Viewing docs for akeyless 2.0.1
published on Monday, Apr 27, 2026 by akeyless-community
published on Monday, Apr 27, 2026 by akeyless-community
Viewing docs for akeyless 2.0.1
published on Monday, Apr 27, 2026 by akeyless-community
published on Monday, Apr 27, 2026 by akeyless-community
Native Kubernetes Service dynamic secret resource
Create DynamicSecretK8s Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new DynamicSecretK8s(name: string, args?: DynamicSecretK8sArgs, opts?: CustomResourceOptions);@overload
def DynamicSecretK8s(resource_name: str,
args: Optional[DynamicSecretK8sArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def DynamicSecretK8s(resource_name: str,
opts: Optional[ResourceOptions] = None,
custom_username_template: Optional[str] = None,
delete_protection: Optional[str] = None,
description: Optional[str] = None,
dynamic_secret_k8s_id: Optional[str] = None,
encryption_key_name: Optional[str] = None,
item_custom_fields: Optional[Mapping[str, str]] = None,
k8s_allowed_namespaces: Optional[str] = None,
k8s_cluster_ca_cert: Optional[str] = None,
k8s_cluster_endpoint: Optional[str] = None,
k8s_cluster_name: Optional[str] = None,
k8s_cluster_token: Optional[str] = None,
k8s_namespace: Optional[str] = None,
k8s_predefined_role_name: Optional[str] = None,
k8s_predefined_role_type: Optional[str] = None,
k8s_rolebinding_yaml_data: Optional[str] = None,
k8s_rolebinding_yaml_def: Optional[str] = None,
k8s_service_account: Optional[str] = None,
k8s_service_account_type: Optional[str] = None,
name: Optional[str] = None,
secure_access_allow_port_forwading: Optional[bool] = None,
secure_access_bastion_issuer: Optional[str] = None,
secure_access_certificate_issuer: Optional[str] = None,
secure_access_cluster_endpoint: Optional[str] = None,
secure_access_dashboard_url: Optional[str] = None,
secure_access_delay: Optional[float] = None,
secure_access_enable: Optional[str] = None,
secure_access_web: Optional[bool] = None,
secure_access_web_browsing: Optional[bool] = None,
secure_access_web_proxy: Optional[bool] = None,
tags: Optional[Sequence[str]] = None,
target_name: Optional[str] = None,
use_gw_service_account: Optional[bool] = None,
user_ttl: Optional[str] = None)func NewDynamicSecretK8s(ctx *Context, name string, args *DynamicSecretK8sArgs, opts ...ResourceOption) (*DynamicSecretK8s, error)public DynamicSecretK8s(string name, DynamicSecretK8sArgs? args = null, CustomResourceOptions? opts = null)
public DynamicSecretK8s(String name, DynamicSecretK8sArgs args)
public DynamicSecretK8s(String name, DynamicSecretK8sArgs args, CustomResourceOptions options)
type: akeyless:DynamicSecretK8s
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args DynamicSecretK8sArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args DynamicSecretK8sArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args DynamicSecretK8sArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DynamicSecretK8sArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args DynamicSecretK8sArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var dynamicSecretK8sResource = new Akeyless.DynamicSecretK8s("dynamicSecretK8sResource", new()
{
CustomUsernameTemplate = "string",
DeleteProtection = "string",
Description = "string",
DynamicSecretK8sId = "string",
EncryptionKeyName = "string",
ItemCustomFields =
{
{ "string", "string" },
},
K8sAllowedNamespaces = "string",
K8sClusterCaCert = "string",
K8sClusterEndpoint = "string",
K8sClusterName = "string",
K8sClusterToken = "string",
K8sNamespace = "string",
K8sPredefinedRoleName = "string",
K8sPredefinedRoleType = "string",
K8sRolebindingYamlData = "string",
K8sRolebindingYamlDef = "string",
K8sServiceAccount = "string",
K8sServiceAccountType = "string",
Name = "string",
SecureAccessAllowPortForwading = false,
SecureAccessCertificateIssuer = "string",
SecureAccessClusterEndpoint = "string",
SecureAccessDashboardUrl = "string",
SecureAccessDelay = 0,
SecureAccessEnable = "string",
SecureAccessWeb = false,
SecureAccessWebBrowsing = false,
SecureAccessWebProxy = false,
Tags = new[]
{
"string",
},
TargetName = "string",
UseGwServiceAccount = false,
UserTtl = "string",
});
example, err := akeyless.NewDynamicSecretK8s(ctx, "dynamicSecretK8sResource", &akeyless.DynamicSecretK8sArgs{
CustomUsernameTemplate: pulumi.String("string"),
DeleteProtection: pulumi.String("string"),
Description: pulumi.String("string"),
DynamicSecretK8sId: pulumi.String("string"),
EncryptionKeyName: pulumi.String("string"),
ItemCustomFields: pulumi.StringMap{
"string": pulumi.String("string"),
},
K8sAllowedNamespaces: pulumi.String("string"),
K8sClusterCaCert: pulumi.String("string"),
K8sClusterEndpoint: pulumi.String("string"),
K8sClusterName: pulumi.String("string"),
K8sClusterToken: pulumi.String("string"),
K8sNamespace: pulumi.String("string"),
K8sPredefinedRoleName: pulumi.String("string"),
K8sPredefinedRoleType: pulumi.String("string"),
K8sRolebindingYamlData: pulumi.String("string"),
K8sRolebindingYamlDef: pulumi.String("string"),
K8sServiceAccount: pulumi.String("string"),
K8sServiceAccountType: pulumi.String("string"),
Name: pulumi.String("string"),
SecureAccessAllowPortForwading: pulumi.Bool(false),
SecureAccessCertificateIssuer: pulumi.String("string"),
SecureAccessClusterEndpoint: pulumi.String("string"),
