@pulumi/vault 5.6.0 → 5.7.1

package/kv/getSecretsListV2.d.ts

@@ -0,0 +1,114 @@
+import * as pulumi from "@pulumi/pulumi";
+/**
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as vault from "@pulumi/vault";
+ *
+ * const kvv2 = new vault.Mount("kvv2", {
+ *     path: "kvv2",
+ *     type: "kv",
+ *     options: {
+ *         version: "2",
+ *     },
+ *     description: "KV Version 2 secret engine mount",
+ * });
+ * const awsSecret = new vault.kv.SecretV2("awsSecret", {
+ *     mount: kvv2.path,
+ *     dataJson: JSON.stringify({
+ *         zip: "zap",
+ *     }),
+ * });
+ * const azureSecret = new vault.kv.SecretV2("azureSecret", {
+ *     mount: kvv2.path,
+ *     dataJson: JSON.stringify({
+ *         foo: "bar",
+ *     }),
+ * });
+ * const nestedSecret = new vault.kv.SecretV2("nestedSecret", {
+ *     mount: kvv2.path,
+ *     dataJson: JSON.stringify({
+ *         password: "test",
+ *     }),
+ * });
+ * const secrets = vault.kv.getSecretsListV2Output({
+ *     mount: kvv2.path,
+ * });
+ * const nestedSecrets = kvv2.path.apply(path => vault.kv.getSecretsListV2Output({
+ *     mount: path,
+ *     name: vault_kv_secret_v2.test_2.name,
+ * }));
+ * ```
+ * ## Required Vault Capabilities
+ *
+ * Use of this resource requires the `read` capability on the given path.
+ */
+export declare function getSecretsListV2(args: GetSecretsListV2Args, opts?: pulumi.InvokeOptions): Promise<GetSecretsListV2Result>;
+/**
+ * A collection of arguments for invoking getSecretsListV2.
+ */
+export interface GetSecretsListV2Args {
+    /**
+     * Path where KV-V2 engine is mounted.
+     */
+    mount: string;
+    /**
+     * Full name of the secret. For a nested secret
+     * the name is the nested path excluding the mount and data
+     * prefix. For example, for a secret at `kvv2/data/foo/bar/baz`
+     * the name is `foo/bar/baz`.
+     */
+    name?: string;
+    /**
+     * The namespace of the target resource.
+     * The value should not contain leading or trailing forward slashes.
+     * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+     * *Available only for Vault Enterprise*.
+     */
+    namespace?: string;
+}
+/**
+ * A collection of values returned by getSecretsListV2.
+ */
+export interface GetSecretsListV2Result {
+    /**
+     * The provider-assigned unique ID for this managed resource.
+     */
+    readonly id: string;
+    readonly mount: string;
+    readonly name?: string;
+    /**
+     * List of all secret names listed under the given path.
+     */
+    readonly names: string[];
+    readonly namespace?: string;
+    /**
+     * Full path where the KV-V2 secrets are listed.
+     */
+    readonly path: string;
+}
+export declare function getSecretsListV2Output(args: GetSecretsListV2OutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output<GetSecretsListV2Result>;
+/**
+ * A collection of arguments for invoking getSecretsListV2.
+ */
+export interface GetSecretsListV2OutputArgs {
+    /**
+     * Path where KV-V2 engine is mounted.
+     */
+    mount: pulumi.Input<string>;
+    /**
+     * Full name of the secret. For a nested secret
+     * the name is the nested path excluding the mount and data
+     * prefix. For example, for a secret at `kvv2/data/foo/bar/baz`
+     * the name is `foo/bar/baz`.
+     */
+    name?: pulumi.Input<string>;
+    /**
+     * The namespace of the target resource.
+     * The value should not contain leading or trailing forward slashes.
+     * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+     * *Available only for Vault Enterprise*.
+     */
+    namespace?: pulumi.Input<string>;
+}

