PyPI - pulumi-vault - Versions diffs - 7.6.0a1764657486__py3-none-any.whl - Mend

pulumi-vault 7.6.0a1764657486__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (274) hide show

pulumi_vault/__init__.py +1399 -0
pulumi_vault/_inputs.py +2701 -0
pulumi_vault/_utilities.py +331 -0
pulumi_vault/ad/__init__.py +12 -0
pulumi_vault/ad/get_access_credentials.py +177 -0
pulumi_vault/ad/secret_backend.py +1916 -0
pulumi_vault/ad/secret_library.py +546 -0
pulumi_vault/ad/secret_role.py +499 -0
pulumi_vault/alicloud/__init__.py +9 -0
pulumi_vault/alicloud/auth_backend_role.py +866 -0
pulumi_vault/approle/__init__.py +12 -0
pulumi_vault/approle/auth_backend_login.py +571 -0
pulumi_vault/approle/auth_backend_role.py +1082 -0
pulumi_vault/approle/auth_backend_role_secret_id.py +796 -0
pulumi_vault/approle/get_auth_backend_role_id.py +169 -0
pulumi_vault/audit.py +499 -0
pulumi_vault/audit_request_header.py +277 -0
pulumi_vault/auth_backend.py +565 -0
pulumi_vault/aws/__init__.py +22 -0
pulumi_vault/aws/auth_backend_cert.py +420 -0
pulumi_vault/aws/auth_backend_client.py +1259 -0
pulumi_vault/aws/auth_backend_config_identity.py +494 -0
pulumi_vault/aws/auth_backend_identity_whitelist.py +380 -0
pulumi_vault/aws/auth_backend_login.py +1046 -0
pulumi_vault/aws/auth_backend_role.py +1961 -0
pulumi_vault/aws/auth_backend_role_tag.py +638 -0
pulumi_vault/aws/auth_backend_roletag_blacklist.py +366 -0
pulumi_vault/aws/auth_backend_sts_role.py +414 -0
pulumi_vault/aws/get_access_credentials.py +369 -0
pulumi_vault/aws/get_static_access_credentials.py +137 -0
pulumi_vault/aws/secret_backend.py +2018 -0
pulumi_vault/aws/secret_backend_role.py +1188 -0
pulumi_vault/aws/secret_backend_static_role.py +639 -0
pulumi_vault/azure/__init__.py +15 -0
pulumi_vault/azure/_inputs.py +108 -0
pulumi_vault/azure/auth_backend_config.py +1096 -0
pulumi_vault/azure/auth_backend_role.py +1176 -0
pulumi_vault/azure/backend.py +1793 -0
pulumi_vault/azure/backend_role.py +883 -0
pulumi_vault/azure/get_access_credentials.py +400 -0
pulumi_vault/azure/outputs.py +107 -0
pulumi_vault/cert_auth_backend_role.py +1539 -0
pulumi_vault/config/__init__.py +9 -0
pulumi_vault/config/__init__.pyi +164 -0
pulumi_vault/config/_inputs.py +73 -0
pulumi_vault/config/outputs.py +1225 -0
pulumi_vault/config/ui_custom_message.py +530 -0
pulumi_vault/config/vars.py +230 -0
pulumi_vault/consul/__init__.py +10 -0
pulumi_vault/consul/secret_backend.py +1517 -0
pulumi_vault/consul/secret_backend_role.py +847 -0
pulumi_vault/database/__init__.py +14 -0
pulumi_vault/database/_inputs.py +11907 -0
pulumi_vault/database/outputs.py +8496 -0
pulumi_vault/database/secret_backend_connection.py +1676 -0
pulumi_vault/database/secret_backend_role.py +840 -0
pulumi_vault/database/secret_backend_static_role.py +881 -0
pulumi_vault/database/secrets_mount.py +2160 -0
pulumi_vault/egp_policy.py +399 -0
pulumi_vault/gcp/__init__.py +17 -0
pulumi_vault/gcp/_inputs.py +441 -0
pulumi_vault/gcp/auth_backend.py +1486 -0
pulumi_vault/gcp/auth_backend_role.py +1235 -0
pulumi_vault/gcp/get_auth_backend_role.py +514 -0
pulumi_vault/gcp/outputs.py +302 -0
pulumi_vault/gcp/secret_backend.py +1807 -0
pulumi_vault/gcp/secret_impersonated_account.py +484 -0
pulumi_vault/gcp/secret_roleset.py +554 -0
pulumi_vault/gcp/secret_static_account.py +557 -0
pulumi_vault/generic/__init__.py +11 -0
pulumi_vault/generic/endpoint.py +786 -0
pulumi_vault/generic/get_secret.py +306 -0
pulumi_vault/generic/secret.py +486 -0
pulumi_vault/get_auth_backend.py +226 -0
pulumi_vault/get_auth_backends.py +170 -0
pulumi_vault/get_namespace.py +226 -0
pulumi_vault/get_namespaces.py +202 -0
pulumi_vault/get_nomad_access_token.py +210 -0
pulumi_vault/get_policy_document.py +160 -0
pulumi_vault/get_raft_autopilot_state.py +267 -0
pulumi_vault/github/__init__.py +13 -0
pulumi_vault/github/_inputs.py +225 -0
pulumi_vault/github/auth_backend.py +1194 -0
pulumi_vault/github/outputs.py +174 -0
pulumi_vault/github/team.py +380 -0
pulumi_vault/github/user.py +380 -0
pulumi_vault/identity/__init__.py +35 -0
pulumi_vault/identity/entity.py +447 -0
pulumi_vault/identity/entity_alias.py +398 -0
pulumi_vault/identity/entity_policies.py +455 -0
pulumi_vault/identity/get_entity.py +384 -0
pulumi_vault/identity/get_group.py +467 -0
pulumi_vault/identity/get_oidc_client_creds.py +175 -0
pulumi_vault/identity/get_oidc_openid_config.py +334 -0
pulumi_vault/identity/get_oidc_public_keys.py +179 -0
pulumi_vault/identity/group.py +805 -0
pulumi_vault/identity/group_alias.py +386 -0
pulumi_vault/identity/group_member_entity_ids.py +444 -0
pulumi_vault/identity/group_member_group_ids.py +467 -0
pulumi_vault/identity/group_policies.py +471 -0
pulumi_vault/identity/mfa_duo.py +674 -0
pulumi_vault/identity/mfa_login_enforcement.py +566 -0
pulumi_vault/identity/mfa_okta.py +626 -0
pulumi_vault/identity/mfa_pingid.py +616 -0
pulumi_vault/identity/mfa_totp.py +758 -0
pulumi_vault/identity/oidc.py +268 -0
