SecretUc

Databricks v1.92.0, May 12 26

Viewing docs for Databricks v1.92.0
published on Tuesday, May 12, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-databricks

Viewing docs for Databricks v1.92.0
published on Tuesday, May 12, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-databricks

Example Usage

Basic Example

This example creates a secret in Unity Catalog:

import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";

const example = new databricks.SecretUc("example", {
    catalogName: "my_catalog",
    schemaName: "my_schema",
    secret: [{
        name: "my_secret",
        value: "secret_value",
        comment: "My secret for external service authentication",
    }],
});

import pulumi
import pulumi_databricks as databricks

example = databricks.SecretUc("example",
    catalog_name="my_catalog",
    schema_name="my_schema",
    secret=[{
        "name": "my_secret",
        "value": "secret_value",
        "comment": "My secret for external service authentication",
    }])

package main

import (
	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := databricks.NewSecretUc(ctx, "example", &databricks.SecretUcArgs{
			CatalogName: pulumi.String("my_catalog"),
			SchemaName:  pulumi.String("my_schema"),
			Secret: []map[string]interface{}{
				map[string]interface{}{
					"name":    "my_secret",
					"value":   "secret_value",
					"comment": "My secret for external service authentication",
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;

return await Deployment.RunAsync(() => 
{
    var example = new Databricks.SecretUc("example", new()
    {
        CatalogName = "my_catalog",
        SchemaName = "my_schema",
        Secret = new[]
        {
            
            {
                { "name", "my_secret" },
                { "value", "secret_value" },
                { "comment", "My secret for external service authentication" },
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.SecretUc;
import com.pulumi.databricks.SecretUcArgs;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new SecretUc("example", SecretUcArgs.builder()
            .catalogName("my_catalog")
            .schemaName("my_schema")
            .secret(Arrays.asList(Map.ofEntries(
                Map.entry("name", "my_secret"),
                Map.entry("value", "secret_value"),
                Map.entry("comment", "My secret for external service authentication")
            )))
            .build());

    }
}

resources:
  example:
    type: databricks:SecretUc
    properties:
      catalogName: my_catalog
      schemaName: my_schema
      secret:
        - name: my_secret
          value: secret_value
          comment: My secret for external service authentication

Example coming soon!

Create SecretUc Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SecretUc(name: string, args: SecretUcArgs, opts?: CustomResourceOptions);

@overload
def SecretUc(resource_name: str,
             args: SecretUcArgs,
             opts: Optional[ResourceOptions] = None)

@overload
def SecretUc(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             catalog_name: Optional[str] = None,
             schema_name: Optional[str] = None,
             value: Optional[str] = None,
             comment: Optional[str] = None,
             expire_time: Optional[str] = None,
             name: Optional[str] = None,
             owner: Optional[str] = None,
             provider_config: Optional[SecretUcProviderConfigArgs] = None)

func NewSecretUc(ctx *Context, name string, args SecretUcArgs, opts ...ResourceOption) (*SecretUc, error)

public SecretUc(string name, SecretUcArgs args, CustomResourceOptions? opts = null)

public SecretUc(String name, SecretUcArgs args)
public SecretUc(String name, SecretUcArgs args, CustomResourceOptions options)

type: databricks:SecretUc
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

resource "databricks_secretuc" "name" {
    # resource properties
}

Parameters

name string: The unique name of the resource.
args SecretUcArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SecretUcArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecretUcArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecretUcArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SecretUcArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var secretUcResource = new Databricks.SecretUc("secretUcResource", new()
{
    CatalogName = "string",
    SchemaName = "string",
    Value = "string",
    Comment = "string",
    ExpireTime = "string",
    Name = "string",
    Owner = "string",
    ProviderConfig = new Databricks.Inputs.SecretUcProviderConfigArgs
    {
        WorkspaceId = "string",
    },
});

