@robinmordasiewicz/f5xc-terraform-mcp 2.3.0 → 2.4.3

package/dist/docs/resources/secret_management_access.md

@@ -0,0 +1,498 @@
+---
+page_title: "f5xc_secret_management_access Resource - terraform-provider-f5xc"
+subcategory: "Authentication"
+description: |-
+  [Namespace: required] Manages secret_management_access creates a new object in storage backend for metadata.namespace. in F5 Distributed Cloud.
+---
+
+# f5xc_secret_management_access (Resource)
+
+[Namespace: required] Manages secret_management_access creates a new object in storage backend for metadata.namespace. in F5 Distributed Cloud.
+
+~> **Note** Please refer to [Secret Management Access API docs](https://docs.cloud.f5.com/docs-v2/api/secret-management-access) to learn more.
+
+## Example Usage
+
+```terraform
+# Secret Management Access Resource Example
+# [Namespace: required] Manages secret_management_access creates a new object in storage backend for metadata.namespace. in F5 Distributed Cloud.
+
+# Basic Secret Management Access configuration
+resource "f5xc_secret_management_access" "example" {
+  name      = "example-secret-management-access"
+  namespace = "staging"
+
+  labels = {
+    environment = "production"
+    managed_by  = "terraform"
+  }
+
+  annotations = {
+    "owner" = "platform-team"
+  }
+
+  # Resource-specific configuration
+  # Host Access Information. HostAccessInfoType contains the ...
+  access_info {
+    # Configure access_info settings
+  }
+  # Rest Authentication Parameters. Authentication parameters...
+  rest_auth_info {
+    # Configure rest_auth_info settings
+  }
+  # BasicAuth Authentication Parameters. AuthnTypeBasicAuth i...
+  basic_auth {
+    # Configure basic_auth settings
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Argument Reference
+
+### Metadata Argument Reference
+
+<a id="name"></a>&#x2022; [`name`](#name) - Required String<br>Name of the Secret Management Access. Must be unique within the namespace
+
+<a id="namespace"></a>&#x2022; [`namespace`](#namespace) - Required String<br>Namespace where the Secret Management Access will be created
+
+<a id="annotations"></a>&#x2022; [`annotations`](#annotations) - Optional Map<br>Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata
+
+<a id="description"></a>&#x2022; [`description`](#description) - Optional String<br>Human readable description for the object
+
+<a id="disable"></a>&#x2022; [`disable`](#disable) - Optional Bool<br>A value of true will administratively disable the object
+
+<a id="labels"></a>&#x2022; [`labels`](#labels) - Optional Map<br>Labels is a user defined key value map that can be attached to resources for organization and filtering
+
+### Spec Argument Reference
+
+<a id="access-info"></a>&#x2022; [`access_info`](#access-info) - Optional Block<br>Host Access Information. HostAccessInfoType contains the information about how to connect to the remote host<br>See [Access Info](#access-info) below for details.
+
+<a id="provider-name"></a>&#x2022; [`provider_name`](#provider-name) - Optional String<br>Provider Name. Name given to this secret management backend. site.provider needs to be unique, and will be referenced for using this object
+
+<a id="timeouts"></a>&#x2022; [`timeouts`](#timeouts) - Optional Block<br>See [Timeouts](#timeouts) below for details.
+
+<a id="where"></a>&#x2022; [`where`](#where) - Optional Block<br>Network or Site Reference. NetworkSiteRefSelector defines a union of reference to site or reference to virtual_network or reference to virtual_site It is used to determine virtual network using following rules \* Direct reference to virtual_network object \* Site local network when refering to site object \* All site local networks for sites selected by refering to virtual_site object<br>See [Where](#where) below for details.
+
+### Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+<a id="id"></a>&#x2022; [`id`](#id) - Optional String<br>Unique identifier for the resource
+
+---
+
+#### Access Info
+
+An [`access_info`](#access-info) block supports the following:
+
+<a id="access-info-rest-auth-info"></a>&#x2022; [`rest_auth_info`](#access-info-rest-auth-info) - Optional Block<br>REST Authentication Parameters. Authentication parameters for REST based hosts<br>See [REST Auth Info](#access-info-rest-auth-info) below.
+
+<a id="access-info-scheme"></a>&#x2022; [`scheme`](#access-info-scheme) - Optional String  Defaults to `HTTP`<br>Possible values are `HTTP`, `HTTPS`<br>[Enum: HTTP|HTTPS] URL Scheme. SchemeType is used to indicate URL scheme HTTP:// scheme HTTPS:// scheme
+
+<a id="access-info-server-endpoint"></a>&#x2022; [`server_endpoint`](#access-info-server-endpoint) - Optional String<br>Server Endpoint and Port. endpoint to connect to, in host:port format
+
+<a id="access-info-tls-config"></a>&#x2022; [`tls_config`](#access-info-tls-config) - Optional Block<br>Upstream TLS Parameters. TLS configuration for upstream connections<br>See [TLS Config](#access-info-tls-config) below.
+
+<a id="access-info-vault-auth-info"></a>&#x2022; [`vault_auth_info`](#access-info-vault-auth-info) - Optional Block<br>Vault Authentication Parameters. Authentication parameters for Hashicorp Vault hosts<br>See [Vault Auth Info](#access-info-vault-auth-info) below.
+
+#### Access Info REST Auth Info
+
+A [`rest_auth_info`](#access-info-rest-auth-info) block (within [`access_info`](#access-info)) supports the following:
+
+<a id="access-info-rest-auth-info-basic-auth"></a>&#x2022; [`basic_auth`](#access-info-rest-auth-info-basic-auth) - Optional Block<br>BasicAuth Authentication Parameters. AuthnTypeBasicAuth is used for using basic_auth mode of HTTP authentication<br>See [Basic Auth](#access-info-rest-auth-info-basic-auth) below.
+
+<a id="access-info-rest-auth-info-headers-auth"></a>&#x2022; [`headers_auth`](#access-info-rest-auth-info-headers-auth) - Optional Block<br>Authentication Headers. AuthnTypeHeaders is used for setting headers for authentication<br>See [Headers Auth](#access-info-rest-auth-info-headers-auth) below.
+
+<a id="access-info-rest-auth-info-query-params-auth"></a>&#x2022; [`query_params_auth`](#access-info-rest-auth-info-query-params-auth) - Optional Block<br>Authentication QueryParams. AuthnTypeQueryParams is used for setting query_params for authentication<br>See [Query Params Auth](#access-info-rest-auth-info-query-params-auth) below.
+
+#### Access Info REST Auth Info Basic Auth
+
+A [`basic_auth`](#access-info-rest-auth-info-basic-auth) block (within [`access_info.rest_auth_info`](#access-info-rest-auth-info)) supports the following:
+
+<a id="access-info-rest-auth-info-basic-auth-password"></a>&#x2022; [`password`](#access-info-rest-auth-info-basic-auth-password) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Password](#access-info-rest-auth-info-basic-auth-password) below.
