Azure Native v3.2.0, Apr 14 25

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.2.0 published on Monday, Apr 14, 2025 by Pulumi

azure-native.keyvault.Secret

Explore with Pulumi AI

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.2.0 published on Monday, Apr 14, 2025 by Pulumi

pulumi/pulumi-azure-native

Create a secret

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var secret = new AzureNative.KeyVault.Secret("secret", new()
    {
        Properties = new AzureNative.KeyVault.Inputs.SecretPropertiesArgs
        {
            Value = "secret-value",
        },
        ResourceGroupName = "sample-group",
        SecretName = "secret-name",
        VaultName = "sample-vault",
    });

});

package main

import (
	keyvault "github.com/pulumi/pulumi-azure-native-sdk/keyvault/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := keyvault.NewSecret(ctx, "secret", &keyvault.SecretArgs{
			Properties: &keyvault.SecretPropertiesArgs{
				Value: pulumi.String("secret-value"),
			},
			ResourceGroupName: pulumi.String("sample-group"),
			SecretName:        pulumi.String("secret-name"),
			VaultName:         pulumi.String("sample-vault"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.keyvault.Secret;
import com.pulumi.azurenative.keyvault.SecretArgs;
import com.pulumi.azurenative.keyvault.inputs.SecretPropertiesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var secret = new Secret("secret", SecretArgs.builder()
            .properties(SecretPropertiesArgs.builder()
                .value("secret-value")
                .build())
            .resourceGroupName("sample-group")
            .secretName("secret-name")
            .vaultName("sample-vault")
            .build());

    }
}

import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const secret = new azure_native.keyvault.Secret("secret", {
    properties: {
        value: "secret-value",
    },
    resourceGroupName: "sample-group",
    secretName: "secret-name",
    vaultName: "sample-vault",
});

import pulumi
import pulumi_azure_native as azure_native

secret = azure_native.keyvault.Secret("secret",
    properties={
        "value": "secret-value",
    },
    resource_group_name="sample-group",
    secret_name="secret-name",
    vault_name="sample-vault")

resources:
  secret:
    type: azure-native:keyvault:Secret
    properties:
      properties:
        value: secret-value
      resourceGroupName: sample-group
      secretName: secret-name
      vaultName: sample-vault

Create Secret Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

TypeScript
Python
Go
C#
Java
YAML

new Secret(name: string, args: SecretArgs, opts?: CustomResourceOptions);

@overload
def Secret(resource_name: str,
           args: SecretArgs,
           opts: Optional[ResourceOptions] = None)

@overload
def Secret(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           properties: Optional[SecretPropertiesArgs] = None,
           resource_group_name: Optional[str] = None,
           vault_name: Optional[str] = None,
           secret_name: Optional[str] = None,
           tags: Optional[Mapping[str, str]] = None)

func NewSecret(ctx *Context, name string, args SecretArgs, opts ...ResourceOption) (*Secret, error)

public Secret(string name, SecretArgs args, CustomResourceOptions? opts = null)

public Secret(String name, SecretArgs args)
public Secret(String name, SecretArgs args, CustomResourceOptions options)

type: azure-native:keyvault:Secret
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

TypeScript
Python
Go
C#
Java
YAML

var examplesecretResourceResourceFromKeyvault = new AzureNative.KeyVault.Secret("examplesecretResourceResourceFromKeyvault", new()
{
    Properties = new AzureNative.KeyVault.Inputs.SecretPropertiesArgs
    {
        Attributes = new AzureNative.KeyVault.Inputs.SecretAttributesArgs
        {
            Enabled = false,
            Expires = 0,
            NotBefore = 0,
        },
        ContentType = "string",
        Value = "string",
    },
    ResourceGroupName = "string",
    VaultName = "string",
    SecretName = "string",
    Tags = 
    {
        { "string", "string" },
    },
});

example, err := keyvault.NewSecret(ctx, "examplesecretResourceResourceFromKeyvault", &keyvault.SecretArgs{
	Properties: &keyvault.SecretPropertiesArgs{
		Attributes: &keyvault.SecretAttributesArgs{
			Enabled:   pulumi.Bool(false),
			Expires:   pulumi.Int(0),
			NotBefore: pulumi.Int(0),
		},
		ContentType: pulumi.String("string"),
		Value:       pulumi.String("string"),
	},
	ResourceGroupName: pulumi.String("string"),
	VaultName:         pulumi.String("string"),
	SecretName:        pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
})