example, err := databricks.NewSecretUc(ctx, "secretUcResource", &databricks.SecretUcArgs{
	CatalogName: pulumi.String("string"),
	SchemaName:  pulumi.String("string"),
	Value:       pulumi.String("string"),
	Comment:     pulumi.String("string"),
	ExpireTime:  pulumi.String("string"),
	Name:        pulumi.String("string"),
	Owner:       pulumi.String("string"),
	ProviderConfig: &databricks.SecretUcProviderConfigArgs{
		WorkspaceId: pulumi.String("string"),
	},
})

resource "databricks_secretuc" "secretUcResource" {
  catalog_name = "string"
  schema_name  = "string"
  value        = "string"
  comment      = "string"
  expire_time  = "string"
  name         = "string"
  owner        = "string"
  provider_config = {
    workspace_id = "string"
  }
}

var secretUcResource = new SecretUc("secretUcResource", SecretUcArgs.builder()
    .catalogName("string")
    .schemaName("string")
    .value("string")
    .comment("string")
    .expireTime("string")
    .name("string")
    .owner("string")
    .providerConfig(SecretUcProviderConfigArgs.builder()
        .workspaceId("string")
        .build())
    .build());

secret_uc_resource = databricks.SecretUc("secretUcResource",
    catalog_name="string",
    schema_name="string",
    value="string",
    comment="string",
    expire_time="string",
    name="string",
    owner="string",
    provider_config={
        "workspace_id": "string",
    })

const secretUcResource = new databricks.SecretUc("secretUcResource", {
    catalogName: "string",
    schemaName: "string",
    value: "string",
    comment: "string",
    expireTime: "string",
    name: "string",
    owner: "string",
    providerConfig: {
        workspaceId: "string",
    },
});

type: databricks:SecretUc
properties:
    catalogName: string
    comment: string
    expireTime: string
    name: string
    owner: string
    providerConfig:
        workspaceId: string
    schemaName: string
    value: string

SecretUc Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SecretUc resource accepts the following input properties:

CatalogName string: The name of the catalog where the schema and the secret reside
SchemaName string: The name of the schema where the secret resides
Value string: The secret value to store. This field is input-only and is not returned in responses — use the effective_value field (via GetSecret with include_value set to true) to read the secret value. The maximum size is 60 KiB (pre-encryption). Accepted content includes passwords, tokens, keys, and other sensitive credential data
Comment string: User-provided free-form text description of the secret
ExpireTime string: User-provided expiration time of the secret. This field indicates when the secret should no longer be used and may be displayed as a warning in the UI. It is purely informational and does not trigger any automatic actions or affect the secret's lifecycle
Name string: The name of the secret, relative to its parent schema
Owner string: The owner of the secret. Defaults to the creating principal on creation. Can be updated to transfer ownership of the secret to another principal
ProviderConfig SecretUcProviderConfig: Configure the provider for management through account provider.

CatalogName string: The name of the catalog where the schema and the secret reside
SchemaName string: The name of the schema where the secret resides
Value string: The secret value to store. This field is input-only and is not returned in responses — use the effective_value field (via GetSecret with include_value set to true) to read the secret value. The maximum size is 60 KiB (pre-encryption). Accepted content includes passwords, tokens, keys, and other sensitive credential data
Comment string: User-provided free-form text description of the secret
ExpireTime string: User-provided expiration time of the secret. This field indicates when the secret should no longer be used and may be displayed as a warning in the UI. It is purely informational and does not trigger any automatic actions or affect the secret's lifecycle
Name string: The name of the secret, relative to its parent schema
Owner string: The owner of the secret. Defaults to the creating principal on creation. Can be updated to transfer ownership of the secret to another principal
ProviderConfig SecretUcProviderConfigArgs: Configure the provider for management through account provider.

catalog_name string: The name of the catalog where the schema and the secret reside
schema_name string: The name of the schema where the secret resides
value string: The secret value to store. This field is input-only and is not returned in responses — use the effective_value field (via GetSecret with include_value set to true) to read the secret value. The maximum size is 60 KiB (pre-encryption). Accepted content includes passwords, tokens, keys, and other sensitive credential data
comment string: User-provided free-form text description of the secret
expire_time string: User-provided expiration time of the secret. This field indicates when the secret should no longer be used and may be displayed as a warning in the UI. It is purely informational and does not trigger any automatic actions or affect the secret's lifecycle
name string: The name of the secret, relative to its parent schema
owner string: The owner of the secret. Defaults to the creating principal on creation. Can be updated to transfer ownership of the secret to another principal
provider_config object: Configure the provider for management through account provider.

