether or not secret content will be generated automatically.
lastRotationTime String
A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
lifecycleDetails String
Additional information about the current lifecycle state of the secret.
nextRotationTime String
A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
rotationStatus String
Additional information about the status of the secret rotation
state String
The current lifecycle state of the secret.
timeCreated String
A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
timeOfCurrentVersionExpiry String
An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
timeOfDeletion String
An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

Look up Existing Secret Resource

Get an existing Secret resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecretState, opts?: CustomResourceOptions): Secret
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        compartment_id: Optional[str] = None,
        current_version_number: Optional[str] = None,
        defined_tags: Optional[Mapping[str, str]] = None,
        description: Optional[str] = None,
        enable_auto_generation: Optional[bool] = None,
        freeform_tags: Optional[Mapping[str, str]] = None,
        is_auto_generation_enabled: Optional[bool] = None,
        key_id: Optional[str] = None,
        last_rotation_time: Optional[str] = None,
        lifecycle_details: Optional[str] = None,
        metadata: Optional[Mapping[str, str]] = None,
        next_rotation_time: Optional[str] = None,
        rotation_config: Optional[_vault.SecretRotationConfigArgs] = None,
        rotation_status: Optional[str] = None,
        secret_content: Optional[_vault.SecretSecretContentArgs] = None,
        secret_generation_context: Optional[_vault.SecretSecretGenerationContextArgs] = None,
        secret_name: Optional[str] = None,
        secret_rules: Optional[Sequence[_vault.SecretSecretRuleArgs]] = None,
        state: Optional[str] = None,
        time_created: Optional[str] = None,
        time_of_current_version_expiry: Optional[str] = None,
        time_of_deletion: Optional[str] = None,
        vault_id: Optional[str] = None) -> Secret
func GetSecret(ctx *Context, name string, id IDInput, state *SecretState, opts ...ResourceOption) (*Secret, error)
public static Secret Get(string name, Input<string> id, SecretState? state, CustomResourceOptions? opts = null)
public static Secret get(String name, Output<String> id, SecretState state, CustomResourceOptions options)
resources:  _:    type: oci:Vault:Secret    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
CompartmentId string
(Updatable) The OCID of the compartment where you want to create the secret.
CurrentVersionNumber string
The version number of the secret version that's currently in use.
DefinedTags Dictionary<string, string>
(Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
Description string
(Updatable) A brief description of the secret. Avoid entering confidential information.
EnableAutoGeneration bool
(Updatable) The value of this flag determines whether or not secret content will be generated automatically. If not set, it defaults to false.
FreeformTags Dictionary<string, string>
(Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
IsAutoGenerationEnabled bool
The value of this flag determines whether or not secret content will be generated automatically.
KeyId Changes to this property will trigger replacement. string
The OCID of the master encryption key that is used to encrypt the secret. You must specify a symmetric key to encrypt the secret during import to the vault. You cannot encrypt secrets with asymmetric keys. Furthermore, the key must exist in the vault that you specify.
LastRotationTime string
A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
LifecycleDetails string
Additional information about the current lifecycle state of the secret.
Metadata Dictionary<string, string>
(Updatable) Additional metadata that you can use to provide context about how to use the secret during rotation or other administrative tasks. For example, for a secret that you use to connect to a database, the additional metadata might specify the connection endpoint and the connection string. Provide additional metadata as key-value pairs.
NextRotationTime string
A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
RotationConfig SecretRotationConfig
(Updatable) Defines the frequency of the rotation and the information about the target system
RotationStatus string
Additional information about the status of the secret rotation
SecretContent SecretSecretContent
(Updatable) The content of the secret and metadata to help identify it.
SecretGenerationContext SecretSecretGenerationContext
(Updatable) Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.
SecretName Changes to this property will trigger replacement. string
A user-friendly name for the secret. Secret names should be unique within a vault. Avoid entering confidential information. Valid characters are uppercase or lowercase letters, numbers, hyphens, underscores, and periods.
SecretRules List<SecretSecretRule>
(Updatable) A list of rules to control how the secret is used and managed.
State string
The current lifecycle state of the secret.
TimeCreated string
A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
TimeOfCurrentVersionExpiry string
An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
TimeOfDeletion string
An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
VaultId Changes to this property will trigger replacement. string

The OCID of the vault where you want to create the secret.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

