yandex_lockbox_secret (Resource)

Yandex Cloud Lockbox secret resource. For more information, see the official documentation. The created secret will contain a version with the generated password. You can use yandex_lockbox_secret_version to create new versions.

Example usageExample usage

//
// Create a new LockBox Secret.
//
resource "yandex_lockbox_secret" "my_secret" {
  name = "test secret"
}

//
// Create a new LockBox Secret with password.
//
resource "yandex_lockbox_secret" "my_secret" {
  name = "test secret with passowrd"

  password_payload_specification {
    password_key = "some_password"
    length       = 12
  }
}

SchemaSchema

OptionalOptional

• deletion_protection (Boolean) The true value means that resource is protected from accidental deletion.
• description (String) The resource description.
• folder_id (String) The folder identifier that resource belongs to. If it is not provided, the default provider folder-id is used.
• kms_key_id (String) The KMS key used to encrypt the Yandex Cloud Lockbox secret.
• labels (Map of String) A set of key/value label pairs which assigned to resource.
• name (String) The resource name.
• password_payload_specification (Block List, Max: 1) Payload specification for password generation. (see below for nested schema)
• timeouts (Block, Optional) (see below for nested schema)

Read-OnlyRead-Only

• created_at (String) The creation timestamp of the resource.
• id (String) The ID of this resource.
• status (String) The Yandex Cloud Lockbox secret status.

Nested Schema for Nested Schema for password_payload_specification

Required:

• password_key (String) The key with which the generated password will be placed in the secret version.

Optional:

• excluded_punctuation (String) String of punctuation characters to exclude from the default. Requires include_punctuation = true. Default is empty.
• include_digits (Boolean) Use digits in the generated password. Default is true.
• include_lowercase (Boolean) Use lowercase letters in the generated password. Default is true.
• include_punctuation (Boolean) Use punctuations (!"#$%&'()*+,-./:;<=>?@[\]^_~`) in the generated password. Default is true.
• include_uppercase (Boolean) Use capital letters in the generated password. Default is true.
• included_punctuation (String) String of specific punctuation characters to use. Requires include_punctuation = true. Default is empty.
• length (Number) Length of generated password. Default is 36.

Nested Schema for Nested Schema for timeouts

Optional:

• create (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
• delete (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
• read (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.
• update (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).

ImportImport

The resource can be imported by using their resource ID. For getting the resource ID you can use Yandex Cloud Web Console or YC CLI.

# terraform import yandex_lockbox_secret.<resource Name> <resource Id>
terraform import yandex_lockbox_secret.my_secret ...