1. Packages
  2. Azure Native
  3. API Docs
  4. keyvault
  5. Secret
This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v3.2.0 published on Monday, Apr 14, 2025 by Pulumi

azure-native.keyvault.Secret

Explore with Pulumi AI

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v3.2.0 published on Monday, Apr 14, 2025 by Pulumi

Resource information with extended details.

Uses Azure REST API version 2024-11-01. In version 2.x of the Azure Native provider, it used API version 2023-02-01.

Other available API versions: 2023-02-01, 2023-07-01, 2024-04-01-preview, 2024-12-01-preview. These can be accessed by generating a local SDK package using the CLI command pulumi package add azure-native keyvault [ApiVersion]. See the version guide for details.

Example Usage

Create a secret

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var secret = new AzureNative.KeyVault.Secret("secret", new()
    {
        Properties = new AzureNative.KeyVault.Inputs.SecretPropertiesArgs
        {
            Value = "secret-value",
        },
        ResourceGroupName = "sample-group",
        SecretName = "secret-name",
        VaultName = "sample-vault",
    });

});
Copy
package main

import (
	keyvault "github.com/pulumi/pulumi-azure-native-sdk/keyvault/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := keyvault.NewSecret(ctx, "secret", &keyvault.SecretArgs{
			Properties: &keyvault.SecretPropertiesArgs{
				Value: pulumi.String("secret-value"),
			},
			ResourceGroupName: pulumi.String("sample-group"),
			SecretName:        pulumi.String("secret-name"),
			VaultName:         pulumi.String("sample-vault"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.keyvault.Secret;
import com.pulumi.azurenative.keyvault.SecretArgs;
import com.pulumi.azurenative.keyvault.inputs.SecretPropertiesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var secret = new Secret("secret", SecretArgs.builder()
            .properties(SecretPropertiesArgs.builder()
                .value("secret-value")
                .build())
            .resourceGroupName("sample-group")
            .secretName("secret-name")
            .vaultName("sample-vault")
            .build());

    }
}
Copy
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const secret = new azure_native.keyvault.Secret("secret", {
    properties: {
        value: "secret-value",
    },
    resourceGroupName: "sample-group",
    secretName: "secret-name",
    vaultName: "sample-vault",
});
Copy
import pulumi
import pulumi_azure_native as azure_native

secret = azure_native.keyvault.Secret("secret",
    properties={
        "value": "secret-value",
    },
    resource_group_name="sample-group",
    secret_name="secret-name",
    vault_name="sample-vault")
Copy
resources:
  secret:
    type: azure-native:keyvault:Secret
    properties:
      properties:
        value: secret-value
      resourceGroupName: sample-group
      secretName: secret-name
      vaultName: sample-vault
Copy

Create Secret Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Secret(name: string, args: SecretArgs, opts?: CustomResourceOptions);
@overload
def Secret(resource_name: str,
           args: SecretArgs,
           opts: Optional[ResourceOptions] = None)

