Secret

volcenginecc v0.0.38, May 25 26

Viewing docs for volcenginecc v0.0.38
published on Monday, May 25, 2026 by Volcengine

Schema (JSON)

volcengine/pulumi-volcenginecc

Viewing docs for volcenginecc v0.0.38
published on Monday, May 25, 2026 by Volcengine

Schema (JSON)

volcengine/pulumi-volcenginecc

Credential Manager is a credential management product based on the key management system. It is used to store sensitive credential information required by user business applications, such as AK/SK, account passwords, access keys, database passwords, and certificates. The product provides secure storage, access control, automatic rotation, and auditing capabilities. User business applications can securely and dynamically obtain credential information by integrating the KMS SDK or using the KMS OpenAPI, effectively preventing risks such as information leakage or unintended modification caused by storing sensitive information in plaintext

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as volcenginecc from "@volcengine/pulumi-volcenginecc";

const kMSSecretDemo = new volcenginecc.kms.Secret("KMSSecretDemo", {
    secretName: "secret-ccapi-Generic",
    versionName: "ccapi-v1",
    projectName: "default",
    description: "description test ccapi Generic",
    secretType: "Generic",
    encryptionKey: "trn:kms:cn-beijing:********:keyrings/ccapi-text/keys/ccapi-terraform-1101",
    secretValue: JSON.stringify({
        key1: "value1",
        key2: "value2",
    }),
});

import pulumi
import json
import pulumi_volcenginecc as volcenginecc

k_ms_secret_demo = volcenginecc.kms.Secret("KMSSecretDemo",
    secret_name="secret-ccapi-Generic",
    version_name="ccapi-v1",
    project_name="default",
    description="description test ccapi Generic",
    secret_type="Generic",
    encryption_key="trn:kms:cn-beijing:********:keyrings/ccapi-text/keys/ccapi-terraform-1101",
    secret_value=json.dumps({
        "key1": "value1",
        "key2": "value2",
    }))

package main

import (
	"encoding/json"

	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/volcengine/pulumi-volcenginecc/sdk/go/volcenginecc/kms"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		tmpJSON0, err := json.Marshal(map[string]interface{}{
			"key1": "value1",
			"key2": "value2",
		})
		if err != nil {
			return err
		}
		json0 := string(tmpJSON0)
		_, err = kms.NewSecret(ctx, "KMSSecretDemo", &kms.SecretArgs{
			SecretName:    pulumi.String("secret-ccapi-Generic"),
			VersionName:   pulumi.String("ccapi-v1"),
			ProjectName:   pulumi.String("default"),
			Description:   pulumi.String("description test ccapi Generic"),
			SecretType:    pulumi.String("Generic"),
			EncryptionKey: pulumi.String("trn:kms:cn-beijing:********:keyrings/ccapi-text/keys/ccapi-terraform-1101"),
			SecretValue:   pulumi.String(json0),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Volcenginecc = Volcengine.Pulumi.Volcenginecc;

return await Deployment.RunAsync(() => 
{
    var kMSSecretDemo = new Volcenginecc.Kms.Secret("KMSSecretDemo", new()
    {
        SecretName = "secret-ccapi-Generic",
        VersionName = "ccapi-v1",
        ProjectName = "default",
        Description = "description test ccapi Generic",
        SecretType = "Generic",
        EncryptionKey = "trn:kms:cn-beijing:********:keyrings/ccapi-text/keys/ccapi-terraform-1101",
        SecretValue = JsonSerializer.Serialize(new Dictionary<string, object?>
        {
            ["key1"] = "value1",
            ["key2"] = "value2",
        }),
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.volcengine.volcenginecc.kms.Secret;
import com.volcengine.volcenginecc.kms.SecretArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var kMSSecretDemo = new Secret("kMSSecretDemo", SecretArgs.builder()
            .secretName("secret-ccapi-Generic")
            .versionName("ccapi-v1")
            .projectName("default")
            .description("description test ccapi Generic")
            .secretType("Generic")
            .encryptionKey("trn:kms:cn-beijing:********:keyrings/ccapi-text/keys/ccapi-terraform-1101")
            .secretValue(serializeJson(
                jsonObject(
                    jsonProperty("key1", "value1"),
                    jsonProperty("key2", "value2")
                )))
            .build());

    }
}

resources:
  kMSSecretDemo:
    type: volcenginecc:kms:Secret
    name: KMSSecretDemo
    properties:
      secretName: secret-ccapi-Generic
      versionName: ccapi-v1
      projectName: default
      description: description test ccapi Generic
      secretType: Generic
      encryptionKey: trn:kms:cn-beijing:********:keyrings/ccapi-text/keys/ccapi-terraform-1101
      secretValue:
        fn::toJSON:
          key1: value1
          key2: value2

Example coming soon!

