diff --git a/docs/data-sources/instance_secrets.md b/docs/data-sources/instance_secrets.md
new file mode 100644
index 0000000..8c83632
--- /dev/null
+++ b/docs/data-sources/instance_secrets.md
@@ -0,0 +1,33 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "tembo_instance_secrets Data Source - terraform-provider-tembo"
+subcategory: ""
+description: |-
+  Data Source for Tembo Instance Secrets.
+---
+
+# tembo_instance_secrets (Data Source)
+
+Data Source for Tembo Instance Secrets.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `instance_id` (String) Unique ID for the instance generated by Tembo
+- `org_id` (String) Unique ID for the instance generated by Tembo
+
+### Read-Only
+
+- `available_secrets` (Attributes List) (see [below for nested schema](#nestedatt--available_secrets))
+
+<a id="nestedatt--available_secrets"></a>
+### Nested Schema for `available_secrets`
+
+Optional:
+
+- `name` (String) Unique ID for the instance generated by Tembo
+- `possible_keys` (List of String)
diff --git a/examples/resource-creation/main.tf b/examples/resource-creation/main.tf
index 0582602..1fb1813 100644
--- a/examples/resource-creation/main.tf
+++ b/examples/resource-creation/main.tf
@@ -64,6 +64,16 @@ resource "tembo_instance" "test_db" {
   }]
 }
 
+data "tembo_instance_secrets" "test" {
+  org_id      = "org_2UdhszNbCVhLAXkZm30nz8pL778"
+  instance_id = tembo_instance.test_db.instance_id
+}
+
+
 output "instance" {
   value = tembo_instance.test_db
 }
+
+output "data" {
+  value = data.tembo_instance_secrets.test
+}
diff --git a/go.work b/go.work
index 4aa6201..3fe6993 100644
--- a/go.work
+++ b/go.work
@@ -3,4 +3,5 @@ go 1.20
 use (
 	.
 	./internal/provider/temboclient
-)
+	./internal/provider/tembodataclient
+)
\ No newline at end of file
diff --git a/internal/provider/instance_secrets_data_source.go b/internal/provider/instance_secrets_data_source.go
new file mode 100644
index 0000000..1b95640
--- /dev/null
+++ b/internal/provider/instance_secrets_data_source.go
@@ -0,0 +1,161 @@
+package provider
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-framework/types/basetypes"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	tembodataclient "github.com/tembo-io/terraform-provider-tembo/tembodataclient"
+)
+
+// Ensure the implementation satisfies the expected interfaces.
+var (
+	_ datasource.DataSource              = &temboInstanceSecretsDataSource{}
+	_ datasource.DataSourceWithConfigure = &temboInstanceSecretsDataSource{}
+)
+
+// NewTemboInstanceSecretsDataSource is a helper function to simplify the provider implementation.
+func NewTemboInstanceSecretsDataSource() datasource.DataSource {
+	return &temboInstanceSecretsDataSource{}
+}
+
+// TemboInstanceSecretsDataSource is the data source implementation.
+type temboInstanceSecretsDataSource struct {
+	temboInstanceSecretsConfig instanceSecretsConfig
+}
+
+// Tembo Cluster Configuration.
+type instanceSecretsConfig struct {
+	client      *tembodataclient.APIClient
+	accessToken string
+}
+
+// Metadata returns the data source type name.
+func (d *temboInstanceSecretsDataSource) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = req.ProviderTypeName + "_instance_secrets"
+}
+
+// Schema defines the schema for the data source.
+func (d *temboInstanceSecretsDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Description: "Data Source for Tembo Instance Secrets.",
+		Attributes: map[string]schema.Attribute{
+			"org_id": schema.StringAttribute{
+				MarkdownDescription: "Unique ID for the instance generated by Tembo",
+				Required:            true,
+			},
+			"instance_id": schema.StringAttribute{
+				MarkdownDescription: "Unique ID for the instance generated by Tembo",
+				Required:            true,
+			},
+			"available_secrets": schema.ListNestedAttribute{
+				Computed: true,
+				NestedObject: schema.NestedAttributeObject{
+					Attributes: map[string]schema.Attribute{
+						"name": schema.StringAttribute{
+							MarkdownDescription: "Unique ID for the instance generated by Tembo",
+							Optional:            true,
+						},
+						"possible_keys": schema.ListAttribute{
+							Optional:    true,
+							ElementType: types.StringType,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+// Configure adds the provider configured client to the data source.
+func (d *temboInstanceSecretsDataSource) Configure(_ context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	if req.ProviderData == nil {
+		return
+	}
+
+	temboInstanceSecretsConfig, ok := req.ProviderData.(instanceSecretsConfig)
+
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Data Source Configure Type",
+			fmt.Sprintf("Expected *instanceSecretsConfig, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+
+		return
+	}
+
+	d.temboInstanceSecretsConfig = temboInstanceSecretsConfig
+}
+
+// temboInstanceSecretsDataSourceModel maps the data source schema data.
+type temboInstanceSecretsDataSourceModel struct {
+	OrgId            types.String      `tfsdk:"org_id"`
+	InstanceId       types.String      `tfsdk:"instance_id"`
+	AvailableSecrets []availableSecret `tfsdk:"available_secrets"`
+}
+
+// availableSecretsModel maps instanceSecrets schema data.
+type availableSecret struct {
+	// The name of an available secret
+	Name types.String `tfsdk:"name"`
+	// For this secret, available keys
+	PossibleKeys []types.String `tfsdk:"possible_keys"`
+}
+
+// Read refreshes the Terraform state with the latest data.
+func (d *temboInstanceSecretsDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	// Get current state
+	var state temboInstanceSecretsDataSourceModel
+
+	ctx = context.WithValue(ctx, tembodataclient.ContextAccessToken, d.temboInstanceSecretsConfig.accessToken)
+
+	var orgId string
+	resp.Diagnostics.Append(req.Config.GetAttribute(ctx, path.Root("org_id"), &orgId)...)
+
+	var instanceId string
+	resp.Diagnostics.Append(req.Config.GetAttribute(ctx, path.Root("instance_id"), &instanceId)...)
+
+	if resp.Diagnostics.HasError() {
+		tflog.Error(ctx, fmt.Sprintf("error reading terraform plan %v", resp.Diagnostics.Errors()))
+		return
+	}
+
+	// Get refreshed Instance value from API
+	availableSecrets, _, err := d.temboInstanceSecretsConfig.client.SecretsApi.GetSecretNamesV1(ctx, orgId, instanceId).Execute()
+	if err != nil {
+		resp.Diagnostics.AddError(
+			"Unable to Read Tembo Instance Available Secrets",
+			err.Error(),
+		)
+		return
+	}
+
+	if len(availableSecrets) > 0 {
+		for _, aSecret := range availableSecrets {
+			state.AvailableSecrets = append(state.AvailableSecrets, availableSecret{Name: types.StringValue(aSecret.Name), PossibleKeys: getPossibleKeys(aSecret.PossibleKeys)})
+		}
+	}
+
+	// Set refreshed state
+	diags := resp.State.Set(ctx, &state)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+}
+
+func getPossibleKeys(possibleKeys []string) []basetypes.StringValue {
+	var localPossibleKeys []basetypes.StringValue
+	if len(possibleKeys) > 0 {
+		for _, possibleKey := range possibleKeys {
+			localPossibleKeys = append(localPossibleKeys, types.StringValue(possibleKey))
+		}
+	}
+	return localPossibleKeys
+}
diff --git a/internal/provider/provider.go b/internal/provider/provider.go
index 6d76b0b..d0caada 100644
--- a/internal/provider/provider.go
+++ b/internal/provider/provider.go
@@ -12,6 +12,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/resource"
 	"github.com/hashicorp/terraform-plugin-framework/types"
 	temboclient "github.com/tembo-io/terraform-provider-tembo/temboclient"
+	tembodataclient "github.com/tembo-io/terraform-provider-tembo/tembodataclient"
 )
 
 // Ensure the implementation satisfies the expected interfaces.
@@ -39,6 +40,7 @@ type temboProvider struct {
 // temboProviderModel maps provider schema data to a Go type.
 type temboProviderModel struct {
 	Host        types.String `tfsdk:"host"`
+	DataHost    types.String `tfsdk:"data_host"`
 	AccessToken types.String `tfsdk:"access_token"`
 }
 
@@ -57,6 +59,10 @@ func (p *temboProvider) Schema(_ context.Context, _ provider.SchemaRequest, resp
 				MarkdownDescription: "Tembo API the provider should connect to. By default it connects to Tembo Cloud Production API.",
 				Optional:            true,
 			},
+			"data_host": schema.StringAttribute{
+				MarkdownDescription: "Tembo Data API the provider should connect to. By default it connects to Tembo Data Cloud Production API.",
+				Optional:            true,
+			},
 			"access_token": schema.StringAttribute{
 				MarkdownDescription: "Access Token generated using steps [here](https://tembo.io/docs/tembo-cloud/api#create-a-long-lived-api-token).",
 				Optional:            true,
@@ -81,16 +87,25 @@ func (p *temboProvider) Configure(ctx context.Context, req provider.ConfigureReq
 	if config.Host.IsUnknown() {
 		resp.Diagnostics.AddAttributeError(
 			path.Root("host"),
-			"Unknown tembo API Host",
-			"The provider cannot create the tembo API client as there is an unknown configuration value for the tembo API host. "+
-				"Either target apply the source of the value first, set the value statically in the configuration, or use the tembo_HOST environment variable.",
+			"Unknown Tembo API Host",
+			"The provider cannot create the tembo API client as there is an unknown configuration value for the tembo API Host. "+
+				"Either target apply the source of the value first, set the value statically in the configuration, or use the TEMBO_HOST environment variable.",
+		)
+	}
+
+	if config.Host.IsUnknown() {
+		resp.Diagnostics.AddAttributeError(
+			path.Root("data_host"),
+			"Unknown Tembo API Data Host",
+			"The provider cannot create the tembo API client as there is an unknown configuration value for the Tembo API Data Host. "+
+				"Either target apply the source of the value first, set the value statically in the configuration, or use the TEMBO_DATA_HOST environment variable.",
 		)
 	}
 
 	if config.AccessToken.IsUnknown() {
 		resp.Diagnostics.AddAttributeError(
 			path.Root("access_token"),
-			"Unknown tembo API Access Token",
+			"Unknown Tembo API Access Token",
 			"The provider cannot create the tembo API client as there is an unknown configuration value for the tembo API password. "+
 				"Either target apply the source of the value first, set the value statically in the configuration, or use the tembo_PASSWORD environment variable.",
 		)
@@ -104,6 +119,7 @@ func (p *temboProvider) Configure(ctx context.Context, req provider.ConfigureReq
 	// with Terraform configuration value if set.
 
 	host := os.Getenv("TEMBO_HOST")
+	data_host := os.Getenv("TEMBO_DATA_HOST")
 	access_token := os.Getenv("TEMBO_ACCESS_TOKEN")
 
 	if !config.Host.IsNull() {
@@ -114,6 +130,14 @@ func (p *temboProvider) Configure(ctx context.Context, req provider.ConfigureReq
 		host = "https://api.coredb.io"
 	}
 
+	if !config.DataHost.IsNull() {
+		data_host = config.DataHost.ValueString()
+	}
+
+	if data_host == "" {
+		data_host = "https://api.data-1.use1.tembo.io"
+	}
+
 	if !config.AccessToken.IsNull() {
 		access_token = config.AccessToken.ValueString()
 	}
@@ -159,9 +183,27 @@ func (p *temboProvider) Configure(ctx context.Context, req provider.ConfigureReq
 	// Create a new tembo client using the configuration values
 	client := temboclient.NewAPIClient(configuration)
 
+	data_configuration := tembodataclient.NewConfiguration()
+
+	dataHostUrl, err := url.Parse(data_host)
+	if err != nil {
+		panic(err)
+	}
+
+	data_configuration.Scheme = "https"
+
+	data_configuration.Host = dataHostUrl.Host
+
+	// Create a new tembo data client using the configuration values
+	dataclient := tembodataclient.NewAPIClient(data_configuration)
+
 	// Make the tembo client available during DataSource and Resource
 	// type Configure methods.
