Docs Home
We recommend using Azure Native.
Azure v6.21.0 published on Friday, Mar 7, 2025 by Pulumi
azure.containerservice.RegistryCredentialSet
Explore with Pulumi AI
Manages a Container Registry Credential Set.
Example Usage
Minimal)
NOTE: Be aware that you will need to permit the Identity that is created for the Container Registry to have
geton secrets to the Key Vault, e.g. using theazure.keyvault.AccessPolicyresource.
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleRegistry = new azure.containerservice.Registry("example", {
name: "exampleContainerRegistry",
resourceGroupName: example.name,
location: example.location,
sku: "Basic",
});
const exampleRegistryCredentialSet = new azure.containerservice.RegistryCredentialSet("example", {
name: "exampleCredentialSet",
containerRegistryId: "azurerm_container_registry.example.id",
loginServer: "docker.io",
identity: {
type: "SystemAssigned",
},
authenticationCredentials: {
usernameSecretId: "https://example-keyvault.vault.azure.net/secrets/example-user-name",
passwordSecretId: "https://example-keyvault.vault.azure.net/secrets/example-user-password",
},
});
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_registry = azure.containerservice.Registry("example",
name="exampleContainerRegistry",
resource_group_name=example.name,
location=example.location,
sku="Basic")
example_registry_credential_set = azure.containerservice.RegistryCredentialSet("example",
name="exampleCredentialSet",
container_registry_id="azurerm_container_registry.example.id",
login_server="docker.io",
identity={
"type": "SystemAssigned",
},
authentication_credentials={
"username_secret_id": "https://example-keyvault.vault.azure.net/secrets/example-user-name",
"password_secret_id": "https://example-keyvault.vault.azure.net/secrets/example-user-password",
})
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/containerservice"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
_, err = containerservice.NewRegistry(ctx, "example", &containerservice.RegistryArgs{
Name: pulumi.String("exampleContainerRegistry"),
ResourceGroupName: example.Name,
Location: example.Location,
Sku: pulumi.String("Basic"),
})
if err != nil {
return err
}
_, err = containerservice.NewRegistryCredentialSet(ctx, "example", &containerservice.RegistryCredentialSetArgs{
Name: pulumi.String("exampleCredentialSet"),
ContainerRegistryId: pulumi.String("azurerm_container_registry.example.id"),
LoginServer: pulumi.String("docker.io"),
Identity: &containerservice.RegistryCredentialSetIdentityArgs{
Type: pulumi.String("SystemAssigned"),
},
AuthenticationCredentials: &containerservice.RegistryCredentialSetAuthenticationCredentialsArgs{
UsernameSecretId: pulumi.String("https://example-keyvault.vault.azure.net/secrets/example-user-name"),
PasswordSecretId: pulumi.String("https://example-keyvault.vault.azure.net/secrets/example-user-password"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleRegistry = new Azure.ContainerService.Registry("example", new()
{
Name = "exampleContainerRegistry",
ResourceGroupName = example.Name,
Location = example.Location,
Sku = "Basic",
});
var exampleRegistryCredentialSet = new Azure.ContainerService.RegistryCredentialSet("example", new()
{
Name = "exampleCredentialSet",
ContainerRegistryId = "azurerm_container_registry.example.id",
LoginServer = "docker.io",
Identity = new Azure.ContainerService.Inputs.RegistryCredentialSetIdentityArgs
{
Type = "SystemAssigned",
},
AuthenticationCredentials = new Azure.ContainerService.Inputs.RegistryCredentialSetAuthenticationCredentialsArgs
{
UsernameSecretId = "https://example-keyvault.vault.azure.net/secrets/example-user-name",
PasswordSecretId = "https://example-keyvault.vault.azure.net/secrets/example-user-password",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.containerservice.Registry;
import com.pulumi.azure.containerservice.RegistryArgs;
import com.pulumi.azure.containerservice.RegistryCredentialSet;
import com.pulumi.azure.containerservice.RegistryCredentialSetArgs;
import com.pulumi.azure.containerservice.inputs.RegistryCredentialSetIdentityArgs;
import com.pulumi.azure.containerservice.inputs.RegistryCredentialSetAuthenticationCredentialsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleRegistry = new Registry("exampleRegistry", RegistryArgs.builder()