catalogName String: The name of the catalog where the schema and the secret reside
schemaName String: The name of the schema where the secret resides
value String: The secret value to store. This field is input-only and is not returned in responses — use the effective_value field (via GetSecret with include_value set to true) to read the secret value. The maximum size is 60 KiB (pre-encryption). Accepted content includes passwords, tokens, keys, and other sensitive credential data
comment String: User-provided free-form text description of the secret
expireTime String: User-provided expiration time of the secret. This field indicates when the secret should no longer be used and may be displayed as a warning in the UI. It is purely informational and does not trigger any automatic actions or affect the secret's lifecycle
name String: The name of the secret, relative to its parent schema
owner String: The owner of the secret. Defaults to the creating principal on creation. Can be updated to transfer ownership of the secret to another principal
providerConfig SecretUcProviderConfig: Configure the provider for management through account provider.

catalogName string: The name of the catalog where the schema and the secret reside
schemaName string: The name of the schema where the secret resides
value string: The secret value to store. This field is input-only and is not returned in responses — use the effective_value field (via GetSecret with include_value set to true) to read the secret value. The maximum size is 60 KiB (pre-encryption). Accepted content includes passwords, tokens, keys, and other sensitive credential data
comment string: User-provided free-form text description of the secret
expireTime string: User-provided expiration time of the secret. This field indicates when the secret should no longer be used and may be displayed as a warning in the UI. It is purely informational and does not trigger any automatic actions or affect the secret's lifecycle
name string: The name of the secret, relative to its parent schema
owner string: The owner of the secret. Defaults to the creating principal on creation. Can be updated to transfer ownership of the secret to another principal
providerConfig SecretUcProviderConfig: Configure the provider for management through account provider.

catalog_name str: The name of the catalog where the schema and the secret reside
schema_name str: The name of the schema where the secret resides
value str: The secret value to store. This field is input-only and is not returned in responses — use the effective_value field (via GetSecret with include_value set to true) to read the secret value. The maximum size is 60 KiB (pre-encryption). Accepted content includes passwords, tokens, keys, and other sensitive credential data
comment str: User-provided free-form text description of the secret
expire_time str: User-provided expiration time of the secret. This field indicates when the secret should no longer be used and may be displayed as a warning in the UI. It is purely informational and does not trigger any automatic actions or affect the secret's lifecycle
name str: The name of the secret, relative to its parent schema
owner str: The owner of the secret. Defaults to the creating principal on creation. Can be updated to transfer ownership of the secret to another principal
provider_config SecretUcProviderConfigArgs: Configure the provider for management through account provider.

catalogName String: The name of the catalog where the schema and the secret reside
schemaName String: The name of the schema where the secret resides
value String: The secret value to store. This field is input-only and is not returned in responses — use the effective_value field (via GetSecret with include_value set to true) to read the secret value. The maximum size is 60 KiB (pre-encryption). Accepted content includes passwords, tokens, keys, and other sensitive credential data
comment String: User-provided free-form text description of the secret
expireTime String: User-provided expiration time of the secret. This field indicates when the secret should no longer be used and may be displayed as a warning in the UI. It is purely informational and does not trigger any automatic actions or affect the secret's lifecycle
name String: The name of the secret, relative to its parent schema
owner String: The owner of the secret. Defaults to the creating principal on creation. Can be updated to transfer ownership of the secret to another principal
providerConfig Property Map: Configure the provider for management through account provider.