Create Secret Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Secret(name: string, args: SecretArgs, opts?: CustomResourceOptions);

@overload
def Secret(resource_name: str,
           args: SecretArgs,
           opts: Optional[ResourceOptions] = None)

@overload
def Secret(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           secret_name: Optional[str] = None,
           secret_type: Optional[str] = None,
           secret_value: Optional[str] = None,
           automatic_rotation: Optional[bool] = None,
           description: Optional[str] = None,
           encryption_key: Optional[str] = None,
           extended_config: Optional[str] = None,
           project_name: Optional[str] = None,
           rotation_interval: Optional[str] = None,
           version_name: Optional[str] = None)

func NewSecret(ctx *Context, name string, args SecretArgs, opts ...ResourceOption) (*Secret, error)

public Secret(string name, SecretArgs args, CustomResourceOptions? opts = null)

public Secret(String name, SecretArgs args)
public Secret(String name, SecretArgs args, CustomResourceOptions options)

type: volcenginecc:kms:Secret
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

resource "volcenginecc_kms_secret" "name" {
    # resource properties
}

Parameters

name string: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SecretArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var secretResource = new Volcenginecc.Kms.Secret("secretResource", new()
{
    SecretName = "string",
    SecretType = "string",
    SecretValue = "string",
    AutomaticRotation = false,
    Description = "string",
    EncryptionKey = "string",
    ExtendedConfig = "string",
    ProjectName = "string",
    RotationInterval = "string",
    VersionName = "string",
});

example, err := kms.NewSecret(ctx, "secretResource", &kms.SecretArgs{
	SecretName:        pulumi.String("string"),
	SecretType:        pulumi.String("string"),
	SecretValue:       pulumi.String("string"),
	AutomaticRotation: pulumi.Bool(false),
	Description:       pulumi.String("string"),
	EncryptionKey:     pulumi.String("string"),
	ExtendedConfig:    pulumi.String("string"),
	ProjectName:       pulumi.String("string"),
	RotationInterval:  pulumi.String("string"),
	VersionName:       pulumi.String("string"),
})

resource "volcenginecc_kms_secret" "secretResource" {
  secret_name        = "string"
  secret_type        = "string"
  secret_value       = "string"
  automatic_rotation = false
  description        = "string"
  encryption_key     = "string"
  extended_config    = "string"
  project_name       = "string"
  rotation_interval  = "string"
  version_name       = "string"
}

var secretResource = new Secret("secretResource", SecretArgs.builder()
    .secretName("string")
    .secretType("string")
    .secretValue("string")
    .automaticRotation(false)
    .description("string")
    .encryptionKey("string")
    .extendedConfig("string")
    .projectName("string")
    .rotationInterval("string")
    .versionName("string")
    .build());

secret_resource = volcenginecc.kms.Secret("secretResource",
    secret_name="string",
    secret_type="string",
    secret_value="string",
    automatic_rotation=False,
    description="string",
    encryption_key="string",
    extended_config="string",
    project_name="string",
    rotation_interval="string",
    version_name="string")

const secretResource = new volcenginecc.kms.Secret("secretResource", {
    secretName: "string",
    secretType: "string",
    secretValue: "string",
    automaticRotation: false,
    description: "string",
    encryptionKey: "string",
    extendedConfig: "string",
    projectName: "string",
    rotationInterval: "string",
    versionName: "string",
});

type: volcenginecc:kms:Secret
properties:
    automaticRotation: false
    description: string
    encryptionKey: string
    extendedConfig: string
    projectName: string
    rotationInterval: string
    secretName: string
    secretType: string
    secretValue: string
    versionName: string

Secret Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Secret resource accepts the following input properties:

SecretName string: Credential name. Valid characters: [a-zA-Z0-9/_+=.@-]
SecretType string: Credential type. Currently supports Generic|IAM|RDS|Redis|ECS|PGSQL|SQLServer
SecretValue string: Credential value. When SecretType is Generic, users can customize it. It is recommended to use JSON key-value pairs
AutomaticRotation bool: Whether to enable automatic rotation. Applies only to credentials of type IAM|RDS|Redis|ECS
Description string: Credential description, length: 0 ~ 8192 characters
EncryptionKey string: KMS key TRN for encrypting credential value. If not specified, the default key of Credential Manager is used
ExtendedConfig string: Credential extension configuration, used to specify properties for non-Generic credentials
ProjectName string: Credential project name. Default value: default
RotationInterval string: Automatic rotation interval. Range: 1 ~ 365 days. Format: integer[unit], where integer is the duration and unit is the time unit. Unit value: d (days). For example: 7d means a 7-day interval
VersionName string: Version alias. Valid characters: [a-zA-Z0-9/_+=.@-]

