Docs Home
Control Plane v0.0.56 published on Wednesday, Apr 9, 2025 by pulumiverse
cpln.getSecret
Explore with Pulumi AI
Use this data source to access information about a Secret within Control Plane.
Required
- name (String) Name of the secret.
Outputs
The following attributes are exported:
- cpln_id (String) The ID, in GUID format, of the secret.
- name (String) Name of the secret.
- description (String) Description of the secret.
- tags (Map of String) Key-value map of resource tags.
- self_link (String) Full link to this resource. Can be referenced by other resources.
- secret_link (String) Output used when linking a secret to an environment variable or volume, in the format:
cpln://secret/SECRET_NAME. - dictionary_as_envs (Map of String) If a dictionary secret is defined, this output will be a key-value map in the following format:
key = cpln://secret/SECRET_NAME.key. - aws (Block List, Max: 1) (see below) Reference Page.
- azure_connector (Block List, Max: 1) (see below) Reference Page.
- azure_sdk (String, Sensitive) JSON string containing the Docker secret. Reference Page.
- dictionary (Map of String) List of unique key-value pairs. Reference Page.
- docker (String, Sensitive) JSON string containing the Docker secret. Reference Page.
- ecr (Block List, Max: 1) (see below).
- gcp (String, Sensitive) JSON string containing the GCP secret. Reference Page
- keypair (Block List, Max: 1) (see below) Reference Page.
- nats_account (Block List, Max: 1) (see below) Reference Page.
- opaque (Block List, Max: 1) (see below) Reference Page.
- tls (Block List, Max: 1) (see below) Reference Page.
- userpass (Block List, Max: 1) (see below) Reference Page.
aws
Optional:
- access_key (String, Sensitive) Access Key provided by AWS.
- role_arn (String) Role ARN provided by AWS.
- secret_key (String, Sensitive) Secret Key provided by AWS.
- external_id (String) AWS IAM Role External ID.
azure_connector
Optional:
- code (String, Sensitive) Code/Key to authenticate to deployment URL.
- url (String, Sensitive) Deployment URL.
ecr
Optional:
- access_key (String) Access Key provided by AWS.
- repos (Set of String) List of ECR repositories.
- role_arn (String) Role ARN provided by AWS.
- secret_key (String, Sensitive) Secret Key provided by AWS.
- external_id (String) AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
keypair
Optional:
- passphrase (String, Sensitive) Passphrase for private key.
- public_key (String) Public Key.
- secret_key (String, Sensitive) Secret/Private Key.
nats_account
Required:
- account_id (String) Account ID.
- private_key (String) Private Key.
opaque
Optional:
- encoding (String) Available encodings:
plain,base64. Default:plain. - payload (String, Sensitive) Plain text or base64 encoded string. Use
encodingattribute to specify encoding.
tls
Optional:
- cert (String) Public Certificate.
- chain (String) Chain Certificate.
- key (String, Sensitive) Private Certificate.
userpass
Optional:
- encoding (String) Available encodings:
plain,base64. Default:plain. - password (String, Sensitive) Password.
- username (String) Username.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as cpln from "@pulumi/cpln";
export = async () => {
const example = await cpln.getSecret({
name: "example-secret-opaque",
});
return {
"example-secret-payload": example.opaque?.payload,
};
}
import pulumi
import pulumi_cpln as cpln
example = cpln.get_secret(name="example-secret-opaque")
pulumi.export("example-secret-payload", example.opaque.payload)
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-cpln/sdk/go/cpln"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := cpln.LookupSecret(ctx, &cpln.LookupSecretArgs{
Name: "example-secret-opaque",
}, nil)
if err != nil {
return err
}
ctx.Export("example-secret-payload", example.Opaque.Payload)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cpln = Pulumi.Cpln;
return await Deployment.RunAsync(() =>
{
