feat: Secret resource

docs/resources/secret_with_authorization_code_grant.md

@@ -0,0 +1,93 @@
+---
+page_title: "snowflake_secret_with_authorization_code_grant Resource - terraform-provider-snowflake"
+subcategory: ""
+description: |-
+  Secret with OAuth authorization code grant where Secrets Type attribute is set to OAUTH2.
+---
+
+# snowflake_secret_with_authorization_code_grant (Resource)
+
+Secret with OAuth authorization code grant where Secrets Type attribute is set to OAUTH2.
+
+## Example Usage
+
+```terraform
+# basic resource
+resource "snowflake_secret_with_authorization_code_grant" "test" {
+  name                            = "EXAMPLE_SECRET"
+  database                        = "EXAMPLE_DB"
+  schema                          = "EXAMPLE_SCHEMA"
+  api_authentication              = "EXAMPLE_SECURITY_INTEGRATION_NAME"
+  oauth_refresh_token             = "EXAMPLE_TOKEN"
+  oauth_refresh_token_expiry_time = "2025-01-02 15:04:01"
+  comment                         = "EXAMPLE_COMMENT"
+}
+```
+
+-> **Note** Instead of using fully_qualified_name, you can reference objects managed outside Terraform by constructing a correct ID, consult [identifiers guide](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/guides/identifiers#new-computed-fully-qualified-name-field-in-resources).
+<!-- TODO(SNOW-1634854): include an example showing both methods-->
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `api_authentication` (String) Specifies the name value of the Snowflake security integration that connects Snowflake to an external service when setting Type to OAUTH2.
+- `database` (String) The database in which to create the secret Due to technical limitations (read more [here](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/identifiers_rework_design_decisions.md#known-limitations-and-identifier-recommendations)), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
+- `name` (String) String that specifies the identifier (i.e. name) for the secret, must be unique in your schema. Due to technical limitations (read more [here](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/identifiers_rework_design_decisions.md#known-limitations-and-identifier-recommendations)), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
+- `oauth_refresh_token` (String) Specifies the token as a string that is used to obtain a new access token from the OAuth authorization server when the access token expires.
+- `oauth_refresh_token_expiry_time` (String) Specifies the timestamp as a string when the OAuth refresh token expires. Accepted string formats: YYYY-MM-DD, YYYY-MM-DD HH:MI, YYYY-MM-DD HH:MI:SS, YYYY-MM-DD HH:MI <timezone>
+- `schema` (String) The schema in which to create the secret. Due to technical limitations (read more [here](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/identifiers_rework_design_decisions.md#known-limitations-and-identifier-recommendations)), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
+
+### Optional
+
+- `comment` (String) Specifies a comment for the secret.
+
+### Read-Only
+
+- `describe_output` (List of Object) Outputs the result of `DESCRIBE SECRET` for the given secret. (see [below for nested schema](#nestedatt--describe_output))
+- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
+- `id` (String) The ID of this resource.
+- `show_output` (List of Object) Outputs the result of `SHOW SECRET` for the given secret. (see [below for nested schema](#nestedatt--show_output))
+
+<a id="nestedatt--describe_output"></a>
+### Nested Schema for `describe_output`
+
+Read-Only:
+
+- `comment` (String)
+- `created_on` (String)
+- `database_name` (String)
+- `integration_name` (String)
+- `name` (String)
+- `oauth_access_token_expiry_time` (String)
+- `oauth_refresh_token_expiry_time` (String)
+- `oauth_scopes` (Set of String)
+- `owner` (String)
+- `schema_name` (String)
+- `secret_type` (String)
+- `username` (String)
+
+
+<a id="nestedatt--show_output"></a>
+### Nested Schema for `show_output`
+
+Read-Only:
+
+- `comment` (String)
+- `created_on` (String)
+- `database_name` (String)
+- `name` (String)
+- `oauth_scopes` (Set of String)
+- `owner` (String)
+- `owner_role_type` (String)
+- `schema_name` (String)
+- `secret_type` (String)
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import snowflake_secret_with_authorization_code_grant.example '"<database_name>"."<schema_name>"."<secret_name>"'
+```

