@sapslaj/pulumi-infisical 0.15.36

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (346) hide show
  1. package/README.md +8 -0
  2. package/dist/accessApprovalPolicy.d.ts +137 -0
  3. package/dist/accessApprovalPolicy.d.ts.map +1 -0
  4. package/dist/accessApprovalPolicy.js +98 -0
  5. package/dist/accessApprovalPolicy.js.map +1 -0
  6. package/dist/appConnection1password.d.ts +97 -0
  7. package/dist/appConnection1password.d.ts.map +1 -0
  8. package/dist/appConnection1password.js +86 -0
  9. package/dist/appConnection1password.js.map +1 -0
  10. package/dist/appConnectionAws.d.ts +97 -0
  11. package/dist/appConnectionAws.d.ts.map +1 -0
  12. package/dist/appConnectionAws.js +86 -0
  13. package/dist/appConnectionAws.js.map +1 -0
  14. package/dist/appConnectionAzureClientSecrets.d.ts +97 -0
  15. package/dist/appConnectionAzureClientSecrets.d.ts.map +1 -0
  16. package/dist/appConnectionAzureClientSecrets.js +86 -0
  17. package/dist/appConnectionAzureClientSecrets.js.map +1 -0
  18. package/dist/appConnectionBitbucket.d.ts +97 -0
  19. package/dist/appConnectionBitbucket.d.ts.map +1 -0
  20. package/dist/appConnectionBitbucket.js +86 -0
  21. package/dist/appConnectionBitbucket.js.map +1 -0
  22. package/dist/appConnectionCloudflare.d.ts +97 -0
  23. package/dist/appConnectionCloudflare.d.ts.map +1 -0
  24. package/dist/appConnectionCloudflare.js +86 -0
  25. package/dist/appConnectionCloudflare.js.map +1 -0
  26. package/dist/appConnectionDatabricks.d.ts +97 -0
  27. package/dist/appConnectionDatabricks.d.ts.map +1 -0
  28. package/dist/appConnectionDatabricks.js +86 -0
  29. package/dist/appConnectionDatabricks.js.map +1 -0
  30. package/dist/appConnectionFlyio.d.ts +97 -0
  31. package/dist/appConnectionFlyio.d.ts.map +1 -0
  32. package/dist/appConnectionFlyio.js +86 -0
  33. package/dist/appConnectionFlyio.js.map +1 -0
  34. package/dist/appConnectionGcp.d.ts +97 -0
  35. package/dist/appConnectionGcp.d.ts.map +1 -0
  36. package/dist/appConnectionGcp.js +86 -0
  37. package/dist/appConnectionGcp.js.map +1 -0
  38. package/dist/appConnectionGitlab.d.ts +97 -0
  39. package/dist/appConnectionGitlab.d.ts.map +1 -0
  40. package/dist/appConnectionGitlab.js +86 -0
  41. package/dist/appConnectionGitlab.js.map +1 -0
  42. package/dist/appConnectionLdap.d.ts +97 -0
  43. package/dist/appConnectionLdap.d.ts.map +1 -0
  44. package/dist/appConnectionLdap.js +86 -0
  45. package/dist/appConnectionLdap.js.map +1 -0
  46. package/dist/appConnectionMssql.d.ts +97 -0
  47. package/dist/appConnectionMssql.d.ts.map +1 -0
  48. package/dist/appConnectionMssql.js +86 -0
  49. package/dist/appConnectionMssql.js.map +1 -0
  50. package/dist/appConnectionMysql.d.ts +97 -0
  51. package/dist/appConnectionMysql.d.ts.map +1 -0
  52. package/dist/appConnectionMysql.js +86 -0
  53. package/dist/appConnectionMysql.js.map +1 -0
  54. package/dist/appConnectionOracledb.d.ts +97 -0
  55. package/dist/appConnectionOracledb.d.ts.map +1 -0
  56. package/dist/appConnectionOracledb.js +86 -0
  57. package/dist/appConnectionOracledb.js.map +1 -0
  58. package/dist/appConnectionPostgres.d.ts +97 -0
  59. package/dist/appConnectionPostgres.d.ts.map +1 -0
  60. package/dist/appConnectionPostgres.js +86 -0
  61. package/dist/appConnectionPostgres.js.map +1 -0
  62. package/dist/appConnectionRender.d.ts +97 -0
  63. package/dist/appConnectionRender.d.ts.map +1 -0
  64. package/dist/appConnectionRender.js +86 -0
  65. package/dist/appConnectionRender.js.map +1 -0
  66. package/dist/appConnectionSupabase.d.ts +97 -0
  67. package/dist/appConnectionSupabase.d.ts.map +1 -0
  68. package/dist/appConnectionSupabase.js +86 -0
  69. package/dist/appConnectionSupabase.js.map +1 -0
  70. package/dist/config/index.d.ts +2 -0
  71. package/dist/config/index.d.ts.map +1 -0
  72. package/dist/config/index.js +21 -0
  73. package/dist/config/index.js.map +1 -0
  74. package/dist/config/vars.d.ts +22 -0
  75. package/dist/config/vars.d.ts.map +1 -0
  76. package/dist/config/vars.js +60 -0
  77. package/dist/config/vars.js.map +1 -0
  78. package/dist/dynamicSecretAwsIam.d.ts +149 -0
  79. package/dist/dynamicSecretAwsIam.d.ts.map +1 -0
  80. package/dist/dynamicSecretAwsIam.js +103 -0
  81. package/dist/dynamicSecretAwsIam.js.map +1 -0
  82. package/dist/dynamicSecretKubernetes.d.ts +149 -0
  83. package/dist/dynamicSecretKubernetes.d.ts.map +1 -0
  84. package/dist/dynamicSecretKubernetes.js +103 -0
  85. package/dist/dynamicSecretKubernetes.js.map +1 -0
  86. package/dist/dynamicSecretMongoAtlas.d.ts +149 -0
  87. package/dist/dynamicSecretMongoAtlas.d.ts.map +1 -0
  88. package/dist/dynamicSecretMongoAtlas.js +103 -0
  89. package/dist/dynamicSecretMongoAtlas.js.map +1 -0
  90. package/dist/dynamicSecretMongoDb.d.ts +149 -0
  91. package/dist/dynamicSecretMongoDb.d.ts.map +1 -0
  92. package/dist/dynamicSecretMongoDb.js +103 -0
  93. package/dist/dynamicSecretMongoDb.js.map +1 -0