var example = Cpln.GetSecret.Invoke(new()
{
Name = "example-secret-opaque",
});
return new Dictionary<string, object?>
{
["example-secret-payload"] = example.Apply(getSecretResult => getSecretResult.Opaque?.Payload),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cpln.CplnFunctions;
import com.pulumi.cpln.inputs.GetSecretArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = CplnFunctions.getSecret(GetSecretArgs.builder()
.name("example-secret-opaque")
.build());
ctx.export("example-secret-payload", example.applyValue(getSecretResult -> getSecretResult.opaque().payload()));
}
}
variables:
example:
fn::invoke:
function: cpln:getSecret
arguments:
name: example-secret-opaque
outputs:
example-secret-payload: ${example.opaque.payload}
Using getSecret
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getSecret(args: GetSecretArgs, opts?: InvokeOptions): Promise<GetSecretResult>
function getSecretOutput(args: GetSecretOutputArgs, opts?: InvokeOptions): Output<GetSecretResult>def get_secret(aws: Optional[GetSecretAws] = None,
azure_connector: Optional[GetSecretAzureConnector] = None,
azure_sdk: Optional[str] = None,
description: Optional[str] = None,
dictionary: Optional[Mapping[str, str]] = None,
docker: Optional[str] = None,
ecr: Optional[GetSecretEcr] = None,
gcp: Optional[str] = None,
keypair: Optional[GetSecretKeypair] = None,
name: Optional[str] = None,
nats_account: Optional[GetSecretNatsAccount] = None,
opaque: Optional[GetSecretOpaque] = None,
tags: Optional[Mapping[str, str]] = None,
tls: Optional[GetSecretTls] = None,
userpass: Optional[GetSecretUserpass] = None,
opts: Optional[InvokeOptions] = None) -> GetSecretResult
def get_secret_output(aws: Optional[pulumi.Input[GetSecretAwsArgs]] = None,
azure_connector: Optional[pulumi.Input[GetSecretAzureConnectorArgs]] = None,
azure_sdk: Optional[pulumi.Input[str]] = None,
description: Optional[pulumi.Input[str]] = None,
dictionary: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
docker: Optional[pulumi.Input[str]] = None,
ecr: Optional[pulumi.Input[GetSecretEcrArgs]] = None,
gcp: Optional[pulumi.Input[str]] = None,
keypair: Optional[pulumi.Input[GetSecretKeypairArgs]] = None,
name: Optional[pulumi.Input[str]] = None,
nats_account: Optional[pulumi.Input[GetSecretNatsAccountArgs]] = None,
opaque: Optional[pulumi.Input[GetSecretOpaqueArgs]] = None,
tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
tls: Optional[pulumi.Input[GetSecretTlsArgs]] = None,
userpass: Optional[pulumi.Input[GetSecretUserpassArgs]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetSecretResult]func LookupSecret(ctx *Context, args *LookupSecretArgs, opts ...InvokeOption) (*LookupSecretResult, error)
func LookupSecretOutput(ctx *Context, args *LookupSecretOutputArgs, opts ...InvokeOption) LookupSecretResultOutput> Note: This function is named LookupSecret in the Go SDK.
public static class GetSecret
{
public static Task<GetSecretResult> InvokeAsync(GetSecretArgs args, InvokeOptions? opts = null)
public static Output<GetSecretResult> Invoke(GetSecretInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetSecretResult> getSecret(GetSecretArgs args, InvokeOptions options)
public static Output<GetSecretResult> getSecret(GetSecretArgs args, InvokeOptions options)
fn::invoke:
function: cpln:index/getSecret:getSecret
arguments:
# arguments dictionaryThe following arguments are supported:
- Name string
- Aws
Pulumiverse.
Cpln. Inputs. Get Secret Aws - Azure
Connector Pulumiverse.Cpln. Inputs. Get Secret Azure Connector - Azure
Sdk string - Description string
- Dictionary Dictionary<string, string>
- Docker string
- Ecr
Pulumiverse.
Cpln. Inputs. Get Secret Ecr - Gcp string
- Keypair
Pulumiverse.
Cpln. Inputs. Get Secret Keypair - Nats
Account Pulumiverse.Cpln. Inputs. Get Secret Nats Account - Opaque
Pulumiverse.
Cpln. Inputs. Get Secret Opaque - Dictionary<string, string>
- Tls
Pulumiverse.
Cpln. Inputs. Get Secret Tls - Userpass
Pulumiverse.