+
+<a id="access-info-rest-auth-info-basic-auth-username"></a>&#x2022; [`username`](#access-info-rest-auth-info-basic-auth-username) - Optional String<br>Username. The username to encode in Basic Auth scheme
+
+#### Access Info REST Auth Info Basic Auth Password
+
+A [`password`](#access-info-rest-auth-info-basic-auth-password) block (within [`access_info.rest_auth_info.basic_auth`](#access-info-rest-auth-info-basic-auth)) supports the following:
+
+<a id="access-info-rest-auth-info-basic-auth-password-blindfold-secret-info"></a>&#x2022; [`blindfold_secret_info`](#access-info-rest-auth-info-basic-auth-password-blindfold-secret-info) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#access-info-rest-auth-info-basic-auth-password-blindfold-secret-info) below.
+
+<a id="access-info-rest-auth-info-basic-auth-password-clear-secret-info"></a>&#x2022; [`clear_secret_info`](#access-info-rest-auth-info-basic-auth-password-clear-secret-info) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#access-info-rest-auth-info-basic-auth-password-clear-secret-info) below.
+
+#### Access Info REST Auth Info Basic Auth Password Blindfold Secret Info
+
+A [`blindfold_secret_info`](#access-info-rest-auth-info-basic-auth-password-blindfold-secret-info) block (within [`access_info.rest_auth_info.basic_auth.password`](#access-info-rest-auth-info-basic-auth-password)) supports the following:
+
+<a id="access-info-rest-auth-info-basic-auth-password-blindfold-secret-info-decryption-provider"></a>&#x2022; [`decryption_provider`](#access-info-rest-auth-info-basic-auth-password-blindfold-secret-info-decryption-provider) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
+
+<a id="access-info-rest-auth-info-basic-auth-password-blindfold-secret-info-location"></a>&#x2022; [`location`](#access-info-rest-auth-info-basic-auth-password-blindfold-secret-info-location) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
+
+<a id="access-info-rest-auth-info-basic-auth-password-blindfold-secret-info-store-provider"></a>&#x2022; [`store_provider`](#access-info-rest-auth-info-basic-auth-password-blindfold-secret-info-store-provider) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
+
+#### Access Info REST Auth Info Basic Auth Password Clear Secret Info
+
+A [`clear_secret_info`](#access-info-rest-auth-info-basic-auth-password-clear-secret-info) block (within [`access_info.rest_auth_info.basic_auth.password`](#access-info-rest-auth-info-basic-auth-password)) supports the following:
+
+<a id="access-info-rest-auth-info-basic-auth-password-clear-secret-info-provider-ref"></a>&#x2022; [`provider_ref`](#access-info-rest-auth-info-basic-auth-password-clear-secret-info-provider-ref) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
+
+<a id="access-info-rest-auth-info-basic-auth-password-clear-secret-info-url"></a>&#x2022; [`url`](#access-info-rest-auth-info-basic-auth-password-clear-secret-info-url) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
+
+#### Access Info REST Auth Info Headers Auth
+
+A [`headers_auth`](#access-info-rest-auth-info-headers-auth) block (within [`access_info.rest_auth_info`](#access-info-rest-auth-info)) supports the following:
+
+<a id="access-info-rest-auth-info-headers-auth-headers"></a>&#x2022; [`headers`](#access-info-rest-auth-info-headers-auth-headers) - Optional Block<br>Headers. The set of authentication headers to pass in HTTP request
+
+#### Access Info REST Auth Info Query Params Auth
+
+A [`query_params_auth`](#access-info-rest-auth-info-query-params-auth) block (within [`access_info.rest_auth_info`](#access-info-rest-auth-info)) supports the following:
+
+<a id="access-info-rest-auth-info-query-params-auth-query-params"></a>&#x2022; [`query_params`](#access-info-rest-auth-info-query-params-auth-query-params) - Optional Block<br>Query Parameters. The set of authentication parameters to be passed as query parameters
+
+#### Access Info TLS Config
+
+A [`tls_config`](#access-info-tls-config) block (within [`access_info`](#access-info)) supports the following:
+
+<a id="access-info-tls-config-cert-params"></a>&#x2022; [`cert_params`](#access-info-tls-config-cert-params) - Optional Block<br>Upstream Certificate Parameters. Certificate Parameters for authentication, TLS ciphers, and trust store<br>See [Cert Params](#access-info-tls-config-cert-params) below.
+
+<a id="access-info-tls-config-common-params"></a>&#x2022; [`common_params`](#access-info-tls-config-common-params) - Optional Block<br>TLS Parameters. Information of different aspects for TLS authentication related to ciphers, certificates and trust store<br>See [Common Params](#access-info-tls-config-common-params) below.
+
+<a id="access-info-tls-config-default-session-key-caching"></a>&#x2022; [`default_session_key_caching`](#access-info-tls-config-default-session-key-caching) - Optional Block<br>Enable this option
+
+<a id="access-info-tls-config-disable-session-key-caching"></a>&#x2022; [`disable_session_key_caching`](#access-info-tls-config-disable-session-key-caching) - Optional Block<br>Enable this option
+
+<a id="access-info-tls-config-disable-sni"></a>&#x2022; [`disable_sni`](#access-info-tls-config-disable-sni) - Optional Block<br>Enable this option
+
+<a id="access-info-tls-config-max-session-keys"></a>&#x2022; [`max_session_keys`](#access-info-tls-config-max-session-keys) - Optional Number<br>Max Session Keys Cached. Number of session keys that are cached
+
+<a id="access-info-tls-config-sni"></a>&#x2022; [`sni`](#access-info-tls-config-sni) - Optional String<br>SNI Value. SNI value to be used
+
+<a id="access-info-tls-config-use-host-header-as-sni"></a>&#x2022; [`use_host_header_as_sni`](#access-info-tls-config-use-host-header-as-sni) - Optional Block<br>Enable this option
+
+#### Access Info TLS Config Cert Params
+
+A [`cert_params`](#access-info-tls-config-cert-params) block (within [`access_info.tls_config`](#access-info-tls-config)) supports the following:
+
+<a id="access-info-tls-config-cert-params-certificates"></a>&#x2022; [`certificates`](#access-info-tls-config-cert-params-certificates) - Optional Block<br>Client Certificate. Client TLS Certificate required for mTLS authentication<br>See [Certificates](#access-info-tls-config-cert-params-certificates) below.