package/kv/getSecretsListV2.js

@@ -0,0 +1,69 @@
+"use strict";
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getSecretsListV2Output = exports.getSecretsListV2 = void 0;
+const pulumi = require("@pulumi/pulumi");
+const utilities = require("../utilities");
+/**
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as vault from "@pulumi/vault";
+ *
+ * const kvv2 = new vault.Mount("kvv2", {
+ *     path: "kvv2",
+ *     type: "kv",
+ *     options: {
+ *         version: "2",
+ *     },
+ *     description: "KV Version 2 secret engine mount",
+ * });
+ * const awsSecret = new vault.kv.SecretV2("awsSecret", {
+ *     mount: kvv2.path,
+ *     dataJson: JSON.stringify({
+ *         zip: "zap",
+ *     }),
+ * });
+ * const azureSecret = new vault.kv.SecretV2("azureSecret", {
+ *     mount: kvv2.path,
+ *     dataJson: JSON.stringify({
+ *         foo: "bar",
+ *     }),
+ * });
+ * const nestedSecret = new vault.kv.SecretV2("nestedSecret", {
+ *     mount: kvv2.path,
+ *     dataJson: JSON.stringify({
+ *         password: "test",
+ *     }),
+ * });
+ * const secrets = vault.kv.getSecretsListV2Output({
+ *     mount: kvv2.path,
+ * });
+ * const nestedSecrets = kvv2.path.apply(path => vault.kv.getSecretsListV2Output({
+ *     mount: path,
+ *     name: vault_kv_secret_v2.test_2.name,
+ * }));
+ * ```
+ * ## Required Vault Capabilities
+ *
+ * Use of this resource requires the `read` capability on the given path.
+ */
+function getSecretsListV2(args, opts) {
+    if (!opts) {
+        opts = {};
+    }
+    opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
+    return pulumi.runtime.invoke("vault:kv/getSecretsListV2:getSecretsListV2", {
+        "mount": args.mount,
+        "name": args.name,
+        "namespace": args.namespace,
+    }, opts);
+}
+exports.getSecretsListV2 = getSecretsListV2;
+function getSecretsListV2Output(args, opts) {
+    return pulumi.output(args).apply(a => getSecretsListV2(a, opts));
+}
+exports.getSecretsListV2Output = getSecretsListV2Output;
+//# sourceMappingURL=getSecretsListV2.js.map

package/kv/getSecretsListV2.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"getSecretsListV2.js","sourceRoot":"","sources":["../../kv/getSecretsListV2.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,0CAA0C;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AACH,SAAgB,gBAAgB,CAAC,IAA0B,EAAE,IAA2B;IACpF,IAAI,CAAC,IAAI,EAAE;QACP,IAAI,GAAG,EAAE,CAAA;KACZ;IAED,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;IACnE,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,4CAA4C,EAAE;QACvE,OAAO,EAAE,IAAI,CAAC,KAAK;QACnB,MAAM,EAAE,IAAI,CAAC,IAAI;QACjB,WAAW,EAAE,IAAI,CAAC,SAAS;KAC9B,EAAE,IAAI,CAAC,CAAC;AACb,CAAC;AAXD,4CAWC;AA+CD,SAAgB,sBAAsB,CAAC,IAAgC,EAAE,IAA2B;IAChG,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,gBAAgB,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAA;AACpE,CAAC;AAFD,wDAEC"}

