Azure Native v3.1.0, Apr 8 25

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.1.0 published on Tuesday, Apr 8, 2025 by Pulumi

azure-native.secretsynccontroller.SecretSync

Explore with Pulumi AI

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.1.0 published on Tuesday, Apr 8, 2025 by Pulumi

pulumi/pulumi-azure-native

SecretSyncs_CreateOrUpdate

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var secretSync = new AzureNative.SecretSyncController.SecretSync("secretSync", new()
    {
        ExtendedLocation = new AzureNative.SecretSyncController.Inputs.AzureResourceManagerCommonTypesExtendedLocationArgs
        {
            Name = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-ssc-example/providers/Microsoft.ExtendedLocation/customLocations/example-custom-location",
            Type = AzureNative.SecretSyncController.ExtendedLocationType.CustomLocation,
        },
        KubernetesSecretType = AzureNative.SecretSyncController.KubernetesSecretType.Opaque,
        Location = "eastus",
        ObjectSecretMapping = new[]
        {
            new AzureNative.SecretSyncController.Inputs.KubernetesSecretObjectMappingArgs
            {
                SourcePath = "kv-secret-name/0",
                TargetKey = "kv-secret-name/0",
            },
        },
        ResourceGroupName = "rg-ssc-example",
        SecretProviderClassName = "akvspc-ssc-example",
        SecretSyncName = "secretsync-ssc-example",
        ServiceAccountName = "example-k8s-sa-name",
        Tags = 
        {
            { "example-tag", "example-tag-value" },
        },
    });

});

package main

import (
	secretsynccontroller "github.com/pulumi/pulumi-azure-native-sdk/secretsynccontroller/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := secretsynccontroller.NewSecretSync(ctx, "secretSync", &secretsynccontroller.SecretSyncArgs{
			ExtendedLocation: &secretsynccontroller.AzureResourceManagerCommonTypesExtendedLocationArgs{
				Name: pulumi.String("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-ssc-example/providers/Microsoft.ExtendedLocation/customLocations/example-custom-location"),
				Type: pulumi.String(secretsynccontroller.ExtendedLocationTypeCustomLocation),
			},
			KubernetesSecretType: pulumi.String(secretsynccontroller.KubernetesSecretTypeOpaque),
			Location:             pulumi.String("eastus"),
			ObjectSecretMapping: secretsynccontroller.KubernetesSecretObjectMappingArray{
				&secretsynccontroller.KubernetesSecretObjectMappingArgs{
					SourcePath: pulumi.String("kv-secret-name/0"),
					TargetKey:  pulumi.String("kv-secret-name/0"),
				},
			},
			ResourceGroupName:       pulumi.String("rg-ssc-example"),
			SecretProviderClassName: pulumi.String("akvspc-ssc-example"),
			SecretSyncName:          pulumi.String("secretsync-ssc-example"),
			ServiceAccountName:      pulumi.String("example-k8s-sa-name"),
			Tags: pulumi.StringMap{
				"example-tag": pulumi.String("example-tag-value"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.secretsynccontroller.SecretSync;
import com.pulumi.azurenative.secretsynccontroller.SecretSyncArgs;
import com.pulumi.azurenative.secretsynccontroller.inputs.AzureResourceManagerCommonTypesExtendedLocationArgs;
import com.pulumi.azurenative.secretsynccontroller.inputs.KubernetesSecretObjectMappingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var secretSync = new SecretSync("secretSync", SecretSyncArgs.builder()
            .extendedLocation(AzureResourceManagerCommonTypesExtendedLocationArgs.builder()
                .name("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-ssc-example/providers/Microsoft.ExtendedLocation/customLocations/example-custom-location")
                .type("CustomLocation")
                .build())
            .kubernetesSecretType("Opaque")
            .location("eastus")
            .objectSecretMapping(KubernetesSecretObjectMappingArgs.builder()
                .sourcePath("kv-secret-name/0")
                .targetKey("kv-secret-name/0")
                .build())
            .resourceGroupName("rg-ssc-example")
            .secretProviderClassName("akvspc-ssc-example")
            .secretSyncName("secretsync-ssc-example")
            .serviceAccountName("example-k8s-sa-name")
            .tags(Map.of("example-tag", "example-tag-value"))
            .build());

    }
}

import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const secretSync = new azure_native.secretsynccontroller.SecretSync("secretSync", {
    extendedLocation: {
        name: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-ssc-example/providers/Microsoft.ExtendedLocation/customLocations/example-custom-location",
        type: azure_native.secretsynccontroller.ExtendedLocationType.CustomLocation,
    },
    kubernetesSecretType: azure_native.secretsynccontroller.KubernetesSecretType.Opaque,
    location: "eastus",
    objectSecretMapping: [{
        sourcePath: "kv-secret-name/0",
        targetKey: "kv-secret-name/0",
    }],
    resourceGroupName: "rg-ssc-example",
    secretProviderClassName: "akvspc-ssc-example",
    secretSyncName: "secretsync-ssc-example",
    serviceAccountName: "example-k8s-sa-name",
    tags: {
        "example-tag": "example-tag-value",
    },
});