CompartmentId string
(Updatable) The OCID of the compartment where you want to create the secret.
CurrentVersionNumber string
The version number of the secret version that's currently in use.
DefinedTags map[string]string
(Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
Description string
(Updatable) A brief description of the secret. Avoid entering confidential information.
EnableAutoGeneration bool
(Updatable) The value of this flag determines whether or not secret content will be generated automatically. If not set, it defaults to false.
FreeformTags map[string]string
(Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
IsAutoGenerationEnabled bool
The value of this flag determines whether or not secret content will be generated automatically.
KeyId Changes to this property will trigger replacement. string
The OCID of the master encryption key that is used to encrypt the secret. You must specify a symmetric key to encrypt the secret during import to the vault. You cannot encrypt secrets with asymmetric keys. Furthermore, the key must exist in the vault that you specify.
LastRotationTime string
A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
LifecycleDetails string
Additional information about the current lifecycle state of the secret.
Metadata map[string]string
(Updatable) Additional metadata that you can use to provide context about how to use the secret during rotation or other administrative tasks. For example, for a secret that you use to connect to a database, the additional metadata might specify the connection endpoint and the connection string. Provide additional metadata as key-value pairs.
NextRotationTime string
A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
RotationConfig SecretRotationConfigArgs
(Updatable) Defines the frequency of the rotation and the information about the target system
RotationStatus string
Additional information about the status of the secret rotation
SecretContent SecretSecretContentArgs
(Updatable) The content of the secret and metadata to help identify it.
SecretGenerationContext SecretSecretGenerationContextArgs
(Updatable) Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.
SecretName Changes to this property will trigger replacement. string
A user-friendly name for the secret. Secret names should be unique within a vault. Avoid entering confidential information. Valid characters are uppercase or lowercase letters, numbers, hyphens, underscores, and periods.
SecretRules []SecretSecretRuleArgs
(Updatable) A list of rules to control how the secret is used and managed.
State string
The current lifecycle state of the secret.
TimeCreated string
A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
TimeOfCurrentVersionExpiry string
An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
TimeOfDeletion string
An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
VaultId Changes to this property will trigger replacement. string

The OCID of the vault where you want to create the secret.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

compartmentId String
(Updatable) The OCID of the compartment where you want to create the secret.
currentVersionNumber String
The version number of the secret version that's currently in use.
definedTags Map<String,String>
(Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
description String
(Updatable) A brief description of the secret. Avoid entering confidential information.
enableAutoGeneration Boolean
(Updatable) The value of this flag determines whether or not secret content will be generated automatically. If not set, it defaults to false.
freeformTags Map<String,String>
(Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
isAutoGenerationEnabled Boolean
The value of this flag determines whether or not secret content will be generated automatically.
keyId Changes to this property will trigger replacement. String
The OCID of the master encryption key that is used to encrypt the secret. You must specify a symmetric key to encrypt the secret during import to the vault. You cannot encrypt secrets with asymmetric keys. Furthermore, the key must exist in the vault that you specify.
lastRotationTime String
A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
lifecycleDetails String
Additional information about the current lifecycle state of the secret.
metadata Map<String,String>
(Updatable) Additional metadata that you can use to provide context about how to use the secret during rotation or other administrative tasks. For example, for a secret that you use to connect to a database, the additional metadata might specify the connection endpoint and the connection string. Provide additional metadata as key-value pairs.
nextRotationTime String
A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
rotationConfig SecretRotationConfig
(Updatable) Defines the frequency of the rotation and the information about the target system
rotationStatus String
Additional information about the status of the secret rotation
secretContent SecretSecretContent
(Updatable) The content of the secret and metadata to help identify it.
secretGenerationContext SecretSecretGenerationContext
(Updatable) Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.
secretName Changes to this property will trigger replacement. String
A user-friendly name for the secret. Secret names should be unique within a vault. Avoid entering confidential information. Valid characters are uppercase or lowercase letters, numbers, hyphens, underscores, and periods.
secretRules List<SecretSecretRule>
(Updatable) A list of rules to control how the secret is used and managed.
state String
The current lifecycle state of the secret.
timeCreated String
A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
timeOfCurrentVersionExpiry String
An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
timeOfDeletion String
An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
vaultId Changes to this property will trigger replacement. String

