fn::rotate
The fn::rotate built-in function invokes a rotator to rotate secrets.
Some of a rotator’s inputs may only be evaluated when the environment containing the fn::rotate invocation is rotated. This can be combined with the environments built-in value to fetch managing credentials from other environments that may require additional permissions beyond those given to typical users of an environment. The exact inputs that are rotation-only are dependent on the rotator.
Declaration
fn::rotate: provider: name inputs: inputs state: state Short form
In addition to the long form syntax, fn::rotate can be invoked using the short form fn::rotate::name:
fn::rotate::name: inputs: inputs state: state Parameters
| Property | Type | Description |
|---|---|---|
name | string | The name of the rotator to use. |
inputs | any | The inputs to the rotator. The exact type is rotator-dependent. |
state | any | The persistent state for the rotator. This value is managed by the rotator and should not be modified. |
Returns
The return value of fn::rotate is dependent on the rotator being invoked.
Example
Long form
values: aws: iam: fn::rotate: provider: aws-iam inputs: region: us-west-2 login: ${environments.admin.production.aws.login} userArn: arn::aws:iam::012345678901:user/my-user state: current: ... previous: ... Short form
values: aws: iam: fn::rotate::aws-iam: inputs: region: us-west-2 login: ${environments.admin.production.aws.login} userArn: arn::aws:iam::012345678901:user/my-user state: current: ... previous: ... Evaluated result
{ "aws": { "iam": { "current": ..., "previous": ... } } } Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.