SecureAccessDashboardUrl: pulumi.String("string"),
SecureAccessDelay: pulumi.Float64(0),
SecureAccessEnable: pulumi.String("string"),
SecureAccessWeb: pulumi.Bool(false),
SecureAccessWebBrowsing: pulumi.Bool(false),
SecureAccessWebProxy: pulumi.Bool(false),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
TargetName: pulumi.String("string"),
UseGwServiceAccount: pulumi.Bool(false),
UserTtl: pulumi.String("string"),
})
var dynamicSecretK8sResource = new DynamicSecretK8s("dynamicSecretK8sResource", DynamicSecretK8sArgs.builder()
.customUsernameTemplate("string")
.deleteProtection("string")
.description("string")
.dynamicSecretK8sId("string")
.encryptionKeyName("string")
.itemCustomFields(Map.of("string", "string"))
.k8sAllowedNamespaces("string")
.k8sClusterCaCert("string")
.k8sClusterEndpoint("string")
.k8sClusterName("string")
.k8sClusterToken("string")
.k8sNamespace("string")
.k8sPredefinedRoleName("string")
.k8sPredefinedRoleType("string")
.k8sRolebindingYamlData("string")
.k8sRolebindingYamlDef("string")
.k8sServiceAccount("string")
.k8sServiceAccountType("string")
.name("string")
.secureAccessAllowPortForwading(false)
.secureAccessCertificateIssuer("string")
.secureAccessClusterEndpoint("string")
.secureAccessDashboardUrl("string")
.secureAccessDelay(0.0)
.secureAccessEnable("string")
.secureAccessWeb(false)
.secureAccessWebBrowsing(false)
.secureAccessWebProxy(false)
.tags("string")
.targetName("string")
.useGwServiceAccount(false)
.userTtl("string")
.build());
dynamic_secret_k8s_resource = akeyless.DynamicSecretK8s("dynamicSecretK8sResource",
custom_username_template="string",
delete_protection="string",
description="string",
dynamic_secret_k8s_id="string",
encryption_key_name="string",
item_custom_fields={
"string": "string",
},
k8s_allowed_namespaces="string",
k8s_cluster_ca_cert="string",
k8s_cluster_endpoint="string",
k8s_cluster_name="string",
k8s_cluster_token="string",
k8s_namespace="string",
k8s_predefined_role_name="string",
k8s_predefined_role_type="string",
k8s_rolebinding_yaml_data="string",
k8s_rolebinding_yaml_def="string",
k8s_service_account="string",
k8s_service_account_type="string",
name="string",
secure_access_allow_port_forwading=False,
secure_access_certificate_issuer="string",
secure_access_cluster_endpoint="string",
secure_access_dashboard_url="string",
secure_access_delay=float(0),
secure_access_enable="string",
secure_access_web=False,
secure_access_web_browsing=False,
secure_access_web_proxy=False,
tags=["string"],
target_name="string",
use_gw_service_account=False,
user_ttl="string")
const dynamicSecretK8sResource = new akeyless.DynamicSecretK8s("dynamicSecretK8sResource", {
customUsernameTemplate: "string",
deleteProtection: "string",
description: "string",
dynamicSecretK8sId: "string",
encryptionKeyName: "string",
itemCustomFields: {
string: "string",
},
k8sAllowedNamespaces: "string",
k8sClusterCaCert: "string",
k8sClusterEndpoint: "string",
k8sClusterName: "string",
k8sClusterToken: "string",
k8sNamespace: "string",
k8sPredefinedRoleName: "string",
k8sPredefinedRoleType: "string",
k8sRolebindingYamlData: "string",
k8sRolebindingYamlDef: "string",
k8sServiceAccount: "string",
k8sServiceAccountType: "string",
name: "string",
secureAccessAllowPortForwading: false,
secureAccessCertificateIssuer: "string",
secureAccessClusterEndpoint: "string",
secureAccessDashboardUrl: "string",
secureAccessDelay: 0,
secureAccessEnable: "string",
secureAccessWeb: false,
secureAccessWebBrowsing: false,
secureAccessWebProxy: false,
tags: ["string"],
targetName: "string",
useGwServiceAccount: false,
userTtl: "string",
});
type: akeyless:DynamicSecretK8s
properties:
customUsernameTemplate: string
deleteProtection: string
description: string
dynamicSecretK8sId: string
encryptionKeyName: string
itemCustomFields:
string: string
k8sAllowedNamespaces: string
k8sClusterCaCert: string
k8sClusterEndpoint: string
k8sClusterName: string
k8sClusterToken: string
k8sNamespace: string
k8sPredefinedRoleName: string
k8sPredefinedRoleType: string
k8sRolebindingYamlData: string
k8sRolebindingYamlDef: string
k8sServiceAccount: string
k8sServiceAccountType: string
name: string
secureAccessAllowPortForwading: false
secureAccessCertificateIssuer: string
secureAccessClusterEndpoint: string
secureAccessDashboardUrl: string
secureAccessDelay: 0
secureAccessEnable: string
secureAccessWeb: false
secureAccessWebBrowsing: false
secureAccessWebProxy: false
tags:
- string
targetName: string
useGwServiceAccount: false
userTtl: string
DynamicSecretK8s Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The DynamicSecretK8s resource accepts the following input properties:
- Custom
Username stringTemplate - Customize how temporary usernames are generated using go template
- Delete
Protection string - Protection from accidental deletion of this item [true/false]
- Description string
- Description of the object
- Dynamic
Secret stringK8s Id - The ID of this resource.
- Encryption
Key stringName - Dynamic producer encryption key
- Item
Custom Dictionary<string, string>Fields - Additional custom fields to associate with the item
- K8s
Allowed stringNamespaces - Comma-separated list of allowed K8S namespaces for the generated ServiceAccount (relevant only for k8s-service-account-type=dynamic).