  94. package/dist/dynamicSecretSqlDatabase.d.ts +149 -0
  95. package/dist/dynamicSecretSqlDatabase.d.ts.map +1 -0
  96. package/dist/dynamicSecretSqlDatabase.js +103 -0
  97. package/dist/dynamicSecretSqlDatabase.js.map +1 -0
  98. package/dist/getGroups.d.ts +15 -0
  99. package/dist/getGroups.d.ts.map +1 -0
  100. package/dist/getGroups.js +41 -0
  101. package/dist/getGroups.js.map +1 -0
  102. package/dist/getIdentityDetails.d.ts +15 -0
  103. package/dist/getIdentityDetails.d.ts.map +1 -0
  104. package/dist/getIdentityDetails.js +41 -0
  105. package/dist/getIdentityDetails.js.map +1 -0
  106. package/dist/getProjects.d.ts +34 -0
  107. package/dist/getProjects.d.ts.map +1 -0
  108. package/dist/getProjects.js +45 -0
  109. package/dist/getProjects.js.map +1 -0
  110. package/dist/getSecretFolders.d.ts +34 -0
  111. package/dist/getSecretFolders.d.ts.map +1 -0
  112. package/dist/getSecretFolders.js +49 -0
  113. package/dist/getSecretFolders.js.map +1 -0
  114. package/dist/getSecretTag.d.ts +28 -0
  115. package/dist/getSecretTag.d.ts.map +1 -0
  116. package/dist/getSecretTag.js +47 -0
  117. package/dist/getSecretTag.js.map +1 -0
  118. package/dist/getSecrets.d.ts +36 -0
  119. package/dist/getSecrets.d.ts.map +1 -0
  120. package/dist/getSecrets.js +49 -0
  121. package/dist/getSecrets.js.map +1 -0
  122. package/dist/group.d.ts +75 -0
  123. package/dist/group.d.ts.map +1 -0
  124. package/dist/group.js +82 -0
  125. package/dist/group.js.map +1 -0
  126. package/dist/identity.d.ts +109 -0
  127. package/dist/identity.d.ts.map +1 -0
  128. package/dist/identity.js +88 -0
  129. package/dist/identity.js.map +1 -0
  130. package/dist/identityAwsAuth.d.ts +137 -0
  131. package/dist/identityAwsAuth.d.ts.map +1 -0
  132. package/dist/identityAwsAuth.js +89 -0
  133. package/dist/identityAwsAuth.js.map +1 -0
  134. package/dist/identityAzureAuth.d.ts +137 -0
  135. package/dist/identityAzureAuth.d.ts.map +1 -0
  136. package/dist/identityAzureAuth.js +92 -0
  137. package/dist/identityAzureAuth.js.map +1 -0
  138. package/dist/identityGcpAuth.d.ts +149 -0
  139. package/dist/identityGcpAuth.d.ts.map +1 -0
  140. package/dist/identityGcpAuth.js +91 -0
  141. package/dist/identityGcpAuth.js.map +1 -0
  142. package/dist/identityKubernetesAuth.d.ts +173 -0
  143. package/dist/identityKubernetesAuth.d.ts.map +1 -0
  144. package/dist/identityKubernetesAuth.js +101 -0
  145. package/dist/identityKubernetesAuth.js.map +1 -0
  146. package/dist/identityOidcAuth.d.ts +197 -0
  147. package/dist/identityOidcAuth.d.ts.map +1 -0
  148. package/dist/identityOidcAuth.js +103 -0
  149. package/dist/identityOidcAuth.js.map +1 -0
  150. package/dist/identityUniversalAuth.d.ts +113 -0
  151. package/dist/identityUniversalAuth.d.ts.map +1 -0
  152. package/dist/identityUniversalAuth.js +85 -0
  153. package/dist/identityUniversalAuth.js.map +1 -0
  154. package/dist/identityUniversalAuthClientSecret.d.ts +127 -0
  155. package/dist/identityUniversalAuthClientSecret.d.ts.map +1 -0
  156. package/dist/identityUniversalAuthClientSecret.js +93 -0
  157. package/dist/identityUniversalAuthClientSecret.js.map +1 -0
  158. package/dist/index.d.ts +239 -0
  159. package/dist/index.d.ts.map +1 -0
  160. package/dist/index.js +438 -0
  161. package/dist/index.js.map +1 -0
  162. package/dist/integrationAwsParameterStore.d.ts +165 -0
  163. package/dist/integrationAwsParameterStore.d.ts.map +1 -0
  164. package/dist/integrationAwsParameterStore.js +109 -0
  165. package/dist/integrationAwsParameterStore.js.map +1 -0
  166. package/dist/integrationAwsSecretsManager.d.ts +177 -0
  167. package/dist/integrationAwsSecretsManager.d.ts.map +1 -0
  168. package/dist/integrationAwsSecretsManager.js +108 -0
  169. package/dist/integrationAwsSecretsManager.js.map +1 -0
  170. package/dist/integrationCircleci.d.ts +127 -0
  171. package/dist/integrationCircleci.d.ts.map +1 -0
  172. package/dist/integrationCircleci.js +106 -0
  173. package/dist/integrationCircleci.js.map +1 -0
  174. package/dist/integrationDatabricks.d.ts +127 -0
  175. package/dist/integrationDatabricks.d.ts.map +1 -0
  176. package/dist/integrationDatabricks.js +106 -0
  177. package/dist/integrationDatabricks.js.map +1 -0
  178. package/dist/integrationGcpSecretManager.d.ts +129 -0
  179. package/dist/integrationGcpSecretManager.d.ts.map +1 -0
  180. package/dist/integrationGcpSecretManager.js +103 -0
  181. package/dist/integrationGcpSecretManager.js.map +1 -0
  182. package/dist/project.d.ts +137 -0
  183. package/dist/project.d.ts.map +1 -0
  184. package/dist/project.js +91 -0
  185. package/dist/project.js.map +1 -0
  186. package/dist/projectEnvironment.d.ts +87 -0
  187. package/dist/projectEnvironment.d.ts.map +1 -0
  188. package/dist/projectEnvironment.js +84 -0
  189. package/dist/projectEnvironment.js.map +1 -0
  190. package/dist/projectGroup.d.ts +97 -0
  191. package/dist/projectGroup.d.ts.map +1 -0