@overload
def Secret(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           properties: Optional[SecretPropertiesArgs] = None,
           resource_group_name: Optional[str] = None,
           vault_name: Optional[str] = None,
           secret_name: Optional[str] = None,
           tags: Optional[Mapping[str, str]] = None)
func NewSecret(ctx *Context, name string, args SecretArgs, opts ...ResourceOption) (*Secret, error)
public Secret(string name, SecretArgs args, CustomResourceOptions? opts = null)
public Secret(String name, SecretArgs args)
public Secret(String name, SecretArgs args, CustomResourceOptions options)
type: azure-native:keyvault:Secret
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. SecretArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. SecretArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. SecretArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. SecretArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. SecretArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var examplesecretResourceResourceFromKeyvault = new AzureNative.KeyVault.Secret("examplesecretResourceResourceFromKeyvault", new()
{
    Properties = new AzureNative.KeyVault.Inputs.SecretPropertiesArgs
    {
        Attributes = new AzureNative.KeyVault.Inputs.SecretAttributesArgs
        {
            Enabled = false,
            Expires = 0,
            NotBefore = 0,
        },
        ContentType = "string",
        Value = "string",
    },
    ResourceGroupName = "string",
    VaultName = "string",
    SecretName = "string",
    Tags = 
    {
        { "string", "string" },
    },
});
Copy
example, err := keyvault.NewSecret(ctx, "examplesecretResourceResourceFromKeyvault", &keyvault.SecretArgs{
	Properties: &keyvault.SecretPropertiesArgs{
		Attributes: &keyvault.SecretAttributesArgs{
			Enabled:   pulumi.Bool(false),
			Expires:   pulumi.Int(0),
			NotBefore: pulumi.Int(0),
		},
		ContentType: pulumi.String("string"),
		Value:       pulumi.String("string"),
	},
	ResourceGroupName: pulumi.String("string"),
	VaultName:         pulumi.String("string"),
	SecretName:        pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
})
Copy
var examplesecretResourceResourceFromKeyvault = new Secret("examplesecretResourceResourceFromKeyvault", SecretArgs.builder()
    .properties(SecretPropertiesArgs.builder()
        .attributes(SecretAttributesArgs.builder()
            .enabled(false)
            .expires(0)
            .notBefore(0)
            .build())
        .contentType("string")
        .value("string")
        .build())
    .resourceGroupName("string")
    .vaultName("string")
    .secretName("string")
    .tags(Map.of("string", "string"))
    .build());
Copy
examplesecret_resource_resource_from_keyvault = azure_native.keyvault.Secret("examplesecretResourceResourceFromKeyvault",
    properties={
        "attributes": {
            "enabled": False,
            "expires": 0,
            "not_before": 0,
        },
        "content_type": "string",
        "value": "string",
    },
    resource_group_name="string",
    vault_name="string",
    secret_name="string",
    tags={
        "string": "string",
    })
Copy
const examplesecretResourceResourceFromKeyvault = new azure_native.keyvault.Secret("examplesecretResourceResourceFromKeyvault", {
    properties: {
        attributes: {
            enabled: false,
            expires: 0,
            notBefore: 0,
        },
        contentType: "string",
        value: "string",
    },
    resourceGroupName: "string",
    vaultName: "string",
    secretName: "string",
    tags: {
        string: "string",
    },
});
Copy
type: azure-native:keyvault:Secret
properties:
    properties:
        attributes:
            enabled: false
            expires: 0
            notBefore: 0
        contentType: string
        value: string
    resourceGroupName: string
    secretName: string
    tags:
        string: string
    vaultName: string
Copy

Secret Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Secret resource accepts the following input properties:

Properties This property is required. Pulumi.AzureNative.KeyVault.Inputs.SecretProperties
Properties of the secret
ResourceGroupName
This property is required.
Changes to this property will trigger replacement.
string
The name of the Resource Group to which the vault belongs.
VaultName
This property is required.
Changes to this property will trigger replacement.
string
Name of the vault
SecretName Changes to this property will trigger replacement. string
Name of the secret. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information.
Tags Dictionary<string, string>
The tags that will be assigned to the secret.
Properties This property is required. SecretPropertiesArgs
Properties of the secret
ResourceGroupName
This property is required.
Changes to this property will trigger replacement.
string
The name of the Resource Group to which the vault belongs.
VaultName
This property is required.
Changes to this property will trigger replacement.
string
Name of the vault
SecretName Changes to this property will trigger replacement. string
Name of the secret. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information.
Tags map[string]string
The tags that will be assigned to the secret.
properties This property is required. SecretProperties
Properties of the secret
resourceGroupName
This property is required.
Changes to this property will trigger replacement.
String
The name of the Resource Group to which the vault belongs.
vaultName
This property is required.
Changes to this property will trigger replacement.
String
Name of the vault
secretName Changes to this property will trigger replacement. String
Name of the secret. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information.
tags Map<String,String>
The tags that will be assigned to the secret.
properties This property is required. SecretProperties
Properties of the secret
resourceGroupName
This property is required.
Changes to this property will trigger replacement.
string
The name of the Resource Group to which the vault belongs.
vaultName
This property is required.
Changes to this property will trigger replacement.
string
Name of the vault
secretName Changes to this property will trigger replacement. string
Name of the secret. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information.
tags {[key: string]: string}
The tags that will be assigned to the secret.
properties This property is required. SecretPropertiesArgs
Properties of the secret
resource_group_name
This property is required.
Changes to this property will trigger replacement.
str
The name of the Resource Group to which the vault belongs.
vault_name
This property is required.
Changes to this property will trigger replacement.
str
Name of the vault
secret_name Changes to this property will trigger replacement. str
Name of the secret. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information.
tags Mapping[str, str]
The tags that will be assigned to the secret.
properties This property is required. Property Map
Properties of the secret
resourceGroupName
This property is required.
Changes to this property will trigger replacement.
String
The name of the Resource Group to which the vault belongs.
vaultName
This property is required.
Changes to this property will trigger replacement.
String
Name of the vault
secretName Changes to this property will trigger replacement. String
Name of the secret. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information.
tags Map<String>
The tags that will be assigned to the secret.