Outputs

All input properties are implicitly available as output properties. Additionally, the SecretUc resource produces the following output properties:

BrowseOnly bool: (boolean) - Indicates whether the principal is limited to retrieving metadata for the associated object through the BROWSE privilege when include_browse is enabled in the request
CreateTime string: (string) - The time at which this secret was created
CreatedBy string: (string) - The principal that created the secret
EffectiveOwner string: (string) - The effective owner of the secret, which may differ from the directly-set owner due to inheritance
EffectiveValue string: (string) - The secret value. Only populated in responses when you have the READ_SECRET privilege and include_value is set to true in the request. The maximum size is 60 KiB
ExternalSecretId string: (string)
FullName string: (string) - The three-level (fully qualified) name of the secret, in the form of catalog_name.schema_name.secret_name
Id string: The provider-assigned unique ID for this managed resource.
MetastoreId string: (string) - Unique identifier of the metastore hosting the secret
UpdateTime string: (string) - The time at which this secret was last updated
UpdatedBy string: (string) - The principal that last updated the secret

BrowseOnly bool: (boolean) - Indicates whether the principal is limited to retrieving metadata for the associated object through the BROWSE privilege when include_browse is enabled in the request
CreateTime string: (string) - The time at which this secret was created
CreatedBy string: (string) - The principal that created the secret
EffectiveOwner string: (string) - The effective owner of the secret, which may differ from the directly-set owner due to inheritance
EffectiveValue string: (string) - The secret value. Only populated in responses when you have the READ_SECRET privilege and include_value is set to true in the request. The maximum size is 60 KiB
ExternalSecretId string: (string)
FullName string: (string) - The three-level (fully qualified) name of the secret, in the form of catalog_name.schema_name.secret_name
Id string: The provider-assigned unique ID for this managed resource.
MetastoreId string: (string) - Unique identifier of the metastore hosting the secret
UpdateTime string: (string) - The time at which this secret was last updated
UpdatedBy string: (string) - The principal that last updated the secret

browse_only bool: (boolean) - Indicates whether the principal is limited to retrieving metadata for the associated object through the BROWSE privilege when include_browse is enabled in the request
create_time string: (string) - The time at which this secret was created
created_by string: (string) - The principal that created the secret
effective_owner string: (string) - The effective owner of the secret, which may differ from the directly-set owner due to inheritance
effective_value string: (string) - The secret value. Only populated in responses when you have the READ_SECRET privilege and include_value is set to true in the request. The maximum size is 60 KiB
external_secret_id string: (string)
full_name string: (string) - The three-level (fully qualified) name of the secret, in the form of catalog_name.schema_name.secret_name
id string: The provider-assigned unique ID for this managed resource.
metastore_id string: (string) - Unique identifier of the metastore hosting the secret
update_time string: (string) - The time at which this secret was last updated
updated_by string: (string) - The principal that last updated the secret

browseOnly Boolean: (boolean) - Indicates whether the principal is limited to retrieving metadata for the associated object through the BROWSE privilege when include_browse is enabled in the request
createTime String: (string) - The time at which this secret was created
createdBy String: (string) - The principal that created the secret
effectiveOwner String: (string) - The effective owner of the secret, which may differ from the directly-set owner due to inheritance
effectiveValue String: (string) - The secret value. Only populated in responses when you have the READ_SECRET privilege and include_value is set to true in the request. The maximum size is 60 KiB
externalSecretId String: (string)
fullName String: (string) - The three-level (fully qualified) name of the secret, in the form of catalog_name.schema_name.secret_name
id String: The provider-assigned unique ID for this managed resource.
metastoreId String: (string) - Unique identifier of the metastore hosting the secret
updateTime String: (string) - The time at which this secret was last updated
updatedBy String: (string) - The principal that last updated the secret

browseOnly boolean: (boolean) - Indicates whether the principal is limited to retrieving metadata for the associated object through the BROWSE privilege when include_browse is enabled in the request
createTime string: (string) - The time at which this secret was created
createdBy string: (string) - The principal that created the secret
effectiveOwner string: (string) - The effective owner of the secret, which may differ from the directly-set owner due to inheritance
effectiveValue string: (string) - The secret value. Only populated in responses when you have the READ_SECRET privilege and include_value is set to true in the request. The maximum size is 60 KiB
externalSecretId string: (string)
fullName string: (string) - The three-level (fully qualified) name of the secret, in the form of catalog_name.schema_name.secret_name
id string: The provider-assigned unique ID for this managed resource.
metastoreId string: (string) - Unique identifier of the metastore hosting the secret
updateTime string: (string) - The time at which this secret was last updated
updatedBy string: (string) - The principal that last updated the secret