  192. package/dist/projectGroup.js +86 -0
  193. package/dist/projectGroup.js.map +1 -0
  194. package/dist/projectIdentity.d.ts +93 -0
  195. package/dist/projectIdentity.d.ts.map +1 -0
  196. package/dist/projectIdentity.js +89 -0
  197. package/dist/projectIdentity.js.map +1 -0
  198. package/dist/projectIdentitySpecificPrivilege.d.ts +161 -0
  199. package/dist/projectIdentitySpecificPrivilege.d.ts.map +1 -0
  200. package/dist/projectIdentitySpecificPrivilege.js +96 -0
  201. package/dist/projectIdentitySpecificPrivilege.js.map +1 -0
  202. package/dist/projectRole.d.ts +113 -0
  203. package/dist/projectRole.d.ts.map +1 -0
  204. package/dist/projectRole.js +88 -0
  205. package/dist/projectRole.js.map +1 -0
  206. package/dist/projectTemplate.d.ts +101 -0
  207. package/dist/projectTemplate.d.ts.map +1 -0
  208. package/dist/projectTemplate.js +83 -0
  209. package/dist/projectTemplate.js.map +1 -0
  210. package/dist/projectUser.d.ts +93 -0
  211. package/dist/projectUser.d.ts.map +1 -0
  212. package/dist/projectUser.js +89 -0
  213. package/dist/projectUser.js.map +1 -0
  214. package/dist/provider.d.ts +83 -0
  215. package/dist/provider.d.ts.map +1 -0
  216. package/dist/provider.js +83 -0
  217. package/dist/provider.js.map +1 -0
  218. package/dist/secret.d.ts +118 -0
  219. package/dist/secret.d.ts.map +1 -0
  220. package/dist/secret.js +97 -0
  221. package/dist/secret.js.map +1 -0
  222. package/dist/secretApprovalPolicy.d.ts +149 -0
  223. package/dist/secretApprovalPolicy.d.ts.map +1 -0
  224. package/dist/secretApprovalPolicy.js +100 -0
  225. package/dist/secretApprovalPolicy.js.map +1 -0
  226. package/dist/secretFolder.d.ts +103 -0
  227. package/dist/secretFolder.d.ts.map +1 -0
  228. package/dist/secretFolder.js +91 -0
  229. package/dist/secretFolder.js.map +1 -0
  230. package/dist/secretImport.d.ts +111 -0
  231. package/dist/secretImport.d.ts.map +1 -0
  232. package/dist/secretImport.js +100 -0
  233. package/dist/secretImport.js.map +1 -0
  234. package/dist/secretRotationAwsIamUserSecret.d.ts +185 -0
  235. package/dist/secretRotationAwsIamUserSecret.d.ts.map +1 -0
  236. package/dist/secretRotationAwsIamUserSecret.js +112 -0
  237. package/dist/secretRotationAwsIamUserSecret.js.map +1 -0
  238. package/dist/secretRotationAzureClientSecret.d.ts +185 -0
  239. package/dist/secretRotationAzureClientSecret.d.ts.map +1 -0
  240. package/dist/secretRotationAzureClientSecret.js +112 -0
  241. package/dist/secretRotationAzureClientSecret.js.map +1 -0
  242. package/dist/secretRotationLdapPassword.d.ts +185 -0
  243. package/dist/secretRotationLdapPassword.d.ts.map +1 -0
  244. package/dist/secretRotationLdapPassword.js +112 -0
  245. package/dist/secretRotationLdapPassword.js.map +1 -0
  246. package/dist/secretRotationMssqlCredentials.d.ts +185 -0
  247. package/dist/secretRotationMssqlCredentials.d.ts.map +1 -0
  248. package/dist/secretRotationMssqlCredentials.js +112 -0
  249. package/dist/secretRotationMssqlCredentials.js.map +1 -0
  250. package/dist/secretRotationMysqlCredentials.d.ts +185 -0
  251. package/dist/secretRotationMysqlCredentials.d.ts.map +1 -0
  252. package/dist/secretRotationMysqlCredentials.js +112 -0
  253. package/dist/secretRotationMysqlCredentials.js.map +1 -0
  254. package/dist/secretRotationOracledbCredentials.d.ts +185 -0
  255. package/dist/secretRotationOracledbCredentials.d.ts.map +1 -0
  256. package/dist/secretRotationOracledbCredentials.js +112 -0
  257. package/dist/secretRotationOracledbCredentials.js.map +1 -0
  258. package/dist/secretRotationPostgresCredentials.d.ts +185 -0
  259. package/dist/secretRotationPostgresCredentials.d.ts.map +1 -0
  260. package/dist/secretRotationPostgresCredentials.js +112 -0
  261. package/dist/secretRotationPostgresCredentials.js.map +1 -0
  262. package/dist/secretSync1password.d.ts +149 -0
  263. package/dist/secretSync1password.d.ts.map +1 -0
  264. package/dist/secretSync1password.js +106 -0
  265. package/dist/secretSync1password.js.map +1 -0
  266. package/dist/secretSyncAwsParameterStore.d.ts +149 -0
  267. package/dist/secretSyncAwsParameterStore.d.ts.map +1 -0
  268. package/dist/secretSyncAwsParameterStore.js +106 -0
  269. package/dist/secretSyncAwsParameterStore.js.map +1 -0
  270. package/dist/secretSyncAwsSecretsManager.d.ts +149 -0
  271. package/dist/secretSyncAwsSecretsManager.d.ts.map +1 -0
  272. package/dist/secretSyncAwsSecretsManager.js +106 -0
  273. package/dist/secretSyncAwsSecretsManager.js.map +1 -0
  274. package/dist/secretSyncAzureAppConfiguration.d.ts +149 -0
  275. package/dist/secretSyncAzureAppConfiguration.d.ts.map +1 -0
  276. package/dist/secretSyncAzureAppConfiguration.js +106 -0
  277. package/dist/secretSyncAzureAppConfiguration.js.map +1 -0
  278. package/dist/secretSyncAzureDevops.d.ts +149 -0
  279. package/dist/secretSyncAzureDevops.d.ts.map +1 -0
  280. package/dist/secretSyncAzureDevops.js +106 -0