Outputs

All input properties are implicitly available as output properties. Additionally, the Secret resource produces the following output properties:

AzureApiVersion string
The Azure API version of the resource.
Id string
The provider-assigned unique ID for this managed resource.
Location string
Azure location of the key vault resource.
Name string
Name of the key vault resource.
Type string
Resource type of the key vault resource.
AzureApiVersion string
The Azure API version of the resource.
Id string
The provider-assigned unique ID for this managed resource.
Location string
Azure location of the key vault resource.
Name string
Name of the key vault resource.
Type string
Resource type of the key vault resource.
azureApiVersion String
The Azure API version of the resource.
id String
The provider-assigned unique ID for this managed resource.
location String
Azure location of the key vault resource.
name String
Name of the key vault resource.
type String
Resource type of the key vault resource.
azureApiVersion string
The Azure API version of the resource.
id string
The provider-assigned unique ID for this managed resource.
location string
Azure location of the key vault resource.
name string
Name of the key vault resource.
type string
Resource type of the key vault resource.
azure_api_version str
The Azure API version of the resource.
id str
The provider-assigned unique ID for this managed resource.
location str
Azure location of the key vault resource.
name str
Name of the key vault resource.
type str
Resource type of the key vault resource.
azureApiVersion String
The Azure API version of the resource.
id String
The provider-assigned unique ID for this managed resource.
location String
Azure location of the key vault resource.
name String
Name of the key vault resource.
type String
Resource type of the key vault resource.

Supporting Types

SecretAttributes
, SecretAttributesArgs

Enabled bool
Determines whether the object is enabled.
Expires int
Expiry date in seconds since 1970-01-01T00:00:00Z.
NotBefore int
Not before date in seconds since 1970-01-01T00:00:00Z.
Enabled bool
Determines whether the object is enabled.
Expires int
Expiry date in seconds since 1970-01-01T00:00:00Z.
NotBefore int
Not before date in seconds since 1970-01-01T00:00:00Z.
enabled Boolean
Determines whether the object is enabled.
expires Integer
Expiry date in seconds since 1970-01-01T00:00:00Z.
notBefore Integer
Not before date in seconds since 1970-01-01T00:00:00Z.
enabled boolean
Determines whether the object is enabled.
expires number
Expiry date in seconds since 1970-01-01T00:00:00Z.
notBefore number
Not before date in seconds since 1970-01-01T00:00:00Z.
enabled bool
Determines whether the object is enabled.
expires int
Expiry date in seconds since 1970-01-01T00:00:00Z.
not_before int
Not before date in seconds since 1970-01-01T00:00:00Z.
enabled Boolean
Determines whether the object is enabled.
expires Number
Expiry date in seconds since 1970-01-01T00:00:00Z.
notBefore Number
Not before date in seconds since 1970-01-01T00:00:00Z.