Cpln. Inputs. Get Secret Userpass
- Name string
- Aws
Get
Secret Aws - Azure
Connector GetSecret Azure Connector - Azure
Sdk string - Description string
- Dictionary map[string]string
- Docker string
- Ecr
Get
Secret Ecr - Gcp string
- Keypair
Get
Secret Keypair - Nats
Account GetSecret Nats Account - Opaque
Get
Secret Opaque - map[string]string
- Tls
Get
Secret Tls - Userpass
Get
Secret Userpass
- name String
- aws
Get
Secret Aws - azure
Connector GetSecret Azure Connector - azure
Sdk String - description String
- dictionary Map<String,String>
- docker String
- ecr
Get
Secret Ecr - gcp String
- keypair
Get
Secret Keypair - nats
Account GetSecret Nats Account - opaque
Get
Secret Opaque - Map<String,String>
- tls
Get
Secret Tls - userpass
Get
Secret Userpass
- name string
- aws
Get
Secret Aws - azure
Connector GetSecret Azure Connector - azure
Sdk string - description string
- dictionary {[key: string]: string}
- docker string
- ecr
Get
Secret Ecr - gcp string
- keypair
Get
Secret Keypair - nats
Account GetSecret Nats Account - opaque
Get
Secret Opaque - {[key: string]: string}
- tls
Get
Secret Tls - userpass
Get
Secret Userpass
- name str
- aws
Get
Secret Aws - azure_
connector GetSecret Azure Connector - azure_
sdk str - description str
- dictionary Mapping[str, str]
- docker str
- ecr
Get
Secret Ecr - gcp str
- keypair
Get
Secret Keypair - nats_
account GetSecret Nats Account - opaque
Get
Secret Opaque - Mapping[str, str]
- tls
Get
Secret Tls - userpass
Get
Secret Userpass
- name String
- aws Property Map
- azure
Connector Property Map - azure
Sdk String - description String
- dictionary Map<String>
- docker String
- ecr Property Map
- gcp String
- keypair Property Map
- nats
Account Property Map - opaque Property Map
- Map<String>
- tls Property Map
- userpass Property Map
getSecret Result
The following output properties are available:
- Cpln
Id string - Dictionary
As Dictionary<string, string>Envs - Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Secret
Link string - Self
Link string - Aws
Pulumiverse.
Cpln. Outputs. Get Secret Aws - Azure
Connector Pulumiverse.Cpln. Outputs. Get Secret Azure Connector - Azure
Sdk string - Description string
- Dictionary Dictionary<string, string>
- Docker string
- Ecr
Pulumiverse.
Cpln. Outputs. Get Secret Ecr - Gcp string
- Keypair
Pulumiverse.
Cpln. Outputs. Get Secret Keypair - Nats
Account Pulumiverse.Cpln. Outputs. Get Secret Nats Account - Opaque
Pulumiverse.
Cpln. Outputs. Get Secret Opaque - Dictionary<string, string>
- Tls
Pulumiverse.
Cpln. Outputs. Get Secret Tls - Userpass
Pulumiverse.
Cpln. Outputs. Get Secret Userpass
- Cpln
Id string - Dictionary
As map[string]stringEnvs - Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Secret
Link string - Self
Link string - Aws
Get
Secret Aws - Azure
Connector GetSecret Azure Connector - Azure
Sdk string - Description string
- Dictionary map[string]string
- Docker string
- Ecr
Get
Secret Ecr - Gcp string
- Keypair
Get
Secret Keypair - Nats
Account GetSecret Nats Account - Opaque
Get
Secret Opaque - map[string]string
- Tls
Get
Secret Tls - Userpass
Get
Secret Userpass
- cpln
Id String - dictionary
As Map<String,String>Envs - id String
- The provider-assigned unique ID for this managed resource.
- name String
- secret
Link String - self
Link String - aws
Get
Secret Aws - azure
Connector GetSecret Azure Connector - azure
Sdk String - description String
- dictionary Map<String,String>
- docker String
- ecr
Get
Secret Ecr - gcp String
- keypair
Get
Secret Keypair - nats
Account GetSecret Nats Account - opaque
Get
Secret Opaque - Map<String,String>
- tls
Get
Secret Tls - userpass
Get
Secret Userpass
- cpln
Id string - dictionary
As {[key: string]: string}Envs - id string
- The provider-assigned unique ID for this managed resource.
- name string
- secret
Link string - self
Link string - aws
Get
Secret Aws - azure
Connector GetSecret Azure Connector - azure
Sdk string - description string
- dictionary {[key: string]: string}
- docker string
- ecr
Get
Secret Ecr - gcp string
- keypair
Get
Secret Keypair - nats
Account GetSecret Nats Account - opaque
Get
Secret Opaque - {[key: string]: string}
- tls
Get
Secret Tls - userpass
Get
Secret Userpass
- cpln_
id str - dictionary_
as_ Mapping[str, str]envs - id str
- The provider-assigned unique ID for this managed resource.
- name str
- secret_
link str - self_
link str - aws
Get
Secret Aws - azure_
connector GetSecret Azure Connector - azure_
sdk str - description str
- dictionary Mapping[str, str]
- docker str
- ecr
Get
Secret Ecr - gcp str
- keypair
Get
Secret Keypair - nats_
account GetSecret Nats Account - opaque
Get
Secret Opaque - Mapping[str, str]
- tls
Get
Secret Tls - userpass
Get
Secret Userpass
- cpln
Id String - dictionary
As Map<String>Envs - id String
- The provider-assigned unique ID for this managed resource.