import pulumi
import pulumi_azure_native as azure_native

secret_sync = azure_native.secretsynccontroller.SecretSync("secretSync",
    extended_location={
        "name": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-ssc-example/providers/Microsoft.ExtendedLocation/customLocations/example-custom-location",
        "type": azure_native.secretsynccontroller.ExtendedLocationType.CUSTOM_LOCATION,
    },
    kubernetes_secret_type=azure_native.secretsynccontroller.KubernetesSecretType.OPAQUE,
    location="eastus",
    object_secret_mapping=[{
        "source_path": "kv-secret-name/0",
        "target_key": "kv-secret-name/0",
    }],
    resource_group_name="rg-ssc-example",
    secret_provider_class_name="akvspc-ssc-example",
    secret_sync_name="secretsync-ssc-example",
    service_account_name="example-k8s-sa-name",
    tags={
        "example-tag": "example-tag-value",
    })

resources:
  secretSync:
    type: azure-native:secretsynccontroller:SecretSync
    properties:
      extendedLocation:
        name: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-ssc-example/providers/Microsoft.ExtendedLocation/customLocations/example-custom-location
        type: CustomLocation
      kubernetesSecretType: Opaque
      location: eastus
      objectSecretMapping:
        - sourcePath: kv-secret-name/0
          targetKey: kv-secret-name/0
      resourceGroupName: rg-ssc-example
      secretProviderClassName: akvspc-ssc-example
      secretSyncName: secretsync-ssc-example
      serviceAccountName: example-k8s-sa-name
      tags:
        example-tag: example-tag-value

Create SecretSync Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

TypeScript
Python
Go
C#
Java
YAML

new SecretSync(name: string, args: SecretSyncArgs, opts?: CustomResourceOptions);

@overload
def SecretSync(resource_name: str,
               args: SecretSyncArgs,
               opts: Optional[ResourceOptions] = None)

@overload
def SecretSync(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               kubernetes_secret_type: Optional[Union[str, KubernetesSecretType]] = None,
               object_secret_mapping: Optional[Sequence[KubernetesSecretObjectMappingArgs]] = None,
               resource_group_name: Optional[str] = None,
               secret_provider_class_name: Optional[str] = None,
               service_account_name: Optional[str] = None,
               extended_location: Optional[AzureResourceManagerCommonTypesExtendedLocationArgs] = None,
               force_synchronization: Optional[str] = None,
               location: Optional[str] = None,
               secret_sync_name: Optional[str] = None,
               tags: Optional[Mapping[str, str]] = None)

func NewSecretSync(ctx *Context, name string, args SecretSyncArgs, opts ...ResourceOption) (*SecretSync, error)

public SecretSync(string name, SecretSyncArgs args, CustomResourceOptions? opts = null)

public SecretSync(String name, SecretSyncArgs args)
public SecretSync(String name, SecretSyncArgs args, CustomResourceOptions options)

type: azure-native:secretsynccontroller:SecretSync
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SecretSyncArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SecretSyncArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecretSyncArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecretSyncArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SecretSyncArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

TypeScript
Python
Go
C#
Java
YAML

var secretSyncResource = new AzureNative.SecretSyncController.SecretSync("secretSyncResource", new()
{
    KubernetesSecretType = "string",
    ObjectSecretMapping = new[]
    {
        new AzureNative.SecretSyncController.Inputs.KubernetesSecretObjectMappingArgs
        {
            SourcePath = "string",
            TargetKey = "string",
        },
    },
    ResourceGroupName = "string",
    SecretProviderClassName = "string",
    ServiceAccountName = "string",
    ExtendedLocation = new AzureNative.SecretSyncController.Inputs.AzureResourceManagerCommonTypesExtendedLocationArgs
    {
        Name = "string",
        Type = "string",
    },
    ForceSynchronization = "string",
    Location = "string",
    SecretSyncName = "string",
    Tags = 
    {
        { "string", "string" },
    },
});

example, err := secretsynccontroller.NewSecretSync(ctx, "secretSyncResource", &secretsynccontroller.SecretSyncArgs{
	KubernetesSecretType: pulumi.String("string"),
	ObjectSecretMapping: secretsynccontroller.KubernetesSecretObjectMappingArray{
		&secretsynccontroller.KubernetesSecretObjectMappingArgs{
			SourcePath: pulumi.String("string"),
			TargetKey:  pulumi.String("string"),
		},
	},
	ResourceGroupName:       pulumi.String("string"),
	SecretProviderClassName: pulumi.String("string"),
	ServiceAccountName:      pulumi.String("string"),
	ExtendedLocation: &secretsynccontroller.AzureResourceManagerCommonTypesExtendedLocationArgs{
		Name: pulumi.String("string"),
		Type: pulumi.String("string"),
	},
	ForceSynchronization: pulumi.String("string"),
	Location:             pulumi.String("string"),
	SecretSyncName:       pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
})

var secretSyncResource = new SecretSync("secretSyncResource", SecretSyncArgs.builder()
    .kubernetesSecretType("string")
    .objectSecretMapping(KubernetesSecretObjectMappingArgs.builder()
        .sourcePath("string")
        .targetKey("string")
        .build())
    .resourceGroupName("string")
    .secretProviderClassName("string")
    .serviceAccountName("string")
    .extendedLocation(AzureResourceManagerCommonTypesExtendedLocationArgs.builder()
        .name("string")
        .type("string")
        .build())
    .forceSynchronization("string")
    .location("string")
    .secretSyncName("string")
    .tags(Map.of("string", "string"))
    .build());