package/kv/index.d.ts

@@ -0,0 +1,24 @@
+export { GetSecretArgs, GetSecretResult, GetSecretOutputArgs } from "./getSecret";
+export declare const getSecret: typeof import("./getSecret").getSecret;
+export declare const getSecretOutput: typeof import("./getSecret").getSecretOutput;
+export { GetSecretSubkeysV2Args, GetSecretSubkeysV2Result, GetSecretSubkeysV2OutputArgs } from "./getSecretSubkeysV2";
+export declare const getSecretSubkeysV2: typeof import("./getSecretSubkeysV2").getSecretSubkeysV2;
+export declare const getSecretSubkeysV2Output: typeof import("./getSecretSubkeysV2").getSecretSubkeysV2Output;
+export { GetSecretV2Args, GetSecretV2Result, GetSecretV2OutputArgs } from "./getSecretV2";
+export declare const getSecretV2: typeof import("./getSecretV2").getSecretV2;
+export declare const getSecretV2Output: typeof import("./getSecretV2").getSecretV2Output;
+export { GetSecretsListArgs, GetSecretsListResult, GetSecretsListOutputArgs } from "./getSecretsList";
+export declare const getSecretsList: typeof import("./getSecretsList").getSecretsList;
+export declare const getSecretsListOutput: typeof import("./getSecretsList").getSecretsListOutput;
+export { GetSecretsListV2Args, GetSecretsListV2Result, GetSecretsListV2OutputArgs } from "./getSecretsListV2";
+export declare const getSecretsListV2: typeof import("./getSecretsListV2").getSecretsListV2;
+export declare const getSecretsListV2Output: typeof import("./getSecretsListV2").getSecretsListV2Output;
+export { SecretArgs, SecretState } from "./secret";
+export declare type Secret = import("./secret").Secret;
+export declare const Secret: typeof import("./secret").Secret;
+export { SecretBackendV2Args, SecretBackendV2State } from "./secretBackendV2";
+export declare type SecretBackendV2 = import("./secretBackendV2").SecretBackendV2;
+export declare const SecretBackendV2: typeof import("./secretBackendV2").SecretBackendV2;
+export { SecretV2Args, SecretV2State } from "./secretV2";
+export declare type SecretV2 = import("./secretV2").SecretV2;
+export declare const SecretV2: typeof import("./secretV2").SecretV2;

package/kv/index.js

@@ -0,0 +1,47 @@
+"use strict";
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecretV2 = exports.SecretBackendV2 = exports.Secret = exports.getSecretsListV2Output = exports.getSecretsListV2 = exports.getSecretsListOutput = exports.getSecretsList = exports.getSecretV2Output = exports.getSecretV2 = exports.getSecretSubkeysV2Output = exports.getSecretSubkeysV2 = exports.getSecretOutput = exports.getSecret = void 0;
+const pulumi = require("@pulumi/pulumi");
+const utilities = require("../utilities");
+exports.getSecret = null;
+exports.getSecretOutput = null;
+exports.getSecretSubkeysV2 = null;
+exports.getSecretSubkeysV2Output = null;
+exports.getSecretV2 = null;
+exports.getSecretV2Output = null;
+exports.getSecretsList = null;
+exports.getSecretsListOutput = null;
+exports.getSecretsListV2 = null;
+exports.getSecretsListV2Output = null;
+exports.Secret = null;
+exports.SecretBackendV2 = null;
+exports.SecretV2 = null;
+utilities.lazyLoad(exports, ["getSecret", "getSecretOutput"], () => require("./getSecret"));
+utilities.lazyLoad(exports, ["getSecretSubkeysV2", "getSecretSubkeysV2Output"], () => require("./getSecretSubkeysV2"));
+utilities.lazyLoad(exports, ["getSecretV2", "getSecretV2Output"], () => require("./getSecretV2"));
+utilities.lazyLoad(exports, ["getSecretsList", "getSecretsListOutput"], () => require("./getSecretsList"));
+utilities.lazyLoad(exports, ["getSecretsListV2", "getSecretsListV2Output"], () => require("./getSecretsListV2"));
+utilities.lazyLoad(exports, ["Secret"], () => require("./secret"));
+utilities.lazyLoad(exports, ["SecretBackendV2"], () => require("./secretBackendV2"));
+utilities.lazyLoad(exports, ["SecretV2"], () => require("./secretV2"));
+const _module = {
+    version: utilities.getVersion(),
+    construct: (name, type, urn) => {
+        switch (type) {
+            case "vault:kv/secret:Secret":
+                return new exports.Secret(name, undefined, { urn });
+            case "vault:kv/secretBackendV2:SecretBackendV2":
+                return new exports.SecretBackendV2(name, undefined, { urn });
+            case "vault:kv/secretV2:SecretV2":
+                return new exports.SecretV2(name, undefined, { urn });
+            default:
+                throw new Error(`unknown resource type ${type}`);
+        }
+    },
+};
+pulumi.runtime.registerResourceModule("vault", "kv/secret", _module);
+pulumi.runtime.registerResourceModule("vault", "kv/secretBackendV2", _module);
+pulumi.runtime.registerResourceModule("vault", "kv/secretV2", _module);
+//# sourceMappingURL=index.js.map

