secret#

async idem_vault.states.vault.secrets.kv_v2.secret.present(hub, ctx, name: str, *, resource_id: (<class 'str'>, 'alias=path'), data: ~typing.Dict, disable_read: bool = False) Dict[source]#

Creates or updates a secret stored with Vault KV_v2 secret engine.

Parameters:

  • name (str) – An Idem name of the resource.

  • path (str) – The full logical path to write the data. This should be prefixed ‘with secret/’.

  • data (str, Optional) – Data to be written in the format of a JSON object.

  • disable_read (bool, Optional) – Set this field to True if the vault authentication does not have read access. However, if the value is True, this Idem state operation is not idempotent, and Idem state comment output will always assume it is a “create” operation. Defaults to False.

Request Syntax:
[vault-secret-name]:
  vault.secrets.kv_v2.secret.present:
    - resource_Id: 'string' # Can also be specified as "path"
    - data: 'string'
    - disable_read: 'boolean'
Returns:

Dict[str, Any]

Examples

my-secret:
  vault.secrets.kv_v2.secret.present:
    - resource_id: secret/test # Can also be specified as "path"
    - data: '{"my-birthday": "2012-10-17"}'
async idem_vault.states.vault.secrets.kv_v2.secret.absent(hub, ctx, name: str, *, resource_id: (<class 'str'>, 'alias=path'), delete_all_versions: bool = False) Dict[source]#

Deletes a secret stored with Vault KV_v2 secret engine.

Parameters:

  • name (str) – An Idem name of the resource.

  • resource_id (str) – The full logical path to write the data. This argument can also be specified using the alias “path.” This should be prefixed with ‘secret/’.

  • delete_all_versions (bool, Optional) – Set this field to True if the vault authentication does not have read access. However, if the value is True, this Idem state operation is not idempotent. Defaults to False.

Request Syntax:
[vault-secret-name]:
  vault.secrets.kv_v2.secret.absent:
    - resource_id: 'string' # Can also be specified as "path"
    - delete_all_versions: 'boolean'
Returns:

Dict[str, Any]

Examples

my-secret:
  vault.secrets.kv_v2.secret.absent:
    - resource_id: secret/test # Can also be specified as "path"
async idem_vault.states.vault.secrets.kv_v2.secret.describe(hub, ctx)[source]#

Vault doesn’t allow enumeration of secrets