  281. package/dist/secretSyncAzureDevops.js.map +1 -0
  282. package/dist/secretSyncAzureKeyVault.d.ts +149 -0
  283. package/dist/secretSyncAzureKeyVault.d.ts.map +1 -0
  284. package/dist/secretSyncAzureKeyVault.js +106 -0
  285. package/dist/secretSyncAzureKeyVault.js.map +1 -0
  286. package/dist/secretSyncBitbucket.d.ts +149 -0
  287. package/dist/secretSyncBitbucket.d.ts.map +1 -0
  288. package/dist/secretSyncBitbucket.js +106 -0
  289. package/dist/secretSyncBitbucket.js.map +1 -0
  290. package/dist/secretSyncCloudflarePages.d.ts +149 -0
  291. package/dist/secretSyncCloudflarePages.d.ts.map +1 -0
  292. package/dist/secretSyncCloudflarePages.js +106 -0
  293. package/dist/secretSyncCloudflarePages.js.map +1 -0
  294. package/dist/secretSyncCloudflareWorkers.d.ts +149 -0
  295. package/dist/secretSyncCloudflareWorkers.d.ts.map +1 -0
  296. package/dist/secretSyncCloudflareWorkers.js +106 -0
  297. package/dist/secretSyncCloudflareWorkers.js.map +1 -0
  298. package/dist/secretSyncDatabricks.d.ts +149 -0
  299. package/dist/secretSyncDatabricks.d.ts.map +1 -0
  300. package/dist/secretSyncDatabricks.js +106 -0
  301. package/dist/secretSyncDatabricks.js.map +1 -0
  302. package/dist/secretSyncFlyio.d.ts +149 -0
  303. package/dist/secretSyncFlyio.d.ts.map +1 -0
  304. package/dist/secretSyncFlyio.js +106 -0
  305. package/dist/secretSyncFlyio.js.map +1 -0
  306. package/dist/secretSyncGcpSecretManager.d.ts +149 -0
  307. package/dist/secretSyncGcpSecretManager.d.ts.map +1 -0
  308. package/dist/secretSyncGcpSecretManager.js +106 -0
  309. package/dist/secretSyncGcpSecretManager.js.map +1 -0
  310. package/dist/secretSyncGithub.d.ts +149 -0
  311. package/dist/secretSyncGithub.d.ts.map +1 -0
  312. package/dist/secretSyncGithub.js +106 -0
  313. package/dist/secretSyncGithub.js.map +1 -0
  314. package/dist/secretSyncGitlab.d.ts +149 -0
  315. package/dist/secretSyncGitlab.d.ts.map +1 -0
  316. package/dist/secretSyncGitlab.js +106 -0
  317. package/dist/secretSyncGitlab.js.map +1 -0
  318. package/dist/secretSyncRender.d.ts +149 -0
  319. package/dist/secretSyncRender.d.ts.map +1 -0
  320. package/dist/secretSyncRender.js +106 -0
  321. package/dist/secretSyncRender.js.map +1 -0
  322. package/dist/secretSyncSupabase.d.ts +149 -0
  323. package/dist/secretSyncSupabase.d.ts.map +1 -0
  324. package/dist/secretSyncSupabase.js +106 -0
  325. package/dist/secretSyncSupabase.js.map +1 -0
  326. package/dist/secretTag.d.ts +87 -0
  327. package/dist/secretTag.d.ts.map +1 -0
  328. package/dist/secretTag.js +87 -0
  329. package/dist/secretTag.js.map +1 -0
  330. package/dist/types/index.d.ts +4 -0
  331. package/dist/types/index.d.ts.map +1 -0
  332. package/dist/types/index.js +34 -0
  333. package/dist/types/index.js.map +1 -0
  334. package/dist/types/input.d.ts +1766 -0
  335. package/dist/types/input.d.ts.map +1 -0
  336. package/dist/types/input.js +5 -0
  337. package/dist/types/input.js.map +1 -0
  338. package/dist/types/output.d.ts +1839 -0
  339. package/dist/types/output.d.ts.map +1 -0
  340. package/dist/types/output.js +5 -0
  341. package/dist/types/output.js.map +1 -0
  342. package/dist/utilities.d.ts +15 -0
  343. package/dist/utilities.d.ts.map +1 -0
  344. package/dist/utilities.js +152 -0
  345. package/dist/utilities.js.map +1 -0
  346. package/package.json +27 -0
@@ -0,0 +1,1766 @@
1
+ import * as pulumi from "@pulumi/pulumi";
2
+ import * as inputs from "../types/input";
3
+ export interface AccessApprovalPolicyApprover {
4
+ /**
5
+ * The ID of the approver
6
+ */
7
+ id?: pulumi.Input<string>;
8
+ /**
9
+ * The type of approver. Either group or user
10
+ */
11
+ type: pulumi.Input<string>;
12
+ /**
13
+ * The username of the approver. By default, this is the email
14
+ */
15
+ username?: pulumi.Input<string>;
16
+ }
17
+ export interface AppConnection1passwordCredentials {
18
+ /**
19
+ * The API token to use for authentication. For more details, refer to the documentation here infisical.com/docs/integrations/app-connections/1password
20
+ */
21
+ apiToken: pulumi.Input<string>;
22
+ /**
23
+ * The URL of the 1Password Connect instance to connect to. For more details, refer to the documentation here infisical.com/docs/integrations/app-connections/1password
24
+ */
25
+ instanceUrl: pulumi.Input<string>;
26
+ }
27
+ export interface AppConnectionAwsCredentials {
28
+ /**
29
+ * The AWS Access Key ID used to authenticate requests to AWS services. Required for access-key access method. For more details, refer to the documentation here infisical.com/docs/integrations/app-connections/aws#access-key
30
+ */
31
+ accessKeyId?: pulumi.Input<string>;
32
+ /**
33
+ * The Amazon Resource Name (ARN) of the IAM role to assume for performing operations. Infisical will assume this role using AWS Security Token Service (STS). Required for assume-role access method. For more details, refer to the documentation here infisical.com/docs/integrations/app-connections/aws#assume-role-recommended