.name("exampleContainerRegistry")
.resourceGroupName(example.name())
.location(example.location())
.sku("Basic")
.build());
var exampleRegistryCredentialSet = new RegistryCredentialSet("exampleRegistryCredentialSet", RegistryCredentialSetArgs.builder()
.name("exampleCredentialSet")
.containerRegistryId("azurerm_container_registry.example.id")
.loginServer("docker.io")
.identity(RegistryCredentialSetIdentityArgs.builder()
.type("SystemAssigned")
.build())
.authenticationCredentials(RegistryCredentialSetAuthenticationCredentialsArgs.builder()
.usernameSecretId("https://example-keyvault.vault.azure.net/secrets/example-user-name")
.passwordSecretId("https://example-keyvault.vault.azure.net/secrets/example-user-password")
.build())
.build());
}
}
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleRegistry:
type: azure:containerservice:Registry
name: example
properties:
name: exampleContainerRegistry
resourceGroupName: ${example.name}
location: ${example.location}
sku: Basic
exampleRegistryCredentialSet:
type: azure:containerservice:RegistryCredentialSet
name: example
properties:
name: exampleCredentialSet
containerRegistryId: azurerm_container_registry.example.id
loginServer: docker.io
identity:
type: SystemAssigned
authenticationCredentials:
usernameSecretId: https://example-keyvault.vault.azure.net/secrets/example-user-name
passwordSecretId: https://example-keyvault.vault.azure.net/secrets/example-user-password
Full)
This example provisions a key vault with two secrets, a container registry, a container registry credential set, and an access policy to allow the container registry to read the secrets from the key vault.
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const current = azure.core.getClientConfig({});
const exampleKeyVault = new azure.keyvault.KeyVault("example", {
name: "examplekeyvault",
location: example.location,
resourceGroupName: example.name,
tenantId: current.then(current => current.tenantId),
skuName: "standard",
softDeleteRetentionDays: 7,
accessPolicies: [{
tenantId: current.then(current => current.tenantId),
objectId: current.then(current => current.objectId),
certificatePermissions: [],
keyPermissions: [],
secretPermissions: [
"Get",
"Set",
"Delete",
"Purge",
],
}],
});
const exampleUser = new azure.keyvault.Secret("example_user", {
keyVaultId: exampleKeyVault.id,
name: "example-user-name",
value: "name",
});
const examplePassword = new azure.keyvault.Secret("example_password", {
keyVaultId: exampleKeyVault.id,
name: "example-user-password",
value: "password",
});
const exampleRegistry = new azure.containerservice.Registry("example", {
name: "exampleContainerRegistry",
resourceGroupName: example.name,
location: example.location,
sku: "Basic",
});
const exampleRegistryCredentialSet = new azure.containerservice.RegistryCredentialSet("example", {
name: "exampleCredentialSet",
containerRegistryId: "azurerm_container_registry.example.id",
loginServer: "docker.io",
identity: {
type: "SystemAssigned",
},
authenticationCredentials: {
usernameSecretId: exampleUser.versionlessId,
passwordSecretId: examplePassword.versionlessId,
},
});
const readSecrets = new azure.keyvault.AccessPolicy("read_secrets", {
keyVaultId: exampleKeyVault.id,
tenantId: exampleRegistryCredentialSet.identity.apply(identity => identity.tenantId),
objectId: exampleRegistryCredentialSet.identity.apply(identity => identity.principalId),
secretPermissions: ["Get"],
});
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
current = azure.core.get_client_config()
example_key_vault = azure.keyvault.KeyVault("example",
name="examplekeyvault",
location=example.location,
resource_group_name=example.name,
tenant_id=current.tenant_id,
sku_name="standard",
soft_delete_retention_days=7,
access_policies=[{
"tenant_id": current.tenant_id,
"object_id": current.object_id,
"certificate_permissions": [],
"key_permissions": [],
"secret_permissions": [
"Get",
"Set",
"Delete",
"Purge",
],
}])
example_user = azure.keyvault.Secret("example_user",
key_vault_id=example_key_vault.id,
name="example-user-name",
value="name")
example_password = azure.keyvault.Secret("example_password",
key_vault_id=example_key_vault.id,
name="example-user-password",
value="password")
example_registry = azure.containerservice.Registry("example",
name="exampleContainerRegistry",
resource_group_name=example.name,