The OCID of the vault where you want to create the secret.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

compartmentId string
(Updatable) The OCID of the compartment where you want to create the secret.
currentVersionNumber string
The version number of the secret version that's currently in use.
definedTags {[key: string]: string}
(Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
description string
(Updatable) A brief description of the secret. Avoid entering confidential information.
enableAutoGeneration boolean
(Updatable) The value of this flag determines whether or not secret content will be generated automatically. If not set, it defaults to false.
freeformTags {[key: string]: string}
(Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
isAutoGenerationEnabled boolean
The value of this flag determines whether or not secret content will be generated automatically.
keyId Changes to this property will trigger replacement. string
The OCID of the master encryption key that is used to encrypt the secret. You must specify a symmetric key to encrypt the secret during import to the vault. You cannot encrypt secrets with asymmetric keys. Furthermore, the key must exist in the vault that you specify.
lastRotationTime string
A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
lifecycleDetails string
Additional information about the current lifecycle state of the secret.
metadata {[key: string]: string}
(Updatable) Additional metadata that you can use to provide context about how to use the secret during rotation or other administrative tasks. For example, for a secret that you use to connect to a database, the additional metadata might specify the connection endpoint and the connection string. Provide additional metadata as key-value pairs.
nextRotationTime string
A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
rotationConfig SecretRotationConfig
(Updatable) Defines the frequency of the rotation and the information about the target system
rotationStatus string
Additional information about the status of the secret rotation
secretContent SecretSecretContent
(Updatable) The content of the secret and metadata to help identify it.
secretGenerationContext SecretSecretGenerationContext
(Updatable) Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.
secretName Changes to this property will trigger replacement. string
A user-friendly name for the secret. Secret names should be unique within a vault. Avoid entering confidential information. Valid characters are uppercase or lowercase letters, numbers, hyphens, underscores, and periods.
secretRules SecretSecretRule[]
(Updatable) A list of rules to control how the secret is used and managed.
state string
The current lifecycle state of the secret.
timeCreated string
A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
timeOfCurrentVersionExpiry string
An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
timeOfDeletion string
An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
vaultId Changes to this property will trigger replacement. string

The OCID of the vault where you want to create the secret.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

compartment_id str
(Updatable) The OCID of the compartment where you want to create the secret.
current_version_number str
The version number of the secret version that's currently in use.
defined_tags Mapping[str, str]
(Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
description str
(Updatable) A brief description of the secret. Avoid entering confidential information.
enable_auto_generation bool
(Updatable) The value of this flag determines whether or not secret content will be generated automatically. If not set, it defaults to false.
freeform_tags Mapping[str, str]
(Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
is_auto_generation_enabled bool
The value of this flag determines whether or not secret content will be generated automatically.
key_id Changes to this property will trigger replacement. str
The OCID of the master encryption key that is used to encrypt the secret. You must specify a symmetric key to encrypt the secret during import to the vault. You cannot encrypt secrets with asymmetric keys. Furthermore, the key must exist in the vault that you specify.
last_rotation_time str
A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
lifecycle_details str
Additional information about the current lifecycle state of the secret.
metadata Mapping[str, str]
(Updatable) Additional metadata that you can use to provide context about how to use the secret during rotation or other administrative tasks. For example, for a secret that you use to connect to a database, the additional metadata might specify the connection endpoint and the connection string. Provide additional metadata as key-value pairs.
next_rotation_time str
A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
rotation_config vault.SecretRotationConfigArgs
(Updatable) Defines the frequency of the rotation and the information about the target system
rotation_status str
Additional information about the status of the secret rotation
secret_content vault.SecretSecretContentArgs
(Updatable) The content of the secret and metadata to help identify it.
secret_generation_context vault.SecretSecretGenerationContextArgs
(Updatable) Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.
secret_name Changes to this property will trigger replacement. str
A user-friendly name for the secret. Secret names should be unique within a vault. Avoid entering confidential information. Valid characters are uppercase or lowercase letters, numbers, hyphens, underscores, and periods.
secret_rules Sequence[vault.SecretSecretRuleArgs]
(Updatable) A list of rules to control how the secret is used and managed.
state str
The current lifecycle state of the secret.
time_created str
A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
time_of_current_version_expiry str
An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
time_of_deletion str
An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
vault_id Changes to this property will trigger replacement. str

The OCID of the vault where you want to create the secret.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