-	resp.DataSourceData = client
+	resp.DataSourceData = instanceSecretsConfig{
+		client:      dataclient,
+		accessToken: access_token,
+	}
+
 	resp.ResourceData = instanceConfig{
 		client:      client,
 		accessToken: access_token,
@@ -170,7 +212,9 @@ func (p *temboProvider) Configure(ctx context.Context, req provider.ConfigureReq
 
 // DataSources defines the data sources implemented in the provider.
 func (p *temboProvider) DataSources(_ context.Context) []func() datasource.DataSource {
-	return []func() datasource.DataSource{}
+	return []func() datasource.DataSource{
+		NewTemboInstanceSecretsDataSource,
+	}
 }
 
 // Resources defines the resources implemented in the provider.
diff --git a/internal/provider/temboclient/go.mod b/internal/provider/temboclient/go.mod
index 7fca7ee..71951b2 100644
--- a/internal/provider/temboclient/go.mod
+++ b/internal/provider/temboclient/go.mod
@@ -1,4 +1,4 @@
-module github.com/GIT_USER_ID/GIT_REPO_ID
+module github.com/tembo-io/terraform-provider-tembo/temboclient
 
 go 1.18
 
diff --git a/internal/provider/tembodataclient/.gitignore b/internal/provider/tembodataclient/.gitignore
new file mode 100644
index 0000000..daf913b
--- /dev/null
+++ b/internal/provider/tembodataclient/.gitignore
@@ -0,0 +1,24 @@
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Folders
+_obj
+_test
+
+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
+*.test
+*.prof
diff --git a/internal/provider/tembodataclient/.openapi-generator-ignore b/internal/provider/tembodataclient/.openapi-generator-ignore
new file mode 100644
index 0000000..7484ee5
--- /dev/null
+++ b/internal/provider/tembodataclient/.openapi-generator-ignore
@@ -0,0 +1,23 @@
+# OpenAPI Generator Ignore
+# Generated by openapi-generator https://github.com/openapitools/openapi-generator
+
+# Use this file to prevent files from being overwritten by the generator.
+# The patterns follow closely to .gitignore or .dockerignore.
+
+# As an example, the C# client generator defines ApiClient.cs.
+# You can make changes and tell OpenAPI Generator to ignore just this file by uncommenting the following line:
+#ApiClient.cs
+
+# You can match any string of characters against a directory, file or extension with a single asterisk (*):
+#foo/*/qux
+# The above matches foo/bar/qux and foo/baz/qux, but not foo/bar/baz/qux
+
+# You can recursively match patterns against a directory, file or extension with a double asterisk (**):
+#foo/**/qux
+# This matches foo/bar/qux, foo/baz/qux, and foo/bar/baz/qux
+
+# You can also negate patterns with an exclamation (!).
+# For example, you can ignore all files in a docs folder with the file extension .md:
+#docs/*.md
+# Then explicitly reverse the ignore rule for a single file:
+#!docs/README.md
diff --git a/internal/provider/tembodataclient/.openapi-generator/FILES b/internal/provider/tembodataclient/.openapi-generator/FILES
new file mode 100644
index 0000000..a43970b
--- /dev/null
+++ b/internal/provider/tembodataclient/.openapi-generator/FILES
@@ -0,0 +1,20 @@
+.gitignore
+.openapi-generator-ignore
+.travis.yml
+README.md
+api/openapi.yaml
+api_metrics.go
+api_secrets.go
+client.go
+configuration.go
+docs/AvailableSecret.md
+docs/MetricsApi.md
+docs/SecretsApi.md
+git_push.sh
+go.mod
+go.sum
+model_available_secret.go
+response.go
+test/api_metrics_test.go
+test/api_secrets_test.go
+utils.go
diff --git a/internal/provider/tembodataclient/.openapi-generator/VERSION b/internal/provider/tembodataclient/.openapi-generator/VERSION
new file mode 100644
index 0000000..cd802a1
--- /dev/null
+++ b/internal/provider/tembodataclient/.openapi-generator/VERSION
@@ -0,0 +1 @@
+6.6.0
\ No newline at end of file
diff --git a/internal/provider/tembodataclient/.travis.yml b/internal/provider/tembodataclient/.travis.yml
new file mode 100644
index 0000000..f5cb2ce
--- /dev/null
+++ b/internal/provider/tembodataclient/.travis.yml
@@ -0,0 +1,8 @@
+language: go
+
+install:
+  - go get -d -v .
+
+script:
+  - go build -v ./
+
diff --git a/internal/provider/tembodataclient/README.md b/internal/provider/tembodataclient/README.md
new file mode 100644
index 0000000..0a2b63c
--- /dev/null
+++ b/internal/provider/tembodataclient/README.md
@@ -0,0 +1,131 @@
+# Go API client for tembodataclient
+
+In the case of large or sensitive data, we avoid collecting it into Tembo Cloud. Instead, there is a Tembo Data API for each region, cloud, or private data plane.
+            </br>
+            </br>
+            To find the Tembo Cloud API, please find it [here](https://api.tembo.io/swagger-ui/).
+            
+
+## Overview
+This API client was generated by the [OpenAPI Generator](https://openapi-generator.tech) project.  By using the [OpenAPI-spec](https://www.openapis.org/) from a remote server, you can easily generate an API client.
+
+- API version: v0.0.1
+- Package version: 1.0.0
+- Build package: org.openapitools.codegen.languages.GoClientCodegen
+
+## Installation
+
+Install the following dependencies:
+
+```shell
+go get github.com/stretchr/testify/assert
+go get golang.org/x/net/context
+```
+
+Put the package under your project folder and add the following in import:
+
+```golang
+import tembodataclient "github.com/GIT_USER_ID/GIT_REPO_ID"
+```
+
+To use a proxy, set the environment variable `HTTP_PROXY`:
+
+```golang
+os.Setenv("HTTP_PROXY", "http://proxy_name:proxy_port")
+```
+
+## Configuration of Server URL
+
+Default configuration comes with `Servers` field that contains server objects as defined in the OpenAPI specification.
+
+### Select Server Configuration
+
+For using other server than the one defined on index 0 set context value `sw.ContextServerIndex` of type `int`.
+
+```golang
+ctx := context.WithValue(context.Background(), tembodataclient.ContextServerIndex, 1)
+```
+
+### Templated Server URL
+
+Templated server URL is formatted using default variables from configuration or from context value `sw.ContextServerVariables` of type `map[string]string`.
+
+```golang
+ctx := context.WithValue(context.Background(), tembodataclient.ContextServerVariables, map[string]string{
+	"basePath": "v2",
+})
+```
+
+Note, enum values are always validated and all unused variables are silently ignored.
+
+### URLs Configuration per Operation
+
+Each operation can use different server URL defined using `OperationServers` map in the `Configuration`.
+An operation is uniquely identified by `"{classname}Service.{nickname}"` string.
+Similar rules for overriding default operation server index and variables applies by using `sw.ContextOperationServerIndices` and `sw.ContextOperationServerVariables` context maps.
+
+```golang
+ctx := context.WithValue(context.Background(), tembodataclient.ContextOperationServerIndices, map[string]int{
+	"{classname}Service.{nickname}": 2,
+})
+ctx = context.WithValue(context.Background(), tembodataclient.ContextOperationServerVariables, map[string]map[string]string{
+	"{classname}Service.{nickname}": {
+		"port": "8443",
+	},
+})
+```
+
+## Documentation for API Endpoints
+
+All URIs are relative to *http://localhost*
+
+Class | Method | HTTP request | Description
+------------ | ------------- | ------------- | -------------
+*MetricsApi* | [**QueryRange**](docs/MetricsApi.md#queryrange) | **Get** /{namespace}/metrics/query_range | 
+*SecretsApi* | [**GetSecret**](docs/SecretsApi.md#getsecret) | **Get** /{namespace}/secrets/{secret_name} | Please use /api/v1/orgs/{org_id}/instances/{instance_id}/secrets/{secret_name}
+*SecretsApi* | [**GetSecretNames**](docs/SecretsApi.md#getsecretnames) | **Get** /{namespace}/secrets | Please use /api/v1/orgs/{org_id}/instances/{instance_id}/secrets
+*SecretsApi* | [**GetSecretNamesV1**](docs/SecretsApi.md#getsecretnamesv1) | **Get** /api/v1/orgs/{org_id}/instances/{instance_id}/secrets | 
+*SecretsApi* | [**GetSecretV1**](docs/SecretsApi.md#getsecretv1) | **Get** /api/v1/orgs/{org_id}/instances/{instance_id}/secrets/{secret_name} | 
+
+
+## Documentation For Models
+
+ - [AvailableSecret](docs/AvailableSecret.md)
+
+
+## Documentation For Authorization
+
+
+Authentication schemes defined for the API:
+### jwt_token
+
+- **Type**: HTTP Bearer token authentication
+
+Example
+
+```golang
+auth := context.WithValue(context.Background(), sw.ContextAccessToken, "BEARER_TOKEN_STRING")
+r, err := client.Service.Operation(auth, args)
+```
+
+
+## Documentation for Utility Methods
+
+Due to the fact that model structure members are all pointers, this package contains
+a number of utility functions to easily obtain pointers to values of basic types.
+Each of these functions takes a value of the given basic type and returns a pointer to it:
+
+* `PtrBool`
+* `PtrInt`
+* `PtrInt32`
+* `PtrInt64`
+* `PtrFloat`
+* `PtrFloat32`
+* `PtrFloat64`
+* `PtrString`
+* `PtrTime`
+
+## Author
+
+
+
diff --git a/internal/provider/tembodataclient/api/openapi.yaml b/internal/provider/tembodataclient/api/openapi.yaml
new file mode 100644
index 0000000..86574ac
--- /dev/null
+++ b/internal/provider/tembodataclient/api/openapi.yaml
@@ -0,0 +1,327 @@
+openapi: 3.0.3
+info:
+  description: "In the case of large or sensitive data, we avoid collecting it into\
+    \ Tembo Cloud. Instead, there is a Tembo Data API for each region, cloud, or private\
+    \ data plane.\n            </br>\n            </br>\n            To find the Tembo\
+    \ Cloud API, please find it [here](https://api.tembo.io/swagger-ui/).\n      \
+    \      "
+  title: Tembo Data API
+  version: v0.0.1
+servers:
+- url: /
+security:
+- jwt_token: []
+paths:
+  /api/v1/orgs/{org_id}/instances/{instance_id}/secrets:
+    get:
+      operationId: get_secret_names_v1
+      parameters:
+      - description: Tembo Cloud Organization ID
+        example: org_2T7FJA0DpaNBnELVLU1IS4XzZG0
+        explode: false
+        in: path
+        name: org_id
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Tembo Cloud Instance ID
+        example: inst_1696253936968_TblNOY_6
+        explode: false
+        in: path
+        name: instance_id
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              example:
+              - name: app-role
+                possible_keys:
+                - username
+                - password
+              - name: readonly-role
+                possible_keys:
+                - username
+                - password
+              - name: superuser-role
+                possible_keys:
+                - username
+                - password
+              - name: certificate
+                possible_keys:
+                - ca.crt
+              schema:
+                items:
+                  $ref: '#/components/schemas/AvailableSecret'
+                type: array
+          description: Map of secret names and the keys this user is authorized for
+        "403":
+          description: Not authorized for query
+      tags:
+      - secrets
+  /api/v1/orgs/{org_id}/instances/{instance_id}/secrets/{secret_name}:
+    get:
+      operationId: get_secret_v1
+      parameters:
+      - description: Tembo Cloud Organization ID
+        example: org_2T7FJA0DpaNBnELVLU1IS4XzZG0
+        explode: false
+        in: path
+        name: org_id
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Tembo Cloud Instance ID
+        example: inst_1696253936968_TblNOY_6
+        explode: false
+        in: path
+        name: instance_id
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Secret name
+        example: readonly-role
+        explode: false
+        in: path
+        name: secret_name
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              example:
+                password: sv5uli3gR3XPbjwz
+                username: postgres
+              schema:
+                additionalProperties:
+                  type: string
+                type: object
+          description: "Content of a secret. Available secrets and possible keys can\
+            \ be determined from a query to /{namespace}/secrets."