browse_only bool: (boolean) - Indicates whether the principal is limited to retrieving metadata for the associated object through the BROWSE privilege when include_browse is enabled in the request
create_time str: (string) - The time at which this secret was created
created_by str: (string) - The principal that created the secret
effective_owner str: (string) - The effective owner of the secret, which may differ from the directly-set owner due to inheritance
effective_value str: (string) - The secret value. Only populated in responses when you have the READ_SECRET privilege and include_value is set to true in the request. The maximum size is 60 KiB
external_secret_id str: (string)
full_name str: (string) - The three-level (fully qualified) name of the secret, in the form of catalog_name.schema_name.secret_name
id str: The provider-assigned unique ID for this managed resource.
metastore_id str: (string) - Unique identifier of the metastore hosting the secret
update_time str: (string) - The time at which this secret was last updated
updated_by str: (string) - The principal that last updated the secret

browseOnly Boolean: (boolean) - Indicates whether the principal is limited to retrieving metadata for the associated object through the BROWSE privilege when include_browse is enabled in the request
createTime String: (string) - The time at which this secret was created
createdBy String: (string) - The principal that created the secret
effectiveOwner String: (string) - The effective owner of the secret, which may differ from the directly-set owner due to inheritance
effectiveValue String: (string) - The secret value. Only populated in responses when you have the READ_SECRET privilege and include_value is set to true in the request. The maximum size is 60 KiB
externalSecretId String: (string)
fullName String: (string) - The three-level (fully qualified) name of the secret, in the form of catalog_name.schema_name.secret_name
id String: The provider-assigned unique ID for this managed resource.
metastoreId String: (string) - Unique identifier of the metastore hosting the secret
updateTime String: (string) - The time at which this secret was last updated
updatedBy String: (string) - The principal that last updated the secret

Look up Existing SecretUc Resource

Get an existing SecretUc resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecretUcState, opts?: CustomResourceOptions): SecretUc

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        browse_only: Optional[bool] = None,
        catalog_name: Optional[str] = None,
        comment: Optional[str] = None,
        create_time: Optional[str] = None,
        created_by: Optional[str] = None,
        effective_owner: Optional[str] = None,
        effective_value: Optional[str] = None,
        expire_time: Optional[str] = None,
        external_secret_id: Optional[str] = None,
        full_name: Optional[str] = None,
        metastore_id: Optional[str] = None,
        name: Optional[str] = None,
        owner: Optional[str] = None,
        provider_config: Optional[SecretUcProviderConfigArgs] = None,
        schema_name: Optional[str] = None,
        update_time: Optional[str] = None,
        updated_by: Optional[str] = None,
        value: Optional[str] = None) -> SecretUc

func GetSecretUc(ctx *Context, name string, id IDInput, state *SecretUcState, opts ...ResourceOption) (*SecretUc, error)

public static SecretUc Get(string name, Input<string> id, SecretUcState? state, CustomResourceOptions? opts = null)

public static SecretUc get(String name, Output<String> id, SecretUcState state, CustomResourceOptions options)

resources:  _:    type: databricks:SecretUc    get:      id: ${id}

import {
  to = databricks_secretuc.example
  id = "${id}"
}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