compartmentId String
(Updatable) The OCID of the compartment where you want to create the secret.
currentVersionNumber String
The version number of the secret version that's currently in use.
definedTags Map<String>
(Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
description String
(Updatable) A brief description of the secret. Avoid entering confidential information.
enableAutoGeneration Boolean
(Updatable) The value of this flag determines whether or not secret content will be generated automatically. If not set, it defaults to false.
freeformTags Map<String>
(Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
isAutoGenerationEnabled Boolean
The value of this flag determines whether or not secret content will be generated automatically.
keyId Changes to this property will trigger replacement. String
The OCID of the master encryption key that is used to encrypt the secret. You must specify a symmetric key to encrypt the secret during import to the vault. You cannot encrypt secrets with asymmetric keys. Furthermore, the key must exist in the vault that you specify.
lastRotationTime String
A property indicating when the secret was last rotated successfully, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
lifecycleDetails String
Additional information about the current lifecycle state of the secret.
metadata Map<String>
(Updatable) Additional metadata that you can use to provide context about how to use the secret during rotation or other administrative tasks. For example, for a secret that you use to connect to a database, the additional metadata might specify the connection endpoint and the connection string. Provide additional metadata as key-value pairs.
nextRotationTime String
A property indicating when the secret is scheduled to be rotated, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
rotationConfig Property Map
(Updatable) Defines the frequency of the rotation and the information about the target system
rotationStatus String
Additional information about the status of the secret rotation
secretContent Property Map
(Updatable) The content of the secret and metadata to help identify it.
secretGenerationContext Property Map
(Updatable) Captures a configurable set of secret generation rules such as length, base characters, additional characters, and so on.
secretName Changes to this property will trigger replacement. String
A user-friendly name for the secret. Secret names should be unique within a vault. Avoid entering confidential information. Valid characters are uppercase or lowercase letters, numbers, hyphens, underscores, and periods.
secretRules List<Property Map>
(Updatable) A list of rules to control how the secret is used and managed.
state String
The current lifecycle state of the secret.
timeCreated String
A property indicating when the secret was created, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
timeOfCurrentVersionExpiry String
An optional property indicating when the current secret version will expire, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
timeOfDeletion String
An optional property indicating when to delete the secret, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
vaultId Changes to this property will trigger replacement. String

The OCID of the vault where you want to create the secret.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

Supporting Types

SecretRotationConfig
, SecretRotationConfigArgs

TargetSystemDetails This property is required. SecretRotationConfigTargetSystemDetails
(Updatable) The TargetSystemDetails provides the targetSystem type and type-specific connection metadata
IsScheduledRotationEnabled bool
(Updatable) Enables auto rotation, when set to true rotationInterval must be set.
RotationInterval string
(Updatable) The time interval that indicates the frequency for rotating secret data, as described in ISO 8601 format. The minimum value is 1 day and maximum value is 360 days. For example, if you want to set the time interval for rotating a secret data as 30 days, the duration is expressed as "P30D."
TargetSystemDetails This property is required. SecretRotationConfigTargetSystemDetails
(Updatable) The TargetSystemDetails provides the targetSystem type and type-specific connection metadata
IsScheduledRotationEnabled bool
(Updatable) Enables auto rotation, when set to true rotationInterval must be set.
RotationInterval string
(Updatable) The time interval that indicates the frequency for rotating secret data, as described in ISO 8601 format. The minimum value is 1 day and maximum value is 360 days. For example, if you want to set the time interval for rotating a secret data as 30 days, the duration is expressed as "P30D."
targetSystemDetails This property is required. SecretRotationConfigTargetSystemDetails
(Updatable) The TargetSystemDetails provides the targetSystem type and type-specific connection metadata
isScheduledRotationEnabled Boolean
(Updatable) Enables auto rotation, when set to true rotationInterval must be set.
rotationInterval String
(Updatable) The time interval that indicates the frequency for rotating secret data, as described in ISO 8601 format. The minimum value is 1 day and maximum value is 360 days. For example, if you want to set the time interval for rotating a secret data as 30 days, the duration is expressed as "P30D."
targetSystemDetails This property is required. SecretRotationConfigTargetSystemDetails
(Updatable) The TargetSystemDetails provides the targetSystem type and type-specific connection metadata
isScheduledRotationEnabled boolean
(Updatable) Enables auto rotation, when set to true rotationInterval must be set.
rotationInterval string
(Updatable) The time interval that indicates the frequency for rotating secret data, as described in ISO 8601 format. The minimum value is 1 day and maximum value is 360 days. For example, if you want to set the time interval for rotating a secret data as 30 days, the duration is expressed as "P30D."
target_system_details This property is required. vault.SecretRotationConfigTargetSystemDetails
(Updatable) The TargetSystemDetails provides the targetSystem type and type-specific connection metadata
is_scheduled_rotation_enabled bool
(Updatable) Enables auto rotation, when set to true rotationInterval must be set.
rotation_interval str
(Updatable) The time interval that indicates the frequency for rotating secret data, as described in ISO 8601 format. The minimum value is 1 day and maximum value is 360 days. For example, if you want to set the time interval for rotating a secret data as 30 days, the duration is expressed as "P30D."
targetSystemDetails This property is required. Property Map
(Updatable) The TargetSystemDetails provides the targetSystem type and type-specific connection metadata
isScheduledRotationEnabled Boolean
(Updatable) Enables auto rotation, when set to true rotationInterval must be set.
rotationInterval String
(Updatable) The time interval that indicates the frequency for rotating secret data, as described in ISO 8601 format. The minimum value is 1 day and maximum value is 360 days. For example, if you want to set the time interval for rotating a secret data as 30 days, the duration is expressed as "P30D."