location=example.location,
sku="Basic")
example_registry_credential_set = azure.containerservice.RegistryCredentialSet("example",
name="exampleCredentialSet",
container_registry_id="azurerm_container_registry.example.id",
login_server="docker.io",
identity={
"type": "SystemAssigned",
},
authentication_credentials={
"username_secret_id": example_user.versionless_id,
"password_secret_id": example_password.versionless_id,
})
read_secrets = azure.keyvault.AccessPolicy("read_secrets",
key_vault_id=example_key_vault.id,
tenant_id=example_registry_credential_set.identity.tenant_id,
object_id=example_registry_credential_set.identity.principal_id,
secret_permissions=["Get"])
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/containerservice"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
current, err := core.GetClientConfig(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
Name: pulumi.String("examplekeyvault"),
Location: example.Location,
ResourceGroupName: example.Name,
TenantId: pulumi.String(current.TenantId),
SkuName: pulumi.String("standard"),
SoftDeleteRetentionDays: pulumi.Int(7),
AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
&keyvault.KeyVaultAccessPolicyArgs{
TenantId: pulumi.String(current.TenantId),
ObjectId: pulumi.String(current.ObjectId),
CertificatePermissions: pulumi.StringArray{},
KeyPermissions: pulumi.StringArray{},
SecretPermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("Set"),
pulumi.String("Delete"),
pulumi.String("Purge"),
},
},
},
})
if err != nil {
return err
}
exampleUser, err := keyvault.NewSecret(ctx, "example_user", &keyvault.SecretArgs{
KeyVaultId: exampleKeyVault.ID(),
Name: pulumi.String("example-user-name"),
Value: pulumi.String("name"),
})
if err != nil {
return err
}
examplePassword, err := keyvault.NewSecret(ctx, "example_password", &keyvault.SecretArgs{
KeyVaultId: exampleKeyVault.ID(),
Name: pulumi.String("example-user-password"),
Value: pulumi.String("password"),
})
if err != nil {
return err
}
_, err = containerservice.NewRegistry(ctx, "example", &containerservice.RegistryArgs{
Name: pulumi.String("exampleContainerRegistry"),
ResourceGroupName: example.Name,
Location: example.Location,
Sku: pulumi.String("Basic"),
})
if err != nil {
return err
}
exampleRegistryCredentialSet, err := containerservice.NewRegistryCredentialSet(ctx, "example", &containerservice.RegistryCredentialSetArgs{
Name: pulumi.String("exampleCredentialSet"),
ContainerRegistryId: pulumi.String("azurerm_container_registry.example.id"),
LoginServer: pulumi.String("docker.io"),
Identity: &containerservice.RegistryCredentialSetIdentityArgs{
Type: pulumi.String("SystemAssigned"),
},
AuthenticationCredentials: &containerservice.RegistryCredentialSetAuthenticationCredentialsArgs{
UsernameSecretId: exampleUser.VersionlessId,
PasswordSecretId: examplePassword.VersionlessId,
},
})
if err != nil {
return err
}
_, err = keyvault.NewAccessPolicy(ctx, "read_secrets", &keyvault.AccessPolicyArgs{
KeyVaultId: exampleKeyVault.ID(),
TenantId: pulumi.String(exampleRegistryCredentialSet.Identity.ApplyT(func(identity containerservice.RegistryCredentialSetIdentity) (*string, error) {
return &identity.TenantId, nil
}).(pulumi.StringPtrOutput)),
ObjectId: pulumi.String(exampleRegistryCredentialSet.Identity.ApplyT(func(identity containerservice.RegistryCredentialSetIdentity) (*string, error) {
return &identity.PrincipalId, nil
}).(pulumi.StringPtrOutput)),
SecretPermissions: pulumi.StringArray{
pulumi.String("Get"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var current = Azure.Core.GetClientConfig.Invoke();
var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
{
Name = "examplekeyvault",
Location = example.Location,
ResourceGroupName = example.Name,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
SkuName = "standard",
SoftDeleteRetentionDays = 7,
AccessPolicies = new[]
{
new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
{
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
CertificatePermissions = new() { },
KeyPermissions = new() { },
SecretPermissions = new[]
{
"Get",
"Set",
"Delete",
"Purge",
},
},
},
});
var exampleUser = new Azure.KeyVault.Secret("example_user", new()
{
KeyVaultId = exampleKeyVault.Id,
Name = "example-user-name",
Value = "name",
});
var examplePassword = new Azure.KeyVault.Secret("example_password", new()