pulumi_vault/identity/oidc_assignment.py +375 -0
pulumi_vault/identity/oidc_client.py +667 -0
pulumi_vault/identity/oidc_key.py +474 -0
pulumi_vault/identity/oidc_key_allowed_client_id.py +298 -0
pulumi_vault/identity/oidc_provider.py +550 -0
pulumi_vault/identity/oidc_role.py +543 -0
pulumi_vault/identity/oidc_scope.py +355 -0
pulumi_vault/identity/outputs.py +137 -0
pulumi_vault/jwt/__init__.py +12 -0
pulumi_vault/jwt/_inputs.py +225 -0
pulumi_vault/jwt/auth_backend.py +1347 -0
pulumi_vault/jwt/auth_backend_role.py +1847 -0
pulumi_vault/jwt/outputs.py +174 -0
pulumi_vault/kmip/__init__.py +11 -0
pulumi_vault/kmip/secret_backend.py +1591 -0
pulumi_vault/kmip/secret_role.py +1194 -0
pulumi_vault/kmip/secret_scope.py +372 -0
pulumi_vault/kubernetes/__init__.py +15 -0
pulumi_vault/kubernetes/auth_backend_config.py +654 -0
pulumi_vault/kubernetes/auth_backend_role.py +1031 -0
pulumi_vault/kubernetes/get_auth_backend_config.py +280 -0
pulumi_vault/kubernetes/get_auth_backend_role.py +470 -0
pulumi_vault/kubernetes/get_service_account_token.py +344 -0
pulumi_vault/kubernetes/secret_backend.py +1341 -0
pulumi_vault/kubernetes/secret_backend_role.py +1140 -0
pulumi_vault/kv/__init__.py +18 -0
pulumi_vault/kv/_inputs.py +124 -0
pulumi_vault/kv/get_secret.py +240 -0
pulumi_vault/kv/get_secret_subkeys_v2.py +275 -0
pulumi_vault/kv/get_secret_v2.py +315 -0
pulumi_vault/kv/get_secrets_list.py +186 -0
pulumi_vault/kv/get_secrets_list_v2.py +243 -0
pulumi_vault/kv/outputs.py +102 -0
pulumi_vault/kv/secret.py +397 -0
pulumi_vault/kv/secret_backend_v2.py +455 -0
pulumi_vault/kv/secret_v2.py +970 -0
pulumi_vault/ldap/__init__.py +19 -0
pulumi_vault/ldap/_inputs.py +225 -0
pulumi_vault/ldap/auth_backend.py +2520 -0
pulumi_vault/ldap/auth_backend_group.py +386 -0
pulumi_vault/ldap/auth_backend_user.py +439 -0
pulumi_vault/ldap/get_dynamic_credentials.py +181 -0
pulumi_vault/ldap/get_static_credentials.py +192 -0
pulumi_vault/ldap/outputs.py +174 -0
pulumi_vault/ldap/secret_backend.py +2207 -0
pulumi_vault/ldap/secret_backend_dynamic_role.py +767 -0
pulumi_vault/ldap/secret_backend_library_set.py +552 -0
pulumi_vault/ldap/secret_backend_static_role.py +541 -0
pulumi_vault/managed/__init__.py +11 -0
pulumi_vault/managed/_inputs.py +944 -0
pulumi_vault/managed/keys.py +398 -0
pulumi_vault/managed/outputs.py +667 -0
pulumi_vault/mfa_duo.py +589 -0
pulumi_vault/mfa_okta.py +623 -0
pulumi_vault/mfa_pingid.py +670 -0
pulumi_vault/mfa_totp.py +620 -0
pulumi_vault/mongodbatlas/__init__.py +10 -0
pulumi_vault/mongodbatlas/secret_backend.py +388 -0
pulumi_vault/mongodbatlas/secret_role.py +726 -0
pulumi_vault/mount.py +1262 -0
pulumi_vault/namespace.py +452 -0
pulumi_vault/nomad_secret_backend.py +1559 -0
pulumi_vault/nomad_secret_role.py +489 -0
pulumi_vault/oci_auth_backend.py +676 -0
pulumi_vault/oci_auth_backend_role.py +852 -0
pulumi_vault/okta/__init__.py +13 -0
pulumi_vault/okta/_inputs.py +320 -0
pulumi_vault/okta/auth_backend.py +1231 -0
pulumi_vault/okta/auth_backend_group.py +369 -0
pulumi_vault/okta/auth_backend_user.py +416 -0
pulumi_vault/okta/outputs.py +244 -0
pulumi_vault/outputs.py +502 -0
pulumi_vault/pkisecret/__init__.py +38 -0
pulumi_vault/pkisecret/_inputs.py +270 -0
pulumi_vault/pkisecret/backend_acme_eab.py +550 -0
pulumi_vault/pkisecret/backend_config_acme.py +690 -0
pulumi_vault/pkisecret/backend_config_auto_tidy.py +1370 -0
pulumi_vault/pkisecret/backend_config_cluster.py +370 -0
pulumi_vault/pkisecret/backend_config_cmpv2.py +693 -0
pulumi_vault/pkisecret/backend_config_est.py +756 -0
pulumi_vault/pkisecret/backend_config_scep.py +738 -0
pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
pulumi_vault/pkisecret/get_backend_config_cmpv2.py +226 -0
pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
pulumi_vault/pkisecret/get_backend_config_scep.py +271 -0
pulumi_vault/pkisecret/get_backend_issuer.py +395 -0
pulumi_vault/pkisecret/get_backend_issuers.py +192 -0
pulumi_vault/pkisecret/get_backend_key.py +211 -0
pulumi_vault/pkisecret/get_backend_keys.py +192 -0
pulumi_vault/pkisecret/outputs.py +270 -0
pulumi_vault/pkisecret/secret_backend_cert.py +1315 -0
pulumi_vault/pkisecret/secret_backend_config_ca.py +386 -0
pulumi_vault/pkisecret/secret_backend_config_issuers.py +392 -0
pulumi_vault/pkisecret/secret_backend_config_urls.py +462 -0
pulumi_vault/pkisecret/secret_backend_crl_config.py +846 -0
pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +1629 -0
pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +444 -0
pulumi_vault/pkisecret/secret_backend_issuer.py +1089 -0
pulumi_vault/pkisecret/secret_backend_key.py +613 -0
pulumi_vault/pkisecret/secret_backend_role.py +2694 -0
pulumi_vault/pkisecret/secret_backend_root_cert.py +2134 -0
pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +2031 -0
pulumi_vault/pkisecret/secret_backend_sign.py +1194 -0
pulumi_vault/plugin.py +596 -0
pulumi_vault/plugin_pinned_version.py +299 -0
pulumi_vault/policy.py +279 -0