docs/resources/secret_with_basic_authentication.md

@@ -0,0 +1,91 @@
+---
+page_title: "snowflake_secret_with_basic_authentication Resource - terraform-provider-snowflake"
+subcategory: ""
+description: |-
+  Secret with Basic Authentication where Secrets Type attribute is set to PASSWORD.
+---
+
+# snowflake_secret_with_basic_authentication (Resource)
+
+Secret with Basic Authentication where Secrets Type attribute is set to PASSWORD.
+
+## Example Usage
+
+```terraform
+# basic resource
+resource "snowflake_secret_with_basic_authentication" "test" {
+  name     = "EXAMPLE_SECRET"
+  database = "EXAMPLE_DB"
+  schema   = "EXAMPLE_SCHEMA"
+  username = "EXAMPLE_USERNAME"
+  password = "EXAMPLE_PASSWORD"
+  comment  = "EXAMPLE_COMMENT"
+}
+```
+
+-> **Note** Instead of using fully_qualified_name, you can reference objects managed outside Terraform by constructing a correct ID, consult [identifiers guide](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/guides/identifiers#new-computed-fully-qualified-name-field-in-resources).
+<!-- TODO(SNOW-1634854): include an example showing both methods-->
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `database` (String) The database in which to create the secret Due to technical limitations (read more [here](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/identifiers_rework_design_decisions.md#known-limitations-and-identifier-recommendations)), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
+- `name` (String) String that specifies the identifier (i.e. name) for the secret, must be unique in your schema. Due to technical limitations (read more [here](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/identifiers_rework_design_decisions.md#known-limitations-and-identifier-recommendations)), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
+- `password` (String) Specifies the password value to store in the secret when setting the TYPE value to PASSWORD.
+- `schema` (String) The schema in which to create the secret. Due to technical limitations (read more [here](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/identifiers_rework_design_decisions.md#known-limitations-and-identifier-recommendations)), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
+- `username` (String) Specifies the username value to store in the secret when setting the TYPE value to PASSWORD.
+
+### Optional
+
+- `comment` (String) Specifies a comment for the secret.
+
+### Read-Only
+
+- `describe_output` (List of Object) Outputs the result of `DESCRIBE SECRET` for the given secret. (see [below for nested schema](#nestedatt--describe_output))
+- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
+- `id` (String) The ID of this resource.
+- `show_output` (List of Object) Outputs the result of `SHOW SECRET` for the given secret. (see [below for nested schema](#nestedatt--show_output))
+
+<a id="nestedatt--describe_output"></a>
+### Nested Schema for `describe_output`
+
+Read-Only:
+
+- `comment` (String)
+- `created_on` (String)
+- `database_name` (String)
+- `integration_name` (String)
+- `name` (String)
+- `oauth_access_token_expiry_time` (String)
+- `oauth_refresh_token_expiry_time` (String)
+- `oauth_scopes` (Set of String)
+- `owner` (String)
+- `schema_name` (String)
+- `secret_type` (String)
+- `username` (String)
+
+
+<a id="nestedatt--show_output"></a>
+### Nested Schema for `show_output`
+
+Read-Only:
+
+- `comment` (String)
+- `created_on` (String)
+- `database_name` (String)
+- `name` (String)
+- `oauth_scopes` (Set of String)
+- `owner` (String)
+- `owner_role_type` (String)
+- `schema_name` (String)
+- `secret_type` (String)
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import snowflake_secret_with_basic_authentication.example '"<database_name>"."<schema_name>"."<secret_name>"'
+```