+
+<a id="access-info-tls-config-cert-params-cipher-suites"></a>&#x2022; [`cipher_suites`](#access-info-tls-config-cert-params-cipher-suites) - Optional List<br>Cipher Suites. The following list specifies the supported cipher suite TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_GCM_SHA384 If not specified, the default list: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 will be used
+
+<a id="access-info-tls-config-cert-params-maximum-protocol-version"></a>&#x2022; [`maximum_protocol_version`](#access-info-tls-config-cert-params-maximum-protocol-version) - Optional String  Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
+
+<a id="access-info-tls-config-cert-params-minimum-protocol-version"></a>&#x2022; [`minimum_protocol_version`](#access-info-tls-config-cert-params-minimum-protocol-version) - Optional String  Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
+
+<a id="access-info-tls-config-cert-params-validation-params"></a>&#x2022; [`validation_params`](#access-info-tls-config-cert-params-validation-params) - Optional Block<br>TLS Certificate Validation Parameters. This includes URL for a trust store, whether SAN verification is required and list of Subject Alt Names for verification<br>See [Validation Params](#access-info-tls-config-cert-params-validation-params) below.
+
+#### Access Info TLS Config Cert Params Certificates
+
+A [`certificates`](#access-info-tls-config-cert-params-certificates) block (within [`access_info.tls_config.cert_params`](#access-info-tls-config-cert-params)) supports the following:
+
+<a id="access-info-tls-config-cert-params-certificates-kind"></a>&#x2022; [`kind`](#access-info-tls-config-cert-params-certificates-kind) - Optional String<br>Kind. When a configuration object(e.g. virtual_host) refers to another(e.g route) then kind will hold the referred object's kind (e.g. 'route')
+
+<a id="access-info-tls-config-cert-params-certificates-name"></a>&#x2022; [`name`](#access-info-tls-config-cert-params-certificates-name) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
+
+<a id="access-info-tls-config-cert-params-certificates-namespace"></a>&#x2022; [`namespace`](#access-info-tls-config-cert-params-certificates-namespace) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
+
+<a id="access-info-tls-config-cert-params-certificates-tenant"></a>&#x2022; [`tenant`](#access-info-tls-config-cert-params-certificates-tenant) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
+
+<a id="access-info-tls-config-cert-params-certificates-uid"></a>&#x2022; [`uid`](#access-info-tls-config-cert-params-certificates-uid) - Optional String<br>UID. When a configuration object(e.g. virtual_host) refers to another(e.g route) then uid will hold the referred object's(e.g. route's) uid
+
+#### Access Info TLS Config Cert Params Validation Params
+
+A [`validation_params`](#access-info-tls-config-cert-params-validation-params) block (within [`access_info.tls_config.cert_params`](#access-info-tls-config-cert-params)) supports the following:
+
+<a id="access-info-tls-config-cert-params-validation-params-skip-hostname-verification"></a>&#x2022; [`skip_hostname_verification`](#access-info-tls-config-cert-params-validation-params-skip-hostname-verification) - Optional Bool<br>Skip verification of hostname. When True, skip verification of hostname i.e. CN/Subject Alt Name of certificate is not matched to the connecting hostname
+
+<a id="access-info-tls-config-cert-params-validation-params-trusted-ca"></a>&#x2022; [`trusted_ca`](#access-info-tls-config-cert-params-validation-params-trusted-ca) - Optional Block<br>Root CA Certificate Reference. Reference to Root CA Certificate<br>See [Trusted CA](#access-info-tls-config-cert-params-validation-params-trusted-ca) below.
+
+<a id="access-info-tls-config-cert-params-validation-params-trusted-ca-url"></a>&#x2022; [`trusted_ca_url`](#access-info-tls-config-cert-params-validation-params-trusted-ca-url) - Optional String<br>Inline Root CA Certificate (legacy). Inline Root CA Certificate
+
+<a id="access-info-tls-config-cert-params-validation-params-verify-subject-alt-names"></a>&#x2022; [`verify_subject_alt_names`](#access-info-tls-config-cert-params-validation-params-verify-subject-alt-names) - Optional List<br>List of SANs for matching. List of acceptable Subject Alt Names/CN in the peer's certificate. When skip_hostname_verification is false and verify_subject_alt_names is empty, the hostname of the peer will be used for matching against SAN/CN of peer's certificate
+
+#### Access Info TLS Config Cert Params Validation Params Trusted CA
+
+A [`trusted_ca`](#access-info-tls-config-cert-params-validation-params-trusted-ca) block (within [`access_info.tls_config.cert_params.validation_params`](#access-info-tls-config-cert-params-validation-params)) supports the following:
+
+<a id="access-info-tls-config-cert-params-validation-params-trusted-ca-trusted-ca-list"></a>&#x2022; [`trusted_ca_list`](#access-info-tls-config-cert-params-validation-params-trusted-ca-trusted-ca-list) - Optional Block<br>Root CA Certificate Reference. Reference to Root CA Certificate<br>See [Trusted CA List](#access-info-tls-config-cert-params-validation-params-trusted-ca-trusted-ca-list) below.
+
+#### Access Info TLS Config Cert Params Validation Params Trusted CA Trusted CA List
+
+A [`trusted_ca_list`](#access-info-tls-config-cert-params-validation-params-trusted-ca-trusted-ca-list) block (within [`access_info.tls_config.cert_params.validation_params.trusted_ca`](#access-info-tls-config-cert-params-validation-params-trusted-ca)) supports the following:
+
+<a id="access-info-tls-config-cert-params-validation-params-trusted-ca-trusted-ca-list-kind"></a>&#x2022; [`kind`](#access-info-tls-config-cert-params-validation-params-trusted-ca-trusted-ca-list-kind) - Optional String<br>Kind. When a configuration object(e.g. virtual_host) refers to another(e.g route) then kind will hold the referred object's kind (e.g. 'route')
+
+<a id="access-info-tls-config-cert-params-validation-params-trusted-ca-trusted-ca-list-name"></a>&#x2022; [`name`](#access-info-tls-config-cert-params-validation-params-trusted-ca-trusted-ca-list-name) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
+
+<a id="access-info-tls-config-cert-params-validation-params-trusted-ca-trusted-ca-list-namespace"></a>&#x2022; [`namespace`](#access-info-tls-config-cert-params-validation-params-trusted-ca-trusted-ca-list-namespace) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
+
+<a id="access-info-tls-config-cert-params-validation-params-trusted-ca-trusted-ca-list-tenant"></a>&#x2022; [`tenant`](#access-info-tls-config-cert-params-validation-params-trusted-ca-trusted-ca-list-tenant) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
+
+<a id="access-info-tls-config-cert-params-validation-params-trusted-ca-trusted-ca-list-uid"></a>&#x2022; [`uid`](#access-info-tls-config-cert-params-validation-params-trusted-ca-trusted-ca-list-uid) - Optional String<br>UID. When a configuration object(e.g. virtual_host) refers to another(e.g route) then uid will hold the referred object's(e.g. route's) uid
+
+#### Access Info TLS Config Common Params
+
+A [`common_params`](#access-info-tls-config-common-params) block (within [`access_info.tls_config`](#access-info-tls-config)) supports the following:
+
+<a id="access-info-tls-config-common-params-cipher-suites"></a>&#x2022; [`cipher_suites`](#access-info-tls-config-common-params-cipher-suites) - Optional List<br>Cipher Suites. The following list specifies the supported cipher suite TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_GCM_SHA384 If not specified, the default list: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 will be used
+
+<a id="access-info-tls-config-common-params-maximum-protocol-version"></a>&#x2022; [`maximum_protocol_version`](#access-info-tls-config-common-params-maximum-protocol-version) - Optional String  Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
+
+<a id="access-info-tls-config-common-params-minimum-protocol-version"></a>&#x2022; [`minimum_protocol_version`](#access-info-tls-config-common-params-minimum-protocol-version) - Optional String  Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
+
+<a id="access-info-tls-config-common-params-tls-certificates"></a>&#x2022; [`tls_certificates`](#access-info-tls-config-common-params-tls-certificates) - Optional Block<br>TLS Certificates. Set of TLS certificates<br>See [TLS Certificates](#access-info-tls-config-common-params-tls-certificates) below.