SecretRotationConfigTargetSystemDetails
, SecretRotationConfigTargetSystemDetailsArgs

TargetSystemType This property is required. string
(Updatable) Unique identifier of the target system that Vault Secret connects to.
AdbId string
(Updatable) The unique identifier (OCID) for the autonomous database that Vault Secret connects to.
FunctionId string
(Updatable) The unique identifier (OCID) of the Oracle Cloud Infrastructure Functions that vault secret connects to.
TargetSystemType This property is required. string
(Updatable) Unique identifier of the target system that Vault Secret connects to.
AdbId string
(Updatable) The unique identifier (OCID) for the autonomous database that Vault Secret connects to.
FunctionId string
(Updatable) The unique identifier (OCID) of the Oracle Cloud Infrastructure Functions that vault secret connects to.
targetSystemType This property is required. String
(Updatable) Unique identifier of the target system that Vault Secret connects to.
adbId String
(Updatable) The unique identifier (OCID) for the autonomous database that Vault Secret connects to.
functionId String
(Updatable) The unique identifier (OCID) of the Oracle Cloud Infrastructure Functions that vault secret connects to.
targetSystemType This property is required. string
(Updatable) Unique identifier of the target system that Vault Secret connects to.
adbId string
(Updatable) The unique identifier (OCID) for the autonomous database that Vault Secret connects to.
functionId string
(Updatable) The unique identifier (OCID) of the Oracle Cloud Infrastructure Functions that vault secret connects to.
target_system_type This property is required. str
(Updatable) Unique identifier of the target system that Vault Secret connects to.
adb_id str
(Updatable) The unique identifier (OCID) for the autonomous database that Vault Secret connects to.
function_id str
(Updatable) The unique identifier (OCID) of the Oracle Cloud Infrastructure Functions that vault secret connects to.
targetSystemType This property is required. String
(Updatable) Unique identifier of the target system that Vault Secret connects to.
adbId String
(Updatable) The unique identifier (OCID) for the autonomous database that Vault Secret connects to.
functionId String
(Updatable) The unique identifier (OCID) of the Oracle Cloud Infrastructure Functions that vault secret connects to.