+        "403":
+          description: Not authorized for query
+      tags:
+      - secrets
+  /{namespace}/metrics/query_range:
+    get:
+      operationId: query_range
+      parameters:
+      - description: Instance namespace
+        example: org-coredb-inst-control-plane-dev
+        explode: false
+        in: path
+        name: namespace
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: "PromQL range query, must include a 'namespace' label matching\
+          \ the query path"
+        example: "(sum by (namespace) (max_over_time(pg_stat_activity_count{namespace=\"\
+          org-coredb-inst-control-plane-dev\"}[1h])))"
+        explode: true
+        in: query
+        name: query
+        required: true
+        schema:
+          type: string
+        style: form
+      - description: "Range start, unix timestamp"
+        example: "1686780828"
+        explode: true
+        in: query
+        name: start
+        required: true
+        schema:
+          format: int64
+          minimum: 0.0
+          type: integer
+        style: form
+      - description: "Range end, unix timestamp. Default is now."
+        example: "1686862041"
+        explode: true
+        in: query
+        name: end
+        required: false
+        schema:
+          format: int64
+          minimum: 0.0
+          nullable: true
+          type: integer
+        style: form
+      - description: "Step size duration string, defaults to 60s"
+        example: 60s
+        explode: true
+        in: query
+        name: step
+        required: false
+        schema:
+          nullable: true
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              example:
+                status: success
+                data:
+                  resultType: matrix
+                  result:
+                  - metric:
+                      __name__: up
+                      job: prometheus
+                      instance: localhost:9090
+                    values:
+                    - - 1.435781430781E9
+                      - "1"
+                    - - 1.435781445781E9
+                      - "1"
+                    - - 1.435781460781E9
+                      - "1"
+                  - metric:
+                      __name__: up
+                      job: node
+                      instance: localhost:9091
+                    values:
+                    - - 1.435781430781E9
+                      - "0"
+                    - - 1.435781445781E9
+                      - "0"
+                    - - 1.435781460781E9
+                      - "1"
+              schema: {}
+          description: "Success range query to Prometheus, please see Prometheus documentation\
+            \ for response format details. https://prometheus.io/docs/prometheus/latest/querying/api/#range-queries"
+        "400":
+          description: Parameters are missing or incorrect
+        "403":
+          description: Not authorized for query
+        "422":
+          description: Incorrectly formatted query
+        "504":
+          description: Request timed out on metrics backend
+      tags:
+      - metrics
+  /{namespace}/secrets:
+    get:
+      deprecated: true
+      description: "Please use /api/v1/orgs/{org_id}/instances/{instance_id}/secrets"
+      operationId: get_secret_names
+      parameters:
+      - description: Instance namespace
+        example: org-myco-inst-prod
+        explode: false
+        in: path
+        name: namespace
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              example:
+              - name: app-role
+                possible_keys:
+                - username
+                - password
+              - name: readonly-role
+                possible_keys:
+                - username
+                - password
+              - name: superuser-role
+                possible_keys:
+                - username
+                - password
+              - name: certificate
+                possible_keys:
+                - ca.crt
+              schema:
+                items:
+                  $ref: '#/components/schemas/AvailableSecret'
+                type: array
+          description: Map of secret names and the keys this user is authorized for
+        "403":
+          description: Not authorized for query
+      summary: "Please use /api/v1/orgs/{org_id}/instances/{instance_id}/secrets"
+      tags:
+      - secrets
+  /{namespace}/secrets/{secret_name}:
+    get:
+      deprecated: true
+      description: "Please use /api/v1/orgs/{org_id}/instances/{instance_id}/secrets/{secret_name}"
+      operationId: get_secret
+      parameters:
+      - description: Instance namespace
+        example: org-myco-inst-prod
+        explode: false
+        in: path
+        name: namespace
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Secret name
+        example: readonly-role
+        explode: false
+        in: path
+        name: secret_name
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              example:
+                password: sv5uli3gR3XPbjwz
+                username: postgres
+              schema:
+                additionalProperties:
+                  type: string
+                type: object
+          description: "Content of a secret. Available secrets and possible keys can\
+            \ be determined from a query to /{namespace}/secrets."
+        "403":
+          description: Not authorized for query
+      summary: "Please use /api/v1/orgs/{org_id}/instances/{instance_id}/secrets/{secret_name}"
+      tags:
+      - secrets
+components:
+  schemas:
+    AvailableSecret:
+      example:
+        name: name
+        possible_keys:
+        - possible_keys
+        - possible_keys
+      properties:
+        name:
+          description: The name of an available secret
+          type: string
+        possible_keys:
+          description: "For this secret, available keys"
+          items:
+            type: string
+          type: array
+      required:
+      - name
+      - possible_keys
+      type: object
+  securitySchemes:
+    jwt_token:
+      bearerFormat: JWT
+      scheme: bearer
+      type: http
diff --git a/internal/provider/tembodataclient/api_metrics.go b/internal/provider/tembodataclient/api_metrics.go
new file mode 100644
index 0000000..996146f
--- /dev/null
+++ b/internal/provider/tembodataclient/api_metrics.go
@@ -0,0 +1,170 @@
+/*
+Tembo Data API
+
+In the case of large or sensitive data, we avoid collecting it into Tembo Cloud. Instead, there is a Tembo Data API for each region, cloud, or private data plane.             </br>             </br>             To find the Tembo Cloud API, please find it [here](https://api.tembo.io/swagger-ui/).             
+
+API version: v0.0.1
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package tembodataclient
+
+import (
+	"bytes"
+	"context"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+)
+
+
+// MetricsApiService MetricsApi service
+type MetricsApiService service
+
+type ApiQueryRangeRequest struct {
+	ctx context.Context
+	ApiService *MetricsApiService
+	namespace string
+	query *string
+	start *int64
+	end *int64
+	step *string
+}
+
+// PromQL range query, must include a &#39;namespace&#39; label matching the query path
+func (r ApiQueryRangeRequest) Query(query string) ApiQueryRangeRequest {
+	r.query = &query
+	return r
+}
+
+// Range start, unix timestamp
+func (r ApiQueryRangeRequest) Start(start int64) ApiQueryRangeRequest {
+	r.start = &start
+	return r
+}
+
+// Range end, unix timestamp. Default is now.
+func (r ApiQueryRangeRequest) End(end int64) ApiQueryRangeRequest {
+	r.end = &end
+	return r
+}
+
+// Step size duration string, defaults to 60s
+func (r ApiQueryRangeRequest) Step(step string) ApiQueryRangeRequest {
+	r.step = &step
+	return r
+}
+
+func (r ApiQueryRangeRequest) Execute() (interface{}, *http.Response, error) {
+	return r.ApiService.QueryRangeExecute(r)
+}
+
+/*
+QueryRange Method for QueryRange
+
+ @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ @param namespace Instance namespace
+ @return ApiQueryRangeRequest
+*/
+func (a *MetricsApiService) QueryRange(ctx context.Context, namespace string) ApiQueryRangeRequest {
+	return ApiQueryRangeRequest{
+		ApiService: a,
+		ctx: ctx,
+		namespace: namespace,
+	}
+}
+
+// Execute executes the request
+//  @return interface{}
+func (a *MetricsApiService) QueryRangeExecute(r ApiQueryRangeRequest) (interface{}, *http.Response, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  interface{}
+	)
+
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "MetricsApiService.QueryRange")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/{namespace}/metrics/query_range"
+	localVarPath = strings.Replace(localVarPath, "{"+"namespace"+"}", url.PathEscape(parameterValueToString(r.namespace, "namespace")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.query == nil {
+		return localVarReturnValue, nil, reportError("query is required and must be specified")
+	}
+	if r.start == nil {
+		return localVarReturnValue, nil, reportError("start is required and must be specified")
+	}
+	if *r.start < 0 {
+		return localVarReturnValue, nil, reportError("start must be greater than 0")
+	}
+
+	parameterAddToHeaderOrQuery(localVarQueryParams, "query", r.query, "")
+	parameterAddToHeaderOrQuery(localVarQueryParams, "start", r.start, "")
+	if r.end != nil {
+		parameterAddToHeaderOrQuery(localVarQueryParams, "end", r.end, "")
+	}
+	if r.step != nil {
+		parameterAddToHeaderOrQuery(localVarQueryParams, "step", r.step, "")
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+
+	localVarHTTPResponse, err := a.client.callAPI(req)
+	if err != nil || localVarHTTPResponse == nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	return localVarReturnValue, localVarHTTPResponse, nil
+}
diff --git a/internal/provider/tembodataclient/api_secrets.go b/internal/provider/tembodataclient/api_secrets.go
new file mode 100644
index 0000000..6c05e30
--- /dev/null
+++ b/internal/provider/tembodataclient/api_secrets.go
@@ -0,0 +1,454 @@
+/*
+Tembo Data API
+
+In the case of large or sensitive data, we avoid collecting it into Tembo Cloud. Instead, there is a Tembo Data API for each region, cloud, or private data plane.             </br>             </br>             To find the Tembo Cloud API, please find it [here](https://api.tembo.io/swagger-ui/).             