+
+<a id="access-info-tls-config-common-params-validation-params"></a>&#x2022; [`validation_params`](#access-info-tls-config-common-params-validation-params) - Optional Block<br>TLS Certificate Validation Parameters. This includes URL for a trust store, whether SAN verification is required and list of Subject Alt Names for verification<br>See [Validation Params](#access-info-tls-config-common-params-validation-params) below.
+
+#### Access Info TLS Config Common Params TLS Certificates
+
+A [`tls_certificates`](#access-info-tls-config-common-params-tls-certificates) block (within [`access_info.tls_config.common_params`](#access-info-tls-config-common-params)) supports the following:
+
+<a id="access-info-tls-config-common-params-tls-certificates-certificate-url"></a>&#x2022; [`certificate_url`](#access-info-tls-config-common-params-tls-certificates-certificate-url) - Optional String<br>Certificate. TLS certificate. Certificate or certificate chain in PEM format including the PEM headers
+
+<a id="access-info-tls-config-common-params-tls-certificates-custom-hash-algorithms"></a>&#x2022; [`custom_hash_algorithms`](#access-info-tls-config-common-params-tls-certificates-custom-hash-algorithms) - Optional Block<br>Hash Algorithms. Specifies the hash algorithms to be used<br>See [Custom Hash Algorithms](#access-info-tls-config-common-params-tls-certificates-custom-hash-algorithms) below.
+
+<a id="access-info-tls-config-common-params-tls-certificates-description-spec"></a>&#x2022; [`description_spec`](#access-info-tls-config-common-params-tls-certificates-description-spec) - Optional String<br>Description. Description for the certificate
+
+<a id="access-info-tls-config-common-params-tls-certificates-disable-ocsp-stapling"></a>&#x2022; [`disable_ocsp_stapling`](#access-info-tls-config-common-params-tls-certificates-disable-ocsp-stapling) - Optional Block<br>Enable this option
+
+<a id="access-info-tls-config-common-params-tls-certificates-private-key"></a>&#x2022; [`private_key`](#access-info-tls-config-common-params-tls-certificates-private-key) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Private Key](#access-info-tls-config-common-params-tls-certificates-private-key) below.
+
+<a id="access-info-tls-config-common-params-tls-certificates-use-system-defaults"></a>&#x2022; [`use_system_defaults`](#access-info-tls-config-common-params-tls-certificates-use-system-defaults) - Optional Block<br>Enable this option
+
+#### Access Info TLS Config Common Params TLS Certificates Custom Hash Algorithms
+
+A [`custom_hash_algorithms`](#access-info-tls-config-common-params-tls-certificates-custom-hash-algorithms) block (within [`access_info.tls_config.common_params.tls_certificates`](#access-info-tls-config-common-params-tls-certificates)) supports the following:
+
+<a id="access-info-tls-config-common-params-tls-certificates-custom-hash-algorithms-hash-algorithms"></a>&#x2022; [`hash_algorithms`](#access-info-tls-config-common-params-tls-certificates-custom-hash-algorithms-hash-algorithms) - Optional List  Defaults to `INVALID_HASH_ALGORITHM`<br>Possible values are `INVALID_HASH_ALGORITHM`, `SHA256`, `SHA1`<br>[Enum: INVALID_HASH_ALGORITHM|SHA256|SHA1] Hash Algorithms. Ordered list of hash algorithms to be used
+
+#### Access Info TLS Config Common Params TLS Certificates Private Key
+
+A [`private_key`](#access-info-tls-config-common-params-tls-certificates-private-key) block (within [`access_info.tls_config.common_params.tls_certificates`](#access-info-tls-config-common-params-tls-certificates)) supports the following:
+
+<a id="access-info-tls-config-common-params-tls-certificates-private-key-blindfold-secret-info"></a>&#x2022; [`blindfold_secret_info`](#access-info-tls-config-common-params-tls-certificates-private-key-blindfold-secret-info) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#access-info-tls-config-common-params-tls-certificates-private-key-blindfold-secret-info) below.
+
+<a id="access-info-tls-config-common-params-tls-certificates-private-key-clear-secret-info"></a>&#x2022; [`clear_secret_info`](#access-info-tls-config-common-params-tls-certificates-private-key-clear-secret-info) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#access-info-tls-config-common-params-tls-certificates-private-key-clear-secret-info) below.