pulumi_vault/provider.py +781 -0
pulumi_vault/pulumi-plugin.json +5 -0
pulumi_vault/py.typed +0 -0
pulumi_vault/quota_lease_count.py +504 -0
pulumi_vault/quota_rate_limit.py +751 -0
pulumi_vault/rabbitmq/__init__.py +12 -0
pulumi_vault/rabbitmq/_inputs.py +235 -0
pulumi_vault/rabbitmq/outputs.py +144 -0
pulumi_vault/rabbitmq/secret_backend.py +1437 -0
pulumi_vault/rabbitmq/secret_backend_role.py +496 -0
pulumi_vault/raft_autopilot.py +609 -0
pulumi_vault/raft_snapshot_agent_config.py +1591 -0
pulumi_vault/rgp_policy.py +349 -0
pulumi_vault/saml/__init__.py +12 -0
pulumi_vault/saml/_inputs.py +225 -0
pulumi_vault/saml/auth_backend.py +811 -0
pulumi_vault/saml/auth_backend_role.py +1068 -0
pulumi_vault/saml/outputs.py +174 -0
pulumi_vault/scep_auth_backend_role.py +908 -0
pulumi_vault/secrets/__init__.py +18 -0
pulumi_vault/secrets/_inputs.py +110 -0
pulumi_vault/secrets/outputs.py +94 -0
pulumi_vault/secrets/sync_association.py +450 -0
pulumi_vault/secrets/sync_aws_destination.py +780 -0
pulumi_vault/secrets/sync_azure_destination.py +736 -0
pulumi_vault/secrets/sync_config.py +303 -0
pulumi_vault/secrets/sync_gcp_destination.py +572 -0
pulumi_vault/secrets/sync_gh_destination.py +688 -0
pulumi_vault/secrets/sync_github_apps.py +376 -0
pulumi_vault/secrets/sync_vercel_destination.py +603 -0
pulumi_vault/ssh/__init__.py +13 -0
pulumi_vault/ssh/_inputs.py +76 -0
pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
pulumi_vault/ssh/outputs.py +51 -0
pulumi_vault/ssh/secret_backend_ca.py +588 -0
pulumi_vault/ssh/secret_backend_role.py +1493 -0
pulumi_vault/terraformcloud/__init__.py +11 -0
pulumi_vault/terraformcloud/secret_backend.py +1321 -0
pulumi_vault/terraformcloud/secret_creds.py +445 -0
pulumi_vault/terraformcloud/secret_role.py +563 -0
pulumi_vault/token.py +1026 -0
pulumi_vault/tokenauth/__init__.py +9 -0
pulumi_vault/tokenauth/auth_backend_role.py +1135 -0
pulumi_vault/transform/__init__.py +14 -0
pulumi_vault/transform/alphabet.py +348 -0
pulumi_vault/transform/get_decode.py +287 -0
pulumi_vault/transform/get_encode.py +291 -0
pulumi_vault/transform/role.py +350 -0
pulumi_vault/transform/template.py +592 -0
pulumi_vault/transform/transformation.py +608 -0
pulumi_vault/transit/__init__.py +15 -0
pulumi_vault/transit/get_cmac.py +256 -0
pulumi_vault/transit/get_decrypt.py +181 -0
pulumi_vault/transit/get_encrypt.py +174 -0
pulumi_vault/transit/get_sign.py +328 -0
pulumi_vault/transit/get_verify.py +373 -0
pulumi_vault/transit/secret_backend_key.py +1202 -0
pulumi_vault/transit/secret_cache_config.py +302 -0
pulumi_vault-7.6.0a1764657486.dist-info/METADATA +92 -0
pulumi_vault-7.6.0a1764657486.dist-info/RECORD +274 -0
pulumi_vault-7.6.0a1764657486.dist-info/WHEEL +5 -0
pulumi_vault-7.6.0a1764657486.dist-info/top_level.txt +1 -0

pulumi_vault/kv/secret_v2.py ADDED Viewed

@@ -0,0 +1,970 @@
+# coding=utf-8
+# *** WARNING: this file was generated by pulumi-language-python. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+import builtins as _builtins
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from .. import _utilities
+from . import outputs
+from ._inputs import *
+__all__ = ['SecretV2Args', 'SecretV2']
+@pulumi.input_type
+class SecretV2Args:
+    def __init__(__self__, *,
+                 mount: pulumi.Input[_builtins.str],
+                 cas: Optional[pulumi.Input[_builtins.int]] = None,
+                 custom_metadata: Optional[pulumi.Input['SecretV2CustomMetadataArgs']] = None,
+                 data_json: Optional[pulumi.Input[_builtins.str]] = None,
+                 data_json_wo: Optional[pulumi.Input[_builtins.str]] = None,
+                 data_json_wo_version: Optional[pulumi.Input[_builtins.int]] = None,
+                 delete_all_versions: Optional[pulumi.Input[_builtins.bool]] = None,
+                 disable_read: Optional[pulumi.Input[_builtins.bool]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None):
+        """
+        The set of arguments for constructing a SecretV2 resource.
+        :param pulumi.Input[_builtins.str] mount: Path where KV-V2 engine is mounted.
+        :param pulumi.Input[_builtins.int] cas: This flag is required if `cas_required` is set to true
+               on either the secret or the engine's config. In order for a
+               write operation to be successful, cas must be set to the current version
+               of the secret.
+        :param pulumi.Input['SecretV2CustomMetadataArgs'] custom_metadata: A nested block that allows configuring metadata for the
+               KV secret. Refer to the
+               Configuration Options for more info.
+        :param pulumi.Input[_builtins.str] data_json: JSON-encoded string that will be
+               written as the secret data at the given path.
+        :param pulumi.Input[_builtins.str] data_json_wo: **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
+               Write-Only JSON-encoded secret data to write.
