Skip to content

Data Source: azurermKeyVaultSecret

Use this data source to access information about an existing Key Vault Secret.

\~> Note: All arguments including the secret value will be stored in the raw state as plain-text. Read more about sensitive data in state.

Example Usage

import * as cdktf from "cdktf";
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const dataAzurermKeyVaultSecretExample =
  new azurerm.dataAzurermKeyVaultSecret.DataAzurermKeyVaultSecret(
    this,
    "example",
    {
      key_vault_id: "${data.azurerm_key_vault.existing.id}",
      name: "secret-sauce",
    }
  );
new cdktf.TerraformOutput(this, "secret_value", {
  value: dataAzurermKeyVaultSecretExample.value,
  sensitive: true,
});

Arguments Reference

The following arguments are supported:

  • keyVaultId - (Required) Specifies the ID of the Key Vault instance to fetch secret names from, available on the azurermKeyVault Data Source / Resource.

  • name - (Required) Specifies the name of the Key Vault Secret.

NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

  • id - The Key Vault Secret ID.

  • contentType - The content type for the Key Vault Secret.

  • resourceId - The (Versioned) ID for this Key Vault Secret. This property points to a specific version of a Key Vault Secret, as such using this won't auto-rotate values if used in other Azure Services.

  • resourceVersionlessId - The Versionless ID of the Key Vault Secret. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Secret is updated.

  • tags - Any tags assigned to this resource.

  • value - The value of the Key Vault Secret.

  • version - The current version of the Key Vault Secret.

  • versionlessId - The Versionless ID of the Key Vault Secret. This can be used to always get latest secret value, and enable fetching automatically rotating secrets.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • read - (Defaults to 30 minutes) Used when retrieving the Key Vault Secret.