SecretSecretContent
, SecretSecretContentArgs

ContentType This property is required. string
(Updatable) The base64-encoded content of the secret.
Content string
(Updatable) The base64-encoded content of the secret.
Name string
(Updatable) Names should be unique within a secret. Valid characters are uppercase or lowercase letters, numbers, hyphens, underscores, and periods.
Stage string
(Updatable) The rotation state of the secret content. The default is CURRENT, meaning that the secret is currently in use. A secret version that you mark as PENDING is staged and available for use, but you don't yet want to rotate it into current, active use. For example, you might create or update a secret and mark its rotation state as PENDING if you haven't yet updated the secret on the target system. When creating a secret, only the value CURRENT is applicable, although the value LATEST is also automatically applied. When updating a secret, you can specify a version's rotation state as either CURRENT or PENDING.
ContentType This property is required. string
(Updatable) The base64-encoded content of the secret.
Content string
(Updatable) The base64-encoded content of the secret.
Name string
(Updatable) Names should be unique within a secret. Valid characters are uppercase or lowercase letters, numbers, hyphens, underscores, and periods.
Stage string
(Updatable) The rotation state of the secret content. The default is CURRENT, meaning that the secret is currently in use. A secret version that you mark as PENDING is staged and available for use, but you don't yet want to rotate it into current, active use. For example, you might create or update a secret and mark its rotation state as PENDING if you haven't yet updated the secret on the target system. When creating a secret, only the value CURRENT is applicable, although the value LATEST is also automatically applied. When updating a secret, you can specify a version's rotation state as either CURRENT or PENDING.
contentType This property is required. String
(Updatable) The base64-encoded content of the secret.
content String
(Updatable) The base64-encoded content of the secret.
name String
(Updatable) Names should be unique within a secret. Valid characters are uppercase or lowercase letters, numbers, hyphens, underscores, and periods.
stage String
(Updatable) The rotation state of the secret content. The default is CURRENT, meaning that the secret is currently in use. A secret version that you mark as PENDING is staged and available for use, but you don't yet want to rotate it into current, active use. For example, you might create or update a secret and mark its rotation state as PENDING if you haven't yet updated the secret on the target system. When creating a secret, only the value CURRENT is applicable, although the value LATEST is also automatically applied. When updating a secret, you can specify a version's rotation state as either CURRENT or PENDING.
contentType This property is required. string
(Updatable) The base64-encoded content of the secret.
content string
(Updatable) The base64-encoded content of the secret.
name string
(Updatable) Names should be unique within a secret. Valid characters are uppercase or lowercase letters, numbers, hyphens, underscores, and periods.
stage string
(Updatable) The rotation state of the secret content. The default is CURRENT, meaning that the secret is currently in use. A secret version that you mark as PENDING is staged and available for use, but you don't yet want to rotate it into current, active use. For example, you might create or update a secret and mark its rotation state as PENDING if you haven't yet updated the secret on the target system. When creating a secret, only the value CURRENT is applicable, although the value LATEST is also automatically applied. When updating a secret, you can specify a version's rotation state as either CURRENT or PENDING.
content_type This property is required. str
(Updatable) The base64-encoded content of the secret.
content str
(Updatable) The base64-encoded content of the secret.
name str
(Updatable) Names should be unique within a secret. Valid characters are uppercase or lowercase letters, numbers, hyphens, underscores, and periods.
stage str
(Updatable) The rotation state of the secret content. The default is CURRENT, meaning that the secret is currently in use. A secret version that you mark as PENDING is staged and available for use, but you don't yet want to rotate it into current, active use. For example, you might create or update a secret and mark its rotation state as PENDING if you haven't yet updated the secret on the target system. When creating a secret, only the value CURRENT is applicable, although the value LATEST is also automatically applied. When updating a secret, you can specify a version's rotation state as either CURRENT or PENDING.
contentType This property is required. String
(Updatable) The base64-encoded content of the secret.
content String
(Updatable) The base64-encoded content of the secret.
name String
(Updatable) Names should be unique within a secret. Valid characters are uppercase or lowercase letters, numbers, hyphens, underscores, and periods.
stage String