+        :param pulumi.Input[_builtins.int] data_json_wo_version: The version of the `data_json_wo`. For more info see updating write-only attributes.
+        :param pulumi.Input[_builtins.bool] delete_all_versions: If set to true, permanently deletes all
+               versions for the specified key.
+        :param pulumi.Input[_builtins.bool] disable_read: If set to true, disables reading secret from Vault;
+               note: drift won't be detected.
+        :param pulumi.Input[_builtins.str] name: Full name of the secret. For a nested secret
+               the name is the nested path excluding the mount and data
+               prefix. For example, for a secret at `kvv2/data/foo/bar/baz`
+               the name is `foo/bar/baz`.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+               *Available only for Vault Enterprise*.
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] options: An object that holds option settings.
+        """
+        pulumi.set(__self__, "mount", mount)
+        if cas is not None:
+            pulumi.set(__self__, "cas", cas)
+        if custom_metadata is not None:
+            pulumi.set(__self__, "custom_metadata", custom_metadata)
+        if data_json is not None:
+            pulumi.set(__self__, "data_json", data_json)
+        if data_json_wo is not None:
+            pulumi.set(__self__, "data_json_wo", data_json_wo)
+        if data_json_wo_version is not None:
+            pulumi.set(__self__, "data_json_wo_version", data_json_wo_version)
+        if delete_all_versions is not None:
+            pulumi.set(__self__, "delete_all_versions", delete_all_versions)
+        if disable_read is not None:
+            pulumi.set(__self__, "disable_read", disable_read)
+        if name is not None:
+            pulumi.set(__self__, "name", name)
+        if namespace is not None:
+            pulumi.set(__self__, "namespace", namespace)
+        if options is not None:
+            pulumi.set(__self__, "options", options)
+    @_builtins.property
+    @pulumi.getter
+    def mount(self) -> pulumi.Input[_builtins.str]:
+        """
+        Path where KV-V2 engine is mounted.
+        """
+        return pulumi.get(self, "mount")
+    @mount.setter
+    def mount(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "mount", value)
+    @_builtins.property
+    @pulumi.getter
+    def cas(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        This flag is required if `cas_required` is set to true
+        on either the secret or the engine's config. In order for a
+        write operation to be successful, cas must be set to the current version
+        of the secret.
+        """
+        return pulumi.get(self, "cas")
+    @cas.setter
+    def cas(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "cas", value)
+    @_builtins.property
+    @pulumi.getter(name="customMetadata")
+    def custom_metadata(self) -> Optional[pulumi.Input['SecretV2CustomMetadataArgs']]:
+        """
+        A nested block that allows configuring metadata for the
+        KV secret. Refer to the
+        Configuration Options for more info.
+        """
+        return pulumi.get(self, "custom_metadata")
+    @custom_metadata.setter
+    def custom_metadata(self, value: Optional[pulumi.Input['SecretV2CustomMetadataArgs']]):
+        pulumi.set(self, "custom_metadata", value)
+    @_builtins.property
+    @pulumi.getter(name="dataJson")
+    def data_json(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        JSON-encoded string that will be
+        written as the secret data at the given path.
+        """
+        return pulumi.get(self, "data_json")
+    @data_json.setter
+    def data_json(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "data_json", value)
+    @_builtins.property
+    @pulumi.getter(name="dataJsonWo")
+    def data_json_wo(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
+        Write-Only JSON-encoded secret data to write.
+        """
+        return pulumi.get(self, "data_json_wo")
+    @data_json_wo.setter
+    def data_json_wo(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "data_json_wo", value)
+    @_builtins.property
+    @pulumi.getter(name="dataJsonWoVersion")
+    def data_json_wo_version(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        The version of the `data_json_wo`. For more info see updating write-only attributes.
+        """
+        return pulumi.get(self, "data_json_wo_version")
+    @data_json_wo_version.setter
+    def data_json_wo_version(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "data_json_wo_version", value)
+    @_builtins.property
+    @pulumi.getter(name="deleteAllVersions")
+    def delete_all_versions(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        If set to true, permanently deletes all
+        versions for the specified key.
+        """
+        return pulumi.get(self, "delete_all_versions")
+    @delete_all_versions.setter
+    def delete_all_versions(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "delete_all_versions", value)
+    @_builtins.property
+    @pulumi.getter(name="disableRead")
+    def disable_read(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        If set to true, disables reading secret from Vault;
+        note: drift won't be detected.
+        """
+        return pulumi.get(self, "disable_read")
+    @disable_read.setter
+    def disable_read(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "disable_read", value)
+    @_builtins.property
+    @pulumi.getter
+    def name(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Full name of the secret. For a nested secret
+        the name is the nested path excluding the mount and data
+        prefix. For example, for a secret at `kvv2/data/foo/bar/baz`
+        the name is `foo/bar/baz`.
+        """
+        return pulumi.get(self, "name")
+    @name.setter
+    def name(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "name", value)
+    @_builtins.property
+    @pulumi.getter
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The namespace to provision the resource in.
+        The value should not contain leading or trailing forward slashes.
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "namespace")
+    @namespace.setter
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "namespace", value)
+    @_builtins.property
+    @pulumi.getter
+    def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
+        """
+        An object that holds option settings.
+        """
+        return pulumi.get(self, "options")
+    @options.setter
+    def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "options", value)
+@pulumi.input_type
+class _SecretV2State:
+    def __init__(__self__, *,
+                 cas: Optional[pulumi.Input[_builtins.int]] = None,
+                 custom_metadata: Optional[pulumi.Input['SecretV2CustomMetadataArgs']] = None,
+                 data: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 data_json: Optional[pulumi.Input[_builtins.str]] = None,
+                 data_json_wo: Optional[pulumi.Input[_builtins.str]] = None,
+                 data_json_wo_version: Optional[pulumi.Input[_builtins.int]] = None,
+                 delete_all_versions: Optional[pulumi.Input[_builtins.bool]] = None,
+                 disable_read: Optional[pulumi.Input[_builtins.bool]] = None,
+                 metadata: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 mount: Optional[pulumi.Input[_builtins.str]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 path: Optional[pulumi.Input[_builtins.str]] = None):
+        """
+        Input properties used for looking up and filtering SecretV2 resources.
+        :param pulumi.Input[_builtins.int] cas: This flag is required if `cas_required` is set to true
+               on either the secret or the engine's config. In order for a
+               write operation to be successful, cas must be set to the current version
+               of the secret.