var examplesecretResourceResourceFromKeyvault = new Secret("examplesecretResourceResourceFromKeyvault", SecretArgs.builder()
    .properties(SecretPropertiesArgs.builder()
        .attributes(SecretAttributesArgs.builder()
            .enabled(false)
            .expires(0)
            .notBefore(0)
            .build())
        .contentType("string")
        .value("string")
        .build())
    .resourceGroupName("string")
    .vaultName("string")
    .secretName("string")
    .tags(Map.of("string", "string"))
    .build());

examplesecret_resource_resource_from_keyvault = azure_native.keyvault.Secret("examplesecretResourceResourceFromKeyvault",
    properties={
        "attributes": {
            "enabled": False,
            "expires": 0,
            "not_before": 0,
        },
        "content_type": "string",
        "value": "string",
    },
    resource_group_name="string",
    vault_name="string",
    secret_name="string",
    tags={
        "string": "string",
    })

const examplesecretResourceResourceFromKeyvault = new azure_native.keyvault.Secret("examplesecretResourceResourceFromKeyvault", {
    properties: {
        attributes: {
            enabled: false,
            expires: 0,
            notBefore: 0,
        },
        contentType: "string",
        value: "string",
    },
    resourceGroupName: "string",
    vaultName: "string",
    secretName: "string",
    tags: {
        string: "string",
    },
});

type: azure-native:keyvault:Secret
properties:
    properties:
        attributes:
            enabled: false
            expires: 0
            notBefore: 0
        contentType: string
        value: string
    resourceGroupName: string
    secretName: string
    tags:
        string: string
    vaultName: string

Secret Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Secret resource accepts the following input properties:

Properties Pulumi.AzureNative.KeyVault.Inputs.SecretProperties: Properties of the secret
ResourceGroupName string: The name of the Resource Group to which the vault belongs.
VaultName string: Name of the vault
SecretName string: Name of the secret. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information.
Tags Dictionary<string, string>: The tags that will be assigned to the secret.

Properties SecretPropertiesArgs: Properties of the secret
ResourceGroupName string: The name of the Resource Group to which the vault belongs.
VaultName string: Name of the vault
SecretName string: Name of the secret. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information.
Tags map[string]string: The tags that will be assigned to the secret.

properties SecretProperties: Properties of the secret
resourceGroupName String: The name of the Resource Group to which the vault belongs.
vaultName String: Name of the vault
secretName String: Name of the secret. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information.
tags Map<String,String>: The tags that will be assigned to the secret.

properties SecretProperties: Properties of the secret
resourceGroupName string: The name of the Resource Group to which the vault belongs.
vaultName string: Name of the vault
secretName string: Name of the secret. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information.
tags {[key: string]: string}: The tags that will be assigned to the secret.

properties SecretPropertiesArgs: Properties of the secret
resource_group_name str: The name of the Resource Group to which the vault belongs.
vault_name str: Name of the vault
secret_name str: Name of the secret. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information.
tags Mapping[str, str]: The tags that will be assigned to the secret.

properties Property Map: Properties of the secret
resourceGroupName String: The name of the Resource Group to which the vault belongs.
vaultName String: Name of the vault
secretName String: Name of the secret. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information.
tags Map<String>: The tags that will be assigned to the secret.

Outputs

All input properties are implicitly available as output properties. Additionally, the Secret resource produces the following output properties:

AzureApiVersion string: The Azure API version of the resource.
Id string: The provider-assigned unique ID for this managed resource.
Location string: Azure location of the key vault resource.
Name string: Name of the key vault resource.
Type string: Resource type of the key vault resource.

