import * as pulumi from "@pulumi/pulumi";
import * as inputs from "./types/input";
import * as outputs from "./types/output";
/**
 * Sometimes accessing data requires that you authenticate to external data sources through JDBC. Instead of directly entering your credentials into a notebook, use Databricks secrets to store your credentials and reference them in notebooks and jobs. Please consult [Secrets User Guide](https://docs.databricks.com/security/secrets/index.html#secrets-user-guide) for more details.
 *
 * ## Example Usage
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as databricks from "@pulumi/databricks";
 *
 * const _this = new databricks.SecretScope("this", {name: "terraform-demo-scope"});
 * ```
 *
 * ## Related Resources
 *
 * The following resources are often used in the same context:
 *
 * * End to end workspace management guide.
 * * databricks.Notebook to manage [Databricks Notebooks](https://docs.databricks.com/notebooks/index.html).
 * * databricks.Repo to manage [Databricks Repos](https://docs.databricks.com/repos.html).
 * * databricks.Secret to manage [secrets](https://docs.databricks.com/security/secrets/index.html#secrets-user-guide) in Databricks workspace.
 * * databricks.SecretAcl to manage access to [secrets](https://docs.databricks.com/security/secrets/index.html#secrets-user-guide) in Databricks workspace.
 *
 * ## Import
 *
 * The secret resource scope can be imported using the scope name. `initial_manage_principal` state won't be imported, because the underlying API doesn't include it in the response.
 *
 * bash
 *
 * ```sh
 * $ pulumi import databricks:index/secretScope:SecretScope object <scopeName>
 * ```
 */
export declare class SecretScope extends pulumi.CustomResource {
    /**
     * Get an existing SecretScope resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SecretScopeState, opts?: pulumi.CustomResourceOptions): SecretScope;
    /**
     * Returns true if the given object is an instance of SecretScope.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is SecretScope;
    /**
     * Either `DATABRICKS` or `AZURE_KEYVAULT`
     */
    readonly backendType: pulumi.Output<string>;
    /**
     * The principal with the only possible value `users` that is initially granted `MANAGE` permission to the created scope.  If it's omitted, then the databricks.SecretAcl with `MANAGE` permission applied to the scope is assigned to the API request issuer's user identity (see [documentation](https://docs.databricks.com/dev-tools/api/latest/secrets.html#create-secret-scope)). This part of the state cannot be imported.
     */
    readonly initialManagePrincipal: pulumi.Output<string | undefined>;
    readonly keyvaultMetadata: pulumi.Output<outputs.SecretScopeKeyvaultMetadata | undefined>;
    /**
     * Scope name requested by the user. Must be unique within a workspace. Must consist of alphanumeric characters, dashes, underscores, and periods, and may not exceed 128 characters.
     */
    readonly name: pulumi.Output<string>;
    /**
     * Create a SecretScope resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args?: SecretScopeArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * Input properties used for looking up and filtering SecretScope resources.
 */
export interface SecretScopeState {
    /**
     * Either `DATABRICKS` or `AZURE_KEYVAULT`
     */
    backendType?: pulumi.Input<string>;
    /**
     * The principal with the only possible value `users` that is initially granted `MANAGE` permission to the created scope.  If it's omitted, then the databricks.SecretAcl with `MANAGE` permission applied to the scope is assigned to the API request issuer's user identity (see [documentation](https://docs.databricks.com/dev-tools/api/latest/secrets.html#create-secret-scope)). This part of the state cannot be imported.
     */
    initialManagePrincipal?: pulumi.Input<string>;
    keyvaultMetadata?: pulumi.Input<inputs.SecretScopeKeyvaultMetadata>;
    /**
     * Scope name requested by the user. Must be unique within a workspace. Must consist of alphanumeric characters, dashes, underscores, and periods, and may not exceed 128 characters.
     */
    name?: pulumi.Input<string>;
}
/**
 * The set of arguments for constructing a SecretScope resource.
 */
export interface SecretScopeArgs {
    /**
     * Either `DATABRICKS` or `AZURE_KEYVAULT`
     */
    backendType?: pulumi.Input<string>;
    /**
     * The principal with the only possible value `users` that is initially granted `MANAGE` permission to the created scope.  If it's omitted, then the databricks.SecretAcl with `MANAGE` permission applied to the scope is assigned to the API request issuer's user identity (see [documentation](https://docs.databricks.com/dev-tools/api/latest/secrets.html#create-secret-scope)). This part of the state cannot be imported.
     */
    initialManagePrincipal?: pulumi.Input<string>;
    keyvaultMetadata?: pulumi.Input<inputs.SecretScopeKeyvaultMetadata>;
    /**
     * Scope name requested by the user. Must be unique within a workspace. Must consist of alphanumeric characters, dashes, underscores, and periods, and may not exceed 128 characters.
     */
    name?: pulumi.Input<string>;
}