+        :param pulumi.Input['SecretV2CustomMetadataArgs'] custom_metadata: A nested block that allows configuring metadata for the
+               KV secret. Refer to the
+               Configuration Options for more info.
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] data: **Deprecated. Please use new ephemeral resource `kv.SecretV2` to read back
+               secret data from Vault**. A mapping whose keys are the top-level data keys returned from
+               Vault and whose values are the corresponding values. This map can only represent string data,
+               so any non-string values returned from Vault are serialized as JSON.
+        :param pulumi.Input[_builtins.str] data_json: JSON-encoded string that will be
+               written as the secret data at the given path.
+        :param pulumi.Input[_builtins.str] data_json_wo: **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
+               Write-Only JSON-encoded secret data to write.
+        :param pulumi.Input[_builtins.int] data_json_wo_version: The version of the `data_json_wo`. For more info see updating write-only attributes.
+        :param pulumi.Input[_builtins.bool] delete_all_versions: If set to true, permanently deletes all
+               versions for the specified key.
+        :param pulumi.Input[_builtins.bool] disable_read: If set to true, disables reading secret from Vault;
+               note: drift won't be detected.
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] metadata: Metadata associated with this secret read from Vault.
+        :param pulumi.Input[_builtins.str] mount: Path where KV-V2 engine is mounted.
+        :param pulumi.Input[_builtins.str] name: Full name of the secret. For a nested secret
+               the name is the nested path excluding the mount and data
+               prefix. For example, for a secret at `kvv2/data/foo/bar/baz`
+               the name is `foo/bar/baz`.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+               *Available only for Vault Enterprise*.
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] options: An object that holds option settings.
+        :param pulumi.Input[_builtins.str] path: Full path where the KV-V2 secret will be written.
+        """
+        if cas is not None:
+            pulumi.set(__self__, "cas", cas)
+        if custom_metadata is not None:
+            pulumi.set(__self__, "custom_metadata", custom_metadata)
+        if data is not None:
+            warnings.warn("""Deprecated. Will no longer be set on a read.""", DeprecationWarning)
+            pulumi.log.warn("""data is deprecated: Deprecated. Will no longer be set on a read.""")
+        if data is not None:
+            pulumi.set(__self__, "data", data)
+        if data_json is not None:
+            pulumi.set(__self__, "data_json", data_json)
+        if data_json_wo is not None:
+            pulumi.set(__self__, "data_json_wo", data_json_wo)
+        if data_json_wo_version is not None:
+            pulumi.set(__self__, "data_json_wo_version", data_json_wo_version)
+        if delete_all_versions is not None:
+            pulumi.set(__self__, "delete_all_versions", delete_all_versions)
+        if disable_read is not None:
+            pulumi.set(__self__, "disable_read", disable_read)
+        if metadata is not None:
+            pulumi.set(__self__, "metadata", metadata)
+        if mount is not None:
+            pulumi.set(__self__, "mount", mount)
+        if name is not None:
+            pulumi.set(__self__, "name", name)
+        if namespace is not None:
+            pulumi.set(__self__, "namespace", namespace)
+        if options is not None:
+            pulumi.set(__self__, "options", options)
+        if path is not None:
+            pulumi.set(__self__, "path", path)
+    @_builtins.property
+    @pulumi.getter
+    def cas(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        This flag is required if `cas_required` is set to true
+        on either the secret or the engine's config. In order for a
+        write operation to be successful, cas must be set to the current version
+        of the secret.
+        """
+        return pulumi.get(self, "cas")
+    @cas.setter
+    def cas(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "cas", value)
+    @_builtins.property
+    @pulumi.getter(name="customMetadata")
+    def custom_metadata(self) -> Optional[pulumi.Input['SecretV2CustomMetadataArgs']]:
+        """
+        A nested block that allows configuring metadata for the
+        KV secret. Refer to the
+        Configuration Options for more info.
+        """
+        return pulumi.get(self, "custom_metadata")
+    @custom_metadata.setter
+    def custom_metadata(self, value: Optional[pulumi.Input['SecretV2CustomMetadataArgs']]):
+        pulumi.set(self, "custom_metadata", value)
+    @_builtins.property
+    @pulumi.getter
+    @_utilities.deprecated("""Deprecated. Will no longer be set on a read.""")
+    def data(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
+        """
+        **Deprecated. Please use new ephemeral resource `kv.SecretV2` to read back
+        secret data from Vault**. A mapping whose keys are the top-level data keys returned from
+        Vault and whose values are the corresponding values. This map can only represent string data,
+        so any non-string values returned from Vault are serialized as JSON.
+        """
+        return pulumi.get(self, "data")
+    @data.setter
+    def data(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "data", value)
+    @_builtins.property
+    @pulumi.getter(name="dataJson")
+    def data_json(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        JSON-encoded string that will be
+        written as the secret data at the given path.
+        """
+        return pulumi.get(self, "data_json")
+    @data_json.setter
+    def data_json(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "data_json", value)
+    @_builtins.property
+    @pulumi.getter(name="dataJsonWo")
+    def data_json_wo(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
+        Write-Only JSON-encoded secret data to write.
+        """
+        return pulumi.get(self, "data_json_wo")
+    @data_json_wo.setter
+    def data_json_wo(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "data_json_wo", value)
+    @_builtins.property
+    @pulumi.getter(name="dataJsonWoVersion")
+    def data_json_wo_version(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        The version of the `data_json_wo`. For more info see updating write-only attributes.
+        """
+        return pulumi.get(self, "data_json_wo_version")
+    @data_json_wo_version.setter
+    def data_json_wo_version(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "data_json_wo_version", value)
+    @_builtins.property
+    @pulumi.getter(name="deleteAllVersions")
+    def delete_all_versions(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        If set to true, permanently deletes all
+        versions for the specified key.
+        """
+        return pulumi.get(self, "delete_all_versions")
+    @delete_all_versions.setter
+    def delete_all_versions(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "delete_all_versions", value)
+    @_builtins.property
+    @pulumi.getter(name="disableRead")
+    def disable_read(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        If set to true, disables reading secret from Vault;
+        note: drift won't be detected.
+        """
+        return pulumi.get(self, "disable_read")
+    @disable_read.setter
+    def disable_read(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "disable_read", value)
+    @_builtins.property
+    @pulumi.getter
+    def metadata(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
+        """
+        Metadata associated with this secret read from Vault.