SecretName string: Credential name. Valid characters: [a-zA-Z0-9/_+=.@-]
SecretType string: Credential type. Currently supports Generic|IAM|RDS|Redis|ECS|PGSQL|SQLServer
SecretValue string: Credential value. When SecretType is Generic, users can customize it. It is recommended to use JSON key-value pairs
AutomaticRotation bool: Whether to enable automatic rotation. Applies only to credentials of type IAM|RDS|Redis|ECS
Description string: Credential description, length: 0 ~ 8192 characters
EncryptionKey string: KMS key TRN for encrypting credential value. If not specified, the default key of Credential Manager is used
ExtendedConfig string: Credential extension configuration, used to specify properties for non-Generic credentials
ProjectName string: Credential project name. Default value: default
RotationInterval string: Automatic rotation interval. Range: 1 ~ 365 days. Format: integer[unit], where integer is the duration and unit is the time unit. Unit value: d (days). For example: 7d means a 7-day interval
VersionName string: Version alias. Valid characters: [a-zA-Z0-9/_+=.@-]

secret_name string: Credential name. Valid characters: [a-zA-Z0-9/_+=.@-]
secret_type string: Credential type. Currently supports Generic|IAM|RDS|Redis|ECS|PGSQL|SQLServer
secret_value string: Credential value. When SecretType is Generic, users can customize it. It is recommended to use JSON key-value pairs
automatic_rotation bool: Whether to enable automatic rotation. Applies only to credentials of type IAM|RDS|Redis|ECS
description string: Credential description, length: 0 ~ 8192 characters
encryption_key string: KMS key TRN for encrypting credential value. If not specified, the default key of Credential Manager is used
extended_config string: Credential extension configuration, used to specify properties for non-Generic credentials
project_name string: Credential project name. Default value: default
rotation_interval string: Automatic rotation interval. Range: 1 ~ 365 days. Format: integer[unit], where integer is the duration and unit is the time unit. Unit value: d (days). For example: 7d means a 7-day interval
version_name string: Version alias. Valid characters: [a-zA-Z0-9/_+=.@-]

secretName String: Credential name. Valid characters: [a-zA-Z0-9/_+=.@-]
secretType String: Credential type. Currently supports Generic|IAM|RDS|Redis|ECS|PGSQL|SQLServer
secretValue String: Credential value. When SecretType is Generic, users can customize it. It is recommended to use JSON key-value pairs
automaticRotation Boolean: Whether to enable automatic rotation. Applies only to credentials of type IAM|RDS|Redis|ECS
description String: Credential description, length: 0 ~ 8192 characters
encryptionKey String: KMS key TRN for encrypting credential value. If not specified, the default key of Credential Manager is used
extendedConfig String: Credential extension configuration, used to specify properties for non-Generic credentials
projectName String: Credential project name. Default value: default
rotationInterval String: Automatic rotation interval. Range: 1 ~ 365 days. Format: integer[unit], where integer is the duration and unit is the time unit. Unit value: d (days). For example: 7d means a 7-day interval
versionName String: Version alias. Valid characters: [a-zA-Z0-9/_+=.@-]

secretName string: Credential name. Valid characters: [a-zA-Z0-9/_+=.@-]
secretType string: Credential type. Currently supports Generic|IAM|RDS|Redis|ECS|PGSQL|SQLServer
secretValue string: Credential value. When SecretType is Generic, users can customize it. It is recommended to use JSON key-value pairs
automaticRotation boolean: Whether to enable automatic rotation. Applies only to credentials of type IAM|RDS|Redis|ECS
description string: Credential description, length: 0 ~ 8192 characters
encryptionKey string: KMS key TRN for encrypting credential value. If not specified, the default key of Credential Manager is used
extendedConfig string: Credential extension configuration, used to specify properties for non-Generic credentials
projectName string: Credential project name. Default value: default
rotationInterval string: Automatic rotation interval. Range: 1 ~ 365 days. Format: integer[unit], where integer is the duration and unit is the time unit. Unit value: d (days). For example: 7d means a 7-day interval
versionName string: Version alias. Valid characters: [a-zA-Z0-9/_+=.@-]

secret_name str: Credential name. Valid characters: [a-zA-Z0-9/_+=.@-]
secret_type str: Credential type. Currently supports Generic|IAM|RDS|Redis|ECS|PGSQL|SQLServer
secret_value str: Credential value. When SecretType is Generic, users can customize it. It is recommended to use JSON key-value pairs
automatic_rotation bool: Whether to enable automatic rotation. Applies only to credentials of type IAM|RDS|Redis|ECS
description str: Credential description, length: 0 ~ 8192 characters
encryption_key str: KMS key TRN for encrypting credential value. If not specified, the default key of Credential Manager is used
extended_config str: Credential extension configuration, used to specify properties for non-Generic credentials
project_name str: Credential project name. Default value: default
rotation_interval str: Automatic rotation interval. Range: 1 ~ 365 days. Format: integer[unit], where integer is the duration and unit is the time unit. Unit value: d (days). For example: 7d means a 7-day interval
version_name str: Version alias. Valid characters: [a-zA-Z0-9/_+=.@-]