{
KeyVaultId = exampleKeyVault.Id,
Name = "example-user-password",
Value = "password",
});
var exampleRegistry = new Azure.ContainerService.Registry("example", new()
{
Name = "exampleContainerRegistry",
ResourceGroupName = example.Name,
Location = example.Location,
Sku = "Basic",
});
var exampleRegistryCredentialSet = new Azure.ContainerService.RegistryCredentialSet("example", new()
{
Name = "exampleCredentialSet",
ContainerRegistryId = "azurerm_container_registry.example.id",
LoginServer = "docker.io",
Identity = new Azure.ContainerService.Inputs.RegistryCredentialSetIdentityArgs
{
Type = "SystemAssigned",
},
AuthenticationCredentials = new Azure.ContainerService.Inputs.RegistryCredentialSetAuthenticationCredentialsArgs
{
UsernameSecretId = exampleUser.VersionlessId,
PasswordSecretId = examplePassword.VersionlessId,
},
});
var readSecrets = new Azure.KeyVault.AccessPolicy("read_secrets", new()
{
KeyVaultId = exampleKeyVault.Id,
TenantId = exampleRegistryCredentialSet.Identity.Apply(identity => identity.TenantId),
ObjectId = exampleRegistryCredentialSet.Identity.Apply(identity => identity.PrincipalId),
SecretPermissions = new[]
{
"Get",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
import com.pulumi.azure.keyvault.Secret;
import com.pulumi.azure.keyvault.SecretArgs;
import com.pulumi.azure.containerservice.Registry;
import com.pulumi.azure.containerservice.RegistryArgs;
import com.pulumi.azure.containerservice.RegistryCredentialSet;
import com.pulumi.azure.containerservice.RegistryCredentialSetArgs;
import com.pulumi.azure.containerservice.inputs.RegistryCredentialSetIdentityArgs;
import com.pulumi.azure.containerservice.inputs.RegistryCredentialSetAuthenticationCredentialsArgs;
import com.pulumi.azure.keyvault.AccessPolicy;
import com.pulumi.azure.keyvault.AccessPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
final var current = CoreFunctions.getClientConfig();
var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
.name("examplekeyvault")
.location(example.location())
.resourceGroupName(example.name())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.skuName("standard")
.softDeleteRetentionDays(7)
.accessPolicies(KeyVaultAccessPolicyArgs.builder()
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
.certificatePermissions()
.keyPermissions()
.secretPermissions(
"Get",
"Set",
"Delete",
"Purge")
.build())
.build());
var exampleUser = new Secret("exampleUser", SecretArgs.builder()
.keyVaultId(exampleKeyVault.id())
.name("example-user-name")
.value("name")
.build());
var examplePassword = new Secret("examplePassword", SecretArgs.builder()
.keyVaultId(exampleKeyVault.id())
.name("example-user-password")
.value("password")
.build());
var exampleRegistry = new Registry("exampleRegistry", RegistryArgs.builder()
.name("exampleContainerRegistry")
.resourceGroupName(example.name())
.location(example.location())
.sku("Basic")
.build());
var exampleRegistryCredentialSet = new RegistryCredentialSet("exampleRegistryCredentialSet", RegistryCredentialSetArgs.builder()
.name("exampleCredentialSet")
.containerRegistryId("azurerm_container_registry.example.id")
.loginServer("docker.io")
.identity(RegistryCredentialSetIdentityArgs.builder()
.type("SystemAssigned")
.build())
.authenticationCredentials(RegistryCredentialSetAuthenticationCredentialsArgs.builder()
.usernameSecretId(exampleUser.versionlessId())
.passwordSecretId(examplePassword.versionlessId())
.build())
.build());
var readSecrets = new AccessPolicy("readSecrets", AccessPolicyArgs.builder()
.keyVaultId(exampleKeyVault.id())
.tenantId(exampleRegistryCredentialSet.identity().applyValue(identity -> identity.tenantId()))
.objectId(exampleRegistryCredentialSet.identity().applyValue(identity -> identity.principalId()))
.secretPermissions("Get")
.build());
}
}
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleKeyVault:
type: azure:keyvault:KeyVault
name: example
properties:
name: examplekeyvault
location: ${example.location}
resourceGroupName: ${example.name}
tenantId: ${current.tenantId}
skuName: standard
softDeleteRetentionDays: 7
accessPolicies:
- tenantId: ${current.tenantId}
objectId: ${current.objectId}
certificatePermissions: []
keyPermissions: []
secretPermissions:
- Get
- Set
- Delete
- Purge
exampleUser:
type: azure:keyvault:Secret
name: example_user
properties:
