secret

package
v0.18.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 18, 2026 License: MPL-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DatasourceSchema 

func DatasourceSchema(opts SchemaOptions) (result schema.SingleNestedAttribute)

DatasourceSchema represents a secret read out from the backend (hash-only, sorry). Still the hash is useful to detect if secrets have changed externally. Use together with generic.ValueFrom and WithDatasourceConverter.

func ResourceSchema 

func ResourceSchema(opts SchemaOptions) (result schema.SingleNestedAttribute)

ResourceSchema defines the Secret representation within the Terraform state/plan. Use during Create/Update resource actions with generic.ValueTo, generic.ValueFrom conversion and WithConverterSupport as options. For ModifyPlan resource action, use WalkSecretPathsIn with SetHashToUnknownIfVersionChanged.

func SetHashToUnknownIfVersionChanged 

func SetHashToUnknownIfVersionChanged(ctx context.Context, plan, state generic.AttributeGetter, responsePlan generic.AttributeSetter) func(attributePath path.Path, diags *diag.Diagnostics) (versionChanged bool)

SetHashToUnknownIfVersionChanged constructs a visitor which sets the secret_hash of the secret at the given attribute to unknown if the secret_version changes according to the given plan and state. Used together with WalkSecretPathsIn.

func ValueFromConverter 

func ValueFromConverter(ctx context.Context, plan, state generic.AttributeGetter, attributePath path.Path, in clientTypes.Secret) (out tftypes.Value, err error)

ValueFromConverter is called during generic.ValueFrom when converting Terraform value from a client DTO representation. According to the given plan and state (during create and update resource phase), this converter copies over a given hash value as the initial secret_version. This way resources with secrets can be imported without explicitly specifying the correct version initially. Typically used with WithConverterSupport in conjunction with ValueToConverter, but the building_block_definition resource has some special needs as it combines secret values with arbitrary json-encoded strings.

func ValueToConverter 

func ValueToConverter(ctx context.Context, config, plan, state generic.AttributeGetter, attributePath path.Path) (out clientTypes.Secret, err error)

ValueToConverter is called during generic.ValueTo when converting Terraform value to a client DTO representation. According to the given plan and state (during create and update resource phase), this converter pulls the write-only attribute secret_value if the secret_version changes and provides this as a one-off value to the backend. Thus, secret rotation can be controlled with secret_version. Typically used with WithConverterSupport in conjunction with ValueFromConverter, but the building_block_definition resource has some special needs as it combines secret values with arbitrary json-encoded strings.

func WalkSecretPathsIn 

func WalkSecretPathsIn(raw tftypes.Value, diags *diag.Diagnostics, visitor func(attributePath path.Path, diags *diag.Diagnostics))

WalkSecretPathsIn finds all secrets matching the Secret object representation in the given raw Terraform value (usually a req.Plan.Raw). It calls the given visitor with the attributePath where the secret is located. See SetHashToUnknownIfVersionChanged for an example visitor.

func WithConverterSupport 

func WithConverterSupport(ctx context.Context, config, plan, state generic.AttributeGetter) generic.ConverterOptions

WithConverterSupport enables resources to use Secret representations in their ResourceSchema, while the client uses clientTypes.Secret. See ValueFromConverter and ValueToConverter for details of the bidirectional conversion.

func WithDatasourceConverter 

func WithDatasourceConverter() generic.ConverterOption

WithDatasourceConverter converts read in hashes from the backend to the Terraform DatasourceSchema representation. As data sources are read-only, only generic.ValueFrom conversion is supported.

Types

type SchemaOptions 

type SchemaOptions struct {
	MarkdownDescription string
	Optional            bool
}

type Secret 

type Secret struct {
	Value   *string `tfsdk:"secret_value"`
	Version *string `tfsdk:"secret_version"`
	Hash    *string `tfsdk:"secret_hash"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.