secret_sync_resource = azure_native.secretsynccontroller.SecretSync("secretSyncResource",
    kubernetes_secret_type="string",
    object_secret_mapping=[{
        "source_path": "string",
        "target_key": "string",
    }],
    resource_group_name="string",
    secret_provider_class_name="string",
    service_account_name="string",
    extended_location={
        "name": "string",
        "type": "string",
    },
    force_synchronization="string",
    location="string",
    secret_sync_name="string",
    tags={
        "string": "string",
    })

const secretSyncResource = new azure_native.secretsynccontroller.SecretSync("secretSyncResource", {
    kubernetesSecretType: "string",
    objectSecretMapping: [{
        sourcePath: "string",
        targetKey: "string",
    }],
    resourceGroupName: "string",
    secretProviderClassName: "string",
    serviceAccountName: "string",
    extendedLocation: {
        name: "string",
        type: "string",
    },
    forceSynchronization: "string",
    location: "string",
    secretSyncName: "string",
    tags: {
        string: "string",
    },
});

type: azure-native:secretsynccontroller:SecretSync
properties:
    extendedLocation:
        name: string
        type: string
    forceSynchronization: string
    kubernetesSecretType: string
    location: string
    objectSecretMapping:
        - sourcePath: string
          targetKey: string
    resourceGroupName: string
    secretProviderClassName: string
    secretSyncName: string
    serviceAccountName: string
    tags:
        string: string

SecretSync Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SecretSync resource accepts the following input properties:

KubernetesSecretType string | Pulumi.AzureNative.SecretSyncController.KubernetesSecretType: Type specifies the type of the Kubernetes secret object, e.g. "Opaque" or"kubernetes.io/tls". The controller must have permission to create secrets of the specified type.
ObjectSecretMapping List<Pulumi.AzureNative.SecretSyncController.Inputs.KubernetesSecretObjectMapping>: An array of SecretObjectData that maps secret data from the external secret provider to the Kubernetes secret. Each entry specifies the source secret in the external provider and the corresponding key in the Kubernetes secret.
ResourceGroupName string: The name of the resource group. The name is case insensitive.
SecretProviderClassName string: SecretProviderClassName specifies the name of the SecretProviderClass resource, which contains the information needed to access the cloud provider secret store.
ServiceAccountName string: ServiceAccountName specifies the name of the service account used to access the cloud provider secret store. The audience field in the service account token must be passed as parameter in the controller configuration. The audience is used when requesting a token from the API server for the service account; the supported audiences are defined by each provider.
ExtendedLocation Pulumi.AzureNative.SecretSyncController.Inputs.AzureResourceManagerCommonTypesExtendedLocation: The complex type of the extended location.
ForceSynchronization string: ForceSynchronization can be used to force the secret synchronization. The secret synchronization is triggered by changing the value in this field. This field is not used to resolve synchronization conflicts.
Location string: The geo-location where the resource lives
SecretSyncName string: The name of the SecretSync
Tags Dictionary<string, string>: Resource tags.

KubernetesSecretType string | KubernetesSecretType: Type specifies the type of the Kubernetes secret object, e.g. "Opaque" or"kubernetes.io/tls". The controller must have permission to create secrets of the specified type.
ObjectSecretMapping []KubernetesSecretObjectMappingArgs: An array of SecretObjectData that maps secret data from the external secret provider to the Kubernetes secret. Each entry specifies the source secret in the external provider and the corresponding key in the Kubernetes secret.
ResourceGroupName string: The name of the resource group. The name is case insensitive.
SecretProviderClassName string: SecretProviderClassName specifies the name of the SecretProviderClass resource, which contains the information needed to access the cloud provider secret store.
ServiceAccountName string: ServiceAccountName specifies the name of the service account used to access the cloud provider secret store. The audience field in the service account token must be passed as parameter in the controller configuration. The audience is used when requesting a token from the API server for the service account; the supported audiences are defined by each provider.
ExtendedLocation AzureResourceManagerCommonTypesExtendedLocationArgs: The complex type of the extended location.
ForceSynchronization string: ForceSynchronization can be used to force the secret synchronization. The secret synchronization is triggered by changing the value in this field. This field is not used to resolve synchronization conflicts.
Location string: The geo-location where the resource lives
SecretSyncName string: The name of the SecretSync
Tags map[string]string: Resource tags.

kubernetesSecretType String | KubernetesSecretType: Type specifies the type of the Kubernetes secret object, e.g. "Opaque" or"kubernetes.io/tls". The controller must have permission to create secrets of the specified type.
objectSecretMapping List<KubernetesSecretObjectMapping>: An array of SecretObjectData that maps secret data from the external secret provider to the Kubernetes secret. Each entry specifies the source secret in the external provider and the corresponding key in the Kubernetes secret.
resourceGroupName String: The name of the resource group. The name is case insensitive.
secretProviderClassName String: SecretProviderClassName specifies the name of the SecretProviderClass resource, which contains the information needed to access the cloud provider secret store.
serviceAccountName String: ServiceAccountName specifies the name of the service account used to access the cloud provider secret store. The audience field in the service account token must be passed as parameter in the controller configuration. The audience is used when requesting a token from the API server for the service account; the supported audiences are defined by each provider.
extendedLocation AzureResourceManagerCommonTypesExtendedLocation: The complex type of the extended location.
forceSynchronization String: ForceSynchronization can be used to force the secret synchronization. The secret synchronization is triggered by changing the value in this field. This field is not used to resolve synchronization conflicts.
location String: The geo-location where the resource lives
secretSyncName String: The name of the SecretSync
tags Map<String,String>: Resource tags.