keyVaultId: ${exampleKeyVault.id}
name: example-user-name
value: name
examplePassword:
type: azure:keyvault:Secret
name: example_password
properties:
keyVaultId: ${exampleKeyVault.id}
name: example-user-password
value: password
exampleRegistry:
type: azure:containerservice:Registry
name: example
properties:
name: exampleContainerRegistry
resourceGroupName: ${example.name}
location: ${example.location}
sku: Basic
exampleRegistryCredentialSet:
type: azure:containerservice:RegistryCredentialSet
name: example
properties:
name: exampleCredentialSet
containerRegistryId: azurerm_container_registry.example.id
loginServer: docker.io
identity:
type: SystemAssigned
authenticationCredentials:
usernameSecretId: ${exampleUser.versionlessId}
passwordSecretId: ${examplePassword.versionlessId}
readSecrets:
type: azure:keyvault:AccessPolicy
name: read_secrets
properties:
keyVaultId: ${exampleKeyVault.id}
tenantId: ${exampleRegistryCredentialSet.identity.tenantId}
objectId: ${exampleRegistryCredentialSet.identity.principalId}
secretPermissions:
- Get
variables:
current:
fn::invoke:
function: azure:core:getClientConfig
arguments: {}
Create RegistryCredentialSet Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new RegistryCredentialSet(name: string, args: RegistryCredentialSetArgs, opts?: CustomResourceOptions);@overload
def RegistryCredentialSet(resource_name: str,
args: RegistryCredentialSetArgs,
opts: Optional[ResourceOptions] = None)
@overload
def RegistryCredentialSet(resource_name: str,
opts: Optional[ResourceOptions] = None,
authentication_credentials: Optional[RegistryCredentialSetAuthenticationCredentialsArgs] = None,
container_registry_id: Optional[str] = None,
identity: Optional[RegistryCredentialSetIdentityArgs] = None,
login_server: Optional[str] = None,
name: Optional[str] = None)func NewRegistryCredentialSet(ctx *Context, name string, args RegistryCredentialSetArgs, opts ...ResourceOption) (*RegistryCredentialSet, error)public RegistryCredentialSet(string name, RegistryCredentialSetArgs args, CustomResourceOptions? opts = null)
public RegistryCredentialSet(String name, RegistryCredentialSetArgs args)
public RegistryCredentialSet(String name, RegistryCredentialSetArgs args, CustomResourceOptions options)
type: azure:containerservice:RegistryCredentialSet
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RegistryCredentialSetArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RegistryCredentialSetArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RegistryCredentialSetArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RegistryCredentialSetArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RegistryCredentialSetArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var registryCredentialSetResource = new Azure.ContainerService.RegistryCredentialSet("registryCredentialSetResource", new()
{
AuthenticationCredentials = new Azure.ContainerService.Inputs.RegistryCredentialSetAuthenticationCredentialsArgs
{
PasswordSecretId = "string",
UsernameSecretId = "string",
},
ContainerRegistryId = "string",
Identity = new Azure.ContainerService.Inputs.RegistryCredentialSetIdentityArgs
{
Type = "string",
PrincipalId = "string",
TenantId = "string",
},
LoginServer = "string",
Name = "string",
});
example, err := containerservice.NewRegistryCredentialSet(ctx, "registryCredentialSetResource", &containerservice.RegistryCredentialSetArgs{
AuthenticationCredentials: &containerservice.RegistryCredentialSetAuthenticationCredentialsArgs{
PasswordSecretId: pulumi.String("string"),
UsernameSecretId: pulumi.String("string"),
},
ContainerRegistryId: pulumi.String("string"),
Identity: &containerservice.RegistryCredentialSetIdentityArgs{
Type: pulumi.String("string"),
PrincipalId: pulumi.String("string"),
TenantId: pulumi.String("string"),
},
LoginServer: pulumi.String("string"),
Name: pulumi.String("string"),
})
var registryCredentialSetResource = new RegistryCredentialSet("registryCredentialSetResource", RegistryCredentialSetArgs.builder()
.authenticationCredentials(RegistryCredentialSetAuthenticationCredentialsArgs.builder()
.passwordSecretId("string")
.usernameSecretId("string")
.build())
.containerRegistryId("string")
.identity(RegistryCredentialSetIdentityArgs.builder()
.type("string")
.principalId("string")
.tenantId("string")
.build())
.loginServer("string")