34
+ */
35
+ roleArn?: pulumi.Input<string>;
36
+ /**
37
+ * The AWS Secret Access Key associated with the Access Key ID to authenticate requests to AWS services. Required for access-key access method. For more details, refer to the documentation here infisical.com/docs/integrations/app-connections/aws#access-key
38
+ */
39
+ secretAccessKey?: pulumi.Input<string>;
40
+ }
41
+ export interface AppConnectionAzureClientSecretsCredentials {
42
+ /**
43
+ * The Azure application (client) ID. Required for client-secret method. For more details, refer to the documentation here infisical.com/docs/integrations/app-connections/azure-client-secrets
44
+ */
45
+ clientId: pulumi.Input<string>;
46
+ /**
47
+ * The Azure client secret. Required for client-secret method. For more details, refer to the documentation here infisical.com/docs/integrations/app-connections/azure-client-secrets
48
+ */
49
+ clientSecret: pulumi.Input<string>;
50
+ /**
51
+ * The Azure Active Directory (AAD) tenant ID. Required for client-secret method. For more details, refer to the documentation here infisical.com/docs/integrations/app-connections/azure-client-secrets
52
+ */
53
+ tenantId: pulumi.Input<string>;
54
+ }
55
+ export interface AppConnectionBitbucketCredentials {
56
+ /**
57
+ * The Bitbucket API token for authentication.
58
+ */
59
+ apiToken: pulumi.Input<string>;
60
+ /**
61
+ * The email address associated with the Bitbucket API token.
62
+ */
63
+ email: pulumi.Input<string>;
64
+ }
65
+ export interface AppConnectionCloudflareCredentials {
66
+ /**
67
+ * The Cloudflare Account ID. This can be found in the sidebar of your Cloudflare dashboard.
68
+ */
69
+ accountId: pulumi.Input<string>;
70
+ /**
71
+ * The Cloudflare API token with the necessary permissions to manage Workers scripts. The token should have Zone:Zone:Read, Zone:Zone Settings:Read, and Zone:Zone:Edit permissions.
72
+ */
73
+ apiToken: pulumi.Input<string>;
74
+ }
75
+ export interface AppConnectionDatabricksCredentials {
76
+ /**
77
+ * The client ID of the Databricks service principal.
78
+ */
79
+ clientId: pulumi.Input<string>;
80
+ /**
81
+ * The client secret of the Databricks service principal.
82
+ */
83
+ clientSecret: pulumi.Input<string>;
84
+ /**
85
+ * The workspace URL of the Databricks instance.
86
+ */
87
+ workspaceUrl: pulumi.Input<string>;
88
+ }
89
+ export interface AppConnectionFlyioCredentials {
90
+ /**
91
+ * The Fly.io access token for authentication.
92
+ */
93
+ accessToken: pulumi.Input<string>;
94
+ }
95
+ export interface AppConnectionGcpCredentials {
96
+ /**
97
+ * The service account email to connect with GCP. The service account ID (the part of the email before '@') must be suffixed with the first two sections of your organization ID e.g. service-account-df92581a-0fe9@my-project.iam.gserviceaccount.com. For more details, refer to the documentation here https://infisical.com/docs/integrations/app-connections/gcp#configure-service-account-for-infisical
98
+ */
99
+ serviceAccountEmail?: pulumi.Input<string>;
100
+ }
101
+ export interface AppConnectionGitlabCredentials {
102
+ /**
103
+ * The Access Token used to access GitLab.
104
+ */
105
+ accessToken: pulumi.Input<string>;
106
+ /**
107
+ * The type of token used to connect with GitLab. Supported options: 'project' and 'personal'
108
+ */
109
+ accessTokenType: pulumi.Input<string>;
110
+ /**
111
+ * The GitLab instance URL to connect with. (default: https://gitlab.com)
112
+ */
113
+ instanceUrl?: pulumi.Input<string>;
114
+ }
115
+ export interface AppConnectionLdapCredentials {
116
+ /**
117
+ * The Distinguished Name (DN) or User Principal Name (UPN) of the principal to bind with (e.g., 'CN=John,CN=Users,DC=example,DC=com').
118
+ */
119
+ dn: pulumi.Input<string>;
120
+ /**
121
+ * The password to bind with for authentication.
122
+ */
123
+ password: pulumi.Input<string>;
124
+ /**
125
+ * The LDAP provider (e.g., 'active-directory').
126
+ */
127
+ provider: pulumi.Input<string>;
128
+ /**
129
+ * The SSL certificate (PEM format) to use for secure connection when using ldaps:// with a self-signed certificate.
130
+ */
131
+ sslCertificate?: pulumi.Input<string>;
132
+ /**
133
+ * Whether or not to reject unauthorized SSL certificates (true/false) when using ldaps://. Set to false only in test environments.
134
+ */
135
+ sslRejectUnauthorized?: pulumi.Input<boolean>;
136
+ /**
137
+ * The LDAP server URL (e.g., 'ldap://example.com:389' or 'ldaps://example.com:636').
138
+ */
139
+ url: pulumi.Input<string>;
140
+ }
141
+ export interface AppConnectionMssqlCredentials {
142
+ /**
143
+ * The name of the database to connect to.
144
+ */
145
+ database: pulumi.Input<string>;
146
+ /**
147
+ * The hostname of the database server.
148
+ */
149
+ host: pulumi.Input<string>;
150
+ /**
151
+ * The password to connect to the database with.