BrowseOnly bool: (boolean) - Indicates whether the principal is limited to retrieving metadata for the associated object through the BROWSE privilege when include_browse is enabled in the request
CatalogName string: The name of the catalog where the schema and the secret reside
Comment string: User-provided free-form text description of the secret
CreateTime string: (string) - The time at which this secret was created
CreatedBy string: (string) - The principal that created the secret
EffectiveOwner string: (string) - The effective owner of the secret, which may differ from the directly-set owner due to inheritance
EffectiveValue string: (string) - The secret value. Only populated in responses when you have the READ_SECRET privilege and include_value is set to true in the request. The maximum size is 60 KiB
ExpireTime string: User-provided expiration time of the secret. This field indicates when the secret should no longer be used and may be displayed as a warning in the UI. It is purely informational and does not trigger any automatic actions or affect the secret's lifecycle
ExternalSecretId string: (string)
FullName string: (string) - The three-level (fully qualified) name of the secret, in the form of catalog_name.schema_name.secret_name
MetastoreId string: (string) - Unique identifier of the metastore hosting the secret
Name string: The name of the secret, relative to its parent schema
Owner string: The owner of the secret. Defaults to the creating principal on creation. Can be updated to transfer ownership of the secret to another principal
ProviderConfig SecretUcProviderConfig: Configure the provider for management through account provider.
SchemaName string: The name of the schema where the secret resides
UpdateTime string: (string) - The time at which this secret was last updated
UpdatedBy string: (string) - The principal that last updated the secret
Value string: The secret value to store. This field is input-only and is not returned in responses — use the effective_value field (via GetSecret with include_value set to true) to read the secret value. The maximum size is 60 KiB (pre-encryption). Accepted content includes passwords, tokens, keys, and other sensitive credential data

BrowseOnly bool: (boolean) - Indicates whether the principal is limited to retrieving metadata for the associated object through the BROWSE privilege when include_browse is enabled in the request
CatalogName string: The name of the catalog where the schema and the secret reside
Comment string: User-provided free-form text description of the secret
CreateTime string: (string) - The time at which this secret was created
CreatedBy string: (string) - The principal that created the secret
EffectiveOwner string: (string) - The effective owner of the secret, which may differ from the directly-set owner due to inheritance
EffectiveValue string: (string) - The secret value. Only populated in responses when you have the READ_SECRET privilege and include_value is set to true in the request. The maximum size is 60 KiB
ExpireTime string: User-provided expiration time of the secret. This field indicates when the secret should no longer be used and may be displayed as a warning in the UI. It is purely informational and does not trigger any automatic actions or affect the secret's lifecycle
ExternalSecretId string: (string)
FullName string: (string) - The three-level (fully qualified) name of the secret, in the form of catalog_name.schema_name.secret_name
MetastoreId string: (string) - Unique identifier of the metastore hosting the secret
Name string: The name of the secret, relative to its parent schema
Owner string: The owner of the secret. Defaults to the creating principal on creation. Can be updated to transfer ownership of the secret to another principal
ProviderConfig SecretUcProviderConfigArgs: Configure the provider for management through account provider.
SchemaName string: The name of the schema where the secret resides
UpdateTime string: (string) - The time at which this secret was last updated
UpdatedBy string: (string) - The principal that last updated the secret
Value string: The secret value to store. This field is input-only and is not returned in responses — use the effective_value field (via GetSecret with include_value set to true) to read the secret value. The maximum size is 60 KiB (pre-encryption). Accepted content includes passwords, tokens, keys, and other sensitive credential data

browse_only bool: (boolean) - Indicates whether the principal is limited to retrieving metadata for the associated object through the BROWSE privilege when include_browse is enabled in the request
catalog_name string: The name of the catalog where the schema and the secret reside
comment string: User-provided free-form text description of the secret
create_time string: (string) - The time at which this secret was created
created_by string: (string) - The principal that created the secret
effective_owner string: (string) - The effective owner of the secret, which may differ from the directly-set owner due to inheritance
effective_value string: (string) - The secret value. Only populated in responses when you have the READ_SECRET privilege and include_value is set to true in the request. The maximum size is 60 KiB
expire_time string: User-provided expiration time of the secret. This field indicates when the secret should no longer be used and may be displayed as a warning in the UI. It is purely informational and does not trigger any automatic actions or affect the secret's lifecycle
external_secret_id string: (string)
full_name string: (string) - The three-level (fully qualified) name of the secret, in the form of catalog_name.schema_name.secret_name
metastore_id string: (string) - Unique identifier of the metastore hosting the secret
name string: The name of the secret, relative to its parent schema
owner string: The owner of the secret. Defaults to the creating principal on creation. Can be updated to transfer ownership of the secret to another principal
provider_config object: Configure the provider for management through account provider.
schema_name string: The name of the schema where the secret resides
update_time string: (string) - The time at which this secret was last updated
updated_by string: (string) - The principal that last updated the secret
value string: The secret value to store. This field is input-only and is not returned in responses — use the effective_value field (via GetSecret with include_value set to true) to read the secret value. The maximum size is 60 KiB (pre-encryption). Accepted content includes passwords, tokens, keys, and other sensitive credential data