.name("string")
.build());
registry_credential_set_resource = azure.containerservice.RegistryCredentialSet("registryCredentialSetResource",
authentication_credentials={
"password_secret_id": "string",
"username_secret_id": "string",
},
container_registry_id="string",
identity={
"type": "string",
"principal_id": "string",
"tenant_id": "string",
},
login_server="string",
name="string")
const registryCredentialSetResource = new azure.containerservice.RegistryCredentialSet("registryCredentialSetResource", {
authenticationCredentials: {
passwordSecretId: "string",
usernameSecretId: "string",
},
containerRegistryId: "string",
identity: {
type: "string",
principalId: "string",
tenantId: "string",
},
loginServer: "string",
name: "string",
});
type: azure:containerservice:RegistryCredentialSet
properties:
authenticationCredentials:
passwordSecretId: string
usernameSecretId: string
containerRegistryId: string
identity:
principalId: string
tenantId: string
type: string
loginServer: string
name: string
RegistryCredentialSet Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The RegistryCredentialSet resource accepts the following input properties:
- Authentication
Credentials RegistryCredential Set Authentication Credentials - A
authentication_credentialsblock as defined below. - Container
Registry stringId - The ID of the Container Registry. Changing this forces a new Container Registry Credential Set to be created.
- Identity
Registry
Credential Set Identity - An
identityblock as defined below. - Login
Server string - The login server for the Credential Set. Changing this forces a new Container Registry Credential Set to be created.
- Name string
- The name which should be used for this Container Registry Credential Set. Changing this forces a new Container Registry Credential Set to be created.
- Authentication
Credentials RegistryCredential Set Authentication Credentials Args - A
authentication_credentialsblock as defined below. - Container
Registry stringId - The ID of the Container Registry. Changing this forces a new Container Registry Credential Set to be created.
- Identity
Registry
Credential Set Identity Args - An
identityblock as defined below. - Login
Server string - The login server for the Credential Set. Changing this forces a new Container Registry Credential Set to be created.
- Name string
- The name which should be used for this Container Registry Credential Set. Changing this forces a new Container Registry Credential Set to be created.
- authentication
Credentials RegistryCredential Set Authentication Credentials - A
authentication_credentialsblock as defined below. - container
Registry StringId - The ID of the Container Registry. Changing this forces a new Container Registry Credential Set to be created.
- identity
Registry
Credential Set Identity - An
identityblock as defined below. - login
Server String - The login server for the Credential Set. Changing this forces a new Container Registry Credential Set to be created.
- name String
- The name which should be used for this Container Registry Credential Set. Changing this forces a new Container Registry Credential Set to be created.
- authentication
Credentials RegistryCredential Set Authentication Credentials - A
authentication_credentialsblock as defined below. - container
Registry stringId - The ID of the Container Registry. Changing this forces a new Container Registry Credential Set to be created.
- identity
Registry
Credential Set Identity - An
identityblock as defined below. - login
Server string - The login server for the Credential Set. Changing this forces a new Container Registry Credential Set to be created.
- name string
- The name which should be used for this Container Registry Credential Set. Changing this forces a new Container Registry Credential Set to be created.
- authentication_
credentials RegistryCredential Set Authentication Credentials Args - A
authentication_credentialsblock as defined below. - container_
registry_ strid - The ID of the Container Registry. Changing this forces a new Container Registry Credential Set to be created.
- identity
Registry
Credential Set Identity Args - An
identityblock as defined below. - login_
server str - The login server for the Credential Set. Changing this forces a new Container Registry Credential Set to be created.