- K8s
Cluster stringCa Cert - K8S cluster CA certificate
- K8s
Cluster stringEndpoint - K8S cluster URL endpoint
- K8s
Cluster stringName - K8S cluster name
- K8s
Cluster stringToken - K8S cluster Bearer token
- K8s
Namespace string - K8S Namespace where the ServiceAccount exists.
- K8s
Predefined stringRole Name - The pre-existing Role or ClusterRole name to bind the generated ServiceAccount to (relevant only for k8s-service-account-type=dynamic).
- K8s
Predefined stringRole Type - Specifies the type of the pre-existing K8S role Role, ClusterRole.
- K8s
Rolebinding stringYaml Data - Content of the yaml in a Base64 format.
- K8s
Rolebinding stringYaml Def - Path to yaml file that contains definitions of K8S role and role binding (relevant only for k8s-service-account-type=dynamic)
- K8s
Service stringAccount - K8S ServiceAccount to extract token from.
- K8s
Service stringAccount Type - K8S ServiceAccount type [fixed, dynamic].
- Name string
- Dynamic secret name
- Secure
Access boolAllow Port Forwading - Enable Port forwarding while using CLI access
- Secure
Access stringBastion Issuer - Path to the SSH Certificate Issuer for your Akeyless Bastion
- Secure
Access stringCertificate Issuer - Path to the SSH Certificate Issuer for your Akeyless Secure Access
- Secure
Access stringCluster Endpoint - The K8s cluster endpoint URL
- Secure
Access stringDashboard Url - The K8s dashboard url
- Secure
Access doubleDelay - The delay duration, in seconds, to wait after generating just-in-time credentials. Accepted range: 0-120 seconds
- Secure
Access stringEnable - Enable/Disable secure remote access, [true/false]
- Secure
Access boolWeb - Enable Web Secure Remote Access
- Secure
Access boolWeb Browsing - Secure browser via Akeyless's Secure Remote Access (SRA)
- Secure
Access boolWeb Proxy - Web-Proxy via Akeyless's Secure Remote Access (SRA)
- List<string>
- Add tags attached to this object
- Target
Name string - Target name
- Use
Gw boolService Account - Use the GW's service account
- User
Ttl string - User TTL
- Custom
Username stringTemplate - Customize how temporary usernames are generated using go template
- Delete
Protection string - Protection from accidental deletion of this item [true/false]
- Description string
- Description of the object
- Dynamic
Secret stringK8s Id - The ID of this resource.
- Encryption
Key stringName - Dynamic producer encryption key
- Item
Custom map[string]stringFields - Additional custom fields to associate with the item
- K8s
Allowed stringNamespaces - Comma-separated list of allowed K8S namespaces for the generated ServiceAccount (relevant only for k8s-service-account-type=dynamic).
- K8s
Cluster stringCa Cert - K8S cluster CA certificate
- K8s
Cluster stringEndpoint - K8S cluster URL endpoint
- K8s
Cluster stringName - K8S cluster name
- K8s
Cluster stringToken - K8S cluster Bearer token
- K8s
Namespace string - K8S Namespace where the ServiceAccount exists.
- K8s
Predefined stringRole Name - The pre-existing Role or ClusterRole name to bind the generated ServiceAccount to (relevant only for k8s-service-account-type=dynamic).
- K8s
Predefined stringRole Type - Specifies the type of the pre-existing K8S role Role, ClusterRole.
- K8s
Rolebinding stringYaml Data - Content of the yaml in a Base64 format.
- K8s
Rolebinding stringYaml Def - Path to yaml file that contains definitions of K8S role and role binding (relevant only for k8s-service-account-type=dynamic)
- K8s
Service stringAccount - K8S ServiceAccount to extract token from.
- K8s
Service stringAccount Type - K8S ServiceAccount type [fixed, dynamic].
- Name string
- Dynamic secret name
- Secure
Access boolAllow Port Forwading - Enable Port forwarding while using CLI access
- Secure
Access stringBastion Issuer - Path to the SSH Certificate Issuer for your Akeyless Bastion
- Secure
Access stringCertificate Issuer - Path to the SSH Certificate Issuer for your Akeyless Secure Access
- Secure
Access stringCluster Endpoint - The K8s cluster endpoint URL
- Secure
Access stringDashboard Url - The K8s dashboard url
- Secure
Access float64Delay - The delay duration, in seconds, to wait after generating just-in-time credentials. Accepted range: 0-120 seconds
- Secure
Access stringEnable - Enable/Disable secure remote access, [true/false]
- Secure
Access boolWeb - Enable Web Secure Remote Access
- Secure
Access boolWeb Browsing - Secure browser via Akeyless's Secure Remote Access (SRA)
- Secure
Access boolWeb Proxy - Web-Proxy via Akeyless's Secure Remote Access (SRA)
- []string
- Add tags attached to this object
- Target
Name string - Target name
- Use
Gw boolService Account - Use the GW's service account
- User
Ttl string - User TTL
- custom
Username StringTemplate - Customize how temporary usernames are generated using go template
- delete
Protection String - Protection from accidental deletion of this item [true/false]
- description String
- Description of the object
- dynamic
Secret StringK8s Id - The ID of this resource.
- encryption
Key StringName - Dynamic producer encryption key
- item
Custom Map<String,String>Fields - Additional custom fields to associate with the item
- k8s
Allowed StringNamespaces - Comma-separated list of allowed K8S namespaces for the generated ServiceAccount (relevant only for k8s-service-account-type=dynamic).
- k8s
Cluster StringCa Cert - K8S cluster CA certificate
- k8s
Cluster StringEndpoint - K8S cluster URL endpoint
- k8s
Cluster StringName - K8S cluster name
- k8s
Cluster StringToken - K8S cluster Bearer token
- k8s
Namespace String - K8S Namespace where the ServiceAccount exists.
- k8s
Predefined StringRole Name - The pre-existing Role or ClusterRole name to bind the generated ServiceAccount to (relevant only for k8s-service-account-type=dynamic).