kubernetesSecretType string | KubernetesSecretType: Type specifies the type of the Kubernetes secret object, e.g. "Opaque" or"kubernetes.io/tls". The controller must have permission to create secrets of the specified type.
objectSecretMapping KubernetesSecretObjectMapping[]: An array of SecretObjectData that maps secret data from the external secret provider to the Kubernetes secret. Each entry specifies the source secret in the external provider and the corresponding key in the Kubernetes secret.
resourceGroupName string: The name of the resource group. The name is case insensitive.
secretProviderClassName string: SecretProviderClassName specifies the name of the SecretProviderClass resource, which contains the information needed to access the cloud provider secret store.
serviceAccountName string: ServiceAccountName specifies the name of the service account used to access the cloud provider secret store. The audience field in the service account token must be passed as parameter in the controller configuration. The audience is used when requesting a token from the API server for the service account; the supported audiences are defined by each provider.
extendedLocation AzureResourceManagerCommonTypesExtendedLocation: The complex type of the extended location.
forceSynchronization string: ForceSynchronization can be used to force the secret synchronization. The secret synchronization is triggered by changing the value in this field. This field is not used to resolve synchronization conflicts.
location string: The geo-location where the resource lives
secretSyncName string: The name of the SecretSync
tags {[key: string]: string}: Resource tags.

kubernetes_secret_type str | KubernetesSecretType: Type specifies the type of the Kubernetes secret object, e.g. "Opaque" or"kubernetes.io/tls". The controller must have permission to create secrets of the specified type.
object_secret_mapping Sequence[KubernetesSecretObjectMappingArgs]: An array of SecretObjectData that maps secret data from the external secret provider to the Kubernetes secret. Each entry specifies the source secret in the external provider and the corresponding key in the Kubernetes secret.
resource_group_name str: The name of the resource group. The name is case insensitive.
secret_provider_class_name str: SecretProviderClassName specifies the name of the SecretProviderClass resource, which contains the information needed to access the cloud provider secret store.
service_account_name str: ServiceAccountName specifies the name of the service account used to access the cloud provider secret store. The audience field in the service account token must be passed as parameter in the controller configuration. The audience is used when requesting a token from the API server for the service account; the supported audiences are defined by each provider.
extended_location AzureResourceManagerCommonTypesExtendedLocationArgs: The complex type of the extended location.
force_synchronization str: ForceSynchronization can be used to force the secret synchronization. The secret synchronization is triggered by changing the value in this field. This field is not used to resolve synchronization conflicts.
location str: The geo-location where the resource lives
secret_sync_name str: The name of the SecretSync
tags Mapping[str, str]: Resource tags.

kubernetesSecretType String | "Opaque" | "kubernetes.io/tls": Type specifies the type of the Kubernetes secret object, e.g. "Opaque" or"kubernetes.io/tls". The controller must have permission to create secrets of the specified type.
objectSecretMapping List<Property Map>: An array of SecretObjectData that maps secret data from the external secret provider to the Kubernetes secret. Each entry specifies the source secret in the external provider and the corresponding key in the Kubernetes secret.
resourceGroupName String: The name of the resource group. The name is case insensitive.
secretProviderClassName String: SecretProviderClassName specifies the name of the SecretProviderClass resource, which contains the information needed to access the cloud provider secret store.
serviceAccountName String: ServiceAccountName specifies the name of the service account used to access the cloud provider secret store. The audience field in the service account token must be passed as parameter in the controller configuration. The audience is used when requesting a token from the API server for the service account; the supported audiences are defined by each provider.
extendedLocation Property Map: The complex type of the extended location.
forceSynchronization String: ForceSynchronization can be used to force the secret synchronization. The secret synchronization is triggered by changing the value in this field. This field is not used to resolve synchronization conflicts.
location String: The geo-location where the resource lives
secretSyncName String: The name of the SecretSync
tags Map<String>: Resource tags.