- name str
- The name which should be used for this Container Registry Credential Set. Changing this forces a new Container Registry Credential Set to be created.
- authentication
Credentials Property Map - A
authentication_credentialsblock as defined below. - container
Registry StringId - The ID of the Container Registry. Changing this forces a new Container Registry Credential Set to be created.
- identity Property Map
- An
identityblock as defined below. - login
Server String - The login server for the Credential Set. Changing this forces a new Container Registry Credential Set to be created.
- name String
- The name which should be used for this Container Registry Credential Set. Changing this forces a new Container Registry Credential Set to be created.
Outputs
All input properties are implicitly available as output properties. Additionally, the RegistryCredentialSet resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing RegistryCredentialSet Resource
Get an existing RegistryCredentialSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RegistryCredentialSetState, opts?: CustomResourceOptions): RegistryCredentialSet@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
authentication_credentials: Optional[RegistryCredentialSetAuthenticationCredentialsArgs] = None,
container_registry_id: Optional[str] = None,
identity: Optional[RegistryCredentialSetIdentityArgs] = None,
login_server: Optional[str] = None,
name: Optional[str] = None) -> RegistryCredentialSetfunc GetRegistryCredentialSet(ctx *Context, name string, id IDInput, state *RegistryCredentialSetState, opts ...ResourceOption) (*RegistryCredentialSet, error)public static RegistryCredentialSet Get(string name, Input<string> id, RegistryCredentialSetState? state, CustomResourceOptions? opts = null)public static RegistryCredentialSet get(String name, Output<String> id, RegistryCredentialSetState state, CustomResourceOptions options)resources: _: type: azure:containerservice:RegistryCredentialSet get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Authentication
Credentials RegistryCredential Set Authentication Credentials - A
authentication_credentialsblock as defined below. - Container
Registry stringId - The ID of the Container Registry. Changing this forces a new Container Registry Credential Set to be created.
- Identity
Registry
Credential Set Identity - An
identityblock as defined below. - Login
Server string - The login server for the Credential Set. Changing this forces a new Container Registry Credential Set to be created.
- Name string
- The name which should be used for this Container Registry Credential Set. Changing this forces a new Container Registry Credential Set to be created.
- Authentication
Credentials RegistryCredential Set Authentication Credentials Args - A
authentication_credentialsblock as defined below. - Container
Registry stringId - The ID of the Container Registry. Changing this forces a new Container Registry Credential Set to be created.
- Identity
Registry
Credential Set Identity Args - An
identityblock as defined below. - Login
Server string - The login server for the Credential Set. Changing this forces a new Container Registry Credential Set to be created.
- Name string
- The name which should be used for this Container Registry Credential Set. Changing this forces a new Container Registry Credential Set to be created.
- authentication
Credentials RegistryCredential Set Authentication Credentials - A
authentication_credentialsblock as defined below. - container
Registry StringId - The ID of the Container Registry. Changing this forces a new Container Registry Credential Set to be created.
- identity
Registry
Credential Set Identity - An
identityblock as defined below. - login
Server String - The login server for the Credential Set. Changing this forces a new Container Registry Credential Set to be created.
- name String
- The name which should be used for this Container Registry Credential Set. Changing this forces a new Container Registry Credential Set to be created.
- authentication
Credentials RegistryCredential Set Authentication Credentials - A
authentication_credentialsblock as defined below. - container
Registry stringId - The ID of the Container Registry. Changing this forces a new Container Registry Credential Set to be created.
- identity
Registry
Credential Set Identity - An
identityblock as defined below. - login
Server string - The login server for the Credential Set. Changing this forces a new Container Registry Credential Set to be created.
- name string
- The name which should be used for this Container Registry Credential Set. Changing this forces a new Container Registry Credential Set to be created.
- authentication_
credentials RegistryCredential Set Authentication Credentials Args - A
authentication_credentialsblock as defined below. - container_
registry_ strid - The ID of the Container Registry. Changing this forces a new Container Registry Credential Set to be created.
- identity
Registry
Credential Set Identity Args - An
identityblock as defined below. - login_
server str - The login server for the Credential Set. Changing this forces a new Container Registry Credential Set to be created.
- name str
- The name which should be used for this Container Registry Credential Set. Changing this forces a new Container Registry Credential Set to be created.