152
+ */
153
+ password: pulumi.Input<string>;
154
+ /**
155
+ * The port number of the database.
156
+ */
157
+ port?: pulumi.Input<number>;
158
+ /**
159
+ * The SSL certificate to use for connection.
160
+ */
161
+ sslCertificate?: pulumi.Input<string>;
162
+ /**
163
+ * Whether or not to use SSL when connecting to the database.
164
+ */
165
+ sslEnabled?: pulumi.Input<boolean>;
166
+ /**
167
+ * Whether or not to reject unauthorized SSL certificates.
168
+ */
169
+ sslRejectUnauthorized?: pulumi.Input<boolean>;
170
+ /**
171
+ * The username to connect to the database with.
172
+ */
173
+ username: pulumi.Input<string>;
174
+ }
175
+ export interface AppConnectionMysqlCredentials {
176
+ /**
177
+ * The name of the database to connect to.
178
+ */
179
+ database: pulumi.Input<string>;
180
+ /**
181
+ * The hostname of the database server.
182
+ */
183
+ host: pulumi.Input<string>;
184
+ /**
185
+ * The password to connect to the database with.
186
+ */
187
+ password: pulumi.Input<string>;
188
+ /**
189
+ * The port number of the database.
190
+ */
191
+ port?: pulumi.Input<number>;
192
+ /**
193
+ * The SSL certificate to use for connection.
194
+ */
195
+ sslCertificate?: pulumi.Input<string>;
196
+ /**
197
+ * Whether or not to use SSL when connecting to the database.
198
+ */
199
+ sslEnabled?: pulumi.Input<boolean>;
200
+ /**
201
+ * Whether or not to reject unauthorized SSL certificates.
202
+ */
203
+ sslRejectUnauthorized?: pulumi.Input<boolean>;
204
+ /**
205
+ * The username to connect to the database with.
206
+ */
207
+ username: pulumi.Input<string>;
208
+ }
209
+ export interface AppConnectionOracledbCredentials {
210
+ /**
211
+ * The name of the database to connect to.
212
+ */
213
+ database: pulumi.Input<string>;
214
+ /**
215
+ * The hostname of the database server.
216
+ */
217
+ host: pulumi.Input<string>;
218
+ /**
219
+ * The password to connect to the database with.
220
+ */
221
+ password: pulumi.Input<string>;
222
+ /**
223
+ * The port number of the database.
224
+ */
225
+ port?: pulumi.Input<number>;
226
+ /**
227
+ * The SSL certificate to use for connection.
228
+ */
229
+ sslCertificate?: pulumi.Input<string>;
230
+ /**
231
+ * Whether or not to use SSL when connecting to the database.
232
+ */
233
+ sslEnabled?: pulumi.Input<boolean>;
234
+ /**
235
+ * Whether or not to reject unauthorized SSL certificates.
236
+ */
237
+ sslRejectUnauthorized?: pulumi.Input<boolean>;
238
+ /**
239
+ * The username to connect to the database with.
240
+ */
241
+ username: pulumi.Input<string>;
242
+ }
243
+ export interface AppConnectionPostgresCredentials {
244
+ /**
245
+ * The name of the database to connect to.
246
+ */
247
+ database: pulumi.Input<string>;
248
+ /**
249
+ * The hostname of the database server.
250
+ */
251
+ host: pulumi.Input<string>;
252
+ /**
253
+ * The password to connect to the database with.
254
+ */
255
+ password: pulumi.Input<string>;
256
+ /**
257
+ * The port number of the database.
258
+ */
259
+ port?: pulumi.Input<number>;
260
+ /**
261
+ * The SSL certificate to use for connection.
262
+ */
263
+ sslCertificate?: pulumi.Input<string>;
264
+ /**
265
+ * Whether or not to use SSL when connecting to the database.
266
+ */
267
+ sslEnabled?: pulumi.Input<boolean>;
268
+ /**
269
+ * Whether or not to reject unauthorized SSL certificates.
270
+ */
271
+ sslRejectUnauthorized?: pulumi.Input<boolean>;
272
+ /**
273
+ * The username to connect to the database with.
274
+ */
275
+ username: pulumi.Input<string>;
276
+ }
277
+ export interface AppConnectionRenderCredentials {
278
+ /**
279
+ * The API key to use for authentication. For more details, refer to the documentation here infisical.com/docs/integrations/app-connections/render
280
+ */
281
+ apiKey: pulumi.Input<string>;
282
+ }
283
+ export interface AppConnectionSupabaseCredentials {
284
+ /**
285
+ * The Supabase access key for authentication.
286
+ */
287
+ accessKey: pulumi.Input<string>;
288
+ /**
289
+ * The Supabase instance URL (e.g., https://your-domain.com).
290
+ */
291
+ instanceUrl?: pulumi.Input<string>;
292
+ }
293
+ export interface DynamicSecretAwsIamConfiguration {
294
+ /**
295
+ * Configuration for the 'access_key' authentication method.
296
+ */
297
+ accessKeyConfig?: pulumi.Input<inputs.DynamicSecretAwsIamConfigurationAccessKeyConfig>;
298
+ /**
299
+ * Configuration for the 'assume_role' authentication method.
300
+ */
301
+ assumeRoleConfig?: pulumi.Input<inputs.DynamicSecretAwsIamConfigurationAssumeRoleConfig>;
302
+ /**
303
+ * IAM AWS Path to scope created IAM User resource access.
304
+ */
305
+ awsPath?: pulumi.Input<string>;
306
+ /**
307
+ * The authentication method to use. Must be 'access_key' or 'assume_role'.
308
+ */
309
+ method: pulumi.Input<string>;
310
+ /**
311
+ * The IAM Policy ARN of the AWS Permissions Boundary to attach to IAM users created in the role.
312
+ */
313
+ permissionBoundaryPolicyArn?: pulumi.Input<string>;
314
+ /**
315
+ * The AWS IAM managed policies that should be attached to the created users. Multiple values can be provided by separating them with commas
316
+ */
317
+ policyArns?: pulumi.Input<string>;
318
+ /**
319
+ * The AWS IAM inline policy that should be attached to the created users. Multiple values can be provided by separating them with commas
320
+ */
321
+ policyDocument?: pulumi.Input<string>;
322
+ /**
323
+ * The AWS data center region.