- k8s
Predefined StringRole Type - Specifies the type of the pre-existing K8S role Role, ClusterRole.
- k8s
Rolebinding StringYaml Data - Content of the yaml in a Base64 format.
- k8s
Rolebinding StringYaml Def - Path to yaml file that contains definitions of K8S role and role binding (relevant only for k8s-service-account-type=dynamic)
- k8s
Service StringAccount - K8S ServiceAccount to extract token from.
- k8s
Service StringAccount Type - K8S ServiceAccount type [fixed, dynamic].
- name String
- Dynamic secret name
- secure
Access BooleanAllow Port Forwading - Enable Port forwarding while using CLI access
- secure
Access StringBastion Issuer - Path to the SSH Certificate Issuer for your Akeyless Bastion
- secure
Access StringCertificate Issuer - Path to the SSH Certificate Issuer for your Akeyless Secure Access
- secure
Access StringCluster Endpoint - The K8s cluster endpoint URL
- secure
Access StringDashboard Url - The K8s dashboard url
- secure
Access DoubleDelay - The delay duration, in seconds, to wait after generating just-in-time credentials. Accepted range: 0-120 seconds
- secure
Access StringEnable - Enable/Disable secure remote access, [true/false]
- secure
Access BooleanWeb - Enable Web Secure Remote Access
- secure
Access BooleanWeb Browsing - Secure browser via Akeyless's Secure Remote Access (SRA)
- secure
Access BooleanWeb Proxy - Web-Proxy via Akeyless's Secure Remote Access (SRA)
- List<String>
- Add tags attached to this object
- target
Name String - Target name
- use
Gw BooleanService Account - Use the GW's service account
- user
Ttl String - User TTL
- custom
Username stringTemplate - Customize how temporary usernames are generated using go template
- delete
Protection string - Protection from accidental deletion of this item [true/false]
- description string
- Description of the object
- dynamic
Secret stringK8s Id - The ID of this resource.
- encryption
Key stringName - Dynamic producer encryption key
- item
Custom {[key: string]: string}Fields - Additional custom fields to associate with the item
- k8s
Allowed stringNamespaces - Comma-separated list of allowed K8S namespaces for the generated ServiceAccount (relevant only for k8s-service-account-type=dynamic).
- k8s
Cluster stringCa Cert - K8S cluster CA certificate
- k8s
Cluster stringEndpoint - K8S cluster URL endpoint
- k8s
Cluster stringName - K8S cluster name
- k8s
Cluster stringToken - K8S cluster Bearer token
- k8s
Namespace string - K8S Namespace where the ServiceAccount exists.
- k8s
Predefined stringRole Name - The pre-existing Role or ClusterRole name to bind the generated ServiceAccount to (relevant only for k8s-service-account-type=dynamic).
- k8s
Predefined stringRole Type - Specifies the type of the pre-existing K8S role Role, ClusterRole.
- k8s
Rolebinding stringYaml Data - Content of the yaml in a Base64 format.
- k8s
Rolebinding stringYaml Def - Path to yaml file that contains definitions of K8S role and role binding (relevant only for k8s-service-account-type=dynamic)
- k8s
Service stringAccount - K8S ServiceAccount to extract token from.
- k8s
Service stringAccount Type - K8S ServiceAccount type [fixed, dynamic].
- name string
- Dynamic secret name
- secure
Access booleanAllow Port Forwading - Enable Port forwarding while using CLI access
- secure
Access stringBastion Issuer - Path to the SSH Certificate Issuer for your Akeyless Bastion
- secure
Access stringCertificate Issuer - Path to the SSH Certificate Issuer for your Akeyless Secure Access
- secure
Access stringCluster Endpoint - The K8s cluster endpoint URL
- secure
Access stringDashboard Url - The K8s dashboard url
- secure
Access numberDelay - The delay duration, in seconds, to wait after generating just-in-time credentials. Accepted range: 0-120 seconds
- secure
Access stringEnable - Enable/Disable secure remote access, [true/false]
- secure
Access booleanWeb - Enable Web Secure Remote Access
- secure
Access booleanWeb Browsing - Secure browser via Akeyless's Secure Remote Access (SRA)
- secure
Access booleanWeb Proxy - Web-Proxy via Akeyless's Secure Remote Access (SRA)
- string[]
- Add tags attached to this object
- target
Name string - Target name
- use
Gw booleanService Account - Use the GW's service account
- user
Ttl string - User TTL
- custom_
username_ strtemplate - Customize how temporary usernames are generated using go template
- delete_
protection str - Protection from accidental deletion of this item [true/false]
- description str
- Description of the object
- dynamic_
secret_ strk8s_ id - The ID of this resource.
- encryption_
key_ strname - Dynamic producer encryption key
- item_
custom_ Mapping[str, str]fields - Additional custom fields to associate with the item
- k8s_
allowed_ strnamespaces - Comma-separated list of allowed K8S namespaces for the generated ServiceAccount (relevant only for k8s-service-account-type=dynamic).
- k8s_
cluster_ strca_ cert - K8S cluster CA certificate
- k8s_
cluster_ strendpoint - K8S cluster URL endpoint
- k8s_
cluster_ strname - K8S cluster name
- k8s_
cluster_ strtoken - K8S cluster Bearer token
- k8s_
namespace str - K8S Namespace where the ServiceAccount exists.
- k8s_
predefined_ strrole_ name - The pre-existing Role or ClusterRole name to bind the generated ServiceAccount to (relevant only for k8s-service-account-type=dynamic).
- k8s_
predefined_ strrole_ type - Specifies the type of the pre-existing K8S role Role, ClusterRole.
- k8s_
rolebinding_ stryaml_ data - Content of the yaml in a Base64 format.
- k8s_
rolebinding_ stryaml_ def - Path to yaml file that contains definitions of K8S role and role binding (relevant only for k8s-service-account-type=dynamic)
- k8s_
service_ straccount - K8S ServiceAccount to extract token from.