package/kv/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../kv/index.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,0CAA0C;AAI7B,QAAA,SAAS,GAA2C,IAAW,CAAC;AAChE,QAAA,eAAe,GAAiD,IAAW,CAAC;AAG5E,QAAA,kBAAkB,GAA6D,IAAW,CAAC;AAC3F,QAAA,wBAAwB,GAAmE,IAAW,CAAC;AAGvG,QAAA,WAAW,GAA+C,IAAW,CAAC;AACtE,QAAA,iBAAiB,GAAqD,IAAW,CAAC;AAGlF,QAAA,cAAc,GAAqD,IAAW,CAAC;AAC/E,QAAA,oBAAoB,GAA2D,IAAW,CAAC;AAG3F,QAAA,gBAAgB,GAAyD,IAAW,CAAC;AACrF,QAAA,sBAAsB,GAA+D,IAAW,CAAC;AAIjG,QAAA,MAAM,GAAqC,IAAW,CAAC;AAIvD,QAAA,eAAe,GAAuD,IAAW,CAAC;AAIlF,QAAA,QAAQ,GAAyC,IAAW,CAAC;AAE1E,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,WAAW,EAAC,iBAAiB,CAAC,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC;AAC3F,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,oBAAoB,EAAC,0BAA0B,CAAC,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC,CAAC;AACtH,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,aAAa,EAAC,mBAAmB,CAAC,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC;AACjG,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,gBAAgB,EAAC,sBAAsB,CAAC,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,CAAC;AAC1G,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,kBAAkB,EAAC,wBAAwB,CAAC,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC,CAAC;AAChH,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,QAAQ,CAAC,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC;AACnE,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,iBAAiB,CAAC,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC;AACrF,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,UAAU,CAAC,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC;AAEvE,MAAM,OAAO,GAAG;IACZ,OAAO,EAAE,SAAS,CAAC,UAAU,EAAE;IAC/B,SAAS,EAAE,CAAC,IAAY,EAAE,IAAY,EAAE,GAAW,EAAmB,EAAE;QACpE,QAAQ,IAAI,EAAE;YACV,KAAK,wBAAwB;gBACzB,OAAO,IAAI,cAAM,CAAC,IAAI,EAAO,SAAS,EAAE,EAAE,GAAG,EAAE,CAAC,CAAA;YACpD,KAAK,0CAA0C;gBAC3C,OAAO,IAAI,uBAAe,CAAC,IAAI,EAAO,SAAS,EAAE,EAAE,GAAG,EAAE,CAAC,CAAA;YAC7D,KAAK,4BAA4B;gBAC7B,OAAO,IAAI,gBAAQ,CAAC,IAAI,EAAO,SAAS,EAAE,EAAE,GAAG,EAAE,CAAC,CAAA;YACtD;gBACI,MAAM,IAAI,KAAK,CAAC,yBAAyB,IAAI,EAAE,CAAC,CAAC;SACxD;IACL,CAAC;CACJ,CAAC;AACF,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAC,OAAO,EAAE,WAAW,EAAE,OAAO,CAAC,CAAA;AACpE,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAC,OAAO,EAAE,oBAAoB,EAAE,OAAO,CAAC,CAAA;AAC7E,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAC,OAAO,EAAE,aAAa,EAAE,OAAO,CAAC,CAAA"}