324
+ */
325
+ region: pulumi.Input<string>;
326
+ /**
327
+ * The AWS IAM groups that should be assigned to the created users. Multiple values can be provided by separating them with commas
328
+ */
329
+ userGroups?: pulumi.Input<string>;
330
+ }
331
+ export interface DynamicSecretAwsIamConfigurationAccessKeyConfig {
332
+ /**
333
+ * The managing AWS IAM User Access Key
334
+ */
335
+ accessKey: pulumi.Input<string>;
336
+ /**
337
+ * The managing AWS IAM User Secret Key
338
+ */
339
+ secretAccessKey: pulumi.Input<string>;
340
+ }
341
+ export interface DynamicSecretAwsIamConfigurationAssumeRoleConfig {
342
+ /**
343
+ * The ARN of the AWS Role to assume.
344
+ */
345
+ roleArn: pulumi.Input<string>;
346
+ }
347
+ export interface DynamicSecretAwsIamMetadata {
348
+ /**
349
+ * The key of the metadata object
350
+ */
351
+ key: pulumi.Input<string>;
352
+ /**
353
+ * The value of the metadata object
354
+ */
355
+ value: pulumi.Input<string>;
356
+ }
357
+ export interface DynamicSecretKubernetesConfiguration {
358
+ /**
359
+ * Configuration for the 'api' authentication method.
360
+ */
361
+ apiConfig?: pulumi.Input<inputs.DynamicSecretKubernetesConfigurationApiConfig>;
362
+ /**
363
+ * Optional list of audiences to include in the generated token.
364
+ */
365
+ audiences?: pulumi.Input<pulumi.Input<string>[]>;
366
+ /**
367
+ * Choose between Token ('api') or 'gateway' authentication. If using Gateway, the Gateway must be deployed in your Kubernetes cluster.
368
+ */
369
+ authMethod: pulumi.Input<string>;
370
+ /**
371
+ * Choose between 'static' (predefined service account) or 'dynamic' (temporary service accounts with role assignments).
372
+ */
373
+ credentialType: pulumi.Input<string>;
374
+ /**
375
+ * Configuration for the 'dynamic' credential type.
376
+ */
377
+ dynamicConfig?: pulumi.Input<inputs.DynamicSecretKubernetesConfigurationDynamicConfig>;
378
+ /**
379
+ * Select a gateway for private cluster access. If not specified, the Internet Gateway will be used.
380
+ */
381
+ gatewayId?: pulumi.Input<string>;
382
+ /**
383
+ * Configuration for the 'static' credential type.
384
+ */
385
+ staticConfig?: pulumi.Input<inputs.DynamicSecretKubernetesConfigurationStaticConfig>;
386
+ }
387
+ export interface DynamicSecretKubernetesConfigurationApiConfig {
388
+ /**
389
+ * Custom CA certificate for the Kubernetes API server. Leave blank to use the system/public CA.
390
+ */
391
+ ca?: pulumi.Input<string>;
392
+ /**
393
+ * Service account token with permissions to create service accounts and manage RBAC.
394
+ */
395
+ clusterToken: pulumi.Input<string>;
396
+ /**
397
+ * Kubernetes API server URL (e.g., https://kubernetes.default.svc).
398
+ */
399
+ clusterUrl: pulumi.Input<string>;
400
+ /**
401
+ * Whether to enable SSL verification for the Kubernetes API server connection.
402
+ */
403
+ enableSsl?: pulumi.Input<boolean>;
404
+ }
405
+ export interface DynamicSecretKubernetesConfigurationDynamicConfig {
406
+ /**
407
+ * Kubernetes namespace(s) where the service accounts will be created. You can specify multiple namespaces as a comma-separated list (e.g., “default,kube-system”). During lease creation, you can specify which namespace to use from this allowed list.
408
+ */
409
+ allowedNamespaces: pulumi.Input<string>;
410
+ /**
411
+ * Name of the role to assign to the temporary service account.
412
+ */
413
+ role: pulumi.Input<string>;
414
+ /**
415
+ * Type of role to assign ('cluster-role' or 'role').
416
+ */
417
+ roleType: pulumi.Input<string>;
418
+ }
419
+ export interface DynamicSecretKubernetesConfigurationStaticConfig {
420
+ /**
421
+ * Kubernetes namespace where the service account exists.
422
+ */
423
+ namespace: pulumi.Input<string>;
424
+ /**
425
+ * Name of the service account to generate tokens for.
426
+ */
427
+ serviceAccountName: pulumi.Input<string>;
428
+ }
429
+ export interface DynamicSecretKubernetesMetadata {
430
+ /**
431
+ * The key of the metadata object
432
+ */
433
+ key: pulumi.Input<string>;
434
+ /**
435
+ * The value of the metadata object
436
+ */
437
+ value: pulumi.Input<string>;
438
+ }
439
+ export interface DynamicSecretMongoAtlasConfiguration {
440
+ /**
441
+ * Admin user private API key
442
+ */
443
+ adminPrivateKey: pulumi.Input<string>;
444
+ /**
445
+ * Admin user public API key
446
+ */
447
+ adminPublicKey: pulumi.Input<string>;
448
+ /**
449
+ * Unique 24-hexadecimal digit string that identifies your project. This is the same as the project ID.
450
+ */
451
+ groupId: pulumi.Input<string>;
452
+ roles: pulumi.Input<pulumi.Input<inputs.DynamicSecretMongoAtlasConfigurationRole>[]>;
453
+ scopes?: pulumi.Input<pulumi.Input<inputs.DynamicSecretMongoAtlasConfigurationScope>[]>;
454
+ }
455
+ export interface DynamicSecretMongoAtlasConfigurationRole {
456
+ /**
457
+ * Collection on which this role applies.
458
+ */
459
+ collectionName?: pulumi.Input<string>;
460
+ /**
461
+ * Database to which the user is granted access privileges.