- k8s_
service_ straccount_ type - K8S ServiceAccount type [fixed, dynamic].
- name str
- Dynamic secret name
- secure_
access_ boolallow_ port_ forwading - Enable Port forwarding while using CLI access
- secure_
access_ strbastion_ issuer - Path to the SSH Certificate Issuer for your Akeyless Bastion
- secure_
access_ strcertificate_ issuer - Path to the SSH Certificate Issuer for your Akeyless Secure Access
- secure_
access_ strcluster_ endpoint - The K8s cluster endpoint URL
- secure_
access_ strdashboard_ url - The K8s dashboard url
- secure_
access_ floatdelay - The delay duration, in seconds, to wait after generating just-in-time credentials. Accepted range: 0-120 seconds
- secure_
access_ strenable - Enable/Disable secure remote access, [true/false]
- secure_
access_ boolweb - Enable Web Secure Remote Access
- secure_
access_ boolweb_ browsing - Secure browser via Akeyless's Secure Remote Access (SRA)
- secure_
access_ boolweb_ proxy - Web-Proxy via Akeyless's Secure Remote Access (SRA)
- Sequence[str]
- Add tags attached to this object
- target_
name str - Target name
- use_
gw_ boolservice_ account - Use the GW's service account
- user_
ttl str - User TTL
- custom
Username StringTemplate - Customize how temporary usernames are generated using go template
- delete
Protection String - Protection from accidental deletion of this item [true/false]
- description String
- Description of the object
- dynamic
Secret StringK8s Id - The ID of this resource.
- encryption
Key StringName - Dynamic producer encryption key
- item
Custom Map<String>Fields - Additional custom fields to associate with the item
- k8s
Allowed StringNamespaces - Comma-separated list of allowed K8S namespaces for the generated ServiceAccount (relevant only for k8s-service-account-type=dynamic).
- k8s
Cluster StringCa Cert - K8S cluster CA certificate
- k8s
Cluster StringEndpoint - K8S cluster URL endpoint
- k8s
Cluster StringName - K8S cluster name
- k8s
Cluster StringToken - K8S cluster Bearer token
- k8s
Namespace String - K8S Namespace where the ServiceAccount exists.
- k8s
Predefined StringRole Name - The pre-existing Role or ClusterRole name to bind the generated ServiceAccount to (relevant only for k8s-service-account-type=dynamic).
- k8s
Predefined StringRole Type - Specifies the type of the pre-existing K8S role Role, ClusterRole.
- k8s
Rolebinding StringYaml Data - Content of the yaml in a Base64 format.
- k8s
Rolebinding StringYaml Def - Path to yaml file that contains definitions of K8S role and role binding (relevant only for k8s-service-account-type=dynamic)
- k8s
Service StringAccount - K8S ServiceAccount to extract token from.
- k8s
Service StringAccount Type - K8S ServiceAccount type [fixed, dynamic].
- name String
- Dynamic secret name
- secure
Access BooleanAllow Port Forwading - Enable Port forwarding while using CLI access
- secure
Access StringBastion Issuer - Path to the SSH Certificate Issuer for your Akeyless Bastion
- secure
Access StringCertificate Issuer - Path to the SSH Certificate Issuer for your Akeyless Secure Access
- secure
Access StringCluster Endpoint - The K8s cluster endpoint URL
- secure
Access StringDashboard Url - The K8s dashboard url
- secure
Access NumberDelay - The delay duration, in seconds, to wait after generating just-in-time credentials. Accepted range: 0-120 seconds
- secure
Access StringEnable - Enable/Disable secure remote access, [true/false]
- secure
Access BooleanWeb - Enable Web Secure Remote Access
- secure
Access BooleanWeb Browsing - Secure browser via Akeyless's Secure Remote Access (SRA)
- secure
Access BooleanWeb Proxy - Web-Proxy via Akeyless's Secure Remote Access (SRA)
- List<String>
- Add tags attached to this object
- target
Name String - Target name
- use
Gw BooleanService Account - Use the GW's service account
- user
Ttl String - User TTL
Outputs
All input properties are implicitly available as output properties. Additionally, the DynamicSecretK8s resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing DynamicSecretK8s Resource
Get an existing DynamicSecretK8s resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: DynamicSecretK8sState, opts?: CustomResourceOptions): DynamicSecretK8s@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
custom_username_template: Optional[str] = None,
delete_protection: Optional[str] = None,
description: Optional[str] = None,
dynamic_secret_k8s_id: Optional[str] = None,
encryption_key_name: Optional[str] = None,
item_custom_fields: Optional[Mapping[str, str]] = None,
k8s_allowed_namespaces: Optional[str] = None,
k8s_cluster_ca_cert: Optional[str] = None,
k8s_cluster_endpoint: Optional[str] = None,
k8s_cluster_name: Optional[str] = None,
k8s_cluster_token: Optional[str] = None,
k8s_namespace: Optional[str] = None,
k8s_predefined_role_name: Optional[str] = None,
k8s_predefined_role_type: Optional[str] = None,
k8s_rolebinding_yaml_data: Optional[str] = None,
k8s_rolebinding_yaml_def: Optional[str] = None,
k8s_service_account: Optional[str] = None,
k8s_service_account_type: Optional[str] = None,
name: Optional[str] = None,
secure_access_allow_port_forwading: Optional[bool] = None,
secure_access_bastion_issuer: Optional[str] = None,
secure_access_certificate_issuer: Optional[str] = None,
secure_access_cluster_endpoint: Optional[str] = None,
secure_access_dashboard_url: Optional[str] = None,
secure_access_delay: Optional[float] = None,
secure_access_enable: Optional[str] = None,
secure_access_web: Optional[bool] = None,
secure_access_web_browsing: Optional[bool] = None,
secure_access_web_proxy: Optional[bool] = None,
tags: Optional[Sequence[str]] = None,
target_name: Optional[str] = None,
use_gw_service_account: Optional[bool] = None,
user_ttl: Optional[str] = None) -> DynamicSecretK8sfunc GetDynamicSecretK8s(ctx *Context, name string, id IDInput, state *DynamicSecretK8sState, opts ...ResourceOption) (*DynamicSecretK8s, error)public static DynamicSecretK8s Get(string name, Input<string> id, DynamicSecretK8sState? state, CustomResourceOptions? opts = null)public static DynamicSecretK8s get(String name, Output<String> id, DynamicSecretK8sState state, CustomResourceOptions options)resources: _: type: akeyless:DynamicSecretK8s get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Custom
Username stringTemplate - Customize how temporary usernames are generated using go template
- Delete
Protection string - Protection from accidental deletion of this item [true/false]
- Description string
- Description of the object
- Dynamic
Secret stringK8s Id - The ID of this resource.