package/kv/secret.d.ts

@@ -0,0 +1,145 @@
+import * as pulumi from "@pulumi/pulumi";
+/**
+ * Writes a KV-V1 secret to a given path in Vault.
+ *
+ * For more information on Vault's KV-V1 secret backend
+ * [see here](https://www.vaultproject.io/docs/secrets/kv/kv-v1).
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as vault from "@pulumi/vault";
+ *
+ * const kvv1 = new vault.Mount("kvv1", {
+ *     path: "kvv1",
+ *     type: "kv",
+ *     options: {
+ *         version: "1",
+ *     },
+ *     description: "KV Version 1 secret engine mount",
+ * });
+ * const secret = new vault.kv.Secret("secret", {
+ *     path: pulumi.interpolate`${kvv1.path}/secret`,
+ *     dataJson: JSON.stringify({
+ *         zip: "zap",
+ *         foo: "bar",
+ *     }),
+ * });
+ * ```
+ * ## Required Vault Capabilities
+ *
+ * Use of this resource requires the `create` or `update` capability
+ * (depending on whether the resource already exists) on the given path,
+ * the `delete` capability if the resource is removed from configuration,
+ * and the `read` capability for drift detection (by default).
+ *
+ * ## Import
+ *
+ * KV-V1 secrets can be imported using the `path`, e.g.
+ *
+ * ```sh
+ *  $ pulumi import vault:kv/secret:Secret secret kvv1/secret
+ * ```
+ */
+export declare class Secret extends pulumi.CustomResource {
+    /**
+     * Get an existing Secret resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SecretState, opts?: pulumi.CustomResourceOptions): Secret;
+    /**
+     * Returns true if the given object is an instance of Secret.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is Secret;
+    /**
+     * A mapping whose keys are the top-level data keys returned from
+     * Vault and whose values are the corresponding values. This map can only
+     * represent string data, so any non-string values returned from Vault are
+     * serialized as JSON.
+     */
+    readonly data: pulumi.Output<{
+        [key: string]: any;
+    }>;
+    /**
+     * JSON-encoded string that will be
+     * written as the secret data at the given path.
+     */
+    readonly dataJson: pulumi.Output<string>;
+    /**
+     * The namespace to provision the resource in.
+     * The value should not contain leading or trailing forward slashes.
+     * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+     * *Available only for Vault Enterprise*.
+     */
+    readonly namespace: pulumi.Output<string | undefined>;
+    /**
+     * Full path of the KV-V1 secret.
+     */
+    readonly path: pulumi.Output<string>;
+    /**
+     * Create a Secret resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args: SecretArgs, opts?: pulumi.CustomResourceOptions);
+}
+/**
+ * Input properties used for looking up and filtering Secret resources.
+ */
+export interface SecretState {
+    /**
+     * A mapping whose keys are the top-level data keys returned from
+     * Vault and whose values are the corresponding values. This map can only
+     * represent string data, so any non-string values returned from Vault are
+     * serialized as JSON.
+     */
+    data?: pulumi.Input<{
+        [key: string]: any;
+    }>;
+    /**
+     * JSON-encoded string that will be
+     * written as the secret data at the given path.
+     */
+    dataJson?: pulumi.Input<string>;
+    /**
+     * The namespace to provision the resource in.
+     * The value should not contain leading or trailing forward slashes.
+     * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+     * *Available only for Vault Enterprise*.
+     */
+    namespace?: pulumi.Input<string>;
+    /**
+     * Full path of the KV-V1 secret.
+     */
+    path?: pulumi.Input<string>;
+}
+/**
+ * The set of arguments for constructing a Secret resource.
+ */
+export interface SecretArgs {
+    /**
+     * JSON-encoded string that will be
+     * written as the secret data at the given path.
+     */
+    dataJson: pulumi.Input<string>;
+    /**
+     * The namespace to provision the resource in.
+     * The value should not contain leading or trailing forward slashes.
+     * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+     * *Available only for Vault Enterprise*.
+     */
+    namespace?: pulumi.Input<string>;
+    /**
+     * Full path of the KV-V1 secret.
+     */
+    path: pulumi.Input<string>;
+}