(Updatable) The rotation state of the secret content. The default is CURRENT, meaning that the secret is currently in use. A secret version that you mark as PENDING is staged and available for use, but you don't yet want to rotate it into current, active use. For example, you might create or update a secret and mark its rotation state as PENDING if you haven't yet updated the secret on the target system. When creating a secret, only the value CURRENT is applicable, although the value LATEST is also automatically applied. When updating a secret, you can specify a version's rotation state as either CURRENT or PENDING.

SecretSecretGenerationContext
, SecretSecretGenerationContextArgs

GenerationTemplate This property is required. string
(Updatable) Name of random bytes generation template for generating random byte type secret.
GenerationType This property is required. string
(Updatable) Name of the predefined secret generation type.
PassphraseLength int
(Updatable) Length of the passphrase to be generated
SecretTemplate string
(Updatable) SecretTemplate captures structure in which customer wants to store secrets. This is optional and a default structure is available for each secret type. The template can have any structure with static values that are not generated. Within the template, you can insert predefined placeholders to store secrets. These placeholders are later replaced with the generated content and saved as a Base64 encoded content.
GenerationTemplate This property is required. string
(Updatable) Name of random bytes generation template for generating random byte type secret.
GenerationType This property is required. string
(Updatable) Name of the predefined secret generation type.
PassphraseLength int
(Updatable) Length of the passphrase to be generated
SecretTemplate string
(Updatable) SecretTemplate captures structure in which customer wants to store secrets. This is optional and a default structure is available for each secret type. The template can have any structure with static values that are not generated. Within the template, you can insert predefined placeholders to store secrets. These placeholders are later replaced with the generated content and saved as a Base64 encoded content.
generationTemplate This property is required. String
(Updatable) Name of random bytes generation template for generating random byte type secret.
generationType This property is required. String
(Updatable) Name of the predefined secret generation type.
passphraseLength Integer
(Updatable) Length of the passphrase to be generated
secretTemplate String
(Updatable) SecretTemplate captures structure in which customer wants to store secrets. This is optional and a default structure is available for each secret type. The template can have any structure with static values that are not generated. Within the template, you can insert predefined placeholders to store secrets. These placeholders are later replaced with the generated content and saved as a Base64 encoded content.
generationTemplate This property is required. string
(Updatable) Name of random bytes generation template for generating random byte type secret.
generationType This property is required. string
(Updatable) Name of the predefined secret generation type.
passphraseLength number
(Updatable) Length of the passphrase to be generated
secretTemplate string
(Updatable) SecretTemplate captures structure in which customer wants to store secrets. This is optional and a default structure is available for each secret type. The template can have any structure with static values that are not generated. Within the template, you can insert predefined placeholders to store secrets. These placeholders are later replaced with the generated content and saved as a Base64 encoded content.
generation_template This property is required. str
(Updatable) Name of random bytes generation template for generating random byte type secret.
generation_type This property is required. str
(Updatable) Name of the predefined secret generation type.
passphrase_length int
(Updatable) Length of the passphrase to be generated
secret_template str
(Updatable) SecretTemplate captures structure in which customer wants to store secrets. This is optional and a default structure is available for each secret type. The template can have any structure with static values that are not generated. Within the template, you can insert predefined placeholders to store secrets. These placeholders are later replaced with the generated content and saved as a Base64 encoded content.
generationTemplate This property is required. String
(Updatable) Name of random bytes generation template for generating random byte type secret.
generationType This property is required. String
(Updatable) Name of the predefined secret generation type.
passphraseLength Number
(Updatable) Length of the passphrase to be generated
secretTemplate String
(Updatable) SecretTemplate captures structure in which customer wants to store secrets. This is optional and a default structure is available for each secret type. The template can have any structure with static values that are not generated. Within the template, you can insert predefined placeholders to store secrets. These placeholders are later replaced with the generated content and saved as a Base64 encoded content.