docs/resources/secret_with_client_credentials.md

@@ -0,0 +1,91 @@
+---
+page_title: "snowflake_secret_with_client_credentials Resource - terraform-provider-snowflake"
+subcategory: ""
+description: |-
+  Secret with OAuth Client Credentials where Secrets Type attribute is set to OAUTH2.
+---
+
+# snowflake_secret_with_client_credentials (Resource)
+
+Secret with OAuth Client Credentials where Secrets Type attribute is set to OAUTH2.
+
+## Example Usage
+
+```terraform
+# basic resource
+resource "snowflake_secret_with_client_credentials" "test" {
+  name               = "EXAMPLE_SECRET"
+  database           = "EXAMPLE_DB"
+  schema             = "EXAMPLE_SCHEMA"
+  api_authentication = "EXAMPLE_SECURITY_INTEGRATION_NAME"
+  oauth_scopes       = ["useraccount", "testscope"]
+  comment            = "EXAMPLE_COMMENT"
+}
+```
+
+-> **Note** Instead of using fully_qualified_name, you can reference objects managed outside Terraform by constructing a correct ID, consult [identifiers guide](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/guides/identifiers#new-computed-fully-qualified-name-field-in-resources).
+<!-- TODO(SNOW-1634854): include an example showing both methods-->
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `api_authentication` (String) Specifies the name value of the Snowflake security integration that connects Snowflake to an external service when setting Type to OAUTH2.
+- `database` (String) The database in which to create the secret Due to technical limitations (read more [here](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/identifiers_rework_design_decisions.md#known-limitations-and-identifier-recommendations)), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
+- `name` (String) String that specifies the identifier (i.e. name) for the secret, must be unique in your schema. Due to technical limitations (read more [here](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/identifiers_rework_design_decisions.md#known-limitations-and-identifier-recommendations)), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
+- `oauth_scopes` (Set of String) Specifies a list of scopes to use when making a request from the OAuth server by a role with USAGE on the integration during the OAuth client credentials flow.
+- `schema` (String) The schema in which to create the secret. Due to technical limitations (read more [here](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/identifiers_rework_design_decisions.md#known-limitations-and-identifier-recommendations)), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
+
+### Optional
+
+- `comment` (String) Specifies a comment for the secret.
+
+### Read-Only
+
+- `describe_output` (List of Object) Outputs the result of `DESCRIBE SECRET` for the given secret. (see [below for nested schema](#nestedatt--describe_output))
+- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
+- `id` (String) The ID of this resource.
+- `show_output` (List of Object) Outputs the result of `SHOW SECRET` for the given secret. (see [below for nested schema](#nestedatt--show_output))
+
+<a id="nestedatt--describe_output"></a>
+### Nested Schema for `describe_output`
+
+Read-Only:
+
+- `comment` (String)
+- `created_on` (String)
+- `database_name` (String)
+- `integration_name` (String)
+- `name` (String)
+- `oauth_access_token_expiry_time` (String)
+- `oauth_refresh_token_expiry_time` (String)
+- `oauth_scopes` (Set of String)
+- `owner` (String)
+- `schema_name` (String)
+- `secret_type` (String)
+- `username` (String)
+
+
+<a id="nestedatt--show_output"></a>
+### Nested Schema for `show_output`
+
+Read-Only:
+
+- `comment` (String)
+- `created_on` (String)
+- `database_name` (String)
+- `name` (String)
+- `oauth_scopes` (Set of String)
+- `owner` (String)
+- `owner_role_type` (String)
+- `schema_name` (String)
+- `secret_type` (String)
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import snowflake_secret_with_client_credentials.example '"<database_name>"."<schema_name>"."<secret_name>"'
+```

