states.azurerm.keyvault.secret¶
Azure Resource Manager (ARM) Key Vault Secret State Module
New in version 2.4.0.
Changed in version 4.0.0.
maintainer: | |
---|---|
configuration: | This module requires Azure Resource Manager credentials to be passed via acct. Note that the authentication parameters are case sensitive. Required provider parameters:
Optional provider parameters: cloud_environment: Used to point the cloud driver to different API endpoints, such as Azure GovCloud. Possible values:
Example acct setup for Azure Resource Manager authentication: azurerm:
default:
subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
tenant: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF
client_id: ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF
secret: XXXXXXXXXXXXXXXXXXXXXXXX
cloud_environment: AZURE_PUBLIC_CLOUD
user_pass_auth:
subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
username: fletch
password: 123pass
The authentication parameters can also be passed as a dictionary of keyword arguments to the |
-
idem_azurerm.states.azurerm.keyvault.secret.
absent
(hub, ctx, name, vault_url, purge=False, wait=False, connection_auth=None, **kwargs)¶ New in version 2.4.0.
Ensure the specified secret does not exist within the given key vault.
Parameters: - name – The name of the secret to delete.
- vault_url – The URL of the vault that the client will access.
- purge – Permanently deletes a deleted secret. Possible only in vaults with soft-delete enabled. Performs an
irreversible deletion of the specified secret, without possibility for recovery. The operation is not available
if the
recovery_level
does not specify ‘Purgeable’. - wait – When this method returns, Key Vault has begun deleting the secret. Deletion may take several seconds in
a vault with soft-delete enabled. Setting this parameter to
True
enables you to wait for deletion to complete. - connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
Example usage:
Ensure secret is absent: azurerm.keyvault.secret.absent: - name: secretname - vault_url: "https://myvault.vault.azure.net/"
-
idem_azurerm.states.azurerm.keyvault.secret.
present
(hub, ctx, name, value, vault_url, content_type=None, enabled=None, expires_on=None, not_before=None, tags=None, version=None, connection_auth=None, **kwargs)¶ New in version 2.4.0.
Changed in version 4.0.0.
Ensure the specified secret exists within the given key vault. Requires secrets/set permission. Secret properties can be specified as keyword arguments.
Parameters: - name – The name of the secret. Secret names can only contain alphanumeric characters and dashes.
- value – The value of the secret.
- vault_url – The URL of the vault that the client will access.
- content_type – An arbitrary string indicating the type of the secret.
- enabled – Whether the secret is enabled for use.
- expires_on – When the secret will expire, in UTC. This parameter should be a string representation of a Datetime object in ISO-8601 format.
- not_before – The time before which the secret cannot be used, in UTC. This parameter should be a string representation of a Datetime object in ISO-8601 format.
- tags – A dictionary of strings can be passed as tag metadata to the secret.
- version – The version of the secret. By default, a new version of the secret will not be created if the name is already in use UNLESS the value of the secret is changed. Secret properties will be updated on the latest version unless otherwise specified with this parameter.
- connection_auth – A dict with subscription and authentication parameters to be used in connecting to the Azure Resource Manager API.
Example usage:
Ensure secret exists: azurerm.keyvault.secret.present: - name: secretname - value: supersecret - content_type: "text/plain" - vault_url: "https://myvault.vault.azure.net/" - tags: contact_name: Elmer Fudd Gantry