- authentication
Credentials Property Map - A
authentication_credentialsblock as defined below. - container
Registry StringId - The ID of the Container Registry. Changing this forces a new Container Registry Credential Set to be created.
- identity Property Map
- An
identityblock as defined below. - login
Server String - The login server for the Credential Set. Changing this forces a new Container Registry Credential Set to be created.
- name String
- The name which should be used for this Container Registry Credential Set. Changing this forces a new Container Registry Credential Set to be created.
Supporting Types
RegistryCredentialSetAuthenticationCredentials, RegistryCredentialSetAuthenticationCredentialsArgs
- Password
Secret stringId The URI of the secret containing the password in a Key Vault.
NOTE: Be aware that you will need to permit the Identity that is created for the Container Registry to have
geton secrets to the Key Vault, e.g. using theazure.keyvault.AccessPolicyresource.- Username
Secret stringId - The URI of the secret containing the username in a Key Vault.
- Password
Secret stringId The URI of the secret containing the password in a Key Vault.
NOTE: Be aware that you will need to permit the Identity that is created for the Container Registry to have
geton secrets to the Key Vault, e.g. using theazure.keyvault.AccessPolicyresource.- Username
Secret stringId - The URI of the secret containing the username in a Key Vault.
- password
Secret StringId The URI of the secret containing the password in a Key Vault.
NOTE: Be aware that you will need to permit the Identity that is created for the Container Registry to have
geton secrets to the Key Vault, e.g. using theazure.keyvault.AccessPolicyresource.- username
Secret StringId - The URI of the secret containing the username in a Key Vault.
- password
Secret stringId The URI of the secret containing the password in a Key Vault.
NOTE: Be aware that you will need to permit the Identity that is created for the Container Registry to have
geton secrets to the Key Vault, e.g. using theazure.keyvault.AccessPolicyresource.- username
Secret stringId - The URI of the secret containing the username in a Key Vault.
- password_
secret_ strid The URI of the secret containing the password in a Key Vault.
NOTE: Be aware that you will need to permit the Identity that is created for the Container Registry to have
geton secrets to the Key Vault, e.g. using theazure.keyvault.AccessPolicyresource.- username_
secret_ strid - The URI of the secret containing the username in a Key Vault.
- password
Secret StringId The URI of the secret containing the password in a Key Vault.
NOTE: Be aware that you will need to permit the Identity that is created for the Container Registry to have
geton secrets to the Key Vault, e.g. using theazure.keyvault.AccessPolicyresource.- username
Secret StringId - The URI of the secret containing the username in a Key Vault.
RegistryCredentialSetIdentity, RegistryCredentialSetIdentityArgs
- Type string
- The type of Managed Service Identity that is configured on for the Container Registry Credential Set. Currently the only possible value is
SystemAssigned. - Principal
Id string - The principal ID of the Identity.
- Tenant
Id string - The tenant ID of the Identity.
- Type string
- The type of Managed Service Identity that is configured on for the Container Registry Credential Set. Currently the only possible value is
SystemAssigned. - Principal
Id string - The principal ID of the Identity.
- Tenant
Id string - The tenant ID of the Identity.
- type String
- The type of Managed Service Identity that is configured on for the Container Registry Credential Set. Currently the only possible value is
SystemAssigned. - principal
Id String - The principal ID of the Identity.
- tenant
Id String - The tenant ID of the Identity.
- type string
- The type of Managed Service Identity that is configured on for the Container Registry Credential Set. Currently the only possible value is
SystemAssigned. - principal
Id string - The principal ID of the Identity.
- tenant
Id string - The tenant ID of the Identity.
- type str
- The type of Managed Service Identity that is configured on for the Container Registry Credential Set. Currently the only possible value is
SystemAssigned. - principal_
id str - The principal ID of the Identity.
- tenant_
id str - The tenant ID of the Identity.
- type String
- The type of Managed Service Identity that is configured on for the Container Registry Credential Set. Currently the only possible value is
SystemAssigned. - principal
Id String - The principal ID of the Identity.
- tenant
Id String - The tenant ID of the Identity.
Import
Container Registry Credential Sets can be imported using the resource id, e.g.
$ pulumi import azure:containerservice/registryCredentialSet:RegistryCredentialSet example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.ContainerRegistry/registries/registry1/credentialSets/credentialSet1
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurermTerraform Provider.