- Encryption
Key stringName - Dynamic producer encryption key
- Item
Custom Dictionary<string, string>Fields - Additional custom fields to associate with the item
- K8s
Allowed stringNamespaces - Comma-separated list of allowed K8S namespaces for the generated ServiceAccount (relevant only for k8s-service-account-type=dynamic).
- K8s
Cluster stringCa Cert - K8S cluster CA certificate
- K8s
Cluster stringEndpoint - K8S cluster URL endpoint
- K8s
Cluster stringName - K8S cluster name
- K8s
Cluster stringToken - K8S cluster Bearer token
- K8s
Namespace string - K8S Namespace where the ServiceAccount exists.
- K8s
Predefined stringRole Name - The pre-existing Role or ClusterRole name to bind the generated ServiceAccount to (relevant only for k8s-service-account-type=dynamic).
- K8s
Predefined stringRole Type - Specifies the type of the pre-existing K8S role Role, ClusterRole.
- K8s
Rolebinding stringYaml Data - Content of the yaml in a Base64 format.
- K8s
Rolebinding stringYaml Def - Path to yaml file that contains definitions of K8S role and role binding (relevant only for k8s-service-account-type=dynamic)
- K8s
Service stringAccount - K8S ServiceAccount to extract token from.
- K8s
Service stringAccount Type - K8S ServiceAccount type [fixed, dynamic].
- Name string
- Dynamic secret name
- Secure
Access boolAllow Port Forwading - Enable Port forwarding while using CLI access
- Secure
Access stringBastion Issuer - Path to the SSH Certificate Issuer for your Akeyless Bastion
- Secure
Access stringCertificate Issuer - Path to the SSH Certificate Issuer for your Akeyless Secure Access
- Secure
Access stringCluster Endpoint - The K8s cluster endpoint URL
- Secure
Access stringDashboard Url - The K8s dashboard url
- Secure
Access doubleDelay - The delay duration, in seconds, to wait after generating just-in-time credentials. Accepted range: 0-120 seconds
- Secure
Access stringEnable - Enable/Disable secure remote access, [true/false]
- Secure
Access boolWeb - Enable Web Secure Remote Access
- Secure
Access boolWeb Browsing - Secure browser via Akeyless's Secure Remote Access (SRA)
- Secure
Access boolWeb Proxy - Web-Proxy via Akeyless's Secure Remote Access (SRA)
- List<string>
- Add tags attached to this object
- Target
Name string - Target name
- Use
Gw boolService Account - Use the GW's service account
- User
Ttl string - User TTL
- Custom
Username stringTemplate - Customize how temporary usernames are generated using go template
- Delete
Protection string - Protection from accidental deletion of this item [true/false]
- Description string
- Description of the object
- Dynamic
Secret stringK8s Id - The ID of this resource.
- Encryption
Key stringName - Dynamic producer encryption key
- Item
Custom map[string]stringFields - Additional custom fields to associate with the item
- K8s
Allowed stringNamespaces - Comma-separated list of allowed K8S namespaces for the generated ServiceAccount (relevant only for k8s-service-account-type=dynamic).
- K8s
Cluster stringCa Cert - K8S cluster CA certificate
- K8s
Cluster stringEndpoint - K8S cluster URL endpoint
- K8s
Cluster stringName - K8S cluster name
- K8s
Cluster stringToken - K8S cluster Bearer token
- K8s
Namespace string - K8S Namespace where the ServiceAccount exists.
- K8s
Predefined stringRole Name - The pre-existing Role or ClusterRole name to bind the generated ServiceAccount to (relevant only for k8s-service-account-type=dynamic).
- K8s
Predefined stringRole Type - Specifies the type of the pre-existing K8S role Role, ClusterRole.
- K8s
Rolebinding stringYaml Data - Content of the yaml in a Base64 format.
- K8s
Rolebinding stringYaml Def - Path to yaml file that contains definitions of K8S role and role binding (relevant only for k8s-service-account-type=dynamic)
- K8s
Service stringAccount - K8S ServiceAccount to extract token from.
- K8s
Service stringAccount Type - K8S ServiceAccount type [fixed, dynamic].
- Name string
- Dynamic secret name
- Secure
Access boolAllow Port Forwading - Enable Port forwarding while using CLI access
- Secure
Access stringBastion Issuer - Path to the SSH Certificate Issuer for your Akeyless Bastion
- Secure
Access stringCertificate Issuer - Path to the SSH Certificate Issuer for your Akeyless Secure Access
- Secure
Access stringCluster Endpoint - The K8s cluster endpoint URL
- Secure
Access stringDashboard Url - The K8s dashboard url
- Secure
Access float64Delay - The delay duration, in seconds, to wait after generating just-in-time credentials. Accepted range: 0-120 seconds
- Secure
Access stringEnable - Enable/Disable secure remote access, [true/false]
- Secure
Access boolWeb - Enable Web Secure Remote Access
- Secure
Access boolWeb Browsing - Secure browser via Akeyless's Secure Remote Access (SRA)
- Secure
Access boolWeb Proxy - Web-Proxy via Akeyless's Secure Remote Access (SRA)
- []string
- Add tags attached to this object
- Target
Name string - Target name
- Use
Gw boolService Account - Use the GW's service account
- User
Ttl string - User TTL
- custom
Username StringTemplate - Customize how temporary usernames are generated using go template
- delete
Protection String - Protection from accidental deletion of this item [true/false]
- description String
- Description of the object
- dynamic
Secret StringK8s Id - The ID of this resource.