SecretAttributesResponse
, SecretAttributesResponseArgs

Created This property is required. int
Creation time in seconds since 1970-01-01T00:00:00Z.
Updated This property is required. int
Last updated time in seconds since 1970-01-01T00:00:00Z.
Enabled bool
Determines whether the object is enabled.
Expires int
Expiry date in seconds since 1970-01-01T00:00:00Z.
NotBefore int
Not before date in seconds since 1970-01-01T00:00:00Z.
Created This property is required. int
Creation time in seconds since 1970-01-01T00:00:00Z.
Updated This property is required. int
Last updated time in seconds since 1970-01-01T00:00:00Z.
Enabled bool
Determines whether the object is enabled.
Expires int
Expiry date in seconds since 1970-01-01T00:00:00Z.
NotBefore int
Not before date in seconds since 1970-01-01T00:00:00Z.
created This property is required. Integer
Creation time in seconds since 1970-01-01T00:00:00Z.
updated This property is required. Integer
Last updated time in seconds since 1970-01-01T00:00:00Z.
enabled Boolean
Determines whether the object is enabled.
expires Integer
Expiry date in seconds since 1970-01-01T00:00:00Z.
notBefore Integer
Not before date in seconds since 1970-01-01T00:00:00Z.
created This property is required. number
Creation time in seconds since 1970-01-01T00:00:00Z.
updated This property is required. number
Last updated time in seconds since 1970-01-01T00:00:00Z.
enabled boolean
Determines whether the object is enabled.
expires number
Expiry date in seconds since 1970-01-01T00:00:00Z.
notBefore number
Not before date in seconds since 1970-01-01T00:00:00Z.
created This property is required. int
Creation time in seconds since 1970-01-01T00:00:00Z.
updated This property is required. int
Last updated time in seconds since 1970-01-01T00:00:00Z.
enabled bool
Determines whether the object is enabled.
expires int
Expiry date in seconds since 1970-01-01T00:00:00Z.
not_before int
Not before date in seconds since 1970-01-01T00:00:00Z.
created This property is required. Number
Creation time in seconds since 1970-01-01T00:00:00Z.
updated This property is required. Number
Last updated time in seconds since 1970-01-01T00:00:00Z.
enabled Boolean
Determines whether the object is enabled.
expires Number
Expiry date in seconds since 1970-01-01T00:00:00Z.
notBefore Number
Not before date in seconds since 1970-01-01T00:00:00Z.

SecretProperties
, SecretPropertiesArgs

Attributes Pulumi.AzureNative.KeyVault.Inputs.SecretAttributes
The attributes of the secret.
ContentType string
The content type of the secret.
Value string
The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.
Attributes SecretAttributes
The attributes of the secret.
ContentType string
The content type of the secret.
Value string
The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.
attributes SecretAttributes
The attributes of the secret.
contentType String
The content type of the secret.
value String
The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.
attributes SecretAttributes
The attributes of the secret.
contentType string
The content type of the secret.
value string
The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.
attributes SecretAttributes
The attributes of the secret.
content_type str
The content type of the secret.
value str
The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.
attributes Property Map
The attributes of the secret.
contentType String
The content type of the secret.
value String
The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.

SecretPropertiesResponse
, SecretPropertiesResponseArgs

SecretUri This property is required. string
The URI to retrieve the current version of the secret.
SecretUriWithVersion This property is required. string
The URI to retrieve the specific version of the secret.
Attributes Pulumi.AzureNative.KeyVault.Inputs.SecretAttributesResponse
The attributes of the secret.
ContentType string
The content type of the secret.
Value string
The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.
SecretUri This property is required. string
The URI to retrieve the current version of the secret.
SecretUriWithVersion This property is required. string
The URI to retrieve the specific version of the secret.
Attributes SecretAttributesResponse
The attributes of the secret.
ContentType string
The content type of the secret.
Value string
The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.
secretUri This property is required. String
The URI to retrieve the current version of the secret.
secretUriWithVersion This property is required. String
The URI to retrieve the specific version of the secret.
attributes SecretAttributesResponse
The attributes of the secret.
contentType String
The content type of the secret.
value String
The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.
secretUri This property is required. string
The URI to retrieve the current version of the secret.
secretUriWithVersion This property is required. string
The URI to retrieve the specific version of the secret.
attributes SecretAttributesResponse
The attributes of the secret.
contentType string
The content type of the secret.
value string
The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.
secret_uri This property is required. str
The URI to retrieve the current version of the secret.
secret_uri_with_version This property is required. str
The URI to retrieve the specific version of the secret.
attributes SecretAttributesResponse
The attributes of the secret.
content_type str
The content type of the secret.
value str
The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.
secretUri This property is required. String
The URI to retrieve the current version of the secret.
secretUriWithVersion This property is required. String
The URI to retrieve the specific version of the secret.
attributes Property Map
The attributes of the secret.
contentType String
The content type of the secret.
value String
The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:keyvault:Secret secret-name /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}/secrets/{secretName} 
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
Azure Native pulumi/pulumi-azure-native
License
Apache-2.0
This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v3.2.0 published on Monday, Apr 14, 2025 by Pulumi