+
+API version: v0.0.1
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package tembodataclient
+
+import (
+	"bytes"
+	"context"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+)
+
+
+// SecretsApiService SecretsApi service
+type SecretsApiService service
+
+type ApiGetSecretRequest struct {
+	ctx context.Context
+	ApiService *SecretsApiService
+	namespace string
+	secretName string
+}
+
+func (r ApiGetSecretRequest) Execute() (map[string]string, *http.Response, error) {
+	return r.ApiService.GetSecretExecute(r)
+}
+
+/*
+GetSecret Please use /api/v1/orgs/{org_id}/instances/{instance_id}/secrets/{secret_name}
+
+Please use /api/v1/orgs/{org_id}/instances/{instance_id}/secrets/{secret_name}
+
+ @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ @param namespace Instance namespace
+ @param secretName Secret name
+ @return ApiGetSecretRequest
+
+Deprecated
+*/
+func (a *SecretsApiService) GetSecret(ctx context.Context, namespace string, secretName string) ApiGetSecretRequest {
+	return ApiGetSecretRequest{
+		ApiService: a,
+		ctx: ctx,
+		namespace: namespace,
+		secretName: secretName,
+	}
+}
+
+// Execute executes the request
+//  @return map[string]string
+// Deprecated
+func (a *SecretsApiService) GetSecretExecute(r ApiGetSecretRequest) (map[string]string, *http.Response, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  map[string]string
+	)
+
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "SecretsApiService.GetSecret")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/{namespace}/secrets/{secret_name}"
+	localVarPath = strings.Replace(localVarPath, "{"+"namespace"+"}", url.PathEscape(parameterValueToString(r.namespace, "namespace")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"secret_name"+"}", url.PathEscape(parameterValueToString(r.secretName, "secretName")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+
+	localVarHTTPResponse, err := a.client.callAPI(req)
+	if err != nil || localVarHTTPResponse == nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	return localVarReturnValue, localVarHTTPResponse, nil
+}
+
+type ApiGetSecretNamesRequest struct {
+	ctx context.Context
+	ApiService *SecretsApiService
+	namespace string
+}
+
+func (r ApiGetSecretNamesRequest) Execute() ([]AvailableSecret, *http.Response, error) {
+	return r.ApiService.GetSecretNamesExecute(r)
+}
+
+/*
+GetSecretNames Please use /api/v1/orgs/{org_id}/instances/{instance_id}/secrets
+
+Please use /api/v1/orgs/{org_id}/instances/{instance_id}/secrets
+
+ @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ @param namespace Instance namespace
+ @return ApiGetSecretNamesRequest
+
+Deprecated
+*/
+func (a *SecretsApiService) GetSecretNames(ctx context.Context, namespace string) ApiGetSecretNamesRequest {
+	return ApiGetSecretNamesRequest{
+		ApiService: a,
+		ctx: ctx,
+		namespace: namespace,
+	}
+}
+
+// Execute executes the request
+//  @return []AvailableSecret
+// Deprecated
+func (a *SecretsApiService) GetSecretNamesExecute(r ApiGetSecretNamesRequest) ([]AvailableSecret, *http.Response, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []AvailableSecret
+	)
+
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "SecretsApiService.GetSecretNames")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/{namespace}/secrets"
+	localVarPath = strings.Replace(localVarPath, "{"+"namespace"+"}", url.PathEscape(parameterValueToString(r.namespace, "namespace")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+
+	localVarHTTPResponse, err := a.client.callAPI(req)
+	if err != nil || localVarHTTPResponse == nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	return localVarReturnValue, localVarHTTPResponse, nil
+}
+
+type ApiGetSecretNamesV1Request struct {
+	ctx context.Context
+	ApiService *SecretsApiService
+	orgId string
+	instanceId string
+}
+
+func (r ApiGetSecretNamesV1Request) Execute() ([]AvailableSecret, *http.Response, error) {
+	return r.ApiService.GetSecretNamesV1Execute(r)
+}
+
+/*
+GetSecretNamesV1 Method for GetSecretNamesV1
+
+ @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ @param orgId Tembo Cloud Organization ID
+ @param instanceId Tembo Cloud Instance ID
+ @return ApiGetSecretNamesV1Request
+*/
+func (a *SecretsApiService) GetSecretNamesV1(ctx context.Context, orgId string, instanceId string) ApiGetSecretNamesV1Request {
+	return ApiGetSecretNamesV1Request{
+		ApiService: a,
+		ctx: ctx,
+		orgId: orgId,
+		instanceId: instanceId,
+	}
+}
+
+// Execute executes the request
+//  @return []AvailableSecret
+func (a *SecretsApiService) GetSecretNamesV1Execute(r ApiGetSecretNamesV1Request) ([]AvailableSecret, *http.Response, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []AvailableSecret
+	)
+
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "SecretsApiService.GetSecretNamesV1")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/orgs/{org_id}/instances/{instance_id}/secrets"
+	localVarPath = strings.Replace(localVarPath, "{"+"org_id"+"}", url.PathEscape(parameterValueToString(r.orgId, "orgId")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"instance_id"+"}", url.PathEscape(parameterValueToString(r.instanceId, "instanceId")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+
+	localVarHTTPResponse, err := a.client.callAPI(req)
+	if err != nil || localVarHTTPResponse == nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	return localVarReturnValue, localVarHTTPResponse, nil
+}
+
+type ApiGetSecretV1Request struct {
+	ctx context.Context
+	ApiService *SecretsApiService
+	orgId string
+	instanceId string
+	secretName string
+}
+
+func (r ApiGetSecretV1Request) Execute() (map[string]string, *http.Response, error) {
+	return r.ApiService.GetSecretV1Execute(r)
+}
+
+/*
+GetSecretV1 Method for GetSecretV1
+
+ @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ @param orgId Tembo Cloud Organization ID
+ @param instanceId Tembo Cloud Instance ID
+ @param secretName Secret name
+ @return ApiGetSecretV1Request
+*/
+func (a *SecretsApiService) GetSecretV1(ctx context.Context, orgId string, instanceId string, secretName string) ApiGetSecretV1Request {
+	return ApiGetSecretV1Request{
+		ApiService: a,
+		ctx: ctx,
+		orgId: orgId,
+		instanceId: instanceId,
+		secretName: secretName,
+	}
+}
+
+// Execute executes the request
+//  @return map[string]string
+func (a *SecretsApiService) GetSecretV1Execute(r ApiGetSecretV1Request) (map[string]string, *http.Response, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  map[string]string
+	)
+
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "SecretsApiService.GetSecretV1")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/orgs/{org_id}/instances/{instance_id}/secrets/{secret_name}"
+	localVarPath = strings.Replace(localVarPath, "{"+"org_id"+"}", url.PathEscape(parameterValueToString(r.orgId, "orgId")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"instance_id"+"}", url.PathEscape(parameterValueToString(r.instanceId, "instanceId")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"secret_name"+"}", url.PathEscape(parameterValueToString(r.secretName, "secretName")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+
+	localVarHTTPResponse, err := a.client.callAPI(req)
+	if err != nil || localVarHTTPResponse == nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	return localVarReturnValue, localVarHTTPResponse, nil
+}
diff --git a/internal/provider/tembodataclient/client.go b/internal/provider/tembodataclient/client.go
new file mode 100644
index 0000000..fd351a3
--- /dev/null
+++ b/internal/provider/tembodataclient/client.go
@@ -0,0 +1,664 @@
+/*
+Tembo Data API
+
+In the case of large or sensitive data, we avoid collecting it into Tembo Cloud. Instead, there is a Tembo Data API for each region, cloud, or private data plane.             </br>             </br>             To find the Tembo Cloud API, please find it [here](https://api.tembo.io/swagger-ui/).             
+
+API version: v0.0.1
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package tembodataclient
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"encoding/xml"
+	"errors"
+	"fmt"
+	"io"
+	"log"
+	"mime/multipart"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"os"
+	"path/filepath"
+	"reflect"
+	"regexp"
+	"strconv"
+	"strings"
+	"time"
+	"unicode/utf8"
+
+)
+
+var (
+	jsonCheck = regexp.MustCompile(`(?i:(?:application|text)/(?:vnd\.[^;]+\+)?json)`)
+	xmlCheck  = regexp.MustCompile(`(?i:(?:application|text)/xml)`)
+	queryParamSplit = regexp.MustCompile(`(^|&)([^&]+)`)
+	queryDescape    = strings.NewReplacer( "%5B", "[", "%5D", "]" )
+)
+
+// APIClient manages communication with the Tembo Data API API vv0.0.1
+// In most cases there should be only one, shared, APIClient.
+type APIClient struct {
+	cfg    *Configuration
+	common service // Reuse a single struct instead of allocating one for each service on the heap.
+
+	// API Services
+
+	MetricsApi *MetricsApiService
+
+	SecretsApi *SecretsApiService
+}
+
+type service struct {
+	client *APIClient
+}
+
+// NewAPIClient creates a new API client. Requires a userAgent string describing your application.
+// optionally a custom http.Client to allow for advanced features such as caching.
+func NewAPIClient(cfg *Configuration) *APIClient {
+	if cfg.HTTPClient == nil {
+		cfg.HTTPClient = http.DefaultClient
+	}
+
+	c := &APIClient{}
+	c.cfg = cfg
+	c.common.client = c
+
+	// API Services
+	c.MetricsApi = (*MetricsApiService)(&c.common)
+	c.SecretsApi = (*SecretsApiService)(&c.common)
+
+	return c
+}
+
+func atoi(in string) (int, error) {
+	return strconv.Atoi(in)
+}
+
+// selectHeaderContentType select a content type from the available list.
+func selectHeaderContentType(contentTypes []string) string {
+	if len(contentTypes) == 0 {
+		return ""
+	}
+	if contains(contentTypes, "application/json") {
+		return "application/json"
+	}
+	return contentTypes[0] // use the first content type specified in 'consumes'
+}
+
+// selectHeaderAccept join all accept types and return
+func selectHeaderAccept(accepts []string) string {
+	if len(accepts) == 0 {
+		return ""
+	}
+
+	if contains(accepts, "application/json") {
+		return "application/json"
+	}
+
+	return strings.Join(accepts, ",")
+}
+
+// contains is a case insensitive match, finding needle in a haystack
+func contains(haystack []string, needle string) bool {
+	for _, a := range haystack {
+		if strings.EqualFold(a, needle) {
+			return true
+		}
+	}
+	return false
+}
+
+// Verify optional parameters are of the correct type.
+func typeCheckParameter(obj interface{}, expected string, name string) error {
+	// Make sure there is an object.
+	if obj == nil {
+		return nil
+	}
+
+	// Check the type is as expected.
+	if reflect.TypeOf(obj).String() != expected {
+		return fmt.Errorf("expected %s to be of type %s but received %s", name, expected, reflect.TypeOf(obj).String())
+	}
+	return nil
+}
+
+func parameterValueToString( obj interface{}, key string ) string {
+	if reflect.TypeOf(obj).Kind() != reflect.Ptr {
+		return fmt.Sprintf("%v", obj)
+	}
+	var param,ok = obj.(MappedNullable)
+	if !ok {
+		return ""
+	}
+	dataMap,err := param.ToMap()
+	if err != nil {
+		return ""
+	}
+	return fmt.Sprintf("%v", dataMap[key])
+}
+
+// parameterAddToHeaderOrQuery adds the provided object to the request header or url query
+// supporting deep object syntax
+func parameterAddToHeaderOrQuery(headerOrQueryParams interface{}, keyPrefix string, obj interface{}, collectionType string) {
+	var v = reflect.ValueOf(obj)
+	var value = ""
+	if v == reflect.ValueOf(nil) {
+		value = "null"
+	} else {
+		switch v.Kind() {
+			case reflect.Invalid:
+				value = "invalid"
+
+			case reflect.Struct:
+				if t,ok := obj.(MappedNullable); ok {
+					dataMap,err := t.ToMap()
+					if err != nil {
+						return
+					}
+					parameterAddToHeaderOrQuery(headerOrQueryParams, keyPrefix, dataMap, collectionType)
+					return
+				}
+				if t, ok := obj.(time.Time); ok {
+					parameterAddToHeaderOrQuery(headerOrQueryParams, keyPrefix, t.Format(time.RFC3339), collectionType)
+					return
+				}
+				value = v.Type().String() + " value"
+			case reflect.Slice:
+				var indValue = reflect.ValueOf(obj)
+				if indValue == reflect.ValueOf(nil) {
+					return
+				}
+				var lenIndValue = indValue.Len()
+				for i:=0;i<lenIndValue;i++ {
+					var arrayValue = indValue.Index(i)
+					parameterAddToHeaderOrQuery(headerOrQueryParams, keyPrefix, arrayValue.Interface(), collectionType)
+				}
+				return
+
+			case reflect.Map:
+				var indValue = reflect.ValueOf(obj)
+				if indValue == reflect.ValueOf(nil) {
+					return
+				}
+				iter := indValue.MapRange()
+				for iter.Next() {
+					k,v := iter.Key(), iter.Value()
+					parameterAddToHeaderOrQuery(headerOrQueryParams, fmt.Sprintf("%s[%s]", keyPrefix, k.String()), v.Interface(), collectionType)
+				}
+				return
+
+			case reflect.Interface:
+				fallthrough
+			case reflect.Ptr:
+				parameterAddToHeaderOrQuery(headerOrQueryParams, keyPrefix, v.Elem().Interface(), collectionType)
+				return
+
+			case reflect.Int, reflect.Int8, reflect.Int16,
+				reflect.Int32, reflect.Int64:
+				value = strconv.FormatInt(v.Int(), 10)
+			case reflect.Uint, reflect.Uint8, reflect.Uint16,
+				reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+				value = strconv.FormatUint(v.Uint(), 10)
+			case reflect.Float32, reflect.Float64:
+				value = strconv.FormatFloat(v.Float(), 'g', -1, 32)
+			case reflect.Bool:
+				value = strconv.FormatBool(v.Bool())
+			case reflect.String:
+				value = v.String()
+			default:
+				value = v.Type().String() + " value"
+		}
+	}
+
+	switch valuesMap := headerOrQueryParams.(type) {
+		case url.Values:
+			if collectionType == "csv" && valuesMap.Get(keyPrefix) != "" {
+				valuesMap.Set(keyPrefix, valuesMap.Get(keyPrefix) + "," + value)
+			} else {
+				valuesMap.Add(keyPrefix, value)
+			}
+			break
+		case map[string]string:
+			valuesMap[keyPrefix] = value
+			break
+	}
+}
+
+// helper for converting interface{} parameters to json strings
+func parameterToJson(obj interface{}) (string, error) {
+	jsonBuf, err := json.Marshal(obj)
+	if err != nil {
+		return "", err
+	}
+	return string(jsonBuf), err
+}
+
+// callAPI do the request.