- encryption
Key StringName - Dynamic producer encryption key
- item
Custom Map<String,String>Fields - Additional custom fields to associate with the item
- k8s
Allowed StringNamespaces - Comma-separated list of allowed K8S namespaces for the generated ServiceAccount (relevant only for k8s-service-account-type=dynamic).
- k8s
Cluster StringCa Cert - K8S cluster CA certificate
- k8s
Cluster StringEndpoint - K8S cluster URL endpoint
- k8s
Cluster StringName - K8S cluster name
- k8s
Cluster StringToken - K8S cluster Bearer token
- k8s
Namespace String - K8S Namespace where the ServiceAccount exists.
- k8s
Predefined StringRole Name - The pre-existing Role or ClusterRole name to bind the generated ServiceAccount to (relevant only for k8s-service-account-type=dynamic).
- k8s
Predefined StringRole Type - Specifies the type of the pre-existing K8S role Role, ClusterRole.
- k8s
Rolebinding StringYaml Data - Content of the yaml in a Base64 format.
- k8s
Rolebinding StringYaml Def - Path to yaml file that contains definitions of K8S role and role binding (relevant only for k8s-service-account-type=dynamic)
- k8s
Service StringAccount - K8S ServiceAccount to extract token from.
- k8s
Service StringAccount Type - K8S ServiceAccount type [fixed, dynamic].
- name String
- Dynamic secret name
- secure
Access BooleanAllow Port Forwading - Enable Port forwarding while using CLI access
- secure
Access StringBastion Issuer - Path to the SSH Certificate Issuer for your Akeyless Bastion
- secure
Access StringCertificate Issuer - Path to the SSH Certificate Issuer for your Akeyless Secure Access
- secure
Access StringCluster Endpoint - The K8s cluster endpoint URL
- secure
Access StringDashboard Url - The K8s dashboard url
- secure
Access DoubleDelay - The delay duration, in seconds, to wait after generating just-in-time credentials. Accepted range: 0-120 seconds
- secure
Access StringEnable - Enable/Disable secure remote access, [true/false]
- secure
Access BooleanWeb - Enable Web Secure Remote Access
- secure
Access BooleanWeb Browsing - Secure browser via Akeyless's Secure Remote Access (SRA)
- secure
Access BooleanWeb Proxy - Web-Proxy via Akeyless's Secure Remote Access (SRA)
- List<String>
- Add tags attached to this object
- target
Name String - Target name
- use
Gw BooleanService Account - Use the GW's service account
- user
Ttl String - User TTL
- custom
Username stringTemplate - Customize how temporary usernames are generated using go template
- delete
Protection string - Protection from accidental deletion of this item [true/false]
- description string
- Description of the object
- dynamic
Secret stringK8s Id - The ID of this resource.
- encryption
Key stringName - Dynamic producer encryption key
- item
Custom {[key: string]: string}Fields - Additional custom fields to associate with the item
- k8s
Allowed stringNamespaces - Comma-separated list of allowed K8S namespaces for the generated ServiceAccount (relevant only for k8s-service-account-type=dynamic).
- k8s
Cluster stringCa Cert - K8S cluster CA certificate
- k8s
Cluster stringEndpoint - K8S cluster URL endpoint
- k8s
Cluster stringName - K8S cluster name
- k8s
Cluster stringToken - K8S cluster Bearer token
- k8s
Namespace string - K8S Namespace where the ServiceAccount exists.
- k8s
Predefined stringRole Name - The pre-existing Role or ClusterRole name to bind the generated ServiceAccount to (relevant only for k8s-service-account-type=dynamic).
- k8s
Predefined stringRole Type - Specifies the type of the pre-existing K8S role Role, ClusterRole.
- k8s
Rolebinding stringYaml Data - Content of the yaml in a Base64 format.
- k8s
Rolebinding stringYaml Def - Path to yaml file that contains definitions of K8S role and role binding (relevant only for k8s-service-account-type=dynamic)
- k8s
Service stringAccount - K8S ServiceAccount to extract token from.
- k8s
Service stringAccount Type - K8S ServiceAccount type [fixed, dynamic].
- name string
- Dynamic secret name
- secure
Access booleanAllow Port Forwading - Enable Port forwarding while using CLI access
- secure
Access stringBastion Issuer - Path to the SSH Certificate Issuer for your Akeyless Bastion
- secure
Access stringCertificate Issuer - Path to the SSH Certificate Issuer for your Akeyless Secure Access
- secure
Access stringCluster Endpoint - The K8s cluster endpoint URL
- secure
Access stringDashboard Url - The K8s dashboard url
- secure
Access numberDelay - The delay duration, in seconds, to wait after generating just-in-time credentials. Accepted range: 0-120 seconds
- secure
Access stringEnable - Enable/Disable secure remote access, [true/false]
- secure
Access booleanWeb - Enable Web Secure Remote Access
- secure
Access booleanWeb Browsing - Secure browser via Akeyless's Secure Remote Access (SRA)
- secure
Access booleanWeb Proxy - Web-Proxy via Akeyless's Secure Remote Access (SRA)
- string[]
- Add tags attached to this object
- target
Name string - Target name
- use
Gw booleanService Account - Use the GW's service account
- user
Ttl string - User TTL
- custom_
username_ strtemplate - Customize how temporary usernames are generated using go template
- delete_
protection str - Protection from accidental deletion of this item [true/false]
- description str
- Description of the object
- dynamic_
secret_ strk8s_ id - The ID of this resource.