secretName String: Credential name. Valid characters: [a-zA-Z0-9/_+=.@-]
secretType String: Credential type. Currently supports Generic|IAM|RDS|Redis|ECS|PGSQL|SQLServer
secretValue String: Credential value. When SecretType is Generic, users can customize it. It is recommended to use JSON key-value pairs
automaticRotation Boolean: Whether to enable automatic rotation. Applies only to credentials of type IAM|RDS|Redis|ECS
description String: Credential description, length: 0 ~ 8192 characters
encryptionKey String: KMS key TRN for encrypting credential value. If not specified, the default key of Credential Manager is used
extendedConfig String: Credential extension configuration, used to specify properties for non-Generic credentials
projectName String: Credential project name. Default value: default
rotationInterval String: Automatic rotation interval. Range: 1 ~ 365 days. Format: integer[unit], where integer is the duration and unit is the time unit. Unit value: d (days). For example: 7d means a 7-day interval
versionName String: Version alias. Valid characters: [a-zA-Z0-9/_+=.@-]

Outputs

All input properties are implicitly available as output properties. Additionally, the Secret resource produces the following output properties:

CreatedTime int: Credential creation time
Id string: The provider-assigned unique ID for this managed resource.
LastRotationTime string: Credential last rotation time
Managed bool: Is managed credential
OwningService string: Managed Cloud Service
RotationIntervalRead int: Automatic rotation interval, unit: seconds
RotationState string: Rotation status: Enable: automatic rotation enabled, Disable: automatic rotation disabled, Rotating: automatic rotation in progress, None: automatic rotation not supported
ScheduleDeleteTime string: Credential Scheduled Deletion Time
ScheduleRotationTime string: Credential next rotation time
SecretId string: Credential unique identifier, UUID format
SecretStateValue string: Credential status. Enable: enabled, Disable: disabled, PendingDelete: scheduled for deletion
Trn string: Credential resource name. Format: trn:kms:${Region}:${AccountID}:secrets/${secret}
Uid string: Credential tenant ID
UpdatedTime int: Credential update date

CreatedTime int: Credential creation time
Id string: The provider-assigned unique ID for this managed resource.
LastRotationTime string: Credential last rotation time
Managed bool: Is managed credential
OwningService string: Managed Cloud Service
RotationIntervalRead int: Automatic rotation interval, unit: seconds
RotationState string: Rotation status: Enable: automatic rotation enabled, Disable: automatic rotation disabled, Rotating: automatic rotation in progress, None: automatic rotation not supported
ScheduleDeleteTime string: Credential Scheduled Deletion Time
ScheduleRotationTime string: Credential next rotation time
SecretId string: Credential unique identifier, UUID format
SecretState string: Credential status. Enable: enabled, Disable: disabled, PendingDelete: scheduled for deletion
Trn string: Credential resource name. Format: trn:kms:${Region}:${AccountID}:secrets/${secret}
Uid string: Credential tenant ID
UpdatedTime int: Credential update date

created_time number: Credential creation time
id string: The provider-assigned unique ID for this managed resource.
last_rotation_time string: Credential last rotation time
managed bool: Is managed credential
owning_service string: Managed Cloud Service
rotation_interval_read number: Automatic rotation interval, unit: seconds
rotation_state string: Rotation status: Enable: automatic rotation enabled, Disable: automatic rotation disabled, Rotating: automatic rotation in progress, None: automatic rotation not supported
schedule_delete_time string: Credential Scheduled Deletion Time
schedule_rotation_time string: Credential next rotation time
secret_id string: Credential unique identifier, UUID format
secret_state string: Credential status. Enable: enabled, Disable: disabled, PendingDelete: scheduled for deletion
trn string: Credential resource name. Format: trn:kms:${Region}:${AccountID}:secrets/${secret}
uid string: Credential tenant ID
updated_time number: Credential update date