+func (c *APIClient) callAPI(request *http.Request) (*http.Response, error) {
+	if c.cfg.Debug {
+		dump, err := httputil.DumpRequestOut(request, true)
+		if err != nil {
+			return nil, err
+		}
+		log.Printf("\n%s\n", string(dump))
+	}
+
+	resp, err := c.cfg.HTTPClient.Do(request)
+	if err != nil {
+		return resp, err
+	}
+
+	if c.cfg.Debug {
+		dump, err := httputil.DumpResponse(resp, true)
+		if err != nil {
+			return resp, err
+		}
+		log.Printf("\n%s\n", string(dump))
+	}
+	return resp, err
+}
+
+// Allow modification of underlying config for alternate implementations and testing
+// Caution: modifying the configuration while live can cause data races and potentially unwanted behavior
+func (c *APIClient) GetConfig() *Configuration {
+	return c.cfg
+}
+
+type formFile struct {
+		fileBytes []byte
+		fileName string
+		formFileName string
+}
+
+// prepareRequest build the request
+func (c *APIClient) prepareRequest(
+	ctx context.Context,
+	path string, method string,
+	postBody interface{},
+	headerParams map[string]string,
+	queryParams url.Values,
+	formParams url.Values,
+	formFiles []formFile) (localVarRequest *http.Request, err error) {
+
+	var body *bytes.Buffer
+
+	// Detect postBody type and post.
+	if postBody != nil {
+		contentType := headerParams["Content-Type"]
+		if contentType == "" {
+			contentType = detectContentType(postBody)
+			headerParams["Content-Type"] = contentType
+		}
+
+		body, err = setBody(postBody, contentType)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	// add form parameters and file if available.
+	if strings.HasPrefix(headerParams["Content-Type"], "multipart/form-data") && len(formParams) > 0 || (len(formFiles) > 0) {
+		if body != nil {
+			return nil, errors.New("Cannot specify postBody and multipart form at the same time.")
+		}
+		body = &bytes.Buffer{}
+		w := multipart.NewWriter(body)
+
+		for k, v := range formParams {
+			for _, iv := range v {
+				if strings.HasPrefix(k, "@") { // file
+					err = addFile(w, k[1:], iv)
+					if err != nil {
+						return nil, err
+					}
+				} else { // form value
+					w.WriteField(k, iv)
+				}
+			}
+		}
+		for _, formFile := range formFiles {
+			if len(formFile.fileBytes) > 0 && formFile.fileName != "" {
+				w.Boundary()
+				part, err := w.CreateFormFile(formFile.formFileName, filepath.Base(formFile.fileName))
+				if err != nil {
+						return nil, err
+				}
+				_, err = part.Write(formFile.fileBytes)
+				if err != nil {
+						return nil, err
+				}
+			}
+		}
+
+		// Set the Boundary in the Content-Type
+		headerParams["Content-Type"] = w.FormDataContentType()
+
+		// Set Content-Length
+		headerParams["Content-Length"] = fmt.Sprintf("%d", body.Len())
+		w.Close()
+	}
+
+	if strings.HasPrefix(headerParams["Content-Type"], "application/x-www-form-urlencoded") && len(formParams) > 0 {
+		if body != nil {
+			return nil, errors.New("Cannot specify postBody and x-www-form-urlencoded form at the same time.")
+		}
+		body = &bytes.Buffer{}
+		body.WriteString(formParams.Encode())
+		// Set Content-Length
+		headerParams["Content-Length"] = fmt.Sprintf("%d", body.Len())
+	}
+
+	// Setup path and query parameters
+	url, err := url.Parse(path)
+	if err != nil {
+		return nil, err
+	}
+
+	// Override request host, if applicable
+	if c.cfg.Host != "" {
+		url.Host = c.cfg.Host
+	}
+
+	// Override request scheme, if applicable
+	if c.cfg.Scheme != "" {
+		url.Scheme = c.cfg.Scheme
+	}
+
+	// Adding Query Param
+	query := url.Query()
+	for k, v := range queryParams {
+		for _, iv := range v {
+			query.Add(k, iv)
+		}
+	}
+
+	// Encode the parameters.
+	url.RawQuery = queryParamSplit.ReplaceAllStringFunc(query.Encode(), func(s string) string {
+		pieces := strings.Split(s, "=")
+		pieces[0] = queryDescape.Replace(pieces[0])
+		return strings.Join(pieces, "=")
+	})
+
+	// Generate a new request
+	if body != nil {
+		localVarRequest, err = http.NewRequest(method, url.String(), body)
+	} else {
+		localVarRequest, err = http.NewRequest(method, url.String(), nil)
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	// add header parameters, if any
+	if len(headerParams) > 0 {
+		headers := http.Header{}
+		for h, v := range headerParams {
+			headers[h] = []string{v}
+		}
+		localVarRequest.Header = headers
+	}
+
+	// Add the user agent to the request.
+	localVarRequest.Header.Add("User-Agent", c.cfg.UserAgent)
+
+	if ctx != nil {
+		// add context to the request
+		localVarRequest = localVarRequest.WithContext(ctx)
+
+		// Walk through any authentication.
+
+		// AccessToken Authentication
+		if auth, ok := ctx.Value(ContextAccessToken).(string); ok {
+			localVarRequest.Header.Add("Authorization", "Bearer "+auth)
+		}
+
+	}
+
+	for header, value := range c.cfg.DefaultHeader {
+		localVarRequest.Header.Add(header, value)
+	}
+	return localVarRequest, nil
+}
+
+func (c *APIClient) decode(v interface{}, b []byte, contentType string) (err error) {
+	if len(b) == 0 {
+		return nil
+	}
+	if s, ok := v.(*string); ok {
+		*s = string(b)
+		return nil
+	}
+	if f, ok := v.(*os.File); ok {
+		f, err = os.CreateTemp("", "HttpClientFile")
+		if err != nil {
+			return
+		}
+		_, err = f.Write(b)
+		if err != nil {
+			return
+		}
+		_, err = f.Seek(0, io.SeekStart)
+		return
+	}
+	if f, ok := v.(**os.File); ok {
+		*f, err = os.CreateTemp("", "HttpClientFile")
+		if err != nil {
+			return
+		}
+		_, err = (*f).Write(b)
+		if err != nil {
+			return
+		}
+		_, err = (*f).Seek(0, io.SeekStart)
+		return
+	}
+	if xmlCheck.MatchString(contentType) {
+		if err = xml.Unmarshal(b, v); err != nil {
+			return err
+		}
+		return nil
+	}
+	if jsonCheck.MatchString(contentType) {
+		if actualObj, ok := v.(interface{ GetActualInstance() interface{} }); ok { // oneOf, anyOf schemas
+			if unmarshalObj, ok := actualObj.(interface{ UnmarshalJSON([]byte) error }); ok { // make sure it has UnmarshalJSON defined
+				if err = unmarshalObj.UnmarshalJSON(b); err != nil {
+					return err
+				}
+			} else {
+				return errors.New("Unknown type with GetActualInstance but no unmarshalObj.UnmarshalJSON defined")
+			}
+		} else if err = json.Unmarshal(b, v); err != nil { // simple model
+			return err
+		}
+		return nil
+	}
+	return errors.New("undefined response type")
+}
+
+// Add a file to the multipart request
+func addFile(w *multipart.Writer, fieldName, path string) error {
+	file, err := os.Open(filepath.Clean(path))
+	if err != nil {
+		return err
+	}
+	err = file.Close()
+	if err != nil {
+		return err
+	}
+
+	part, err := w.CreateFormFile(fieldName, filepath.Base(path))
+	if err != nil {
+		return err
+	}
+	_, err = io.Copy(part, file)
+
+	return err
+}
+
+// Prevent trying to import "fmt"
+func reportError(format string, a ...interface{}) error {
+	return fmt.Errorf(format, a...)
+}
+
+// A wrapper for strict JSON decoding
+func newStrictDecoder(data []byte) *json.Decoder {
+	dec := json.NewDecoder(bytes.NewBuffer(data))
+	dec.DisallowUnknownFields()
+	return dec
+}
+
+// Set request body from an interface{}
+func setBody(body interface{}, contentType string) (bodyBuf *bytes.Buffer, err error) {
+	if bodyBuf == nil {
+		bodyBuf = &bytes.Buffer{}
+	}
+
+	if reader, ok := body.(io.Reader); ok {
+		_, err = bodyBuf.ReadFrom(reader)
+	} else if fp, ok := body.(*os.File); ok {
+		_, err = bodyBuf.ReadFrom(fp)
+	} else if b, ok := body.([]byte); ok {
+		_, err = bodyBuf.Write(b)
+	} else if s, ok := body.(string); ok {
+		_, err = bodyBuf.WriteString(s)
+	} else if s, ok := body.(*string); ok {
+		_, err = bodyBuf.WriteString(*s)
+	} else if jsonCheck.MatchString(contentType) {
+		err = json.NewEncoder(bodyBuf).Encode(body)
+	} else if xmlCheck.MatchString(contentType) {
+		err = xml.NewEncoder(bodyBuf).Encode(body)
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	if bodyBuf.Len() == 0 {
+		err = fmt.Errorf("invalid body type %s\n", contentType)
+		return nil, err
+	}
+	return bodyBuf, nil
+}
+
+// detectContentType method is used to figure out `Request.Body` content type for request header
+func detectContentType(body interface{}) string {
+	contentType := "text/plain; charset=utf-8"
+	kind := reflect.TypeOf(body).Kind()
+
+	switch kind {
+	case reflect.Struct, reflect.Map, reflect.Ptr:
+		contentType = "application/json; charset=utf-8"
+	case reflect.String:
+		contentType = "text/plain; charset=utf-8"
+	default:
+		if b, ok := body.([]byte); ok {
+			contentType = http.DetectContentType(b)
+		} else if kind == reflect.Slice {
+			contentType = "application/json; charset=utf-8"
+		}
+	}
+
+	return contentType
+}
+
+// Ripped from https://github.com/gregjones/httpcache/blob/master/httpcache.go
+type cacheControl map[string]string
+
+func parseCacheControl(headers http.Header) cacheControl {
+	cc := cacheControl{}
+	ccHeader := headers.Get("Cache-Control")
+	for _, part := range strings.Split(ccHeader, ",") {
+		part = strings.Trim(part, " ")
+		if part == "" {
+			continue
+		}
+		if strings.ContainsRune(part, '=') {
+			keyval := strings.Split(part, "=")
+			cc[strings.Trim(keyval[0], " ")] = strings.Trim(keyval[1], ",")
+		} else {
+			cc[part] = ""
+		}
+	}
+	return cc
+}
+
+// CacheExpires helper function to determine remaining time before repeating a request.
+func CacheExpires(r *http.Response) time.Time {
+	// Figure out when the cache expires.