browseOnly Boolean: (boolean) - Indicates whether the principal is limited to retrieving metadata for the associated object through the BROWSE privilege when include_browse is enabled in the request
catalogName String: The name of the catalog where the schema and the secret reside
comment String: User-provided free-form text description of the secret
createTime String: (string) - The time at which this secret was created
createdBy String: (string) - The principal that created the secret
effectiveOwner String: (string) - The effective owner of the secret, which may differ from the directly-set owner due to inheritance
effectiveValue String: (string) - The secret value. Only populated in responses when you have the READ_SECRET privilege and include_value is set to true in the request. The maximum size is 60 KiB
expireTime String: User-provided expiration time of the secret. This field indicates when the secret should no longer be used and may be displayed as a warning in the UI. It is purely informational and does not trigger any automatic actions or affect the secret's lifecycle
externalSecretId String: (string)
fullName String: (string) - The three-level (fully qualified) name of the secret, in the form of catalog_name.schema_name.secret_name
metastoreId String: (string) - Unique identifier of the metastore hosting the secret
name String: The name of the secret, relative to its parent schema
owner String: The owner of the secret. Defaults to the creating principal on creation. Can be updated to transfer ownership of the secret to another principal
providerConfig SecretUcProviderConfig: Configure the provider for management through account provider.
schemaName String: The name of the schema where the secret resides
updateTime String: (string) - The time at which this secret was last updated
updatedBy String: (string) - The principal that last updated the secret
value String: The secret value to store. This field is input-only and is not returned in responses — use the effective_value field (via GetSecret with include_value set to true) to read the secret value. The maximum size is 60 KiB (pre-encryption). Accepted content includes passwords, tokens, keys, and other sensitive credential data

browseOnly boolean: (boolean) - Indicates whether the principal is limited to retrieving metadata for the associated object through the BROWSE privilege when include_browse is enabled in the request
catalogName string: The name of the catalog where the schema and the secret reside
comment string: User-provided free-form text description of the secret
createTime string: (string) - The time at which this secret was created
createdBy string: (string) - The principal that created the secret
effectiveOwner string: (string) - The effective owner of the secret, which may differ from the directly-set owner due to inheritance
effectiveValue string: (string) - The secret value. Only populated in responses when you have the READ_SECRET privilege and include_value is set to true in the request. The maximum size is 60 KiB
expireTime string: User-provided expiration time of the secret. This field indicates when the secret should no longer be used and may be displayed as a warning in the UI. It is purely informational and does not trigger any automatic actions or affect the secret's lifecycle
externalSecretId string: (string)
fullName string: (string) - The three-level (fully qualified) name of the secret, in the form of catalog_name.schema_name.secret_name
metastoreId string: (string) - Unique identifier of the metastore hosting the secret
name string: The name of the secret, relative to its parent schema
owner string: The owner of the secret. Defaults to the creating principal on creation. Can be updated to transfer ownership of the secret to another principal
providerConfig SecretUcProviderConfig: Configure the provider for management through account provider.
schemaName string: The name of the schema where the secret resides
updateTime string: (string) - The time at which this secret was last updated
updatedBy string: (string) - The principal that last updated the secret
value string: The secret value to store. This field is input-only and is not returned in responses — use the effective_value field (via GetSecret with include_value set to true) to read the secret value. The maximum size is 60 KiB (pre-encryption). Accepted content includes passwords, tokens, keys, and other sensitive credential data