package/kv/secret.js

@@ -0,0 +1,106 @@
+"use strict";
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Secret = void 0;
+const pulumi = require("@pulumi/pulumi");
+const utilities = require("../utilities");
+/**
+ * Writes a KV-V1 secret to a given path in Vault.
+ *
+ * For more information on Vault's KV-V1 secret backend
+ * [see here](https://www.vaultproject.io/docs/secrets/kv/kv-v1).
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as vault from "@pulumi/vault";
+ *
+ * const kvv1 = new vault.Mount("kvv1", {
+ *     path: "kvv1",
+ *     type: "kv",
+ *     options: {
+ *         version: "1",
+ *     },
+ *     description: "KV Version 1 secret engine mount",
+ * });
+ * const secret = new vault.kv.Secret("secret", {
+ *     path: pulumi.interpolate`${kvv1.path}/secret`,
+ *     dataJson: JSON.stringify({
+ *         zip: "zap",
+ *         foo: "bar",
+ *     }),
+ * });
+ * ```
+ * ## Required Vault Capabilities
+ *
+ * Use of this resource requires the `create` or `update` capability
+ * (depending on whether the resource already exists) on the given path,
+ * the `delete` capability if the resource is removed from configuration,
+ * and the `read` capability for drift detection (by default).
+ *
+ * ## Import
+ *
+ * KV-V1 secrets can be imported using the `path`, e.g.
+ *
+ * ```sh
+ *  $ pulumi import vault:kv/secret:Secret secret kvv1/secret
+ * ```
+ */
+class Secret extends pulumi.CustomResource {
+    constructor(name, argsOrState, opts) {
+        let resourceInputs = {};
+        opts = opts || {};
+        if (opts.id) {
+            const state = argsOrState;
+            resourceInputs["data"] = state ? state.data : undefined;
+            resourceInputs["dataJson"] = state ? state.dataJson : undefined;
+            resourceInputs["namespace"] = state ? state.namespace : undefined;
+            resourceInputs["path"] = state ? state.path : undefined;
+        }
+        else {
+            const args = argsOrState;
+            if ((!args || args.dataJson === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'dataJson'");
+            }
+            if ((!args || args.path === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'path'");
+            }
+            resourceInputs["dataJson"] = (args === null || args === void 0 ? void 0 : args.dataJson) ? pulumi.secret(args.dataJson) : undefined;
+            resourceInputs["namespace"] = args ? args.namespace : undefined;
+            resourceInputs["path"] = args ? args.path : undefined;
+            resourceInputs["data"] = undefined /*out*/;
+        }
+        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
+        const secretOpts = { additionalSecretOutputs: ["data", "dataJson"] };
+        opts = pulumi.mergeOptions(opts, secretOpts);
+        super(Secret.__pulumiType, name, resourceInputs, opts);
+    }
+    /**
+     * Get an existing Secret resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name, id, state, opts) {
+        return new Secret(name, state, Object.assign(Object.assign({}, opts), { id: id }));
+    }
+    /**
+     * Returns true if the given object is an instance of Secret.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj) {
+        if (obj === undefined || obj === null) {
+            return false;
+        }
+        return obj['__pulumiType'] === Secret.__pulumiType;
+    }
+}
+exports.Secret = Secret;
+/** @internal */
+Secret.__pulumiType = 'vault:kv/secret:Secret';
+//# sourceMappingURL=secret.js.map

package/kv/secret.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret.js","sourceRoot":"","sources":["../../kv/secret.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,0CAA0C;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0CG;AACH,MAAa,MAAO,SAAQ,MAAM,CAAC,cAAc;IA4D7C,YAAY,IAAY,EAAE,WAAsC,EAAE,IAAmC;QACjG,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAsC,CAAC;YACrD,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3D;aAAM;YACH,MAAM,IAAI,GAAG,WAAqC,CAAC;YACnD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACrD,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;aAC3D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;aACvD;YACD,cAAc,CAAC,UAAU,CAAC,GAAG,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,QAAQ,EAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACvF,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,MAAM,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAC9C;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,EAAE,uBAAuB,EAAE,CAAC,MAAM,EAAE,UAAU,CAAC,EAAE,CAAC;QACrE,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7C,KAAK,CAAC,MAAM,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC3D,CAAC;IArFD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAmB,EAAE,IAAmC;QACjH,OAAO,IAAI,MAAM,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC7D,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,MAAM,CAAC,YAAY,CAAC;IACvD,CAAC;;AA1BL,wBAuFC;AAzEG,gBAAgB;AACO,mBAAY,GAAG,wBAAwB,CAAC"}