Outputs

All input properties are implicitly available as output properties. Additionally, the SecretSync resource produces the following output properties:

AzureApiVersion string: The Azure API version of the resource.
Id string: The provider-assigned unique ID for this managed resource.
Name string: The name of the resource
ProvisioningState string: Provisioning state of the SecretSync instance.
Status Pulumi.AzureNative.SecretSyncController.Outputs.SecretSyncStatusResponse: SecretSyncStatus defines the observed state of the secret synchronization process.
SystemData Pulumi.AzureNative.SecretSyncController.Outputs.SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
Type string: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

AzureApiVersion string: The Azure API version of the resource.
Id string: The provider-assigned unique ID for this managed resource.
Name string: The name of the resource
ProvisioningState string: Provisioning state of the SecretSync instance.
Status SecretSyncStatusResponse: SecretSyncStatus defines the observed state of the secret synchronization process.
SystemData SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
Type string: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

azureApiVersion String: The Azure API version of the resource.
id String: The provider-assigned unique ID for this managed resource.
name String: The name of the resource
provisioningState String: Provisioning state of the SecretSync instance.
status SecretSyncStatusResponse: SecretSyncStatus defines the observed state of the secret synchronization process.
systemData SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
type String: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

azureApiVersion string: The Azure API version of the resource.
id string: The provider-assigned unique ID for this managed resource.
name string: The name of the resource
provisioningState string: Provisioning state of the SecretSync instance.
status SecretSyncStatusResponse: SecretSyncStatus defines the observed state of the secret synchronization process.
systemData SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
type string: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

azure_api_version str: The Azure API version of the resource.
id str: The provider-assigned unique ID for this managed resource.
name str: The name of the resource
provisioning_state str: Provisioning state of the SecretSync instance.
status SecretSyncStatusResponse: SecretSyncStatus defines the observed state of the secret synchronization process.
system_data SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
type str: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

azureApiVersion String: The Azure API version of the resource.
id String: The provider-assigned unique ID for this managed resource.
name String: The name of the resource
provisioningState String: Provisioning state of the SecretSync instance.
status Property Map: SecretSyncStatus defines the observed state of the secret synchronization process.
systemData Property Map: Azure Resource Manager metadata containing createdBy and modifiedBy information.
type String: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

Supporting Types

AzureResourceManagerCommonTypesExtendedLocation
, AzureResourceManagerCommonTypesExtendedLocationArgs

Name string: The name of the extended location.
Type string | Pulumi.AzureNative.SecretSyncController.ExtendedLocationType: The type of the extended location.

Name string: The name of the extended location.
Type string | ExtendedLocationType: The type of the extended location.

name String: The name of the extended location.
type String | ExtendedLocationType: The type of the extended location.

name string: The name of the extended location.
type string | ExtendedLocationType: The type of the extended location.

name str: The name of the extended location.
type str | ExtendedLocationType: The type of the extended location.

name String: The name of the extended location.
type String | "EdgeZone" | "CustomLocation": The type of the extended location.

AzureResourceManagerCommonTypesExtendedLocationResponse
, AzureResourceManagerCommonTypesExtendedLocationResponseArgs

Name string: The name of the extended location.
Type string: The type of the extended location.

Name string: The name of the extended location.
Type string: The type of the extended location.

name String: The name of the extended location.
type String: The type of the extended location.

name string: The name of the extended location.
type string: The type of the extended location.

name str: The name of the extended location.
type str: The type of the extended location.

name String: The name of the extended location.
type String: The type of the extended location.

ExtendedLocationType
, ExtendedLocationTypeArgs

EdgeZone: EdgeZoneAzure Edge Zones location type
CustomLocation: CustomLocationAzure Custom Locations type

ExtendedLocationTypeEdgeZone: EdgeZoneAzure Edge Zones location type
ExtendedLocationTypeCustomLocation: CustomLocationAzure Custom Locations type

EdgeZone: EdgeZoneAzure Edge Zones location type
CustomLocation: CustomLocationAzure Custom Locations type

EdgeZone: EdgeZoneAzure Edge Zones location type
CustomLocation: CustomLocationAzure Custom Locations type

EDGE_ZONE: EdgeZoneAzure Edge Zones location type
CUSTOM_LOCATION: CustomLocationAzure Custom Locations type

"EdgeZone": EdgeZoneAzure Edge Zones location type
"CustomLocation": CustomLocationAzure Custom Locations type

KubernetesSecretObjectMapping
, KubernetesSecretObjectMappingArgs

SourcePath string: SourcePath is the identifier for the secret data as defined by the external secret provider. This is the key or path to the secret in the provider's system, which gets mounted to a specific path in the pod. The value should match the name of the secret as specified in the SecretProviderClass's objects array.
TargetKey string: TargetKey is the key in the Kubernetes secret's data field where the secret value will be stored. This key is used to reference the secret data within Kubernetes, and it should be unique within the secret.

SourcePath string: SourcePath is the identifier for the secret data as defined by the external secret provider. This is the key or path to the secret in the provider's system, which gets mounted to a specific path in the pod. The value should match the name of the secret as specified in the SecretProviderClass's objects array.
TargetKey string: TargetKey is the key in the Kubernetes secret's data field where the secret value will be stored. This key is used to reference the secret data within Kubernetes, and it should be unique within the secret.

sourcePath String: SourcePath is the identifier for the secret data as defined by the external secret provider. This is the key or path to the secret in the provider's system, which gets mounted to a specific path in the pod. The value should match the name of the secret as specified in the SecretProviderClass's objects array.
targetKey String: TargetKey is the key in the Kubernetes secret's data field where the secret value will be stored. This key is used to reference the secret data within Kubernetes, and it should be unique within the secret.

sourcePath string: SourcePath is the identifier for the secret data as defined by the external secret provider. This is the key or path to the secret in the provider's system, which gets mounted to a specific path in the pod. The value should match the name of the secret as specified in the SecretProviderClass's objects array.
targetKey string: TargetKey is the key in the Kubernetes secret's data field where the secret value will be stored. This key is used to reference the secret data within Kubernetes, and it should be unique within the secret.