createdTime Integer: Credential creation time
id String: The provider-assigned unique ID for this managed resource.
lastRotationTime String: Credential last rotation time
managed Boolean: Is managed credential
owningService String: Managed Cloud Service
rotationIntervalRead Integer: Automatic rotation interval, unit: seconds
rotationState String: Rotation status: Enable: automatic rotation enabled, Disable: automatic rotation disabled, Rotating: automatic rotation in progress, None: automatic rotation not supported
scheduleDeleteTime String: Credential Scheduled Deletion Time
scheduleRotationTime String: Credential next rotation time
secretId String: Credential unique identifier, UUID format
secretState String: Credential status. Enable: enabled, Disable: disabled, PendingDelete: scheduled for deletion
trn String: Credential resource name. Format: trn:kms:${Region}:${AccountID}:secrets/${secret}
uid String: Credential tenant ID
updatedTime Integer: Credential update date

createdTime number: Credential creation time
id string: The provider-assigned unique ID for this managed resource.
lastRotationTime string: Credential last rotation time
managed boolean: Is managed credential
owningService string: Managed Cloud Service
rotationIntervalRead number: Automatic rotation interval, unit: seconds
rotationState string: Rotation status: Enable: automatic rotation enabled, Disable: automatic rotation disabled, Rotating: automatic rotation in progress, None: automatic rotation not supported
scheduleDeleteTime string: Credential Scheduled Deletion Time
scheduleRotationTime string: Credential next rotation time
secretId string: Credential unique identifier, UUID format
secretState string: Credential status. Enable: enabled, Disable: disabled, PendingDelete: scheduled for deletion
trn string: Credential resource name. Format: trn:kms:${Region}:${AccountID}:secrets/${secret}
uid string: Credential tenant ID
updatedTime number: Credential update date

created_time int: Credential creation time
id str: The provider-assigned unique ID for this managed resource.
last_rotation_time str: Credential last rotation time
managed bool: Is managed credential
owning_service str: Managed Cloud Service
rotation_interval_read int: Automatic rotation interval, unit: seconds
rotation_state str: Rotation status: Enable: automatic rotation enabled, Disable: automatic rotation disabled, Rotating: automatic rotation in progress, None: automatic rotation not supported
schedule_delete_time str: Credential Scheduled Deletion Time
schedule_rotation_time str: Credential next rotation time
secret_id str: Credential unique identifier, UUID format
secret_state str: Credential status. Enable: enabled, Disable: disabled, PendingDelete: scheduled for deletion
trn str: Credential resource name. Format: trn:kms:${Region}:${AccountID}:secrets/${secret}
uid str: Credential tenant ID
updated_time int: Credential update date

createdTime Number: Credential creation time
id String: The provider-assigned unique ID for this managed resource.
lastRotationTime String: Credential last rotation time
managed Boolean: Is managed credential
owningService String: Managed Cloud Service
rotationIntervalRead Number: Automatic rotation interval, unit: seconds
rotationState String: Rotation status: Enable: automatic rotation enabled, Disable: automatic rotation disabled, Rotating: automatic rotation in progress, None: automatic rotation not supported
scheduleDeleteTime String: Credential Scheduled Deletion Time
scheduleRotationTime String: Credential next rotation time
secretId String: Credential unique identifier, UUID format
secretState String: Credential status. Enable: enabled, Disable: disabled, PendingDelete: scheduled for deletion
trn String: Credential resource name. Format: trn:kms:${Region}:${AccountID}:secrets/${secret}
uid String: Credential tenant ID
updatedTime Number: Credential update date

Look up Existing Secret Resource

Get an existing Secret resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecretState, opts?: CustomResourceOptions): Secret

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        automatic_rotation: Optional[bool] = None,
        created_time: Optional[int] = None,
        description: Optional[str] = None,
        encryption_key: Optional[str] = None,
        extended_config: Optional[str] = None,
        last_rotation_time: Optional[str] = None,
        managed: Optional[bool] = None,
        owning_service: Optional[str] = None,
        project_name: Optional[str] = None,
        rotation_interval: Optional[str] = None,
        rotation_interval_read: Optional[int] = None,
        rotation_state: Optional[str] = None,
        schedule_delete_time: Optional[str] = None,
        schedule_rotation_time: Optional[str] = None,
        secret_id: Optional[str] = None,
        secret_name: Optional[str] = None,
        secret_state: Optional[str] = None,
        secret_type: Optional[str] = None,
        secret_value: Optional[str] = None,
        trn: Optional[str] = None,
        uid: Optional[str] = None,
        updated_time: Optional[int] = None,
        version_name: Optional[str] = None) -> Secret

func GetSecret(ctx *Context, name string, id IDInput, state *SecretState, opts ...ResourceOption) (*Secret, error)

public static Secret Get(string name, Input<string> id, SecretState? state, CustomResourceOptions? opts = null)

public static Secret get(String name, Output<String> id, SecretState state, CustomResourceOptions options)