browse_only bool: (boolean) - Indicates whether the principal is limited to retrieving metadata for the associated object through the BROWSE privilege when include_browse is enabled in the request
catalog_name str: The name of the catalog where the schema and the secret reside
comment str: User-provided free-form text description of the secret
create_time str: (string) - The time at which this secret was created
created_by str: (string) - The principal that created the secret
effective_owner str: (string) - The effective owner of the secret, which may differ from the directly-set owner due to inheritance
effective_value str: (string) - The secret value. Only populated in responses when you have the READ_SECRET privilege and include_value is set to true in the request. The maximum size is 60 KiB
expire_time str: User-provided expiration time of the secret. This field indicates when the secret should no longer be used and may be displayed as a warning in the UI. It is purely informational and does not trigger any automatic actions or affect the secret's lifecycle
external_secret_id str: (string)
full_name str: (string) - The three-level (fully qualified) name of the secret, in the form of catalog_name.schema_name.secret_name
metastore_id str: (string) - Unique identifier of the metastore hosting the secret
name str: The name of the secret, relative to its parent schema
owner str: The owner of the secret. Defaults to the creating principal on creation. Can be updated to transfer ownership of the secret to another principal
provider_config SecretUcProviderConfigArgs: Configure the provider for management through account provider.
schema_name str: The name of the schema where the secret resides
update_time str: (string) - The time at which this secret was last updated
updated_by str: (string) - The principal that last updated the secret
value str: The secret value to store. This field is input-only and is not returned in responses — use the effective_value field (via GetSecret with include_value set to true) to read the secret value. The maximum size is 60 KiB (pre-encryption). Accepted content includes passwords, tokens, keys, and other sensitive credential data

browseOnly Boolean: (boolean) - Indicates whether the principal is limited to retrieving metadata for the associated object through the BROWSE privilege when include_browse is enabled in the request
catalogName String: The name of the catalog where the schema and the secret reside
comment String: User-provided free-form text description of the secret
createTime String: (string) - The time at which this secret was created
createdBy String: (string) - The principal that created the secret
effectiveOwner String: (string) - The effective owner of the secret, which may differ from the directly-set owner due to inheritance
effectiveValue String: (string) - The secret value. Only populated in responses when you have the READ_SECRET privilege and include_value is set to true in the request. The maximum size is 60 KiB
expireTime String: User-provided expiration time of the secret. This field indicates when the secret should no longer be used and may be displayed as a warning in the UI. It is purely informational and does not trigger any automatic actions or affect the secret's lifecycle
externalSecretId String: (string)
fullName String: (string) - The three-level (fully qualified) name of the secret, in the form of catalog_name.schema_name.secret_name
metastoreId String: (string) - Unique identifier of the metastore hosting the secret
name String: The name of the secret, relative to its parent schema
owner String: The owner of the secret. Defaults to the creating principal on creation. Can be updated to transfer ownership of the secret to another principal
providerConfig Property Map: Configure the provider for management through account provider.
schemaName String: The name of the schema where the secret resides
updateTime String: (string) - The time at which this secret was last updated
updatedBy String: (string) - The principal that last updated the secret
value String: The secret value to store. This field is input-only and is not returned in responses — use the effective_value field (via GetSecret with include_value set to true) to read the secret value. The maximum size is 60 KiB (pre-encryption). Accepted content includes passwords, tokens, keys, and other sensitive credential data

Supporting Types

SecretUcProviderConfig, SecretUcProviderConfigArgs

WorkspaceId string: Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.

WorkspaceId string: Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.

workspace_id string: Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.

workspaceId String: Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.

workspaceId string: Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.

workspace_id str: Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.

workspaceId String: Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.

Package Details

Repository: databricks pulumi/pulumi-databricks
License: Apache-2.0
Notes: This Pulumi package is based on the databricks Terraform Provider.

Viewing docs for Databricks v1.92.0
published on Tuesday, May 12, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-databricks

databricks.SecretUc

On this page

On this page

Example Usage

Basic Example

Create SecretUc Resource

Constructor syntax

Parameters

Constructor example

SecretUc Resource Properties

Inputs

Outputs

Look up Existing SecretUc Resource

Supporting Types

SecretUcProviderConfig, SecretUcProviderConfigArgs

Package Details

On this page

On this page