Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

61 lines
2.5 KiB
Markdown
Raw Permalink Normal View History

---
title_tag: vault-secrets Pulumi ESC Provider
meta_desc: The `vault-secrets` provider enables you to dynamically import Secrets from HashiCorp Vault into your Environment.
title: vault-secrets
h1: vault-secrets
meta_image: /images/docs/meta-images/docs-meta.png
menu:
pulumicloud:
identifier: vault-secrets
parent: esc-providers
weight: 8
---
The `vault-secrets` provider enables you to dynamically import Secrets from HashiCorp Vault into your Environment. The provider will return a map of names to Secrets.
## Example
```yaml
vault:
login:
fn::open::vault-login:
address: https://127.0.0.1:8200/
jwt:
role: example-role
secrets:
fn::open::vault-secrets:
login: ${vault.login}
read:
api-key:
path: api-key
app-secret:
path: app-secret
```
## Inputs
| Property | Type | Description |
|----------|--------------------------------------------------|----------------------------------------------------------------------------------------------------------------|
| `login` | [VaultSecretsLogin](#vaultsecretslogin) | Credentials used to log in to HashiCorp Vault. |
| `read` | map[string][VaultSecretsRead](#vaultsecretsread) | A map of names to paths to read from the server. The outputs will map each name to the raw data for the value. |
### VaultSecretsLogin
| Property | Type | Description |
|-----------|--------|-------------------------------------------------------------------------------|
| `address` | string | The URL of the vault server. Must contain a scheme and hostname, but no path. |
| `token` | string | The token to use for authentication. |
#### VaultSecretsRead
| Property | Type | Description |
|----------|--------|----------------------------------------------|
| `path` | string | The path to read. |
| `field` | string | [Optional] - The field of the value to read. |
### Outputs
| Property | Type | Description |
|----------|--------|---------------------------------------------------------|
| N/A | object | A map from names to raw values as read from the server. |