source_path str: SourcePath is the identifier for the secret data as defined by the external secret provider. This is the key or path to the secret in the provider's system, which gets mounted to a specific path in the pod. The value should match the name of the secret as specified in the SecretProviderClass's objects array.
target_key str: TargetKey is the key in the Kubernetes secret's data field where the secret value will be stored. This key is used to reference the secret data within Kubernetes, and it should be unique within the secret.

sourcePath String: SourcePath is the identifier for the secret data as defined by the external secret provider. This is the key or path to the secret in the provider's system, which gets mounted to a specific path in the pod. The value should match the name of the secret as specified in the SecretProviderClass's objects array.
targetKey String: TargetKey is the key in the Kubernetes secret's data field where the secret value will be stored. This key is used to reference the secret data within Kubernetes, and it should be unique within the secret.

KubernetesSecretObjectMappingResponse
, KubernetesSecretObjectMappingResponseArgs

SourcePath string: SourcePath is the identifier for the secret data as defined by the external secret provider. This is the key or path to the secret in the provider's system, which gets mounted to a specific path in the pod. The value should match the name of the secret as specified in the SecretProviderClass's objects array.
TargetKey string: TargetKey is the key in the Kubernetes secret's data field where the secret value will be stored. This key is used to reference the secret data within Kubernetes, and it should be unique within the secret.

SourcePath string: SourcePath is the identifier for the secret data as defined by the external secret provider. This is the key or path to the secret in the provider's system, which gets mounted to a specific path in the pod. The value should match the name of the secret as specified in the SecretProviderClass's objects array.
TargetKey string: TargetKey is the key in the Kubernetes secret's data field where the secret value will be stored. This key is used to reference the secret data within Kubernetes, and it should be unique within the secret.

sourcePath String: SourcePath is the identifier for the secret data as defined by the external secret provider. This is the key or path to the secret in the provider's system, which gets mounted to a specific path in the pod. The value should match the name of the secret as specified in the SecretProviderClass's objects array.
targetKey String: TargetKey is the key in the Kubernetes secret's data field where the secret value will be stored. This key is used to reference the secret data within Kubernetes, and it should be unique within the secret.

sourcePath string: SourcePath is the identifier for the secret data as defined by the external secret provider. This is the key or path to the secret in the provider's system, which gets mounted to a specific path in the pod. The value should match the name of the secret as specified in the SecretProviderClass's objects array.
targetKey string: TargetKey is the key in the Kubernetes secret's data field where the secret value will be stored. This key is used to reference the secret data within Kubernetes, and it should be unique within the secret.

source_path str: SourcePath is the identifier for the secret data as defined by the external secret provider. This is the key or path to the secret in the provider's system, which gets mounted to a specific path in the pod. The value should match the name of the secret as specified in the SecretProviderClass's objects array.
target_key str: TargetKey is the key in the Kubernetes secret's data field where the secret value will be stored. This key is used to reference the secret data within Kubernetes, and it should be unique within the secret.

sourcePath String: SourcePath is the identifier for the secret data as defined by the external secret provider. This is the key or path to the secret in the provider's system, which gets mounted to a specific path in the pod. The value should match the name of the secret as specified in the SecretProviderClass's objects array.
targetKey String: TargetKey is the key in the Kubernetes secret's data field where the secret value will be stored. This key is used to reference the secret data within Kubernetes, and it should be unique within the secret.

KubernetesSecretType
, KubernetesSecretTypeArgs

Opaque: OpaqueOpaque is the default secret type.
Tls: kubernetes.io/tlsThe kubernetes.io/tls secret type is for storing a certificate and its associated key that are typically used for TLS.

KubernetesSecretTypeOpaque: OpaqueOpaque is the default secret type.
KubernetesSecretTypeTls: kubernetes.io/tlsThe kubernetes.io/tls secret type is for storing a certificate and its associated key that are typically used for TLS.

Opaque: OpaqueOpaque is the default secret type.
Tls: kubernetes.io/tlsThe kubernetes.io/tls secret type is for storing a certificate and its associated key that are typically used for TLS.

Opaque: OpaqueOpaque is the default secret type.
Tls: kubernetes.io/tlsThe kubernetes.io/tls secret type is for storing a certificate and its associated key that are typically used for TLS.

OPAQUE: OpaqueOpaque is the default secret type.
TLS: kubernetes.io/tlsThe kubernetes.io/tls secret type is for storing a certificate and its associated key that are typically used for TLS.

"Opaque": OpaqueOpaque is the default secret type.
"kubernetes.io/tls": kubernetes.io/tlsThe kubernetes.io/tls secret type is for storing a certificate and its associated key that are typically used for TLS.