+        """
+        return pulumi.get(self, "metadata")
+    @metadata.setter
+    def metadata(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "metadata", value)
+    @_builtins.property
+    @pulumi.getter
+    def mount(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Path where KV-V2 engine is mounted.
+        """
+        return pulumi.get(self, "mount")
+    @mount.setter
+    def mount(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "mount", value)
+    @_builtins.property
+    @pulumi.getter
+    def name(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Full name of the secret. For a nested secret
+        the name is the nested path excluding the mount and data
+        prefix. For example, for a secret at `kvv2/data/foo/bar/baz`
+        the name is `foo/bar/baz`.
+        """
+        return pulumi.get(self, "name")
+    @name.setter
+    def name(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "name", value)
+    @_builtins.property
+    @pulumi.getter
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The namespace to provision the resource in.
+        The value should not contain leading or trailing forward slashes.
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "namespace")
+    @namespace.setter
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "namespace", value)
+    @_builtins.property
+    @pulumi.getter
+    def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
+        """
+        An object that holds option settings.
+        """
+        return pulumi.get(self, "options")
+    @options.setter
+    def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "options", value)
+    @_builtins.property
+    @pulumi.getter
+    def path(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Full path where the KV-V2 secret will be written.
+        """
+        return pulumi.get(self, "path")
+    @path.setter
+    def path(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "path", value)
+@pulumi.type_token("vault:kv/secretV2:SecretV2")
+class SecretV2(pulumi.CustomResource):
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 cas: Optional[pulumi.Input[_builtins.int]] = None,
+                 custom_metadata: Optional[pulumi.Input[Union['SecretV2CustomMetadataArgs', 'SecretV2CustomMetadataArgsDict']]] = None,
+                 data_json: Optional[pulumi.Input[_builtins.str]] = None,
+                 data_json_wo: Optional[pulumi.Input[_builtins.str]] = None,
+                 data_json_wo_version: Optional[pulumi.Input[_builtins.int]] = None,
+                 delete_all_versions: Optional[pulumi.Input[_builtins.bool]] = None,
+                 disable_read: Optional[pulumi.Input[_builtins.bool]] = None,
+                 mount: Optional[pulumi.Input[_builtins.str]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 __props__=None):
+        """
+        Writes a KV-V2 secret to a given path in Vault.
+        For more information on Vault's KV-V2 secret backend
+        [see here](https://www.vaultproject.io/docs/secrets/kv/kv-v2).
+        ## Example Usage
+        ```python
+        import pulumi
+        import json
+        import pulumi_vault as vault
+        kvv2 = vault.Mount("kvv2",
+            path="kvv2",
+            type="kv",
+            options={
+                "version": "2",
+            },
+            description="KV Version 2 secret engine mount")
+        example = vault.kv.SecretV2("example",
+            mount=kvv2.path,
+            name="secret",
+            cas=1,
+            delete_all_versions=True,
+            data_json=json.dumps({
+                "zip": "zap",
+                "foo": "bar",
+            }),
+            custom_metadata={
+                "max_versions": 5,
+                "data": {
+                    "foo": "vault@example.com",
+                    "bar": "12345",
+                },
+            })
+        ```
+        ## Required Vault Capabilities
+        Use of this resource requires the `create` or `update` capability
+        (depending on whether the resource already exists) on the given path,
+        the `delete` capability if the resource is removed from configuration,
+        and the `read` capability for drift detection (by default).
+        ### Custom Metadata Configuration Options
+        * `max_versions` - (Optional) The number of versions to keep per key.
+        * `cas_required` - (Optional) If true, all keys will require the cas
+        parameter to be set on all write requests.
+        * `delete_version_after` - (Optional) If set, specifies the length of time before
+        a version is deleted. Accepts duration in integer seconds.
+        * `data` - (Optional) A string to string map describing the secret.
+        ## Ephemeral Attributes Reference
+        The following write-only attributes are supported:
+        * `data_json_wo` - (Optional) JSON-encoded secret data to write to Vault. Can be updated.
+          **Note**: This property is write-only and will not be read from the API.
+        ## Import
+        KV-V2 secrets can be imported using the `path`, e.g.
+        ```sh
+        $ pulumi import vault:kv/secretV2:SecretV2 example kvv2/data/secret
+        ```
+        :param str resource_name: The name of the resource.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[_builtins.int] cas: This flag is required if `cas_required` is set to true
+               on either the secret or the engine's config. In order for a
+               write operation to be successful, cas must be set to the current version
+               of the secret.
+        :param pulumi.Input[Union['SecretV2CustomMetadataArgs', 'SecretV2CustomMetadataArgsDict']] custom_metadata: A nested block that allows configuring metadata for the
+               KV secret. Refer to the
+               Configuration Options for more info.
+        :param pulumi.Input[_builtins.str] data_json: JSON-encoded string that will be
+               written as the secret data at the given path.
+        :param pulumi.Input[_builtins.str] data_json_wo: **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
+               Write-Only JSON-encoded secret data to write.
+        :param pulumi.Input[_builtins.int] data_json_wo_version: The version of the `data_json_wo`. For more info see updating write-only attributes.
+        :param pulumi.Input[_builtins.bool] delete_all_versions: If set to true, permanently deletes all
+               versions for the specified key.
+        :param pulumi.Input[_builtins.bool] disable_read: If set to true, disables reading secret from Vault;
+               note: drift won't be detected.
+        :param pulumi.Input[_builtins.str] mount: Path where KV-V2 engine is mounted.
+        :param pulumi.Input[_builtins.str] name: Full name of the secret. For a nested secret
+               the name is the nested path excluding the mount and data
+               prefix. For example, for a secret at `kvv2/data/foo/bar/baz`
+               the name is `foo/bar/baz`.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+               *Available only for Vault Enterprise*.
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] options: An object that holds option settings.
+        """
+        ...
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 args: SecretV2Args,
+                 opts: Optional[pulumi.ResourceOptions] = None):
+        """
+        Writes a KV-V2 secret to a given path in Vault.
+        For more information on Vault's KV-V2 secret backend
+        [see here](https://www.vaultproject.io/docs/secrets/kv/kv-v2).
