A secret version resource.
resource "google_secret_manager_secret" "secret-basic" {
secret_id = "secret-version"
labels = {
label = "my-label"
}
replication {
auto {}
}
}
resource "google_secret_manager_secret_version" "secret-version-basic" {
secret = google_secret_manager_secret.secret-basic.id
secret_data = "secret-data"
}
resource "google_secret_manager_secret" "secret-basic" {
secret_id = "secret-version"
replication {
user_managed {
replicas {
location = "us-central1"
}
}
}
}
resource "google_secret_manager_secret_version" "secret-version-deletion-policy" {
secret = google_secret_manager_secret.secret-basic.id
secret_data = "secret-data"
deletion_policy = "ABANDON"
}
resource "google_secret_manager_secret" "secret-basic" {
secret_id = "secret-version"
replication {
user_managed {
replicas {
location = "us-central1"
}
}
}
}
resource "google_secret_manager_secret_version" "secret-version-deletion-policy" {
secret = google_secret_manager_secret.secret-basic.id
secret_data = "secret-data"
deletion_policy = "DISABLE"
}
resource "google_secret_manager_secret" "secret-basic" {
secret_id = "secret-version"
replication {
user_managed {
replicas {
location = "us-central1"
}
}
}
}
resource "google_secret_manager_secret_version" "secret-version-base64" {
secret = google_secret_manager_secret.secret-basic.id
is_secret_data_base64 = true
secret_data = filebase64("secret-data.pfx")
}
The following arguments are supported:
secret_data
-
(Required)
The secret data. Must be no larger than 64KiB.
Note: This property is sensitive and will not be displayed in the plan.
secret
-
(Required)
Secret Manager secret resource
enabled
-
(Optional)
The current state of the SecretVersion.
deletion_policy
- (Optional) The deletion policy for the secret version. Setting ABANDON
allows the resource
to be abandoned rather than deleted. Setting DISABLE
allows the resource to be
disabled rather than deleted. Default is DELETE
. Possible values are:
is_secret_data_base64
- (Optional) If set to 'true', the secret data is expected to be base64-encoded string and would be sent as is.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format {{name}}
name
-
The resource name of the SecretVersion. Format:
projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}
version
-
The version of the Secret.
create_time
-
The time at which the Secret was created.
destroy_time
-
The time at which the Secret was destroyed. Only present if state is DESTROYED.
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.SecretVersion can be imported using any of these accepted formats:
projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}
In Terraform v1.5.0 and later, use an import
block to import SecretVersion using one of the formats above. For example:
import {
id = "projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}"
to = google_secret_manager_secret_version.default
}
When using the terraform import
command, SecretVersion can be imported using one of the formats above. For example:
$ terraform import google_secret_manager_secret_version.default projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}