+	var expires time.Time
+	now, err := time.Parse(time.RFC1123, r.Header.Get("date"))
+	if err != nil {
+		return time.Now()
+	}
+	respCacheControl := parseCacheControl(r.Header)
+
+	if maxAge, ok := respCacheControl["max-age"]; ok {
+		lifetime, err := time.ParseDuration(maxAge + "s")
+		if err != nil {
+			expires = now
+		} else {
+			expires = now.Add(lifetime)
+		}
+	} else {
+		expiresHeader := r.Header.Get("Expires")
+		if expiresHeader != "" {
+			expires, err = time.Parse(time.RFC1123, expiresHeader)
+			if err != nil {
+				expires = now
+			}
+		}
+	}
+	return expires
+}
+
+func strlen(s string) int {
+	return utf8.RuneCountInString(s)
+}
+
+// GenericOpenAPIError Provides access to the body, error and model on returned errors.
+type GenericOpenAPIError struct {
+	body  []byte
+	error string
+	model interface{}
+}
+
+// Error returns non-empty string if there was an error.
+func (e GenericOpenAPIError) Error() string {
+	return e.error
+}
+
+// Body returns the raw bytes of the response
+func (e GenericOpenAPIError) Body() []byte {
+	return e.body
+}
+
+// Model returns the unpacked model of the error
+func (e GenericOpenAPIError) Model() interface{} {
+	return e.model
+}
+
+// format error message using title and detail when model implements rfc7807
+func formatErrorMessage(status string, v interface{}) string {
+	str := ""
+	metaValue := reflect.ValueOf(v).Elem()
+
+	if metaValue.Kind() == reflect.Struct {
+		field := metaValue.FieldByName("Title")
+		if field != (reflect.Value{}) {
+			str = fmt.Sprintf("%s", field.Interface())
+		}
+
+		field = metaValue.FieldByName("Detail")
+		if field != (reflect.Value{}) {
+			str = fmt.Sprintf("%s (%s)", str, field.Interface())
+		}
+	}
+
+	return strings.TrimSpace(fmt.Sprintf("%s %s", status, str))
+}
diff --git a/internal/provider/tembodataclient/configuration.go b/internal/provider/tembodataclient/configuration.go
new file mode 100644
index 0000000..f2e8e78
--- /dev/null
+++ b/internal/provider/tembodataclient/configuration.go
@@ -0,0 +1,218 @@
+/*
+Tembo Data API
+
+In the case of large or sensitive data, we avoid collecting it into Tembo Cloud. Instead, there is a Tembo Data API for each region, cloud, or private data plane.             </br>             </br>             To find the Tembo Cloud API, please find it [here](https://api.tembo.io/swagger-ui/).             
+
+API version: v0.0.1
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package tembodataclient
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"strings"
+)
+
+// contextKeys are used to identify the type of value in the context.
+// Since these are string, it is possible to get a short description of the
+// context key for logging and debugging using key.String().
+
+type contextKey string
+
+func (c contextKey) String() string {
+	return "auth " + string(c)
+}
+
+var (
+	// ContextAccessToken takes a string oauth2 access token as authentication for the request.
+	ContextAccessToken = contextKey("accesstoken")
+
+	// ContextServerIndex uses a server configuration from the index.
+	ContextServerIndex = contextKey("serverIndex")
+
+	// ContextOperationServerIndices uses a server configuration from the index mapping.
+	ContextOperationServerIndices = contextKey("serverOperationIndices")
+
+	// ContextServerVariables overrides a server configuration variables.
+	ContextServerVariables = contextKey("serverVariables")
+
+	// ContextOperationServerVariables overrides a server configuration variables using operation specific values.
+	ContextOperationServerVariables = contextKey("serverOperationVariables")
+)
+
+// BasicAuth provides basic http authentication to a request passed via context using ContextBasicAuth
+type BasicAuth struct {
+	UserName string `json:"userName,omitempty"`
+	Password string `json:"password,omitempty"`
+}
+
+// APIKey provides API key based authentication to a request passed via context using ContextAPIKey
+type APIKey struct {
+	Key    string
+	Prefix string
+}
+
+// ServerVariable stores the information about a server variable
+type ServerVariable struct {
+	Description  string
+	DefaultValue string
+	EnumValues   []string
+}
+
+// ServerConfiguration stores the information about a server
+type ServerConfiguration struct {
+	URL string
+	Description string
+	Variables map[string]ServerVariable
+}
+
+// ServerConfigurations stores multiple ServerConfiguration items
+type ServerConfigurations []ServerConfiguration
+
+// Configuration stores the configuration of the API client
+type Configuration struct {
+	Host             string            `json:"host,omitempty"`
+	Scheme           string            `json:"scheme,omitempty"`
+	DefaultHeader    map[string]string `json:"defaultHeader,omitempty"`
+	UserAgent        string            `json:"userAgent,omitempty"`
+	Debug            bool              `json:"debug,omitempty"`
+	Servers          ServerConfigurations
+	OperationServers map[string]ServerConfigurations
+	HTTPClient       *http.Client
+}
+
+// NewConfiguration returns a new Configuration object
+func NewConfiguration() *Configuration {
+	cfg := &Configuration{
+		DefaultHeader:    make(map[string]string),
+		UserAgent:        "OpenAPI-Generator/1.0.0/go",
+		Debug:            false,
+		Servers:          ServerConfigurations{
+			{
+				URL: "",
+				Description: "No description provided",
+			},
+		},
+		OperationServers: map[string]ServerConfigurations{
+		},
+	}
+	return cfg
+}
+
+// AddDefaultHeader adds a new HTTP header to the default header in the request
+func (c *Configuration) AddDefaultHeader(key string, value string) {
+	c.DefaultHeader[key] = value
+}
+
+// URL formats template on a index using given variables
+func (sc ServerConfigurations) URL(index int, variables map[string]string) (string, error) {
+	if index < 0 || len(sc) <= index {
+		return "", fmt.Errorf("index %v out of range %v", index, len(sc)-1)
+	}
+	server := sc[index]
+	url := server.URL
+
+	// go through variables and replace placeholders
+	for name, variable := range server.Variables {
+		if value, ok := variables[name]; ok {
+			found := bool(len(variable.EnumValues) == 0)
+			for _, enumValue := range variable.EnumValues {
+				if value == enumValue {
+					found = true
+				}
+			}
+			if !found {
+				return "", fmt.Errorf("the variable %s in the server URL has invalid value %v. Must be %v", name, value, variable.EnumValues)
+			}
+			url = strings.Replace(url, "{"+name+"}", value, -1)
+		} else {
+			url = strings.Replace(url, "{"+name+"}", variable.DefaultValue, -1)
+		}
+	}
+	return url, nil
+}
+
+// ServerURL returns URL based on server settings
+func (c *Configuration) ServerURL(index int, variables map[string]string) (string, error) {
+	return c.Servers.URL(index, variables)
+}
+
+func getServerIndex(ctx context.Context) (int, error) {
+	si := ctx.Value(ContextServerIndex)
+	if si != nil {
+		if index, ok := si.(int); ok {
+			return index, nil
+		}
+		return 0, reportError("Invalid type %T should be int", si)
+	}
+	return 0, nil
+}
+
+func getServerOperationIndex(ctx context.Context, endpoint string) (int, error) {
+	osi := ctx.Value(ContextOperationServerIndices)
+	if osi != nil {
+		if operationIndices, ok := osi.(map[string]int); !ok {
+			return 0, reportError("Invalid type %T should be map[string]int", osi)
+		} else {
+			index, ok := operationIndices[endpoint]
+			if ok {
+				return index, nil
+			}
+		}
+	}
+	return getServerIndex(ctx)
+}
+
+func getServerVariables(ctx context.Context) (map[string]string, error) {
+	sv := ctx.Value(ContextServerVariables)
+	if sv != nil {
+		if variables, ok := sv.(map[string]string); ok {
+			return variables, nil
+		}
+		return nil, reportError("ctx value of ContextServerVariables has invalid type %T should be map[string]string", sv)
+	}
+	return nil, nil
+}
+
+func getServerOperationVariables(ctx context.Context, endpoint string) (map[string]string, error) {
+	osv := ctx.Value(ContextOperationServerVariables)
+	if osv != nil {
+		if operationVariables, ok := osv.(map[string]map[string]string); !ok {
+			return nil, reportError("ctx value of ContextOperationServerVariables has invalid type %T should be map[string]map[string]string", osv)
+		} else {
+			variables, ok := operationVariables[endpoint]
+			if ok {
+				return variables, nil
+			}
+		}
+	}
+	return getServerVariables(ctx)
+}
+
+// ServerURLWithContext returns a new server URL given an endpoint
+func (c *Configuration) ServerURLWithContext(ctx context.Context, endpoint string) (string, error) {
+	sc, ok := c.OperationServers[endpoint]
+	if !ok {
+		sc = c.Servers
+	}
+
+	if ctx == nil {
+		return sc.URL(0, nil)
+	}
+
+	index, err := getServerOperationIndex(ctx, endpoint)
+	if err != nil {
+		return "", err
+	}
+
+	variables, err := getServerOperationVariables(ctx, endpoint)
+	if err != nil {
+		return "", err
+	}
+
+	return sc.URL(index, variables)
+}
diff --git a/internal/provider/tembodataclient/docs/AvailableSecret.md b/internal/provider/tembodataclient/docs/AvailableSecret.md
new file mode 100644
index 0000000..1694591
--- /dev/null
+++ b/internal/provider/tembodataclient/docs/AvailableSecret.md
@@ -0,0 +1,72 @@
+# AvailableSecret
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Name** | **string** | The name of an available secret | 
+**PossibleKeys** | **[]string** | For this secret, available keys | 
+
+## Methods
+
+### NewAvailableSecret
+
+`func NewAvailableSecret(name string, possibleKeys []string, ) *AvailableSecret`
+
+NewAvailableSecret instantiates a new AvailableSecret object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAvailableSecretWithDefaults
+
+`func NewAvailableSecretWithDefaults() *AvailableSecret`
+
+NewAvailableSecretWithDefaults instantiates a new AvailableSecret object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetName
+
+`func (o *AvailableSecret) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *AvailableSecret) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *AvailableSecret) SetName(v string)`
+
+SetName sets Name field to given value.
+
+
+### GetPossibleKeys
+
+`func (o *AvailableSecret) GetPossibleKeys() []string`
+
+GetPossibleKeys returns the PossibleKeys field if non-nil, zero value otherwise.
+
+### GetPossibleKeysOk
+
+`func (o *AvailableSecret) GetPossibleKeysOk() (*[]string, bool)`
+
+GetPossibleKeysOk returns a tuple with the PossibleKeys field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPossibleKeys
+
+`func (o *AvailableSecret) SetPossibleKeys(v []string)`
+
+SetPossibleKeys sets PossibleKeys field to given value.