SecretSecretRule
, SecretSecretRuleArgs

RuleType This property is required. string
(Updatable) The type of rule, which either controls when the secret contents expire or whether they can be reused.
IsEnforcedOnDeletedSecretVersions bool
(Updatable) A property indicating whether the rule is applied even if the secret version with the content you are trying to reuse was deleted.
IsSecretContentRetrievalBlockedOnExpiry bool
(Updatable) A property indicating whether to block retrieval of the secret content, on expiry. The default is false. If the secret has already expired and you would like to retrieve the secret contents, you need to edit the secret rule to disable this property, to allow reading the secret content.
SecretVersionExpiryInterval string
(Updatable) A property indicating how long the secret contents will be considered valid, expressed in ISO 8601 format. The secret needs to be updated when the secret content expires. The timer resets after you update the secret contents. The minimum value is 1 day and the maximum value is 90 days for this property. Currently, only intervals expressed in days are supported. For example, pass P3D to have the secret version expire every 3 days.
TimeOfAbsoluteExpiry string
(Updatable) An optional property indicating the absolute time when this secret will expire, expressed in RFC 3339 timestamp format. The minimum number of days from current time is 1 day and the maximum number of days from current time is 365 days. Example: 2019-04-03T21:10:29.600Z
RuleType This property is required. string
(Updatable) The type of rule, which either controls when the secret contents expire or whether they can be reused.
IsEnforcedOnDeletedSecretVersions bool
(Updatable) A property indicating whether the rule is applied even if the secret version with the content you are trying to reuse was deleted.
IsSecretContentRetrievalBlockedOnExpiry bool
(Updatable) A property indicating whether to block retrieval of the secret content, on expiry. The default is false. If the secret has already expired and you would like to retrieve the secret contents, you need to edit the secret rule to disable this property, to allow reading the secret content.
SecretVersionExpiryInterval string
(Updatable) A property indicating how long the secret contents will be considered valid, expressed in ISO 8601 format. The secret needs to be updated when the secret content expires. The timer resets after you update the secret contents. The minimum value is 1 day and the maximum value is 90 days for this property. Currently, only intervals expressed in days are supported. For example, pass P3D to have the secret version expire every 3 days.
TimeOfAbsoluteExpiry string
(Updatable) An optional property indicating the absolute time when this secret will expire, expressed in RFC 3339 timestamp format. The minimum number of days from current time is 1 day and the maximum number of days from current time is 365 days. Example: 2019-04-03T21:10:29.600Z
ruleType This property is required. String
(Updatable) The type of rule, which either controls when the secret contents expire or whether they can be reused.
isEnforcedOnDeletedSecretVersions Boolean
(Updatable) A property indicating whether the rule is applied even if the secret version with the content you are trying to reuse was deleted.
isSecretContentRetrievalBlockedOnExpiry Boolean
(Updatable) A property indicating whether to block retrieval of the secret content, on expiry. The default is false. If the secret has already expired and you would like to retrieve the secret contents, you need to edit the secret rule to disable this property, to allow reading the secret content.
secretVersionExpiryInterval String
(Updatable) A property indicating how long the secret contents will be considered valid, expressed in ISO 8601 format. The secret needs to be updated when the secret content expires. The timer resets after you update the secret contents. The minimum value is 1 day and the maximum value is 90 days for this property. Currently, only intervals expressed in days are supported. For example, pass P3D to have the secret version expire every 3 days.
timeOfAbsoluteExpiry String
(Updatable) An optional property indicating the absolute time when this secret will expire, expressed in RFC 3339 timestamp format. The minimum number of days from current time is 1 day and the maximum number of days from current time is 365 days. Example: 2019-04-03T21:10:29.600Z
ruleType This property is required. string
(Updatable) The type of rule, which either controls when the secret contents expire or whether they can be reused.
isEnforcedOnDeletedSecretVersions boolean
(Updatable) A property indicating whether the rule is applied even if the secret version with the content you are trying to reuse was deleted.
isSecretContentRetrievalBlockedOnExpiry boolean
(Updatable) A property indicating whether to block retrieval of the secret content, on expiry. The default is false. If the secret has already expired and you would like to retrieve the secret contents, you need to edit the secret rule to disable this property, to allow reading the secret content.
secretVersionExpiryInterval string
(Updatable) A property indicating how long the secret contents will be considered valid, expressed in ISO 8601 format. The secret needs to be updated when the secret content expires. The timer resets after you update the secret contents. The minimum value is 1 day and the maximum value is 90 days for this property. Currently, only intervals expressed in days are supported. For example, pass P3D to have the secret version expire every 3 days.
timeOfAbsoluteExpiry string
(Updatable) An optional property indicating the absolute time when this secret will expire, expressed in RFC 3339 timestamp format. The minimum number of days from current time is 1 day and the maximum number of days from current time is 365 days. Example: 2019-04-03T21:10:29.600Z
rule_type This property is required. str
(Updatable) The type of rule, which either controls when the secret contents expire or whether they can be reused.
is_enforced_on_deleted_secret_versions bool
(Updatable) A property indicating whether the rule is applied even if the secret version with the content you are trying to reuse was deleted.
is_secret_content_retrieval_blocked_on_expiry bool
(Updatable) A property indicating whether to block retrieval of the secret content, on expiry. The default is false. If the secret has already expired and you would like to retrieve the secret contents, you need to edit the secret rule to disable this property, to allow reading the secret content.
secret_version_expiry_interval str
(Updatable) A property indicating how long the secret contents will be considered valid, expressed in ISO 8601 format. The secret needs to be updated when the secret content expires. The timer resets after you update the secret contents. The minimum value is 1 day and the maximum value is 90 days for this property. Currently, only intervals expressed in days are supported. For example, pass P3D to have the secret version expire every 3 days.
time_of_absolute_expiry str
(Updatable) An optional property indicating the absolute time when this secret will expire, expressed in RFC 3339 timestamp format. The minimum number of days from current time is 1 day and the maximum number of days from current time is 365 days. Example: 2019-04-03T21:10:29.600Z
ruleType This property is required. String
(Updatable) The type of rule, which either controls when the secret contents expire or whether they can be reused.
isEnforcedOnDeletedSecretVersions Boolean
(Updatable) A property indicating whether the rule is applied even if the secret version with the content you are trying to reuse was deleted.
isSecretContentRetrievalBlockedOnExpiry Boolean
(Updatable) A property indicating whether to block retrieval of the secret content, on expiry. The default is false. If the secret has already expired and you would like to retrieve the secret contents, you need to edit the secret rule to disable this property, to allow reading the secret content.
secretVersionExpiryInterval String
(Updatable) A property indicating how long the secret contents will be considered valid, expressed in ISO 8601 format. The secret needs to be updated when the secret content expires. The timer resets after you update the secret contents. The minimum value is 1 day and the maximum value is 90 days for this property. Currently, only intervals expressed in days are supported. For example, pass P3D to have the secret version expire every 3 days.
timeOfAbsoluteExpiry String
(Updatable) An optional property indicating the absolute time when this secret will expire, expressed in RFC 3339 timestamp format. The minimum number of days from current time is 1 day and the maximum number of days from current time is 365 days. Example: 2019-04-03T21:10:29.600Z

Import

Secrets can be imported using the id, e.g.

$ pulumi import oci:Vault/secret:Secret test_secret "id"
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
oci pulumi/pulumi-oci
License
Apache-2.0
Notes
This Pulumi package is based on the oci Terraform Provider.