AzureApiVersion string: The Azure API version of the resource.
Id string: The provider-assigned unique ID for this managed resource.
Location string: Azure location of the key vault resource.
Name string: Name of the key vault resource.
Type string: Resource type of the key vault resource.

azureApiVersion String: The Azure API version of the resource.
id String: The provider-assigned unique ID for this managed resource.
location String: Azure location of the key vault resource.
name String: Name of the key vault resource.
type String: Resource type of the key vault resource.

azureApiVersion string: The Azure API version of the resource.
id string: The provider-assigned unique ID for this managed resource.
location string: Azure location of the key vault resource.
name string: Name of the key vault resource.
type string: Resource type of the key vault resource.

azure_api_version str: The Azure API version of the resource.
id str: The provider-assigned unique ID for this managed resource.
location str: Azure location of the key vault resource.
name str: Name of the key vault resource.
type str: Resource type of the key vault resource.

azureApiVersion String: The Azure API version of the resource.
id String: The provider-assigned unique ID for this managed resource.
location String: Azure location of the key vault resource.
name String: Name of the key vault resource.
type String: Resource type of the key vault resource.

Supporting Types

SecretAttributes
, SecretAttributesArgs

Enabled bool: Determines whether the object is enabled.
Expires int: Expiry date in seconds since 1970-01-01T00:00:00Z.
NotBefore int: Not before date in seconds since 1970-01-01T00:00:00Z.

Enabled bool: Determines whether the object is enabled.
Expires int: Expiry date in seconds since 1970-01-01T00:00:00Z.
NotBefore int: Not before date in seconds since 1970-01-01T00:00:00Z.

enabled Boolean: Determines whether the object is enabled.
expires Integer: Expiry date in seconds since 1970-01-01T00:00:00Z.
notBefore Integer: Not before date in seconds since 1970-01-01T00:00:00Z.

enabled boolean: Determines whether the object is enabled.
expires number: Expiry date in seconds since 1970-01-01T00:00:00Z.
notBefore number: Not before date in seconds since 1970-01-01T00:00:00Z.

enabled bool: Determines whether the object is enabled.
expires int: Expiry date in seconds since 1970-01-01T00:00:00Z.
not_before int: Not before date in seconds since 1970-01-01T00:00:00Z.

enabled Boolean: Determines whether the object is enabled.
expires Number: Expiry date in seconds since 1970-01-01T00:00:00Z.
notBefore Number: Not before date in seconds since 1970-01-01T00:00:00Z.

SecretAttributesResponse
, SecretAttributesResponseArgs

Created int: Creation time in seconds since 1970-01-01T00:00:00Z.
Updated int: Last updated time in seconds since 1970-01-01T00:00:00Z.
Enabled bool: Determines whether the object is enabled.
Expires int: Expiry date in seconds since 1970-01-01T00:00:00Z.
NotBefore int: Not before date in seconds since 1970-01-01T00:00:00Z.

Created int: Creation time in seconds since 1970-01-01T00:00:00Z.
Updated int: Last updated time in seconds since 1970-01-01T00:00:00Z.
Enabled bool: Determines whether the object is enabled.
Expires int: Expiry date in seconds since 1970-01-01T00:00:00Z.
NotBefore int: Not before date in seconds since 1970-01-01T00:00:00Z.

created Integer: Creation time in seconds since 1970-01-01T00:00:00Z.
updated Integer: Last updated time in seconds since 1970-01-01T00:00:00Z.
enabled Boolean: Determines whether the object is enabled.
expires Integer: Expiry date in seconds since 1970-01-01T00:00:00Z.
notBefore Integer: Not before date in seconds since 1970-01-01T00:00:00Z.

created number: Creation time in seconds since 1970-01-01T00:00:00Z.
updated number: Last updated time in seconds since 1970-01-01T00:00:00Z.
enabled boolean: Determines whether the object is enabled.
expires number: Expiry date in seconds since 1970-01-01T00:00:00Z.
notBefore number: Not before date in seconds since 1970-01-01T00:00:00Z.

created int: Creation time in seconds since 1970-01-01T00:00:00Z.
updated int: Last updated time in seconds since 1970-01-01T00:00:00Z.
enabled bool: Determines whether the object is enabled.
expires int: Expiry date in seconds since 1970-01-01T00:00:00Z.
not_before int: Not before date in seconds since 1970-01-01T00:00:00Z.

created Number: Creation time in seconds since 1970-01-01T00:00:00Z.
updated Number: Last updated time in seconds since 1970-01-01T00:00:00Z.
enabled Boolean: Determines whether the object is enabled.
expires Number: Expiry date in seconds since 1970-01-01T00:00:00Z.
notBefore Number: Not before date in seconds since 1970-01-01T00:00:00Z.