+
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/internal/provider/tembodataclient/docs/MetricsApi.md b/internal/provider/tembodataclient/docs/MetricsApi.md
new file mode 100644
index 0000000..ca892a5
--- /dev/null
+++ b/internal/provider/tembodataclient/docs/MetricsApi.md
@@ -0,0 +1,85 @@
+# \MetricsApi
+
+All URIs are relative to *http://localhost*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**QueryRange**](MetricsApi.md#QueryRange) | **Get** /{namespace}/metrics/query_range | 
+
+
+
+## QueryRange
+
+> interface{} QueryRange(ctx, namespace).Query(query).Start(start).End(end).Step(step).Execute()
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "github.com/GIT_USER_ID/GIT_REPO_ID"
+)
+
+func main() {
+    namespace := "org-coredb-inst-control-plane-dev" // string | Instance namespace
+    query := "(sum by (namespace) (max_over_time(pg_stat_activity_count{namespace="org-coredb-inst-control-plane-dev"}[1h])))" // string | PromQL range query, must include a 'namespace' label matching the query path
+    start := int64(1686780828) // int64 | Range start, unix timestamp
+    end := int64(1686862041) // int64 | Range end, unix timestamp. Default is now. (optional)
+    step := "60s" // string | Step size duration string, defaults to 60s (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.MetricsApi.QueryRange(context.Background(), namespace).Query(query).Start(start).End(end).Step(step).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `MetricsApi.QueryRange``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `QueryRange`: interface{}
+    fmt.Fprintf(os.Stdout, "Response from `MetricsApi.QueryRange`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**namespace** | **string** | Instance namespace | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiQueryRangeRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **query** | **string** | PromQL range query, must include a &#39;namespace&#39; label matching the query path | 
+ **start** | **int64** | Range start, unix timestamp | 
+ **end** | **int64** | Range end, unix timestamp. Default is now. | 
+ **step** | **string** | Step size duration string, defaults to 60s | 
+
+### Return type
+
+**interface{}**
+
+### Authorization
+
+[jwt_token](../README.md#jwt_token)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/internal/provider/tembodataclient/docs/SecretsApi.md b/internal/provider/tembodataclient/docs/SecretsApi.md
new file mode 100644
index 0000000..46f11c8
--- /dev/null
+++ b/internal/provider/tembodataclient/docs/SecretsApi.md
@@ -0,0 +1,300 @@
+# \SecretsApi
+
+All URIs are relative to *http://localhost*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**GetSecret**](SecretsApi.md#GetSecret) | **Get** /{namespace}/secrets/{secret_name} | Please use /api/v1/orgs/{org_id}/instances/{instance_id}/secrets/{secret_name}
+[**GetSecretNames**](SecretsApi.md#GetSecretNames) | **Get** /{namespace}/secrets | Please use /api/v1/orgs/{org_id}/instances/{instance_id}/secrets
+[**GetSecretNamesV1**](SecretsApi.md#GetSecretNamesV1) | **Get** /api/v1/orgs/{org_id}/instances/{instance_id}/secrets | 
+[**GetSecretV1**](SecretsApi.md#GetSecretV1) | **Get** /api/v1/orgs/{org_id}/instances/{instance_id}/secrets/{secret_name} | 
+
+
+
+## GetSecret
+
+> map[string]string GetSecret(ctx, namespace, secretName).Execute()
+
+Please use /api/v1/orgs/{org_id}/instances/{instance_id}/secrets/{secret_name}
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "github.com/GIT_USER_ID/GIT_REPO_ID"
+)
+
+func main() {
+    namespace := "org-myco-inst-prod" // string | Instance namespace
+    secretName := "readonly-role" // string | Secret name
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.SecretsApi.GetSecret(context.Background(), namespace, secretName).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `SecretsApi.GetSecret``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetSecret`: map[string]string
+    fmt.Fprintf(os.Stdout, "Response from `SecretsApi.GetSecret`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**namespace** | **string** | Instance namespace | 
+**secretName** | **string** | Secret name | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetSecretRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+**map[string]string**
+
+### Authorization
+
+[jwt_token](../README.md#jwt_token)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetSecretNames
+
+> []AvailableSecret GetSecretNames(ctx, namespace).Execute()
+
+Please use /api/v1/orgs/{org_id}/instances/{instance_id}/secrets
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "github.com/GIT_USER_ID/GIT_REPO_ID"
+)
+
+func main() {
+    namespace := "org-myco-inst-prod" // string | Instance namespace
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.SecretsApi.GetSecretNames(context.Background(), namespace).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `SecretsApi.GetSecretNames``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetSecretNames`: []AvailableSecret
+    fmt.Fprintf(os.Stdout, "Response from `SecretsApi.GetSecretNames`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**namespace** | **string** | Instance namespace | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetSecretNamesRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]AvailableSecret**](AvailableSecret.md)
+
+### Authorization
+
+[jwt_token](../README.md#jwt_token)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetSecretNamesV1
+
+> []AvailableSecret GetSecretNamesV1(ctx, orgId, instanceId).Execute()
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "github.com/GIT_USER_ID/GIT_REPO_ID"
+)
+
+func main() {
+    orgId := "org_2T7FJA0DpaNBnELVLU1IS4XzZG0" // string | Tembo Cloud Organization ID
+    instanceId := "inst_1696253936968_TblNOY_6" // string | Tembo Cloud Instance ID
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.SecretsApi.GetSecretNamesV1(context.Background(), orgId, instanceId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `SecretsApi.GetSecretNamesV1``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetSecretNamesV1`: []AvailableSecret
+    fmt.Fprintf(os.Stdout, "Response from `SecretsApi.GetSecretNamesV1`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**orgId** | **string** | Tembo Cloud Organization ID | 
+**instanceId** | **string** | Tembo Cloud Instance ID | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetSecretNamesV1Request struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**[]AvailableSecret**](AvailableSecret.md)
+
+### Authorization
+
+[jwt_token](../README.md#jwt_token)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetSecretV1
+
+> map[string]string GetSecretV1(ctx, orgId, instanceId, secretName).Execute()
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "github.com/GIT_USER_ID/GIT_REPO_ID"
+)
+
+func main() {
+    orgId := "org_2T7FJA0DpaNBnELVLU1IS4XzZG0" // string | Tembo Cloud Organization ID
+    instanceId := "inst_1696253936968_TblNOY_6" // string | Tembo Cloud Instance ID
+    secretName := "readonly-role" // string | Secret name
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.SecretsApi.GetSecretV1(context.Background(), orgId, instanceId, secretName).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `SecretsApi.GetSecretV1``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetSecretV1`: map[string]string
+    fmt.Fprintf(os.Stdout, "Response from `SecretsApi.GetSecretV1`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**orgId** | **string** | Tembo Cloud Organization ID | 
+**instanceId** | **string** | Tembo Cloud Instance ID | 
+**secretName** | **string** | Secret name | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetSecretV1Request struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+
+### Return type
+
+**map[string]string**
+
+### Authorization
+
+[jwt_token](../README.md#jwt_token)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/internal/provider/tembodataclient/git_push.sh b/internal/provider/tembodataclient/git_push.sh
new file mode 100644
index 0000000..f53a75d
--- /dev/null
+++ b/internal/provider/tembodataclient/git_push.sh
@@ -0,0 +1,57 @@
+#!/bin/sh
+# ref: https://help.github.com/articles/adding-an-existing-project-to-github-using-the-command-line/
+#
+# Usage example: /bin/sh ./git_push.sh wing328 openapi-petstore-perl "minor update" "gitlab.com"
+
+git_user_id=$1
+git_repo_id=$2
+release_note=$3
+git_host=$4
+
+if [ "$git_host" = "" ]; then
+    git_host="github.com"
+    echo "[INFO] No command line input provided. Set \$git_host to $git_host"
+fi
+
+if [ "$git_user_id" = "" ]; then
+    git_user_id="GIT_USER_ID"
+    echo "[INFO] No command line input provided. Set \$git_user_id to $git_user_id"
+fi
+
+if [ "$git_repo_id" = "" ]; then
+    git_repo_id="GIT_REPO_ID"
+    echo "[INFO] No command line input provided. Set \$git_repo_id to $git_repo_id"
+fi
+
+if [ "$release_note" = "" ]; then
+    release_note="Minor update"
+    echo "[INFO] No command line input provided. Set \$release_note to $release_note"
+fi
+
+# Initialize the local directory as a Git repository
+git init
+
+# Adds the files in the local repository and stages them for commit.
+git add .
+
+# Commits the tracked changes and prepares them to be pushed to a remote repository.
+git commit -m "$release_note"
+
+# Sets the new remote
+git_remote=$(git remote)
+if [ "$git_remote" = "" ]; then # git remote not defined
+
+    if [ "$GIT_TOKEN" = "" ]; then
+        echo "[INFO] \$GIT_TOKEN (environment variable) is not set. Using the git credential in your environment."
+        git remote add origin https://${git_host}/${git_user_id}/${git_repo_id}.git
+    else
+        git remote add origin https://${git_user_id}:"${GIT_TOKEN}"@${git_host}/${git_user_id}/${git_repo_id}.git
+    fi
+
+fi
+
+git pull origin master
+
+# Pushes (Forces) the changes in the local repository up to the remote repository
+echo "Git pushing to https://${git_host}/${git_user_id}/${git_repo_id}.git"
+git push origin master 2>&1 | grep -v 'To https'
diff --git a/internal/provider/tembodataclient/go.mod b/internal/provider/tembodataclient/go.mod
new file mode 100644
index 0000000..5856409
--- /dev/null
+++ b/internal/provider/tembodataclient/go.mod
@@ -0,0 +1,6 @@
+module github.com/tembo-io/terraform-provider-tembo/tembodataclient
+
+go 1.18
+
+require (
+)
diff --git a/internal/provider/tembodataclient/go.sum b/internal/provider/tembodataclient/go.sum
new file mode 100644
index 0000000..c966c8d
--- /dev/null
+++ b/internal/provider/tembodataclient/go.sum
@@ -0,0 +1,11 @@
+cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e h1:bRhVy7zSSasaqNksaRZiA5EEI+Ei4I1nO5Jh72wfHlg=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 h1:YUO/7uOKsKeq9UokNS62b8FYywz3ker1l1vDZRCRefw=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
diff --git a/internal/provider/tembodataclient/model_available_secret.go b/internal/provider/tembodataclient/model_available_secret.go
new file mode 100644
index 0000000..e75187d
--- /dev/null
+++ b/internal/provider/tembodataclient/model_available_secret.go
@@ -0,0 +1,146 @@
+/*
+Tembo Data API
+
+In the case of large or sensitive data, we avoid collecting it into Tembo Cloud. Instead, there is a Tembo Data API for each region, cloud, or private data plane.             </br>             </br>             To find the Tembo Cloud API, please find it [here](https://api.tembo.io/swagger-ui/).             
+
+API version: v0.0.1
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package tembodataclient
+
+import (
+	"encoding/json"
+)
+
+// checks if the AvailableSecret type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &AvailableSecret{}
+
+// AvailableSecret struct for AvailableSecret
+type AvailableSecret struct {
+	// The name of an available secret
+	Name string `json:"name"`
+	// For this secret, available keys
+	PossibleKeys []string `json:"possible_keys"`
+}
+
+// NewAvailableSecret instantiates a new AvailableSecret object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAvailableSecret(name string, possibleKeys []string) *AvailableSecret {
+	this := AvailableSecret{}
+	this.Name = name
+	this.PossibleKeys = possibleKeys
+	return &this
+}
+
+// NewAvailableSecretWithDefaults instantiates a new AvailableSecret object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAvailableSecretWithDefaults() *AvailableSecret {
+	this := AvailableSecret{}
+	return &this
+}
+
+// GetName returns the Name field value
+func (o *AvailableSecret) GetName() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value
+// and a boolean to check if the value has been set.
+func (o *AvailableSecret) GetNameOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Name, true
+}
+
+// SetName sets field value
+func (o *AvailableSecret) SetName(v string) {
+	o.Name = v
+}
+
+// GetPossibleKeys returns the PossibleKeys field value
+func (o *AvailableSecret) GetPossibleKeys() []string {
+	if o == nil {
+		var ret []string
+		return ret
+	}
+
+	return o.PossibleKeys
+}
+
+// GetPossibleKeysOk returns a tuple with the PossibleKeys field value
+// and a boolean to check if the value has been set.