SecretSyncConditionResponse
, SecretSyncConditionResponseArgs

LastTransitionTime string: LastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
Message string: Message is a human readable message indicating details about the transition. This may be an empty string.
ObservedGeneration double: ObservedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
Reason string: Reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
Status string: Status of the condition, one of True, False, Unknown.
Type string: Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to de-conflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)

LastTransitionTime string: LastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
Message string: Message is a human readable message indicating details about the transition. This may be an empty string.
ObservedGeneration float64: ObservedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
Reason string: Reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
Status string: Status of the condition, one of True, False, Unknown.
Type string: Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to de-conflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)

lastTransitionTime String: LastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
message String: Message is a human readable message indicating details about the transition. This may be an empty string.
observedGeneration Double: ObservedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
reason String: Reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
status String: Status of the condition, one of True, False, Unknown.
type String: Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to de-conflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)

lastTransitionTime string: LastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
message string: Message is a human readable message indicating details about the transition. This may be an empty string.
observedGeneration number: ObservedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
reason string: Reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
status string: Status of the condition, one of True, False, Unknown.
type string: Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to de-conflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)

last_transition_time str: LastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
message str: Message is a human readable message indicating details about the transition. This may be an empty string.
observed_generation float: ObservedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
reason str: Reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
status str: Status of the condition, one of True, False, Unknown.
type str: Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to de-conflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)

lastTransitionTime String: LastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
message String: Message is a human readable message indicating details about the transition. This may be an empty string.
observedGeneration Number: ObservedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
reason String: Reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
status String: Status of the condition, one of True, False, Unknown.
type String: Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to de-conflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)

SecretSyncStatusResponse
, SecretSyncStatusResponseArgs

Conditions List<Pulumi.AzureNative.SecretSyncController.Inputs.SecretSyncConditionResponse>: Conditions represent the status of the secret create and update processes. The status can be True, False, or Unknown with various reasons and messages explaining the state. Examples of reasons include CreateSucceeded, ProviderError, InvalidClusterSecretLabelError, InvalidClusterSecretAnnotationError, UnknownError, ValidatingAdmissionPolicyCheckFailed, UserInputValidationFailed, ControllerSpcError, ControllerInternalError, NoValueChange, and ValueChangeOrForceUpdateDetected.
LastSuccessfulSyncTime string: LastSuccessfulSyncTime represents the last time the secret was retrieved from the Provider and updated.

Conditions []SecretSyncConditionResponse: Conditions represent the status of the secret create and update processes. The status can be True, False, or Unknown with various reasons and messages explaining the state. Examples of reasons include CreateSucceeded, ProviderError, InvalidClusterSecretLabelError, InvalidClusterSecretAnnotationError, UnknownError, ValidatingAdmissionPolicyCheckFailed, UserInputValidationFailed, ControllerSpcError, ControllerInternalError, NoValueChange, and ValueChangeOrForceUpdateDetected.
LastSuccessfulSyncTime string: LastSuccessfulSyncTime represents the last time the secret was retrieved from the Provider and updated.

conditions List<SecretSyncConditionResponse>: Conditions represent the status of the secret create and update processes. The status can be True, False, or Unknown with various reasons and messages explaining the state. Examples of reasons include CreateSucceeded, ProviderError, InvalidClusterSecretLabelError, InvalidClusterSecretAnnotationError, UnknownError, ValidatingAdmissionPolicyCheckFailed, UserInputValidationFailed, ControllerSpcError, ControllerInternalError, NoValueChange, and ValueChangeOrForceUpdateDetected.
lastSuccessfulSyncTime String: LastSuccessfulSyncTime represents the last time the secret was retrieved from the Provider and updated.

conditions SecretSyncConditionResponse[]: Conditions represent the status of the secret create and update processes. The status can be True, False, or Unknown with various reasons and messages explaining the state. Examples of reasons include CreateSucceeded, ProviderError, InvalidClusterSecretLabelError, InvalidClusterSecretAnnotationError, UnknownError, ValidatingAdmissionPolicyCheckFailed, UserInputValidationFailed, ControllerSpcError, ControllerInternalError, NoValueChange, and ValueChangeOrForceUpdateDetected.
lastSuccessfulSyncTime string: LastSuccessfulSyncTime represents the last time the secret was retrieved from the Provider and updated.

conditions Sequence[SecretSyncConditionResponse]: Conditions represent the status of the secret create and update processes. The status can be True, False, or Unknown with various reasons and messages explaining the state. Examples of reasons include CreateSucceeded, ProviderError, InvalidClusterSecretLabelError, InvalidClusterSecretAnnotationError, UnknownError, ValidatingAdmissionPolicyCheckFailed, UserInputValidationFailed, ControllerSpcError, ControllerInternalError, NoValueChange, and ValueChangeOrForceUpdateDetected.
last_successful_sync_time str: LastSuccessfulSyncTime represents the last time the secret was retrieved from the Provider and updated.

conditions List<Property Map>: Conditions represent the status of the secret create and update processes. The status can be True, False, or Unknown with various reasons and messages explaining the state. Examples of reasons include CreateSucceeded, ProviderError, InvalidClusterSecretLabelError, InvalidClusterSecretAnnotationError, UnknownError, ValidatingAdmissionPolicyCheckFailed, UserInputValidationFailed, ControllerSpcError, ControllerInternalError, NoValueChange, and ValueChangeOrForceUpdateDetected.
lastSuccessfulSyncTime String: LastSuccessfulSyncTime represents the last time the secret was retrieved from the Provider and updated.