- encryption_
key_ strname - Dynamic producer encryption key
- item_
custom_ Mapping[str, str]fields - Additional custom fields to associate with the item
- k8s_
allowed_ strnamespaces - Comma-separated list of allowed K8S namespaces for the generated ServiceAccount (relevant only for k8s-service-account-type=dynamic).
- k8s_
cluster_ strca_ cert - K8S cluster CA certificate
- k8s_
cluster_ strendpoint - K8S cluster URL endpoint
- k8s_
cluster_ strname - K8S cluster name
- k8s_
cluster_ strtoken - K8S cluster Bearer token
- k8s_
namespace str - K8S Namespace where the ServiceAccount exists.
- k8s_
predefined_ strrole_ name - The pre-existing Role or ClusterRole name to bind the generated ServiceAccount to (relevant only for k8s-service-account-type=dynamic).
- k8s_
predefined_ strrole_ type - Specifies the type of the pre-existing K8S role Role, ClusterRole.
- k8s_
rolebinding_ stryaml_ data - Content of the yaml in a Base64 format.
- k8s_
rolebinding_ stryaml_ def - Path to yaml file that contains definitions of K8S role and role binding (relevant only for k8s-service-account-type=dynamic)
- k8s_
service_ straccount - K8S ServiceAccount to extract token from.
- k8s_
service_ straccount_ type - K8S ServiceAccount type [fixed, dynamic].
- name str
- Dynamic secret name
- secure_
access_ boolallow_ port_ forwading - Enable Port forwarding while using CLI access
- secure_
access_ strbastion_ issuer - Path to the SSH Certificate Issuer for your Akeyless Bastion
- secure_
access_ strcertificate_ issuer - Path to the SSH Certificate Issuer for your Akeyless Secure Access
- secure_
access_ strcluster_ endpoint - The K8s cluster endpoint URL
- secure_
access_ strdashboard_ url - The K8s dashboard url
- secure_
access_ floatdelay - The delay duration, in seconds, to wait after generating just-in-time credentials. Accepted range: 0-120 seconds
- secure_
access_ strenable - Enable/Disable secure remote access, [true/false]
- secure_
access_ boolweb - Enable Web Secure Remote Access
- secure_
access_ boolweb_ browsing - Secure browser via Akeyless's Secure Remote Access (SRA)
- secure_
access_ boolweb_ proxy - Web-Proxy via Akeyless's Secure Remote Access (SRA)
- Sequence[str]
- Add tags attached to this object
- target_
name str - Target name
- use_
gw_ boolservice_ account - Use the GW's service account
- user_
ttl str - User TTL
- custom
Username StringTemplate - Customize how temporary usernames are generated using go template
- delete
Protection String - Protection from accidental deletion of this item [true/false]
- description String
- Description of the object
- dynamic
Secret StringK8s Id - The ID of this resource.
- encryption
Key StringName - Dynamic producer encryption key
- item
Custom Map<String>Fields - Additional custom fields to associate with the item
- k8s
Allowed StringNamespaces - Comma-separated list of allowed K8S namespaces for the generated ServiceAccount (relevant only for k8s-service-account-type=dynamic).
- k8s
Cluster StringCa Cert - K8S cluster CA certificate
- k8s
Cluster StringEndpoint - K8S cluster URL endpoint
- k8s
Cluster StringName - K8S cluster name
- k8s
Cluster StringToken - K8S cluster Bearer token
- k8s
Namespace String - K8S Namespace where the ServiceAccount exists.
- k8s
Predefined StringRole Name - The pre-existing Role or ClusterRole name to bind the generated ServiceAccount to (relevant only for k8s-service-account-type=dynamic).
- k8s
Predefined StringRole Type - Specifies the type of the pre-existing K8S role Role, ClusterRole.
- k8s
Rolebinding StringYaml Data - Content of the yaml in a Base64 format.
- k8s
Rolebinding StringYaml Def - Path to yaml file that contains definitions of K8S role and role binding (relevant only for k8s-service-account-type=dynamic)
- k8s
Service StringAccount - K8S ServiceAccount to extract token from.
- k8s
Service StringAccount Type - K8S ServiceAccount type [fixed, dynamic].
- name String
- Dynamic secret name
- secure
Access BooleanAllow Port Forwading - Enable Port forwarding while using CLI access
- secure
Access StringBastion Issuer - Path to the SSH Certificate Issuer for your Akeyless Bastion
- secure
Access StringCertificate Issuer - Path to the SSH Certificate Issuer for your Akeyless Secure Access
- secure
Access StringCluster Endpoint - The K8s cluster endpoint URL
- secure
Access StringDashboard Url - The K8s dashboard url
- secure
Access NumberDelay - The delay duration, in seconds, to wait after generating just-in-time credentials. Accepted range: 0-120 seconds
- secure
Access StringEnable - Enable/Disable secure remote access, [true/false]
- secure
Access BooleanWeb - Enable Web Secure Remote Access
- secure
Access BooleanWeb Browsing - Secure browser via Akeyless's Secure Remote Access (SRA)
- secure
Access BooleanWeb Proxy - Web-Proxy via Akeyless's Secure Remote Access (SRA)
- List<String>
- Add tags attached to this object
- target
Name String - Target name
- use
Gw BooleanService Account - Use the GW's service account
- user
Ttl String - User TTL
Package Details
- Repository
- akeyless akeyless-community/terraform-provider-akeyless
- License
- Notes
- This Pulumi package is based on the
akeylessTerraform Provider.
Viewing docs for akeyless 2.0.1
published on Monday, Apr 27, 2026 by akeyless-community
published on Monday, Apr 27, 2026 by akeyless-community