+func (o *AvailableSecret) GetPossibleKeysOk() ([]string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.PossibleKeys, true
+}
+
+// SetPossibleKeys sets field value
+func (o *AvailableSecret) SetPossibleKeys(v []string) {
+	o.PossibleKeys = v
+}
+
+func (o AvailableSecret) MarshalJSON() ([]byte, error) {
+	toSerialize,err := o.ToMap()
+	if err != nil {
+		return []byte{}, err
+	}
+	return json.Marshal(toSerialize)
+}
+
+func (o AvailableSecret) ToMap() (map[string]interface{}, error) {
+	toSerialize := map[string]interface{}{}
+	toSerialize["name"] = o.Name
+	toSerialize["possible_keys"] = o.PossibleKeys
+	return toSerialize, nil
+}
+
+type NullableAvailableSecret struct {
+	value *AvailableSecret
+	isSet bool
+}
+
+func (v NullableAvailableSecret) Get() *AvailableSecret {
+	return v.value
+}
+
+func (v *NullableAvailableSecret) Set(val *AvailableSecret) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAvailableSecret) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAvailableSecret) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAvailableSecret(val *AvailableSecret) *NullableAvailableSecret {
+	return &NullableAvailableSecret{value: val, isSet: true}
+}
+
+func (v NullableAvailableSecret) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAvailableSecret) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+
diff --git a/internal/provider/tembodataclient/response.go b/internal/provider/tembodataclient/response.go
new file mode 100644
index 0000000..ac8c077
--- /dev/null
+++ b/internal/provider/tembodataclient/response.go
@@ -0,0 +1,47 @@
+/*
+Tembo Data API
+
+In the case of large or sensitive data, we avoid collecting it into Tembo Cloud. Instead, there is a Tembo Data API for each region, cloud, or private data plane.             </br>             </br>             To find the Tembo Cloud API, please find it [here](https://api.tembo.io/swagger-ui/).             
+
+API version: v0.0.1
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package tembodataclient
+
+import (
+	"net/http"
+)
+
+// APIResponse stores the API response returned by the server.
+type APIResponse struct {
+	*http.Response `json:"-"`
+	Message        string `json:"message,omitempty"`
+	// Operation is the name of the OpenAPI operation.
+	Operation string `json:"operation,omitempty"`
+	// RequestURL is the request URL. This value is always available, even if the
+	// embedded *http.Response is nil.
+	RequestURL string `json:"url,omitempty"`
+	// Method is the HTTP method used for the request.  This value is always
+	// available, even if the embedded *http.Response is nil.
+	Method string `json:"method,omitempty"`
+	// Payload holds the contents of the response body (which may be nil or empty).
+	// This is provided here as the raw response.Body() reader will have already
+	// been drained.
+	Payload []byte `json:"-"`
+}
+
+// NewAPIResponse returns a new APIResponse object.
+func NewAPIResponse(r *http.Response) *APIResponse {
+
+	response := &APIResponse{Response: r}
+	return response
+}
+
+// NewAPIResponseWithError returns a new APIResponse object with the provided error message.
+func NewAPIResponseWithError(errorMessage string) *APIResponse {
+
+	response := &APIResponse{Message: errorMessage}
+	return response
+}
diff --git a/internal/provider/tembodataclient/test/api_metrics_test.go b/internal/provider/tembodataclient/test/api_metrics_test.go
new file mode 100644
index 0000000..1e1ca26
--- /dev/null
+++ b/internal/provider/tembodataclient/test/api_metrics_test.go
@@ -0,0 +1,39 @@
+/*
+Tembo Data API
+
+Testing MetricsApiService
+
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech);
+
+package tembodataclient
+
+import (
+	"context"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"testing"
+	openapiclient "github.com/GIT_USER_ID/GIT_REPO_ID"
+)
+
+func Test_tembodataclient_MetricsApiService(t *testing.T) {
+
+	configuration := openapiclient.NewConfiguration()
+	apiClient := openapiclient.NewAPIClient(configuration)
+
+	t.Run("Test MetricsApiService QueryRange", func(t *testing.T) {
+
+		t.Skip("skip test")  // remove to run test
+
+		var namespace string
+
+		resp, httpRes, err := apiClient.MetricsApi.QueryRange(context.Background(), namespace).Execute()
+
+		require.Nil(t, err)
+		require.NotNil(t, resp)
+		assert.Equal(t, 200, httpRes.StatusCode)
+
+	})
+
+}
diff --git a/internal/provider/tembodataclient/test/api_secrets_test.go b/internal/provider/tembodataclient/test/api_secrets_test.go
new file mode 100644
index 0000000..6a8ce9e
--- /dev/null
+++ b/internal/provider/tembodataclient/test/api_secrets_test.go
@@ -0,0 +1,85 @@
+/*
+Tembo Data API
+
+Testing SecretsApiService
+
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech);
+
+package tembodataclient
+
+import (
+	"context"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"testing"
+	openapiclient "github.com/GIT_USER_ID/GIT_REPO_ID"
+)
+
+func Test_tembodataclient_SecretsApiService(t *testing.T) {
+
+	configuration := openapiclient.NewConfiguration()
+	apiClient := openapiclient.NewAPIClient(configuration)
+
+	t.Run("Test SecretsApiService GetSecret", func(t *testing.T) {
+
+		t.Skip("skip test")  // remove to run test
+
+		var namespace string
+		var secretName string
+
+		resp, httpRes, err := apiClient.SecretsApi.GetSecret(context.Background(), namespace, secretName).Execute()
+
+		require.Nil(t, err)
+		require.NotNil(t, resp)
+		assert.Equal(t, 200, httpRes.StatusCode)
+
+	})
+
+	t.Run("Test SecretsApiService GetSecretNames", func(t *testing.T) {
+
+		t.Skip("skip test")  // remove to run test
+
+		var namespace string
+
+		resp, httpRes, err := apiClient.SecretsApi.GetSecretNames(context.Background(), namespace).Execute()
+
+		require.Nil(t, err)
+		require.NotNil(t, resp)
+		assert.Equal(t, 200, httpRes.StatusCode)
+
+	})
+
+	t.Run("Test SecretsApiService GetSecretNamesV1", func(t *testing.T) {
+
+		t.Skip("skip test")  // remove to run test
+
+		var orgId string
+		var instanceId string
+
+		resp, httpRes, err := apiClient.SecretsApi.GetSecretNamesV1(context.Background(), orgId, instanceId).Execute()
+
+		require.Nil(t, err)
+		require.NotNil(t, resp)
+		assert.Equal(t, 200, httpRes.StatusCode)
+
+	})
+
+	t.Run("Test SecretsApiService GetSecretV1", func(t *testing.T) {
+
+		t.Skip("skip test")  // remove to run test
+
+		var orgId string
+		var instanceId string
+		var secretName string
+
+		resp, httpRes, err := apiClient.SecretsApi.GetSecretV1(context.Background(), orgId, instanceId, secretName).Execute()
+
+		require.Nil(t, err)
+		require.NotNil(t, resp)
+		assert.Equal(t, 200, httpRes.StatusCode)
+
+	})
+
+}
diff --git a/internal/provider/tembodataclient/utils.go b/internal/provider/tembodataclient/utils.go
new file mode 100644
index 0000000..cd1cda5
--- /dev/null
+++ b/internal/provider/tembodataclient/utils.go
@@ -0,0 +1,347 @@
+/*
+Tembo Data API
+
+In the case of large or sensitive data, we avoid collecting it into Tembo Cloud. Instead, there is a Tembo Data API for each region, cloud, or private data plane.             </br>             </br>             To find the Tembo Cloud API, please find it [here](https://api.tembo.io/swagger-ui/).             
+
+API version: v0.0.1
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package tembodataclient
+
+import (
+	"encoding/json"
+	"reflect"
+	"time"
+)
+
+// PtrBool is a helper routine that returns a pointer to given boolean value.
+func PtrBool(v bool) *bool { return &v }
+
+// PtrInt is a helper routine that returns a pointer to given integer value.
+func PtrInt(v int) *int { return &v }
+
+// PtrInt32 is a helper routine that returns a pointer to given integer value.
+func PtrInt32(v int32) *int32 { return &v }
+
+// PtrInt64 is a helper routine that returns a pointer to given integer value.
+func PtrInt64(v int64) *int64 { return &v }
+
+// PtrFloat32 is a helper routine that returns a pointer to given float value.
+func PtrFloat32(v float32) *float32 { return &v }
+
+// PtrFloat64 is a helper routine that returns a pointer to given float value.
+func PtrFloat64(v float64) *float64 { return &v }
+
+// PtrString is a helper routine that returns a pointer to given string value.
+func PtrString(v string) *string { return &v }
+
+// PtrTime is helper routine that returns a pointer to given Time value.
+func PtrTime(v time.Time) *time.Time { return &v }
+
+type NullableBool struct {
+	value *bool
+	isSet bool
+}
+
+func (v NullableBool) Get() *bool {
+	return v.value
+}
+
+func (v *NullableBool) Set(val *bool) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBool) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBool) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBool(val *bool) *NullableBool {
+	return &NullableBool{value: val, isSet: true}
+}
+
+func (v NullableBool) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBool) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+type NullableInt struct {
+	value *int
+	isSet bool
+}
+
+func (v NullableInt) Get() *int {
+	return v.value
+}
+
+func (v *NullableInt) Set(val *int) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableInt) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableInt) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableInt(val *int) *NullableInt {
+	return &NullableInt{value: val, isSet: true}
+}
+
+func (v NullableInt) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableInt) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+type NullableInt32 struct {
+	value *int32
+	isSet bool
+}
+
+func (v NullableInt32) Get() *int32 {
+	return v.value
+}
+
+func (v *NullableInt32) Set(val *int32) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableInt32) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableInt32) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableInt32(val *int32) *NullableInt32 {
+	return &NullableInt32{value: val, isSet: true}
+}
+
+func (v NullableInt32) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableInt32) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+type NullableInt64 struct {
+	value *int64
+	isSet bool
+}
+
+func (v NullableInt64) Get() *int64 {
+	return v.value
+}
+
+func (v *NullableInt64) Set(val *int64) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableInt64) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableInt64) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableInt64(val *int64) *NullableInt64 {
+	return &NullableInt64{value: val, isSet: true}
+}
+
+func (v NullableInt64) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableInt64) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+type NullableFloat32 struct {
+	value *float32
+	isSet bool
+}
+
+func (v NullableFloat32) Get() *float32 {
+	return v.value
+}
+
+func (v *NullableFloat32) Set(val *float32) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableFloat32) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableFloat32) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableFloat32(val *float32) *NullableFloat32 {
+	return &NullableFloat32{value: val, isSet: true}
+}
+
+func (v NullableFloat32) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableFloat32) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+type NullableFloat64 struct {
+	value *float64
+	isSet bool
+}
+
+func (v NullableFloat64) Get() *float64 {
+	return v.value
+}
+
+func (v *NullableFloat64) Set(val *float64) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableFloat64) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableFloat64) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableFloat64(val *float64) *NullableFloat64 {
+	return &NullableFloat64{value: val, isSet: true}
+}
+
+func (v NullableFloat64) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableFloat64) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+type NullableString struct {
+	value *string
+	isSet bool
+}
+
+func (v NullableString) Get() *string {
+	return v.value
+}
+
+func (v *NullableString) Set(val *string) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableString) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableString) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableString(val *string) *NullableString {
+	return &NullableString{value: val, isSet: true}
+}
+
+func (v NullableString) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableString) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+type NullableTime struct {
+	value *time.Time
+	isSet bool
+}
+
+func (v NullableTime) Get() *time.Time {
+	return v.value
+}
+
+func (v *NullableTime) Set(val *time.Time) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableTime) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableTime) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableTime(val *time.Time) *NullableTime {
+	return &NullableTime{value: val, isSet: true}
+}
+
+func (v NullableTime) MarshalJSON() ([]byte, error) {
+	return v.value.MarshalJSON()
+}
+
+func (v *NullableTime) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+// IsNil checks if an input is nil
+func IsNil(i interface{}) bool {
+	if i == nil {
+		return true
+	}
+	switch reflect.TypeOf(i).Kind() {
+	case reflect.Chan, reflect.Func, reflect.Map, reflect.Ptr, reflect.UnsafePointer, reflect.Interface, reflect.Slice:
+		return reflect.ValueOf(i).IsNil()
+	case reflect.Array:
+		return reflect.ValueOf(i).IsZero()
+	}
+	return false
+}
+
+type MappedNullable interface {
+	ToMap() (map[string]interface{}, error)
+}