SystemDataResponse
, SystemDataResponseArgs

CreatedAt string: The timestamp of resource creation (UTC).
CreatedBy string: The identity that created the resource.
CreatedByType string: The type of identity that created the resource.
LastModifiedAt string: The timestamp of resource last modification (UTC)
LastModifiedBy string: The identity that last modified the resource.
LastModifiedByType string: The type of identity that last modified the resource.

CreatedAt string: The timestamp of resource creation (UTC).
CreatedBy string: The identity that created the resource.
CreatedByType string: The type of identity that created the resource.
LastModifiedAt string: The timestamp of resource last modification (UTC)
LastModifiedBy string: The identity that last modified the resource.
LastModifiedByType string: The type of identity that last modified the resource.

createdAt String: The timestamp of resource creation (UTC).
createdBy String: The identity that created the resource.
createdByType String: The type of identity that created the resource.
lastModifiedAt String: The timestamp of resource last modification (UTC)
lastModifiedBy String: The identity that last modified the resource.
lastModifiedByType String: The type of identity that last modified the resource.

createdAt string: The timestamp of resource creation (UTC).
createdBy string: The identity that created the resource.
createdByType string: The type of identity that created the resource.
lastModifiedAt string: The timestamp of resource last modification (UTC)
lastModifiedBy string: The identity that last modified the resource.
lastModifiedByType string: The type of identity that last modified the resource.

created_at str: The timestamp of resource creation (UTC).
created_by str: The identity that created the resource.
created_by_type str: The type of identity that created the resource.
last_modified_at str: The timestamp of resource last modification (UTC)
last_modified_by str: The identity that last modified the resource.
last_modified_by_type str: The type of identity that last modified the resource.

createdAt String: The timestamp of resource creation (UTC).
createdBy String: The identity that created the resource.
createdByType String: The type of identity that created the resource.
lastModifiedAt String: The timestamp of resource last modification (UTC)
lastModifiedBy String: The identity that last modified the resource.
lastModifiedByType String: The type of identity that last modified the resource.

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:secretsynccontroller:SecretSync secretsync-ssc-example /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecretSyncController/secretSyncs/{secretSyncName}

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Azure Native pulumi/pulumi-azure-native
License: Apache-2.0

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.1.0 published on Tuesday, Apr 8, 2025 by Pulumi

pulumi/pulumi-azure-native

azure-native.secretsynccontroller.SecretSync

On this page

On this page

Example Usage

SecretSyncs_CreateOrUpdate

Create SecretSync Resource

Constructor syntax

Parameters

Constructor example

SecretSync Resource Properties

Inputs

Outputs

Supporting Types

AzureResourceManagerCommonTypesExtendedLocation
, AzureResourceManagerCommonTypesExtendedLocationArgs

AzureResourceManagerCommonTypesExtendedLocationResponse
, AzureResourceManagerCommonTypesExtendedLocationResponseArgs

ExtendedLocationType
, ExtendedLocationTypeArgs

KubernetesSecretObjectMapping
, KubernetesSecretObjectMappingArgs

KubernetesSecretObjectMappingResponse
, KubernetesSecretObjectMappingResponseArgs

KubernetesSecretType
, KubernetesSecretTypeArgs

SecretSyncConditionResponse
, SecretSyncConditionResponseArgs

SecretSyncStatusResponse
, SecretSyncStatusResponseArgs

SystemDataResponse
, SystemDataResponseArgs

Import

Package Details

On this page

On this page

azure-native.secretsynccontroller.SecretSync

On this page

On this page

Example Usage

SecretSyncs_CreateOrUpdate

Create SecretSync Resource

Constructor syntax

Parameters

Constructor example

SecretSync Resource Properties

Inputs

Outputs

Supporting Types

AzureResourceManagerCommonTypesExtendedLocation, AzureResourceManagerCommonTypesExtendedLocationArgs

AzureResourceManagerCommonTypesExtendedLocationResponse, AzureResourceManagerCommonTypesExtendedLocationResponseArgs

ExtendedLocationType, ExtendedLocationTypeArgs

KubernetesSecretObjectMapping, KubernetesSecretObjectMappingArgs

KubernetesSecretObjectMappingResponse, KubernetesSecretObjectMappingResponseArgs

KubernetesSecretType, KubernetesSecretTypeArgs

SecretSyncConditionResponse, SecretSyncConditionResponseArgs

SecretSyncStatusResponse, SecretSyncStatusResponseArgs

SystemDataResponse, SystemDataResponseArgs

Import

Package Details

On this page

On this page

AzureResourceManagerCommonTypesExtendedLocation
, AzureResourceManagerCommonTypesExtendedLocationArgs

AzureResourceManagerCommonTypesExtendedLocationResponse
, AzureResourceManagerCommonTypesExtendedLocationResponseArgs

ExtendedLocationType
, ExtendedLocationTypeArgs

KubernetesSecretObjectMapping
, KubernetesSecretObjectMappingArgs

KubernetesSecretObjectMappingResponse
, KubernetesSecretObjectMappingResponseArgs

KubernetesSecretType
, KubernetesSecretTypeArgs

SecretSyncConditionResponse
, SecretSyncConditionResponseArgs

SecretSyncStatusResponse
, SecretSyncStatusResponseArgs

SystemDataResponse
, SystemDataResponseArgs