+
+#### Access Info TLS Config Common Params TLS Certificates Private Key Blindfold Secret Info
+
+A [`blindfold_secret_info`](#access-info-tls-config-common-params-tls-certificates-private-key-blindfold-secret-info) block (within [`access_info.tls_config.common_params.tls_certificates.private_key`](#access-info-tls-config-common-params-tls-certificates-private-key)) supports the following:
+
+<a id="access-info-tls-config-common-params-tls-certificates-private-key-blindfold-secret-info-decryption-provider"></a>&#x2022; [`decryption_provider`](#access-info-tls-config-common-params-tls-certificates-private-key-blindfold-secret-info-decryption-provider) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
+
+<a id="access-info-tls-config-common-params-tls-certificates-private-key-blindfold-secret-info-location"></a>&#x2022; [`location`](#access-info-tls-config-common-params-tls-certificates-private-key-blindfold-secret-info-location) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
+
+<a id="access-info-tls-config-common-params-tls-certificates-private-key-blindfold-secret-info-store-provider"></a>&#x2022; [`store_provider`](#access-info-tls-config-common-params-tls-certificates-private-key-blindfold-secret-info-store-provider) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
+
+#### Access Info TLS Config Common Params TLS Certificates Private Key Clear Secret Info
+
+A [`clear_secret_info`](#access-info-tls-config-common-params-tls-certificates-private-key-clear-secret-info) block (within [`access_info.tls_config.common_params.tls_certificates.private_key`](#access-info-tls-config-common-params-tls-certificates-private-key)) supports the following:
+
+<a id="access-info-tls-config-common-params-tls-certificates-private-key-clear-secret-info-provider-ref"></a>&#x2022; [`provider_ref`](#access-info-tls-config-common-params-tls-certificates-private-key-clear-secret-info-provider-ref) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
+
+<a id="access-info-tls-config-common-params-tls-certificates-private-key-clear-secret-info-url"></a>&#x2022; [`url`](#access-info-tls-config-common-params-tls-certificates-private-key-clear-secret-info-url) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
+
+#### Access Info TLS Config Common Params Validation Params
+
+A [`validation_params`](#access-info-tls-config-common-params-validation-params) block (within [`access_info.tls_config.common_params`](#access-info-tls-config-common-params)) supports the following:
+
+<a id="access-info-tls-config-common-params-validation-params-skip-hostname-verification"></a>&#x2022; [`skip_hostname_verification`](#access-info-tls-config-common-params-validation-params-skip-hostname-verification) - Optional Bool<br>Skip verification of hostname. When True, skip verification of hostname i.e. CN/Subject Alt Name of certificate is not matched to the connecting hostname
+
+<a id="access-info-tls-config-common-params-validation-params-trusted-ca"></a>&#x2022; [`trusted_ca`](#access-info-tls-config-common-params-validation-params-trusted-ca) - Optional Block<br>Root CA Certificate Reference. Reference to Root CA Certificate<br>See [Trusted CA](#access-info-tls-config-common-params-validation-params-trusted-ca) below.
+
+<a id="access-info-tls-config-common-params-validation-params-trusted-ca-url"></a>&#x2022; [`trusted_ca_url`](#access-info-tls-config-common-params-validation-params-trusted-ca-url) - Optional String<br>Inline Root CA Certificate (legacy). Inline Root CA Certificate
+
+<a id="access-info-tls-config-common-params-validation-params-verify-subject-alt-names"></a>&#x2022; [`verify_subject_alt_names`](#access-info-tls-config-common-params-validation-params-verify-subject-alt-names) - Optional List<br>List of SANs for matching. List of acceptable Subject Alt Names/CN in the peer's certificate. When skip_hostname_verification is false and verify_subject_alt_names is empty, the hostname of the peer will be used for matching against SAN/CN of peer's certificate
+
+#### Access Info TLS Config Common Params Validation Params Trusted CA
+
+A [`trusted_ca`](#access-info-tls-config-common-params-validation-params-trusted-ca) block (within [`access_info.tls_config.common_params.validation_params`](#access-info-tls-config-common-params-validation-params)) supports the following:
+
+<a id="access-info-tls-config-common-params-validation-params-trusted-ca-trusted-ca-list"></a>&#x2022; [`trusted_ca_list`](#access-info-tls-config-common-params-validation-params-trusted-ca-trusted-ca-list) - Optional Block<br>Root CA Certificate Reference. Reference to Root CA Certificate<br>See [Trusted CA List](#access-info-tls-config-common-params-validation-params-trusted-ca-trusted-ca-list) below.
+
+#### Access Info TLS Config Common Params Validation Params Trusted CA Trusted CA List
+
+A [`trusted_ca_list`](#access-info-tls-config-common-params-validation-params-trusted-ca-trusted-ca-list) block (within [`access_info.tls_config.common_params.validation_params.trusted_ca`](#access-info-tls-config-common-params-validation-params-trusted-ca)) supports the following:
+
+<a id="access-info-tls-config-common-params-validation-params-trusted-ca-trusted-ca-list-kind"></a>&#x2022; [`kind`](#access-info-tls-config-common-params-validation-params-trusted-ca-trusted-ca-list-kind) - Optional String<br>Kind. When a configuration object(e.g. virtual_host) refers to another(e.g route) then kind will hold the referred object's kind (e.g. 'route')
+
+<a id="access-info-tls-config-common-params-validation-params-trusted-ca-trusted-ca-list-name"></a>&#x2022; [`name`](#access-info-tls-config-common-params-validation-params-trusted-ca-trusted-ca-list-name) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
+
+<a id="access-info-tls-config-common-params-validation-params-trusted-ca-trusted-ca-list-namespace"></a>&#x2022; [`namespace`](#access-info-tls-config-common-params-validation-params-trusted-ca-trusted-ca-list-namespace) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
+
+<a id="access-info-tls-config-common-params-validation-params-trusted-ca-trusted-ca-list-tenant"></a>&#x2022; [`tenant`](#access-info-tls-config-common-params-validation-params-trusted-ca-trusted-ca-list-tenant) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
+
+<a id="access-info-tls-config-common-params-validation-params-trusted-ca-trusted-ca-list-uid"></a>&#x2022; [`uid`](#access-info-tls-config-common-params-validation-params-trusted-ca-trusted-ca-list-uid) - Optional String<br>UID. When a configuration object(e.g. virtual_host) refers to another(e.g route) then uid will hold the referred object's(e.g. route's) uid
+
+#### Access Info Vault Auth Info
+
+A [`vault_auth_info`](#access-info-vault-auth-info) block (within [`access_info`](#access-info)) supports the following:
+
+<a id="access-info-vault-auth-info-app-role-auth"></a>&#x2022; [`app_role_auth`](#access-info-vault-auth-info-app-role-auth) - Optional Block<br>Vault AppRole Authentication Parameters. AppRoleAuthInfoType contains parameters for AppRole authentication in Hashicorp Vault<br>See [App Role Auth](#access-info-vault-auth-info-app-role-auth) below.
+
+<a id="access-info-vault-auth-info-token"></a>&#x2022; [`token`](#access-info-vault-auth-info-token) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Token](#access-info-vault-auth-info-token) below.
+
+#### Access Info Vault Auth Info App Role Auth
+
+An [`app_role_auth`](#access-info-vault-auth-info-app-role-auth) block (within [`access_info.vault_auth_info`](#access-info-vault-auth-info)) supports the following:
+
+<a id="access-info-vault-auth-info-app-role-auth-role-id"></a>&#x2022; [`role_id`](#access-info-vault-auth-info-app-role-auth-role-id) - Optional String<br>Role ID. role-ID to be used for authentication
+
+<a id="access-info-vault-auth-info-app-role-auth-secret-id"></a>&#x2022; [`secret_id`](#access-info-vault-auth-info-app-role-auth-secret-id) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Secret ID](#access-info-vault-auth-info-app-role-auth-secret-id) below.
+
+#### Access Info Vault Auth Info App Role Auth Secret ID
+
+A [`secret_id`](#access-info-vault-auth-info-app-role-auth-secret-id) block (within [`access_info.vault_auth_info.app_role_auth`](#access-info-vault-auth-info-app-role-auth)) supports the following:
+
+<a id="access-info-vault-auth-info-app-role-auth-secret-id-blindfold-secret-info"></a>&#x2022; [`blindfold_secret_info`](#access-info-vault-auth-info-app-role-auth-secret-id-blindfold-secret-info) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#access-info-vault-auth-info-app-role-auth-secret-id-blindfold-secret-info) below.