+        ## Example Usage
+        ```python
+        import pulumi
+        import json
+        import pulumi_vault as vault
+        kvv2 = vault.Mount("kvv2",
+            path="kvv2",
+            type="kv",
+            options={
+                "version": "2",
+            },
+            description="KV Version 2 secret engine mount")
+        example = vault.kv.SecretV2("example",
+            mount=kvv2.path,
+            name="secret",
+            cas=1,
+            delete_all_versions=True,
+            data_json=json.dumps({
+                "zip": "zap",
+                "foo": "bar",
+            }),
+            custom_metadata={
+                "max_versions": 5,
+                "data": {
+                    "foo": "vault@example.com",
+                    "bar": "12345",
+                },
+            })
+        ```
+        ## Required Vault Capabilities
+        Use of this resource requires the `create` or `update` capability
+        (depending on whether the resource already exists) on the given path,
+        the `delete` capability if the resource is removed from configuration,
+        and the `read` capability for drift detection (by default).
+        ### Custom Metadata Configuration Options
+        * `max_versions` - (Optional) The number of versions to keep per key.
+        * `cas_required` - (Optional) If true, all keys will require the cas
+        parameter to be set on all write requests.
+        * `delete_version_after` - (Optional) If set, specifies the length of time before
+        a version is deleted. Accepts duration in integer seconds.
+        * `data` - (Optional) A string to string map describing the secret.
+        ## Ephemeral Attributes Reference
+        The following write-only attributes are supported:
+        * `data_json_wo` - (Optional) JSON-encoded secret data to write to Vault. Can be updated.
+          **Note**: This property is write-only and will not be read from the API.
+        ## Import
+        KV-V2 secrets can be imported using the `path`, e.g.
+        ```sh
+        $ pulumi import vault:kv/secretV2:SecretV2 example kvv2/data/secret
+        ```
+        :param str resource_name: The name of the resource.
+        :param SecretV2Args args: The arguments to use to populate this resource's properties.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        """
+        ...
+    def __init__(__self__, resource_name: str, *args, **kwargs):
+        resource_args, opts = _utilities.get_resource_args_opts(SecretV2Args, pulumi.ResourceOptions, *args, **kwargs)
+        if resource_args is not None:
+            __self__._internal_init(resource_name, opts, **resource_args.__dict__)
+        else:
+            __self__._internal_init(resource_name, *args, **kwargs)
+    def _internal_init(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 cas: Optional[pulumi.Input[_builtins.int]] = None,
+                 custom_metadata: Optional[pulumi.Input[Union['SecretV2CustomMetadataArgs', 'SecretV2CustomMetadataArgsDict']]] = None,
+                 data_json: Optional[pulumi.Input[_builtins.str]] = None,
+                 data_json_wo: Optional[pulumi.Input[_builtins.str]] = None,
+                 data_json_wo_version: Optional[pulumi.Input[_builtins.int]] = None,
+                 delete_all_versions: Optional[pulumi.Input[_builtins.bool]] = None,
+                 disable_read: Optional[pulumi.Input[_builtins.bool]] = None,
+                 mount: Optional[pulumi.Input[_builtins.str]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 __props__=None):
+        opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
+        if not isinstance(opts, pulumi.ResourceOptions):
+            raise TypeError('Expected resource options to be a ResourceOptions instance')
+        if opts.id is None:
+            if __props__ is not None:
+                raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
+            __props__ = SecretV2Args.__new__(SecretV2Args)
+            __props__.__dict__["cas"] = cas
+            __props__.__dict__["custom_metadata"] = custom_metadata
+            __props__.__dict__["data_json"] = None if data_json is None else pulumi.Output.secret(data_json)
+            __props__.__dict__["data_json_wo"] = None if data_json_wo is None else pulumi.Output.secret(data_json_wo)
+            __props__.__dict__["data_json_wo_version"] = data_json_wo_version
+            __props__.__dict__["delete_all_versions"] = delete_all_versions
+            __props__.__dict__["disable_read"] = disable_read
+            if mount is None and not opts.urn:
+                raise TypeError("Missing required property 'mount'")
+            __props__.__dict__["mount"] = mount
+            __props__.__dict__["name"] = name
+            __props__.__dict__["namespace"] = namespace
+            __props__.__dict__["options"] = options
+            __props__.__dict__["data"] = None
+            __props__.__dict__["metadata"] = None
+            __props__.__dict__["path"] = None
+        secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["data", "dataJson", "dataJsonWo"])
+        opts = pulumi.ResourceOptions.merge(opts, secret_opts)
+        super(SecretV2, __self__).__init__(
+            'vault:kv/secretV2:SecretV2',
+            resource_name,
+            __props__,
+            opts)
+    @staticmethod
+    def get(resource_name: str,
+            id: pulumi.Input[str],
+            opts: Optional[pulumi.ResourceOptions] = None,
+            cas: Optional[pulumi.Input[_builtins.int]] = None,
+            custom_metadata: Optional[pulumi.Input[Union['SecretV2CustomMetadataArgs', 'SecretV2CustomMetadataArgsDict']]] = None,
+            data: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+            data_json: Optional[pulumi.Input[_builtins.str]] = None,
+            data_json_wo: Optional[pulumi.Input[_builtins.str]] = None,
+            data_json_wo_version: Optional[pulumi.Input[_builtins.int]] = None,
+            delete_all_versions: Optional[pulumi.Input[_builtins.bool]] = None,
+            disable_read: Optional[pulumi.Input[_builtins.bool]] = None,
+            metadata: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+            mount: Optional[pulumi.Input[_builtins.str]] = None,
+            name: Optional[pulumi.Input[_builtins.str]] = None,
+            namespace: Optional[pulumi.Input[_builtins.str]] = None,
+            options: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+            path: Optional[pulumi.Input[_builtins.str]] = None) -> 'SecretV2':
+        """
+        Get an existing SecretV2 resource's state with the given name, id, and optional extra
+        properties used to qualify the lookup.
+        :param str resource_name: The unique name of the resulting resource.
+        :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[_builtins.int] cas: This flag is required if `cas_required` is set to true
+               on either the secret or the engine's config. In order for a
+               write operation to be successful, cas must be set to the current version
+               of the secret.
+        :param pulumi.Input[Union['SecretV2CustomMetadataArgs', 'SecretV2CustomMetadataArgsDict']] custom_metadata: A nested block that allows configuring metadata for the
+               KV secret. Refer to the
+               Configuration Options for more info.
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] data: **Deprecated. Please use new ephemeral resource `kv.SecretV2` to read back
+               secret data from Vault**. A mapping whose keys are the top-level data keys returned from
+               Vault and whose values are the corresponding values. This map can only represent string data,
+               so any non-string values returned from Vault are serialized as JSON.