package/kv/secretBackendV2.d.ts

@@ -0,0 +1,154 @@
+import * as pulumi from "@pulumi/pulumi";
+/**
+ * Configures KV-V2 backend level settings that are applied to
+ * every key in the key-value store.
+ *
+ * For more information on Vault's KV-V2 secret backend
+ * [see here](https://www.vaultproject.io/docs/secrets/kv/kv-v2).
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as vault from "@pulumi/vault";
+ *
+ * const kvv2 = new vault.Mount("kvv2", {
+ *     path: "kvv2",
+ *     type: "kv",
+ *     options: {
+ *         version: "2",
+ *     },
+ *     description: "KV Version 2 secret engine mount",
+ * });
+ * const config = new vault.kv.SecretBackendV2("config", {
+ *     mount: kvv2.path,
+ *     maxVersions: 5,
+ *     deleteVersionAfter: 12600,
+ *     casRequired: true,
+ * });
+ * ```
+ * ## Required Vault Capabilities
+ *
+ * Use of this resource requires the `create` or `update` capability
+ * (depending on whether the resource already exists) on the given path,
+ * the `delete` capability if the resource is removed from configuration,
+ * and the `read` capability for drift detection (by default).
+ *
+ * ## Import
+ *
+ * The KV-V2 secret backend can be imported using the `path`, e.g.
+ *
+ * ```sh
+ *  $ pulumi import vault:kv/secretBackendV2:SecretBackendV2 config kvv2/config
+ * ```
+ */
+export declare class SecretBackendV2 extends pulumi.CustomResource {
+    /**
+     * Get an existing SecretBackendV2 resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SecretBackendV2State, opts?: pulumi.CustomResourceOptions): SecretBackendV2;
+    /**
+     * Returns true if the given object is an instance of SecretBackendV2.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is SecretBackendV2;
+    /**
+     * If true, all keys will require the cas
+     * parameter to be set on all write requests.
+     */
+    readonly casRequired: pulumi.Output<boolean>;
+    /**
+     * If set, specifies the length of time before
+     * a version is deleted. Accepts duration in integer seconds.
+     */
+    readonly deleteVersionAfter: pulumi.Output<number | undefined>;
+    /**
+     * The number of versions to keep per key.
+     */
+    readonly maxVersions: pulumi.Output<number>;
+    /**
+     * Path where KV-V2 engine is mounted.
+     */
+    readonly mount: pulumi.Output<string>;
+    /**
+     * The namespace to provision the resource in.
+     * The value should not contain leading or trailing forward slashes.
+     * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+     * *Available only for Vault Enterprise*.
+     */
+    readonly namespace: pulumi.Output<string | undefined>;
+    /**
+     * Create a SecretBackendV2 resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args: SecretBackendV2Args, opts?: pulumi.CustomResourceOptions);
+}
+/**
+ * Input properties used for looking up and filtering SecretBackendV2 resources.
+ */
+export interface SecretBackendV2State {
+    /**
+     * If true, all keys will require the cas
+     * parameter to be set on all write requests.
+     */
+    casRequired?: pulumi.Input<boolean>;
+    /**
+     * If set, specifies the length of time before
+     * a version is deleted. Accepts duration in integer seconds.
+     */
+    deleteVersionAfter?: pulumi.Input<number>;
+    /**
+     * The number of versions to keep per key.
+     */
+    maxVersions?: pulumi.Input<number>;
+    /**
+     * Path where KV-V2 engine is mounted.
+     */
+    mount?: pulumi.Input<string>;
+    /**
+     * The namespace to provision the resource in.
+     * The value should not contain leading or trailing forward slashes.
+     * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+     * *Available only for Vault Enterprise*.
+     */
+    namespace?: pulumi.Input<string>;
+}
+/**
+ * The set of arguments for constructing a SecretBackendV2 resource.
+ */
+export interface SecretBackendV2Args {
+    /**
+     * If true, all keys will require the cas
+     * parameter to be set on all write requests.
+     */
+    casRequired?: pulumi.Input<boolean>;
+    /**
+     * If set, specifies the length of time before
+     * a version is deleted. Accepts duration in integer seconds.
+     */
+    deleteVersionAfter?: pulumi.Input<number>;
+    /**
+     * The number of versions to keep per key.
+     */
+    maxVersions?: pulumi.Input<number>;
+    /**
+     * Path where KV-V2 engine is mounted.
+     */
+    mount: pulumi.Input<string>;
+    /**
+     * The namespace to provision the resource in.
+     * The value should not contain leading or trailing forward slashes.
+     * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+     * *Available only for Vault Enterprise*.
+     */
+    namespace?: pulumi.Input<string>;
+}