+
+<a id="access-info-vault-auth-info-app-role-auth-secret-id-clear-secret-info"></a>&#x2022; [`clear_secret_info`](#access-info-vault-auth-info-app-role-auth-secret-id-clear-secret-info) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#access-info-vault-auth-info-app-role-auth-secret-id-clear-secret-info) below.
+
+#### Access Info Vault Auth Info App Role Auth Secret ID Blindfold Secret Info
+
+A [`blindfold_secret_info`](#access-info-vault-auth-info-app-role-auth-secret-id-blindfold-secret-info) block (within [`access_info.vault_auth_info.app_role_auth.secret_id`](#access-info-vault-auth-info-app-role-auth-secret-id)) supports the following:
+
+<a id="access-info-vault-auth-info-app-role-auth-secret-id-blindfold-secret-info-decryption-provider"></a>&#x2022; [`decryption_provider`](#access-info-vault-auth-info-app-role-auth-secret-id-blindfold-secret-info-decryption-provider) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
+
+<a id="access-info-vault-auth-info-app-role-auth-secret-id-blindfold-secret-info-location"></a>&#x2022; [`location`](#access-info-vault-auth-info-app-role-auth-secret-id-blindfold-secret-info-location) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
+
+<a id="access-info-vault-auth-info-app-role-auth-secret-id-blindfold-secret-info-store-provider"></a>&#x2022; [`store_provider`](#access-info-vault-auth-info-app-role-auth-secret-id-blindfold-secret-info-store-provider) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
+
+#### Access Info Vault Auth Info App Role Auth Secret ID Clear Secret Info
+
+A [`clear_secret_info`](#access-info-vault-auth-info-app-role-auth-secret-id-clear-secret-info) block (within [`access_info.vault_auth_info.app_role_auth.secret_id`](#access-info-vault-auth-info-app-role-auth-secret-id)) supports the following:
+
+<a id="access-info-vault-auth-info-app-role-auth-secret-id-clear-secret-info-provider-ref"></a>&#x2022; [`provider_ref`](#access-info-vault-auth-info-app-role-auth-secret-id-clear-secret-info-provider-ref) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
+
+<a id="access-info-vault-auth-info-app-role-auth-secret-id-clear-secret-info-url"></a>&#x2022; [`url`](#access-info-vault-auth-info-app-role-auth-secret-id-clear-secret-info-url) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
+
+#### Access Info Vault Auth Info Token
+
+A [`token`](#access-info-vault-auth-info-token) block (within [`access_info.vault_auth_info`](#access-info-vault-auth-info)) supports the following:
+
+<a id="access-info-vault-auth-info-token-blindfold-secret-info"></a>&#x2022; [`blindfold_secret_info`](#access-info-vault-auth-info-token-blindfold-secret-info) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#access-info-vault-auth-info-token-blindfold-secret-info) below.
+
+<a id="access-info-vault-auth-info-token-clear-secret-info"></a>&#x2022; [`clear_secret_info`](#access-info-vault-auth-info-token-clear-secret-info) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#access-info-vault-auth-info-token-clear-secret-info) below.
+
+#### Access Info Vault Auth Info Token Blindfold Secret Info
+
+A [`blindfold_secret_info`](#access-info-vault-auth-info-token-blindfold-secret-info) block (within [`access_info.vault_auth_info.token`](#access-info-vault-auth-info-token)) supports the following:
+
+<a id="access-info-vault-auth-info-token-blindfold-secret-info-decryption-provider"></a>&#x2022; [`decryption_provider`](#access-info-vault-auth-info-token-blindfold-secret-info-decryption-provider) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
+
+<a id="access-info-vault-auth-info-token-blindfold-secret-info-location"></a>&#x2022; [`location`](#access-info-vault-auth-info-token-blindfold-secret-info-location) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
+
+<a id="access-info-vault-auth-info-token-blindfold-secret-info-store-provider"></a>&#x2022; [`store_provider`](#access-info-vault-auth-info-token-blindfold-secret-info-store-provider) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
+
+#### Access Info Vault Auth Info Token Clear Secret Info
+
+A [`clear_secret_info`](#access-info-vault-auth-info-token-clear-secret-info) block (within [`access_info.vault_auth_info.token`](#access-info-vault-auth-info-token)) supports the following:
+
+<a id="access-info-vault-auth-info-token-clear-secret-info-provider-ref"></a>&#x2022; [`provider_ref`](#access-info-vault-auth-info-token-clear-secret-info-provider-ref) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
+
+<a id="access-info-vault-auth-info-token-clear-secret-info-url"></a>&#x2022; [`url`](#access-info-vault-auth-info-token-clear-secret-info-url) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
+
+#### Timeouts
+
+A [`timeouts`](#timeouts) block supports the following:
+
+<a id="timeouts-create"></a>&#x2022; [`create`](#timeouts-create) - Optional String (Defaults to `10 minutes`)<br>Used when creating the resource
+
+<a id="timeouts-delete"></a>&#x2022; [`delete`](#timeouts-delete) - Optional String (Defaults to `10 minutes`)<br>Used when deleting the resource
+
+<a id="timeouts-read"></a>&#x2022; [`read`](#timeouts-read) - Optional String (Defaults to `5 minutes`)<br>Used when retrieving the resource
+
+<a id="timeouts-update"></a>&#x2022; [`update`](#timeouts-update) - Optional String (Defaults to `10 minutes`)<br>Used when updating the resource
+
+#### Where
+
+A [`where`](#where) block supports the following:
+
+<a id="where-site"></a>&#x2022; [`site`](#where-site) - Optional Block<br>Site Reference. This specifies a direct reference to a site configuration object<br>See [Site](#where-site) below.
+
+<a id="where-virtual-network"></a>&#x2022; [`virtual_network`](#where-virtual-network) - Optional Block<br>Network Reference. This specifies a direct reference to a network configuration object<br>See [Virtual Network](#where-virtual-network) below.
+
+<a id="where-virtual-site"></a>&#x2022; [`virtual_site`](#where-virtual-site) - Optional Block<br>Virtual Site. A reference to virtual_site object<br>See [Virtual Site](#where-virtual-site) below.