+        :param pulumi.Input[_builtins.str] data_json: JSON-encoded string that will be
+               written as the secret data at the given path.
+        :param pulumi.Input[_builtins.str] data_json_wo: **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
+               Write-Only JSON-encoded secret data to write.
+        :param pulumi.Input[_builtins.int] data_json_wo_version: The version of the `data_json_wo`. For more info see updating write-only attributes.
+        :param pulumi.Input[_builtins.bool] delete_all_versions: If set to true, permanently deletes all
+               versions for the specified key.
+        :param pulumi.Input[_builtins.bool] disable_read: If set to true, disables reading secret from Vault;
+               note: drift won't be detected.
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] metadata: Metadata associated with this secret read from Vault.
+        :param pulumi.Input[_builtins.str] mount: Path where KV-V2 engine is mounted.
+        :param pulumi.Input[_builtins.str] name: Full name of the secret. For a nested secret
+               the name is the nested path excluding the mount and data
+               prefix. For example, for a secret at `kvv2/data/foo/bar/baz`
+               the name is `foo/bar/baz`.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+               *Available only for Vault Enterprise*.
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] options: An object that holds option settings.
+        :param pulumi.Input[_builtins.str] path: Full path where the KV-V2 secret will be written.
+        """
+        opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
+        __props__ = _SecretV2State.__new__(_SecretV2State)
+        __props__.__dict__["cas"] = cas
+        __props__.__dict__["custom_metadata"] = custom_metadata
+        __props__.__dict__["data"] = data
+        __props__.__dict__["data_json"] = data_json
+        __props__.__dict__["data_json_wo"] = data_json_wo
+        __props__.__dict__["data_json_wo_version"] = data_json_wo_version
+        __props__.__dict__["delete_all_versions"] = delete_all_versions
+        __props__.__dict__["disable_read"] = disable_read
+        __props__.__dict__["metadata"] = metadata
+        __props__.__dict__["mount"] = mount
+        __props__.__dict__["name"] = name
+        __props__.__dict__["namespace"] = namespace
+        __props__.__dict__["options"] = options
+        __props__.__dict__["path"] = path
+        return SecretV2(resource_name, opts=opts, __props__=__props__)
+    @_builtins.property
+    @pulumi.getter
+    def cas(self) -> pulumi.Output[Optional[_builtins.int]]:
+        """
+        This flag is required if `cas_required` is set to true
+        on either the secret or the engine's config. In order for a
+        write operation to be successful, cas must be set to the current version
+        of the secret.
+        """
+        return pulumi.get(self, "cas")
+    @_builtins.property
+    @pulumi.getter(name="customMetadata")
+    def custom_metadata(self) -> pulumi.Output['outputs.SecretV2CustomMetadata']:
+        """
+        A nested block that allows configuring metadata for the
+        KV secret. Refer to the
+        Configuration Options for more info.
+        """
+        return pulumi.get(self, "custom_metadata")
+    @_builtins.property
+    @pulumi.getter
+    @_utilities.deprecated("""Deprecated. Will no longer be set on a read.""")
+    def data(self) -> pulumi.Output[Mapping[str, _builtins.str]]:
+        """
+        **Deprecated. Please use new ephemeral resource `kv.SecretV2` to read back
+        secret data from Vault**. A mapping whose keys are the top-level data keys returned from
+        Vault and whose values are the corresponding values. This map can only represent string data,
+        so any non-string values returned from Vault are serialized as JSON.
+        """
+        return pulumi.get(self, "data")
+    @_builtins.property
+    @pulumi.getter(name="dataJson")
+    def data_json(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        JSON-encoded string that will be
+        written as the secret data at the given path.
+        """
+        return pulumi.get(self, "data_json")
+    @_builtins.property
+    @pulumi.getter(name="dataJsonWo")
+    def data_json_wo(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
+        Write-Only JSON-encoded secret data to write.
+        """
+        return pulumi.get(self, "data_json_wo")
+    @_builtins.property
+    @pulumi.getter(name="dataJsonWoVersion")
+    def data_json_wo_version(self) -> pulumi.Output[Optional[_builtins.int]]:
+        """
+        The version of the `data_json_wo`. For more info see updating write-only attributes.
+        """
+        return pulumi.get(self, "data_json_wo_version")
+    @_builtins.property
+    @pulumi.getter(name="deleteAllVersions")
+    def delete_all_versions(self) -> pulumi.Output[Optional[_builtins.bool]]:
+        """
+        If set to true, permanently deletes all
+        versions for the specified key.
+        """
+        return pulumi.get(self, "delete_all_versions")
+    @_builtins.property
+    @pulumi.getter(name="disableRead")
+    def disable_read(self) -> pulumi.Output[Optional[_builtins.bool]]:
+        """
+        If set to true, disables reading secret from Vault;
+        note: drift won't be detected.
+        """
+        return pulumi.get(self, "disable_read")
+    @_builtins.property
+    @pulumi.getter
+    def metadata(self) -> pulumi.Output[Mapping[str, _builtins.str]]:
+        """
+        Metadata associated with this secret read from Vault.
+        """
+        return pulumi.get(self, "metadata")
+    @_builtins.property
+    @pulumi.getter
+    def mount(self) -> pulumi.Output[_builtins.str]:
+        """
+        Path where KV-V2 engine is mounted.
+        """
+        return pulumi.get(self, "mount")
+    @_builtins.property
+    @pulumi.getter
+    def name(self) -> pulumi.Output[_builtins.str]:
+        """
+        Full name of the secret. For a nested secret
+        the name is the nested path excluding the mount and data
+        prefix. For example, for a secret at `kvv2/data/foo/bar/baz`
+        the name is `foo/bar/baz`.
+        """
+        return pulumi.get(self, "name")
+    @_builtins.property
+    @pulumi.getter
+    def namespace(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        The namespace to provision the resource in.
+        The value should not contain leading or trailing forward slashes.
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "namespace")
+    @_builtins.property
+    @pulumi.getter
+    def options(self) -> pulumi.Output[Optional[Mapping[str, _builtins.str]]]:
+        """
+        An object that holds option settings.
+        """
+        return pulumi.get(self, "options")
+    @_builtins.property
+    @pulumi.getter
+    def path(self) -> pulumi.Output[_builtins.str]:
+        """
+        Full path where the KV-V2 secret will be written.
+        """
+        return pulumi.get(self, "path")