docs/resources/secret_with_generic_string.md

@@ -0,0 +1,89 @@
+---
+page_title: "snowflake_secret_with_generic_string Resource - terraform-provider-snowflake"
+subcategory: ""
+description: |-
+  Secret with Generic string where Secrets Type attribute is set to GENERIC_STRING.
+---
+
+# snowflake_secret_with_generic_string (Resource)
+
+Secret with Generic string where Secrets Type attribute is set to GENERIC_STRING.
+
+## Example Usage
+
+```terraform
+# basic resource
+resource "snowflake_secret_with_generic_string" "test" {
+  name          = "EXAMPLE_SECRET"
+  database      = "EXAMPLE_DB"
+  schema        = "EXAMPLE_SCHEMA"
+  secret_string = "EXAMPLE_SECRET_STRING"
+  comment       = "EXAMPLE_COMMENT"
+}
+```
+
+-> **Note** Instead of using fully_qualified_name, you can reference objects managed outside Terraform by constructing a correct ID, consult [identifiers guide](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/guides/identifiers#new-computed-fully-qualified-name-field-in-resources).
+<!-- TODO(SNOW-1634854): include an example showing both methods-->
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `database` (String) The database in which to create the secret Due to technical limitations (read more [here](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/identifiers_rework_design_decisions.md#known-limitations-and-identifier-recommendations)), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
+- `name` (String) String that specifies the identifier (i.e. name) for the secret, must be unique in your schema. Due to technical limitations (read more [here](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/identifiers_rework_design_decisions.md#known-limitations-and-identifier-recommendations)), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
+- `schema` (String) The schema in which to create the secret. Due to technical limitations (read more [here](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/identifiers_rework_design_decisions.md#known-limitations-and-identifier-recommendations)), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
+- `secret_string` (String) Specifies the string to store in the secret. The string can be an API token or a string of sensitive value that can be used in the handler code of a UDF or stored procedure. For details, see [Creating and using an external access integration](https://docs.snowflake.com/en/developer-guide/external-network-access/creating-using-external-network-access). You should not use this property to store any kind of OAuth token; use one of the other secret types for your OAuth use cases.
+
+### Optional
+
+- `comment` (String) Specifies a comment for the secret.
+
+### Read-Only
+
+- `describe_output` (List of Object) Outputs the result of `DESCRIBE SECRET` for the given secret. (see [below for nested schema](#nestedatt--describe_output))
+- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
+- `id` (String) The ID of this resource.
+- `show_output` (List of Object) Outputs the result of `SHOW SECRET` for the given secret. (see [below for nested schema](#nestedatt--show_output))
+
+<a id="nestedatt--describe_output"></a>
+### Nested Schema for `describe_output`
+
+Read-Only:
+
+- `comment` (String)
+- `created_on` (String)
+- `database_name` (String)
+- `integration_name` (String)
+- `name` (String)
+- `oauth_access_token_expiry_time` (String)
+- `oauth_refresh_token_expiry_time` (String)
+- `oauth_scopes` (Set of String)
+- `owner` (String)
+- `schema_name` (String)
+- `secret_type` (String)
+- `username` (String)
+
+
+<a id="nestedatt--show_output"></a>
+### Nested Schema for `show_output`
+
+Read-Only:
+
+- `comment` (String)
+- `created_on` (String)
+- `database_name` (String)
+- `name` (String)
+- `oauth_scopes` (Set of String)
+- `owner` (String)
+- `owner_role_type` (String)
+- `schema_name` (String)
+- `secret_type` (String)
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import snowflake_secret_with_generic_string.example '"<database_name>"."<schema_name>"."<secret_name>"'
+```

examples/resources/snowflake_secret_with_authorization_code_grant/import.sh

@@ -0,0 +1 @@
+terraform import snowflake_secret_with_authorization_code_grant.example '"<database_name>"."<schema_name>"."<secret_name>"'

examples/resources/snowflake_secret_with_authorization_code_grant/resource.tf

@@ -0,0 +1,10 @@
+# basic resource
+resource "snowflake_secret_with_authorization_code_grant" "test" {
+  name                            = "EXAMPLE_SECRET"
+  database                        = "EXAMPLE_DB"
+  schema                          = "EXAMPLE_SCHEMA"
+  api_authentication              = "EXAMPLE_SECURITY_INTEGRATION_NAME"
+  oauth_refresh_token             = "EXAMPLE_TOKEN"
+  oauth_refresh_token_expiry_time = "2025-01-02 15:04:01"
+  comment                         = "EXAMPLE_COMMENT"
+}

examples/resources/snowflake_secret_with_basic_authentication/import.sh

@@ -0,0 +1 @@
+terraform import snowflake_secret_with_basic_authentication.example '"<database_name>"."<schema_name>"."<secret_name>"'

examples/resources/snowflake_secret_with_basic_authentication/resource.tf

@@ -0,0 +1,9 @@
+# basic resource
+resource "snowflake_secret_with_basic_authentication" "test" {
+  name     = "EXAMPLE_SECRET"
+  database = "EXAMPLE_DB"
+  schema   = "EXAMPLE_SCHEMA"
+  username = "EXAMPLE_USERNAME"
+  password = "EXAMPLE_PASSWORD"
+  comment  = "EXAMPLE_COMMENT"
+}

examples/resources/snowflake_secret_with_client_credentials/import.sh

@@ -0,0 +1 @@
+terraform import snowflake_secret_with_client_credentials.example '"<database_name>"."<schema_name>"."<secret_name>"'