yandex_iam_oauth_client_secret (Resource)
Written by
Updated at December 12, 2025
Allows management of Yandex Cloud IAM OAuth client secret. The OAuth client secret is used for OAuth 2.0 client authentication.
Example usage
//
// Create a new OAuth Client Secret.
//
resource "yandex_iam_oauth_client_secret" "my-oauth-client-secret" {
oauth_client_id = yandex_iam_oauth_client.my-oauth-client.id
description = "secret for oauth client"
pgp_key = "keybase:keybaseusername"
}
Schema
Required
oauth_client_id(String) ID of the OAuth client to create a secret for.
Optional
description(String) The resource description.output_to_lockbox(Block List, Max: 1) option to create a Lockbox secret version from sensitive outputs (see below for nested schema)pgp_key(String) An optional PGP key to encrypt the resulting secret value. May either be a base64-encoded public key or a keybase username in the formkeybase:keybaseusername.
Read-Only
created_at(String) The creation timestamp of the resource.encrypted_secret_value(String) The encrypted secret value, base64 encoded. This is only populated whenpgp_keyis supplied.id(String) The ID of this resource.key_fingerprint(String) The fingerprint of the PGP key used to encrypt the secret value. This is only populated whenpgp_keyis supplied.masked_secret(String) The masked value of the OAuth client secret.output_to_lockbox_version_id(String) ID of the Lockbox secret version that contains the value ofsecret_key. This is only populated whenoutput_to_lockboxis supplied. This version will be destroyed when the IAM key is destroyed, or whenoutput_to_lockboxis removed.secret_value(String, Sensitive) The secret value. This is only populated when neitherpgp_keynoroutput_to_lockboxare provided.
Nested Schema for output_to_lockbox
Required:
entry_for_secret_value(String) entry that will store the value of secret_valuesecret_id(String) ID of the Lockbox secret where to store the sensible values.
Import
Warning
Import for this resource is not implemented yet.