resources:  _:    type: volcenginecc:kms:Secret    get:      id: ${id}

import {
  to = volcenginecc_kms_secret.example
  id = "${id}"
}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AutomaticRotation bool: Whether to enable automatic rotation. Applies only to credentials of type IAM|RDS|Redis|ECS
CreatedTime int: Credential creation time
Description string: Credential description, length: 0 ~ 8192 characters
EncryptionKey string: KMS key TRN for encrypting credential value. If not specified, the default key of Credential Manager is used
ExtendedConfig string: Credential extension configuration, used to specify properties for non-Generic credentials
LastRotationTime string: Credential last rotation time
Managed bool: Is managed credential
OwningService string: Managed Cloud Service
ProjectName string: Credential project name. Default value: default
RotationInterval string: Automatic rotation interval. Range: 1 ~ 365 days. Format: integer[unit], where integer is the duration and unit is the time unit. Unit value: d (days). For example: 7d means a 7-day interval
RotationIntervalRead int: Automatic rotation interval, unit: seconds
RotationState string: Rotation status: Enable: automatic rotation enabled, Disable: automatic rotation disabled, Rotating: automatic rotation in progress, None: automatic rotation not supported
ScheduleDeleteTime string: Credential Scheduled Deletion Time
ScheduleRotationTime string: Credential next rotation time
SecretId string: Credential unique identifier, UUID format
SecretName string: Credential name. Valid characters: [a-zA-Z0-9/_+=.@-]
SecretStateValue string: Credential status. Enable: enabled, Disable: disabled, PendingDelete: scheduled for deletion
SecretType string: Credential type. Currently supports Generic|IAM|RDS|Redis|ECS|PGSQL|SQLServer
SecretValue string: Credential value. When SecretType is Generic, users can customize it. It is recommended to use JSON key-value pairs
Trn string: Credential resource name. Format: trn:kms:${Region}:${AccountID}:secrets/${secret}
Uid string: Credential tenant ID
UpdatedTime int: Credential update date
VersionName string: Version alias. Valid characters: [a-zA-Z0-9/_+=.@-]

AutomaticRotation bool: Whether to enable automatic rotation. Applies only to credentials of type IAM|RDS|Redis|ECS
CreatedTime int: Credential creation time
Description string: Credential description, length: 0 ~ 8192 characters
EncryptionKey string: KMS key TRN for encrypting credential value. If not specified, the default key of Credential Manager is used
ExtendedConfig string: Credential extension configuration, used to specify properties for non-Generic credentials
LastRotationTime string: Credential last rotation time
Managed bool: Is managed credential
OwningService string: Managed Cloud Service
ProjectName string: Credential project name. Default value: default
RotationInterval string: Automatic rotation interval. Range: 1 ~ 365 days. Format: integer[unit], where integer is the duration and unit is the time unit. Unit value: d (days). For example: 7d means a 7-day interval
RotationIntervalRead int: Automatic rotation interval, unit: seconds
RotationState string: Rotation status: Enable: automatic rotation enabled, Disable: automatic rotation disabled, Rotating: automatic rotation in progress, None: automatic rotation not supported
ScheduleDeleteTime string: Credential Scheduled Deletion Time
ScheduleRotationTime string: Credential next rotation time
SecretId string: Credential unique identifier, UUID format
SecretName string: Credential name. Valid characters: [a-zA-Z0-9/_+=.@-]
SecretState string: Credential status. Enable: enabled, Disable: disabled, PendingDelete: scheduled for deletion
SecretType string: Credential type. Currently supports Generic|IAM|RDS|Redis|ECS|PGSQL|SQLServer
SecretValue string: Credential value. When SecretType is Generic, users can customize it. It is recommended to use JSON key-value pairs
Trn string: Credential resource name. Format: trn:kms:${Region}:${AccountID}:secrets/${secret}
Uid string: Credential tenant ID
UpdatedTime int: Credential update date
VersionName string: Version alias. Valid characters: [a-zA-Z0-9/_+=.@-]

automatic_rotation bool: Whether to enable automatic rotation. Applies only to credentials of type IAM|RDS|Redis|ECS
created_time number: Credential creation time
description string: Credential description, length: 0 ~ 8192 characters
encryption_key string: KMS key TRN for encrypting credential value. If not specified, the default key of Credential Manager is used
extended_config string: Credential extension configuration, used to specify properties for non-Generic credentials
last_rotation_time string: Credential last rotation time
managed bool: Is managed credential
owning_service string: Managed Cloud Service
project_name string: Credential project name. Default value: default
rotation_interval string: Automatic rotation interval. Range: 1 ~ 365 days. Format: integer[unit], where integer is the duration and unit is the time unit. Unit value: d (days). For example: 7d means a 7-day interval
rotation_interval_read number: Automatic rotation interval, unit: seconds
rotation_state string: Rotation status: Enable: automatic rotation enabled, Disable: automatic rotation disabled, Rotating: automatic rotation in progress, None: automatic rotation not supported
schedule_delete_time string: Credential Scheduled Deletion Time
schedule_rotation_time string: Credential next rotation time
secret_id string: Credential unique identifier, UUID format
secret_name string: Credential name. Valid characters: [a-zA-Z0-9/_+=.@-]
secret_state string: Credential status. Enable: enabled, Disable: disabled, PendingDelete: scheduled for deletion
secret_type string: Credential type. Currently supports Generic|IAM|RDS|Redis|ECS|PGSQL|SQLServer
secret_value string: Credential value. When SecretType is Generic, users can customize it. It is recommended to use JSON key-value pairs
trn string: Credential resource name. Format: trn:kms:${Region}:${AccountID}:secrets/${secret}
uid string: Credential tenant ID
updated_time number: Credential update date
version_name string: Version alias. Valid characters: [a-zA-Z0-9/_+=.@-]