+
+#### Where Site
+
+A [`site`](#where-site) block (within [`where`](#where)) supports the following:
+
+<a id="where-site-disable-internet-vip"></a>&#x2022; [`disable_internet_vip`](#where-site-disable-internet-vip) - Optional Block<br>Enable this option
+
+<a id="where-site-enable-internet-vip"></a>&#x2022; [`enable_internet_vip`](#where-site-enable-internet-vip) - Optional Block<br>Enable this option
+
+<a id="where-site-network-type"></a>&#x2022; [`network_type`](#where-site-network-type) - Optional String  Defaults to `VIRTUAL_NETWORK_SITE_LOCAL`<br>Possible values are `VIRTUAL_NETWORK_SITE_LOCAL`, `VIRTUAL_NETWORK_SITE_LOCAL_INSIDE`, `VIRTUAL_NETWORK_PER_SITE`, `VIRTUAL_NETWORK_PUBLIC`, `VIRTUAL_NETWORK_GLOBAL`, `VIRTUAL_NETWORK_SITE_SERVICE`, `VIRTUAL_NETWORK_VER_INTERNAL`, `VIRTUAL_NETWORK_SITE_LOCAL_INSIDE_OUTSIDE`, `VIRTUAL_NETWORK_IP_AUTO`, `VIRTUAL_NETWORK_VOLTADN_PRIVATE_NETWORK`, `VIRTUAL_NETWORK_SRV6_NETWORK`, `VIRTUAL_NETWORK_IP_FABRIC`, `VIRTUAL_NETWORK_SEGMENT`<br>[Enum: VIRTUAL_NETWORK_SITE_LOCAL|VIRTUAL_NETWORK_SITE_LOCAL_INSIDE|VIRTUAL_NETWORK_PER_SITE|VIRTUAL_NETWORK_PUBLIC|VIRTUAL_NETWORK_GLOBAL|VIRTUAL_NETWORK_SITE_SERVICE|VIRTUAL_NETWORK_VER_INTERNAL|VIRTUAL_NETWORK_SITE_LOCAL_INSIDE_OUTSIDE|VIRTUAL_NETWORK_IP_AUTO|VIRTUAL_NETWORK_VOLTADN_PRIVATE_NETWORK|VIRTUAL_NETWORK_SRV6_NETWORK|VIRTUAL_NETWORK_IP_FABRIC|VIRTUAL_NETWORK_SEGMENT] Virtual Network Type. Different types of virtual networks understood by the system Virtual-network of type VIRTUAL_NETWORK_SITE_LOCAL provides connectivity to public (outside) network. This is an insecure network and is connected to public internet via NAT Gateways/firwalls Virtual-network of this type is local to every site. Two virtual networks of this type on different sites are neither related nor connected. Constraints: There can be atmost one virtual network of this type in a given site. This network type is supported on CE sites. This network is created automatically and present on all sites Virtual-network of type VIRTUAL_NETWORK_SITE_LOCAL_INSIDE is a private network inside site. It is a secure network and is not connected to public network. Virtual-network of this type is local to every site. Two virtual networks of this type on different sites are neither related nor connected. Constraints: There can be atmost one virtual network of this type in a given site. This network type is supported on CE sites. This network is created during provisioning of site User defined per-site virtual network. Scope of this virtual network is limited to the site. This is not yet supported Virtual-network of type VIRTUAL_NETWORK_PUBLIC directly conects to the public internet. Virtual-network of this type is local to every site. Two virtual networks of this type on different sites are neither related nor connected. Constraints: There can be atmost one virtual network of this type in a given site. This network type is supported on RE sites only It is an internally created by the system. They must not be created by user Virtual Neworks with global scope across different sites in F5XC domain. An example global virtual-network called 'AIN Network' is created for every tenant. for volterra fabric Constraints: It is currently only supported as internally created by the system. vK8s service network for a given tenant. Used to advertise a virtual host only to vk8s pods for that tenant Constraints: It is an internally created by the system. Must not be created by user VER internal network for the site. It can only be used for virtual hosts with SMA_PROXY type proxy Constraints: It is an internally created by the system. Must not be created by user Virtual-network of type VIRTUAL_NETWORK_SITE_LOCAL_INSIDE_OUTSIDE represents both VIRTUAL_NETWORK_SITE_LOCAL and VIRTUAL_NETWORK_SITE_LOCAL_INSIDE Constraints: This network type is only meaningful in an advertise policy When virtual-network of type VIRTUAL_NETWORK_IP_AUTO is selected for an endpoint, VER will try to determine the network based on the provided IP address Constraints: This network type is only meaningful in an endpoint VoltADN Private Network is used on volterra RE(s) to connect to customer private networks This network is created by opening a support ticket This network is per site srv6 network VER IP Fabric network for the site. This Virtual network type is used for exposing virtual host on IP Fabric network on the VER site or for endpoint in IP Fabric network Constraints: It is an internally created by the system. Must not be created by user Network internally created for a segment Constraints: It is an internally created by the system. Must not be created by user
+
+<a id="where-site-ref"></a>&#x2022; [`ref`](#where-site-ref) - Optional Block<br>Reference. A site direct reference<br>See [Ref](#where-site-ref) below.
+
+#### Where Site Ref
+
+A [`ref`](#where-site-ref) block (within [`where.site`](#where-site)) supports the following:
+
+<a id="where-site-ref-kind"></a>&#x2022; [`kind`](#where-site-ref-kind) - Optional String<br>Kind. When a configuration object(e.g. virtual_host) refers to another(e.g route) then kind will hold the referred object's kind (e.g. 'route')
+
+<a id="where-site-ref-name"></a>&#x2022; [`name`](#where-site-ref-name) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
+
+<a id="where-site-ref-namespace"></a>&#x2022; [`namespace`](#where-site-ref-namespace) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
+
+<a id="where-site-ref-tenant"></a>&#x2022; [`tenant`](#where-site-ref-tenant) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
+
+<a id="where-site-ref-uid"></a>&#x2022; [`uid`](#where-site-ref-uid) - Optional String<br>UID. When a configuration object(e.g. virtual_host) refers to another(e.g route) then uid will hold the referred object's(e.g. route's) uid
+
+#### Where Virtual Network
+
+A [`virtual_network`](#where-virtual-network) block (within [`where`](#where)) supports the following:
+
+<a id="where-virtual-network-ref"></a>&#x2022; [`ref`](#where-virtual-network-ref) - Optional Block<br>Reference. A virtual network direct reference<br>See [Ref](#where-virtual-network-ref) below.