SecretProperties
, SecretPropertiesArgs

Attributes Pulumi.AzureNative.KeyVault.Inputs.SecretAttributes: The attributes of the secret.
ContentType string: The content type of the secret.
Value string: The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.

Attributes SecretAttributes: The attributes of the secret.
ContentType string: The content type of the secret.
Value string: The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.

attributes SecretAttributes: The attributes of the secret.
contentType String: The content type of the secret.
value String: The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.

attributes SecretAttributes: The attributes of the secret.
contentType string: The content type of the secret.
value string: The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.

attributes SecretAttributes: The attributes of the secret.
content_type str: The content type of the secret.
value str: The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.

attributes Property Map: The attributes of the secret.
contentType String: The content type of the secret.
value String: The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.

SecretPropertiesResponse
, SecretPropertiesResponseArgs

SecretUri string: The URI to retrieve the current version of the secret.
SecretUriWithVersion string: The URI to retrieve the specific version of the secret.
Attributes Pulumi.AzureNative.KeyVault.Inputs.SecretAttributesResponse: The attributes of the secret.
ContentType string: The content type of the secret.
Value string: The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.

SecretUri string: The URI to retrieve the current version of the secret.
SecretUriWithVersion string: The URI to retrieve the specific version of the secret.
Attributes SecretAttributesResponse: The attributes of the secret.
ContentType string: The content type of the secret.
Value string: The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.

secretUri String: The URI to retrieve the current version of the secret.
secretUriWithVersion String: The URI to retrieve the specific version of the secret.
attributes SecretAttributesResponse: The attributes of the secret.
contentType String: The content type of the secret.
value String: The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.

secretUri string: The URI to retrieve the current version of the secret.
secretUriWithVersion string: The URI to retrieve the specific version of the secret.
attributes SecretAttributesResponse: The attributes of the secret.
contentType string: The content type of the secret.
value string: The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.

secret_uri str: The URI to retrieve the current version of the secret.
secret_uri_with_version str: The URI to retrieve the specific version of the secret.
attributes SecretAttributesResponse: The attributes of the secret.
content_type str: The content type of the secret.
value str: The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.

secretUri String: The URI to retrieve the current version of the secret.
secretUriWithVersion String: The URI to retrieve the specific version of the secret.
attributes Property Map: The attributes of the secret.
contentType String: The content type of the secret.
value String: The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:keyvault:Secret secret-name /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}/secrets/{secretName}

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Azure Native pulumi/pulumi-azure-native
License: Apache-2.0

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.2.0 published on Monday, Apr 14, 2025 by Pulumi

pulumi/pulumi-azure-native

azure-native.keyvault.Secret

On this page

On this page

Example Usage

Create a secret

Create Secret Resource

Constructor syntax

Parameters

Constructor example

Secret Resource Properties

Inputs

Outputs

Supporting Types

SecretAttributes
, SecretAttributesArgs

SecretAttributesResponse
, SecretAttributesResponseArgs

SecretProperties
, SecretPropertiesArgs

SecretPropertiesResponse
, SecretPropertiesResponseArgs

Import

Package Details

On this page

On this page

azure-native.keyvault.Secret

On this page

On this page

Example Usage

Create a secret

Create Secret Resource

Constructor syntax

Parameters

Constructor example

Secret Resource Properties

Inputs

Outputs

Supporting Types

SecretAttributes, SecretAttributesArgs

SecretAttributesResponse, SecretAttributesResponseArgs

SecretProperties, SecretPropertiesArgs

SecretPropertiesResponse, SecretPropertiesResponseArgs

Import

Package Details

On this page

On this page

SecretAttributes
, SecretAttributesArgs

SecretAttributesResponse
, SecretAttributesResponseArgs

SecretProperties
, SecretPropertiesArgs

SecretPropertiesResponse
, SecretPropertiesResponseArgs