automaticRotation Boolean: Whether to enable automatic rotation. Applies only to credentials of type IAM|RDS|Redis|ECS
createdTime Integer: Credential creation time
description String: Credential description, length: 0 ~ 8192 characters
encryptionKey String: KMS key TRN for encrypting credential value. If not specified, the default key of Credential Manager is used
extendedConfig String: Credential extension configuration, used to specify properties for non-Generic credentials
lastRotationTime String: Credential last rotation time
managed Boolean: Is managed credential
owningService String: Managed Cloud Service
projectName String: Credential project name. Default value: default
rotationInterval String: Automatic rotation interval. Range: 1 ~ 365 days. Format: integer[unit], where integer is the duration and unit is the time unit. Unit value: d (days). For example: 7d means a 7-day interval
rotationIntervalRead Integer: Automatic rotation interval, unit: seconds
rotationState String: Rotation status: Enable: automatic rotation enabled, Disable: automatic rotation disabled, Rotating: automatic rotation in progress, None: automatic rotation not supported
scheduleDeleteTime String: Credential Scheduled Deletion Time
scheduleRotationTime String: Credential next rotation time
secretId String: Credential unique identifier, UUID format
secretName String: Credential name. Valid characters: [a-zA-Z0-9/_+=.@-]
secretState String: Credential status. Enable: enabled, Disable: disabled, PendingDelete: scheduled for deletion
secretType String: Credential type. Currently supports Generic|IAM|RDS|Redis|ECS|PGSQL|SQLServer
secretValue String: Credential value. When SecretType is Generic, users can customize it. It is recommended to use JSON key-value pairs
trn String: Credential resource name. Format: trn:kms:${Region}:${AccountID}:secrets/${secret}
uid String: Credential tenant ID
updatedTime Integer: Credential update date
versionName String: Version alias. Valid characters: [a-zA-Z0-9/_+=.@-]

automaticRotation boolean: Whether to enable automatic rotation. Applies only to credentials of type IAM|RDS|Redis|ECS
createdTime number: Credential creation time
description string: Credential description, length: 0 ~ 8192 characters
encryptionKey string: KMS key TRN for encrypting credential value. If not specified, the default key of Credential Manager is used
extendedConfig string: Credential extension configuration, used to specify properties for non-Generic credentials
lastRotationTime string: Credential last rotation time
managed boolean: Is managed credential
owningService string: Managed Cloud Service
projectName string: Credential project name. Default value: default
rotationInterval string: Automatic rotation interval. Range: 1 ~ 365 days. Format: integer[unit], where integer is the duration and unit is the time unit. Unit value: d (days). For example: 7d means a 7-day interval
rotationIntervalRead number: Automatic rotation interval, unit: seconds
rotationState string: Rotation status: Enable: automatic rotation enabled, Disable: automatic rotation disabled, Rotating: automatic rotation in progress, None: automatic rotation not supported
scheduleDeleteTime string: Credential Scheduled Deletion Time
scheduleRotationTime string: Credential next rotation time
secretId string: Credential unique identifier, UUID format
secretName string: Credential name. Valid characters: [a-zA-Z0-9/_+=.@-]
secretState string: Credential status. Enable: enabled, Disable: disabled, PendingDelete: scheduled for deletion
secretType string: Credential type. Currently supports Generic|IAM|RDS|Redis|ECS|PGSQL|SQLServer
secretValue string: Credential value. When SecretType is Generic, users can customize it. It is recommended to use JSON key-value pairs
trn string: Credential resource name. Format: trn:kms:${Region}:${AccountID}:secrets/${secret}
uid string: Credential tenant ID
updatedTime number: Credential update date
versionName string: Version alias. Valid characters: [a-zA-Z0-9/_+=.@-]