+
+#### Where Virtual Network Ref
+
+A [`ref`](#where-virtual-network-ref) block (within [`where.virtual_network`](#where-virtual-network)) supports the following:
+
+<a id="where-virtual-network-ref-kind"></a>&#x2022; [`kind`](#where-virtual-network-ref-kind) - Optional String<br>Kind. When a configuration object(e.g. virtual_host) refers to another(e.g route) then kind will hold the referred object's kind (e.g. 'route')
+
+<a id="where-virtual-network-ref-name"></a>&#x2022; [`name`](#where-virtual-network-ref-name) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
+
+<a id="where-virtual-network-ref-namespace"></a>&#x2022; [`namespace`](#where-virtual-network-ref-namespace) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
+
+<a id="where-virtual-network-ref-tenant"></a>&#x2022; [`tenant`](#where-virtual-network-ref-tenant) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
+
+<a id="where-virtual-network-ref-uid"></a>&#x2022; [`uid`](#where-virtual-network-ref-uid) - Optional String<br>UID. When a configuration object(e.g. virtual_host) refers to another(e.g route) then uid will hold the referred object's(e.g. route's) uid
+
+#### Where Virtual Site
+
+A [`virtual_site`](#where-virtual-site) block (within [`where`](#where)) supports the following:
+
+<a id="where-virtual-site-disable-internet-vip"></a>&#x2022; [`disable_internet_vip`](#where-virtual-site-disable-internet-vip) - Optional Block<br>Enable this option
+
+<a id="where-virtual-site-enable-internet-vip"></a>&#x2022; [`enable_internet_vip`](#where-virtual-site-enable-internet-vip) - Optional Block<br>Enable this option
+
+<a id="where-virtual-site-network-type"></a>&#x2022; [`network_type`](#where-virtual-site-network-type) - Optional String  Defaults to `VIRTUAL_NETWORK_SITE_LOCAL`<br>Possible values are `VIRTUAL_NETWORK_SITE_LOCAL`, `VIRTUAL_NETWORK_SITE_LOCAL_INSIDE`, `VIRTUAL_NETWORK_PER_SITE`, `VIRTUAL_NETWORK_PUBLIC`, `VIRTUAL_NETWORK_GLOBAL`, `VIRTUAL_NETWORK_SITE_SERVICE`, `VIRTUAL_NETWORK_VER_INTERNAL`, `VIRTUAL_NETWORK_SITE_LOCAL_INSIDE_OUTSIDE`, `VIRTUAL_NETWORK_IP_AUTO`, `VIRTUAL_NETWORK_VOLTADN_PRIVATE_NETWORK`, `VIRTUAL_NETWORK_SRV6_NETWORK`, `VIRTUAL_NETWORK_IP_FABRIC`, `VIRTUAL_NETWORK_SEGMENT`<br>[Enum: VIRTUAL_NETWORK_SITE_LOCAL|VIRTUAL_NETWORK_SITE_LOCAL_INSIDE|VIRTUAL_NETWORK_PER_SITE|VIRTUAL_NETWORK_PUBLIC|VIRTUAL_NETWORK_GLOBAL|VIRTUAL_NETWORK_SITE_SERVICE|VIRTUAL_NETWORK_VER_INTERNAL|VIRTUAL_NETWORK_SITE_LOCAL_INSIDE_OUTSIDE|VIRTUAL_NETWORK_IP_AUTO|VIRTUAL_NETWORK_VOLTADN_PRIVATE_NETWORK|VIRTUAL_NETWORK_SRV6_NETWORK|VIRTUAL_NETWORK_IP_FABRIC|VIRTUAL_NETWORK_SEGMENT] Virtual Network Type. Different types of virtual networks understood by the system Virtual-network of type VIRTUAL_NETWORK_SITE_LOCAL provides connectivity to public (outside) network. This is an insecure network and is connected to public internet via NAT Gateways/firwalls Virtual-network of this type is local to every site. Two virtual networks of this type on different sites are neither related nor connected. Constraints: There can be atmost one virtual network of this type in a given site. This network type is supported on CE sites. This network is created automatically and present on all sites Virtual-network of type VIRTUAL_NETWORK_SITE_LOCAL_INSIDE is a private network inside site. It is a secure network and is not connected to public network. Virtual-network of this type is local to every site. Two virtual networks of this type on different sites are neither related nor connected. Constraints: There can be atmost one virtual network of this type in a given site. This network type is supported on CE sites. This network is created during provisioning of site User defined per-site virtual network. Scope of this virtual network is limited to the site. This is not yet supported Virtual-network of type VIRTUAL_NETWORK_PUBLIC directly conects to the public internet. Virtual-network of this type is local to every site. Two virtual networks of this type on different sites are neither related nor connected. Constraints: There can be atmost one virtual network of this type in a given site. This network type is supported on RE sites only It is an internally created by the system. They must not be created by user Virtual Neworks with global scope across different sites in F5XC domain. An example global virtual-network called 'AIN Network' is created for every tenant. for volterra fabric Constraints: It is currently only supported as internally created by the system. vK8s service network for a given tenant. Used to advertise a virtual host only to vk8s pods for that tenant Constraints: It is an internally created by the system. Must not be created by user VER internal network for the site. It can only be used for virtual hosts with SMA_PROXY type proxy Constraints: It is an internally created by the system. Must not be created by user Virtual-network of type VIRTUAL_NETWORK_SITE_LOCAL_INSIDE_OUTSIDE represents both VIRTUAL_NETWORK_SITE_LOCAL and VIRTUAL_NETWORK_SITE_LOCAL_INSIDE Constraints: This network type is only meaningful in an advertise policy When virtual-network of type VIRTUAL_NETWORK_IP_AUTO is selected for an endpoint, VER will try to determine the network based on the provided IP address Constraints: This network type is only meaningful in an endpoint VoltADN Private Network is used on volterra RE(s) to connect to customer private networks This network is created by opening a support ticket This network is per site srv6 network VER IP Fabric network for the site. This Virtual network type is used for exposing virtual host on IP Fabric network on the VER site or for endpoint in IP Fabric network Constraints: It is an internally created by the system. Must not be created by user Network internally created for a segment Constraints: It is an internally created by the system. Must not be created by user
+
+<a id="where-virtual-site-ref"></a>&#x2022; [`ref`](#where-virtual-site-ref) - Optional Block<br>Reference. A virtual_site direct reference<br>See [Ref](#where-virtual-site-ref) below.
+
+#### Where Virtual Site Ref
+
+A [`ref`](#where-virtual-site-ref) block (within [`where.virtual_site`](#where-virtual-site)) supports the following:
+
+<a id="where-virtual-site-ref-kind"></a>&#x2022; [`kind`](#where-virtual-site-ref-kind) - Optional String<br>Kind. When a configuration object(e.g. virtual_host) refers to another(e.g route) then kind will hold the referred object's kind (e.g. 'route')
+
+<a id="where-virtual-site-ref-name"></a>&#x2022; [`name`](#where-virtual-site-ref-name) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
+
+<a id="where-virtual-site-ref-namespace"></a>&#x2022; [`namespace`](#where-virtual-site-ref-namespace) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
+
+<a id="where-virtual-site-ref-tenant"></a>&#x2022; [`tenant`](#where-virtual-site-ref-tenant) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
+
+<a id="where-virtual-site-ref-uid"></a>&#x2022; [`uid`](#where-virtual-site-ref-uid) - Optional String<br>UID. When a configuration object(e.g. virtual_host) refers to another(e.g route) then uid will hold the referred object's(e.g. route's) uid
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# Import using namespace/name format
+terraform import f5xc_secret_management_access.example system/example
+```