- name String
- secret
Link String - self
Link String - aws Property Map
- azure
Connector Property Map - azure
Sdk String - description String
- dictionary Map<String>
- docker String
- ecr Property Map
- gcp String
- keypair Property Map
- nats
Account Property Map - opaque Property Map
- Map<String>
- tls Property Map
- userpass Property Map
Supporting Types
GetSecretAws
- Access
Key string - Access Key provided by AWS.
- Secret
Key string - Secret Key provided by AWS.
- External
Id string - AWS IAM Role External ID.
- Role
Arn string - Role ARN provided by AWS.
- Access
Key string - Access Key provided by AWS.
- Secret
Key string - Secret Key provided by AWS.
- External
Id string - AWS IAM Role External ID.
- Role
Arn string - Role ARN provided by AWS.
- access
Key String - Access Key provided by AWS.
- secret
Key String - Secret Key provided by AWS.
- external
Id String - AWS IAM Role External ID.
- role
Arn String - Role ARN provided by AWS.
- access
Key string - Access Key provided by AWS.
- secret
Key string - Secret Key provided by AWS.
- external
Id string - AWS IAM Role External ID.
- role
Arn string - Role ARN provided by AWS.
- access_
key str - Access Key provided by AWS.
- secret_
key str - Secret Key provided by AWS.
- external_
id str - AWS IAM Role External ID.
- role_
arn str - Role ARN provided by AWS.
- access
Key String - Access Key provided by AWS.
- secret
Key String - Secret Key provided by AWS.
- external
Id String - AWS IAM Role External ID.
- role
Arn String - Role ARN provided by AWS.
GetSecretAzureConnector
GetSecretEcr
- Access
Key string - Access Key provided by AWS.
- Repos List<string>
- List of ECR repositories.
- Secret
Key string - Secret Key provided by AWS.
- External
Id string - AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
- Role
Arn string - Role ARN provided by AWS.
- Access
Key string - Access Key provided by AWS.
- Repos []string
- List of ECR repositories.
- Secret
Key string - Secret Key provided by AWS.
- External
Id string - AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
- Role
Arn string - Role ARN provided by AWS.
- access
Key String - Access Key provided by AWS.
- repos List<String>
- List of ECR repositories.
- secret
Key String - Secret Key provided by AWS.
- external
Id String - AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
- role
Arn String - Role ARN provided by AWS.
- access
Key string - Access Key provided by AWS.
- repos string[]
- List of ECR repositories.
- secret
Key string - Secret Key provided by AWS.
- external
Id string - AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
- role
Arn string - Role ARN provided by AWS.
- access_
key str - Access Key provided by AWS.
- repos Sequence[str]
- List of ECR repositories.
- secret_
key str - Secret Key provided by AWS.
- external_
id str - AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
- role_
arn str - Role ARN provided by AWS.
- access
Key String - Access Key provided by AWS.
- repos List<String>
- List of ECR repositories.
- secret
Key String - Secret Key provided by AWS.
- external
Id String - AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories.
- role
Arn String - Role ARN provided by AWS.
GetSecretKeypair
- Secret
Key string - Secret/Private Key.
- Passphrase string
- Passphrase for private key.
- Public
Key string - Public Key.
- Secret
Key string - Secret/Private Key.
- Passphrase string
- Passphrase for private key.
- Public
Key string - Public Key.
- secret
Key String - Secret/Private Key.
- passphrase String
- Passphrase for private key.
- public
Key String - Public Key.
- secret
Key string - Secret/Private Key.
- passphrase string
- Passphrase for private key.
- public
Key string - Public Key.
- secret_
key str - Secret/Private Key.
- passphrase str
- Passphrase for private key.
- public_
key str - Public Key.
- secret
Key String - Secret/Private Key.
- passphrase String
- Passphrase for private key.
- public
Key String - Public Key.
GetSecretNatsAccount
- Account
Id string - Account ID.
- Private
Key string - Private Key.
- Account
Id string - Account ID.
- Private
Key string - Private Key.
- account
Id String - Account ID.
- private
Key String - Private Key.
- account
Id string - Account ID.
- private
Key string - Private Key.
- account_
id str - Account ID.
- private_
key str - Private Key.
- account
Id String - Account ID.
- private
Key String - Private Key.
GetSecretOpaque
GetSecretTls
GetSecretUserpass
Package Details
- Repository
- cpln pulumiverse/pulumi-cpln
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cplnTerraform Provider.