automatic_rotation bool: Whether to enable automatic rotation. Applies only to credentials of type IAM|RDS|Redis|ECS
created_time int: Credential creation time
description str: Credential description, length: 0 ~ 8192 characters
encryption_key str: KMS key TRN for encrypting credential value. If not specified, the default key of Credential Manager is used
extended_config str: Credential extension configuration, used to specify properties for non-Generic credentials
last_rotation_time str: Credential last rotation time
managed bool: Is managed credential
owning_service str: Managed Cloud Service
project_name str: Credential project name. Default value: default
rotation_interval str: Automatic rotation interval. Range: 1 ~ 365 days. Format: integer[unit], where integer is the duration and unit is the time unit. Unit value: d (days). For example: 7d means a 7-day interval
rotation_interval_read int: Automatic rotation interval, unit: seconds
rotation_state str: Rotation status: Enable: automatic rotation enabled, Disable: automatic rotation disabled, Rotating: automatic rotation in progress, None: automatic rotation not supported
schedule_delete_time str: Credential Scheduled Deletion Time
schedule_rotation_time str: Credential next rotation time
secret_id str: Credential unique identifier, UUID format
secret_name str: Credential name. Valid characters: [a-zA-Z0-9/_+=.@-]
secret_state str: Credential status. Enable: enabled, Disable: disabled, PendingDelete: scheduled for deletion
secret_type str: Credential type. Currently supports Generic|IAM|RDS|Redis|ECS|PGSQL|SQLServer
secret_value str: Credential value. When SecretType is Generic, users can customize it. It is recommended to use JSON key-value pairs
trn str: Credential resource name. Format: trn:kms:${Region}:${AccountID}:secrets/${secret}
uid str: Credential tenant ID
updated_time int: Credential update date
version_name str: Version alias. Valid characters: [a-zA-Z0-9/_+=.@-]

automaticRotation Boolean: Whether to enable automatic rotation. Applies only to credentials of type IAM|RDS|Redis|ECS
createdTime Number: Credential creation time
description String: Credential description, length: 0 ~ 8192 characters
encryptionKey String: KMS key TRN for encrypting credential value. If not specified, the default key of Credential Manager is used
extendedConfig String: Credential extension configuration, used to specify properties for non-Generic credentials
lastRotationTime String: Credential last rotation time
managed Boolean: Is managed credential
owningService String: Managed Cloud Service
projectName String: Credential project name. Default value: default
rotationInterval String: Automatic rotation interval. Range: 1 ~ 365 days. Format: integer[unit], where integer is the duration and unit is the time unit. Unit value: d (days). For example: 7d means a 7-day interval
rotationIntervalRead Number: Automatic rotation interval, unit: seconds
rotationState String: Rotation status: Enable: automatic rotation enabled, Disable: automatic rotation disabled, Rotating: automatic rotation in progress, None: automatic rotation not supported
scheduleDeleteTime String: Credential Scheduled Deletion Time
scheduleRotationTime String: Credential next rotation time
secretId String: Credential unique identifier, UUID format
secretName String: Credential name. Valid characters: [a-zA-Z0-9/_+=.@-]
secretState String: Credential status. Enable: enabled, Disable: disabled, PendingDelete: scheduled for deletion
secretType String: Credential type. Currently supports Generic|IAM|RDS|Redis|ECS|PGSQL|SQLServer
secretValue String: Credential value. When SecretType is Generic, users can customize it. It is recommended to use JSON key-value pairs
trn String: Credential resource name. Format: trn:kms:${Region}:${AccountID}:secrets/${secret}
uid String: Credential tenant ID
updatedTime Number: Credential update date
versionName String: Version alias. Valid characters: [a-zA-Z0-9/_+=.@-]

Import

$ pulumi import volcenginecc:kms/secret:Secret example "secret_name"

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: volcenginecc volcengine/pulumi-volcenginecc
License: MPL-2.0
Notes: This Pulumi package is based on the volcenginecc Terraform Provider.

Viewing docs for volcenginecc v0.0.38
published on Monday, May 25, 2026 by Volcengine

Schema (JSON)

volcengine/pulumi-volcenginecc

volcenginecc.kms.Secret

On this page

On this page

Example Usage

Create Secret Resource

Constructor syntax

Parameters

Constructor example

Secret Resource Properties

Inputs

Outputs

Look up Existing Secret Resource

Import

Package Details

On this page

On this page

Try Pulumi Cloud free.
Your team will thank you.

volcenginecc.kms.Secret

On this page

On this page

Example Usage

Create Secret Resource

Constructor syntax

Parameters

Constructor example

Secret Resource Properties

Inputs

Outputs

Look up Existing Secret Resource

Import

Package Details

On this page

On this page

Try Pulumi Cloud free.Your team will thank you.

Try Pulumi Cloud free.
Your team will thank you.