462
+ */
463
+ databaseName: pulumi.Input<string>;
464
+ /**
465
+ * Human-readable label that identifies a group of privileges assigned to a database user. This value can either be a built-in role or a custom role.
466
+ */
467
+ roleName: pulumi.Input<string>;
468
+ }
469
+ export interface DynamicSecretMongoAtlasConfigurationScope {
470
+ /**
471
+ * Human-readable label that identifies the cluster or MongoDB Atlas Data Lake that this database user can access.
472
+ */
473
+ name: pulumi.Input<string>;
474
+ /**
475
+ * Category of resource that this database user can access. Supported options: CLUSTER, DATA_LAKE, STREAM
476
+ */
477
+ type: pulumi.Input<string>;
478
+ }
479
+ export interface DynamicSecretMongoAtlasMetadata {
480
+ /**
481
+ * The key of the metadata object
482
+ */
483
+ key: pulumi.Input<string>;
484
+ /**
485
+ * The value of the metadata object
486
+ */
487
+ value: pulumi.Input<string>;
488
+ }
489
+ export interface DynamicSecretMongoDbConfiguration {
490
+ /**
491
+ * The CA certificate to use to connect to the database.
492
+ */
493
+ ca?: pulumi.Input<string>;
494
+ /**
495
+ * The name of the database to use.
496
+ */
497
+ database: pulumi.Input<string>;
498
+ /**
499
+ * The host of the database server.
500
+ */
501
+ host: pulumi.Input<string>;
502
+ /**
503
+ * The password to use to connect to the database.
504
+ */
505
+ password: pulumi.Input<string>;
506
+ /**
507
+ * The port of the database server.
508
+ */
509
+ port?: pulumi.Input<number>;
510
+ /**
511
+ * A list of role names to assign to the user. The role names can either be built-in or custom.
512
+ */
513
+ roles: pulumi.Input<pulumi.Input<string>[]>;
514
+ /**
515
+ * The username to use to connect to the database.
516
+ */
517
+ username: pulumi.Input<string>;
518
+ }
519
+ export interface DynamicSecretMongoDbMetadata {
520
+ /**
521
+ * The key of the metadata object
522
+ */
523
+ key: pulumi.Input<string>;
524
+ /**
525
+ * The value of the metadata object
526
+ */
527
+ value: pulumi.Input<string>;
528
+ }
529
+ export interface DynamicSecretSqlDatabaseConfiguration {
530
+ /**
531
+ * The CA certificate to use to connect to the database.
532
+ */
533
+ ca?: pulumi.Input<string>;
534
+ /**
535
+ * The database client to use. Currently supported values are postgres, mysql2, oracledb, mssql, sap-ase, and vertica.
536
+ */
537
+ client: pulumi.Input<string>;
538
+ /**
539
+ * The creation statement to use to create the dynamic secret lease.
540
+ */
541
+ creationStatement: pulumi.Input<string>;
542
+ /**
543
+ * The name of the database to use.
544
+ */
545
+ database: pulumi.Input<string>;
546
+ /**
547
+ * The Gateway ID to use to connect to the database.
548
+ */
549
+ gatewayId?: pulumi.Input<string>;
550
+ /**
551
+ * The host of the database server.
552
+ */
553
+ host: pulumi.Input<string>;
554
+ /**
555
+ * The password to use to connect to the database.
556
+ */
557
+ password: pulumi.Input<string>;
558
+ /**
559
+ * The password requirements to use to create the dynamic secret lease.
560
+ */
561
+ passwordRequirements?: pulumi.Input<inputs.DynamicSecretSqlDatabaseConfigurationPasswordRequirements>;
562
+ /**
563
+ * The port of the database server.
564
+ */
565
+ port: pulumi.Input<number>;
566
+ /**
567
+ * The renew statement to use to renew the dynamic secret lease.
568
+ */
569
+ renewStatement?: pulumi.Input<string>;
570
+ /**
571
+ * The revocation statement to use to revoke the dynamic secret lease.
572
+ */
573
+ revocationStatement: pulumi.Input<string>;
574
+ /**
575
+ * The username to use to connect to the database.
576
+ */
577
+ username: pulumi.Input<string>;
578
+ }
579
+ export interface DynamicSecretSqlDatabaseConfigurationPasswordRequirements {
580
+ /**
581
+ * The symbols allowed in the password.
582
+ */
583
+ allowedSymbols?: pulumi.Input<string>;
584
+ /**
585
+ * The length of the password to use to create the dynamic secret lease.
586
+ */
587
+ length: pulumi.Input<number>;
588
+ /**
589
+ * The required characters to use to create the dynamic secret lease.
590
+ */
591
+ required: pulumi.Input<inputs.DynamicSecretSqlDatabaseConfigurationPasswordRequirementsRequired>;
592
+ }
593
+ export interface DynamicSecretSqlDatabaseConfigurationPasswordRequirementsRequired {
594
+ /**
595
+ * The number of digits required in the password.
596
+ */
597
+ digits: pulumi.Input<number>;
598
+ /**
599
+ * The number of lowercase characters required in the password.
600
+ */
601
+ lowercase: pulumi.Input<number>;
602
+ /**
603
+ * The number of symbols required in the password.
604
+ */
605
+ symbols: pulumi.Input<number>;
606
+ /**
607
+ * The number of uppercase characters required in the password.
608
+ */
609
+ uppercase: pulumi.Input<number>;
610
+ }
611
+ export interface DynamicSecretSqlDatabaseMetadata {
612
+ /**
613
+ * The key of the metadata object
614
+ */
615
+ key: pulumi.Input<string>;
616
+ /**
617
+ * The value of the metadata object
618
+ */
619
+ value: pulumi.Input<string>;
620
+ }
621
+ export interface IdentityAwsAuthAccessTokenTrustedIp {
622
+ ipAddress?: pulumi.Input<string>;
623
+ }
624
+ export interface IdentityAzureAuthAccessTokenTrustedIp {
625
+ ipAddress?: pulumi.Input<string>;
626
+ }
627
+ export interface IdentityGcpAuthAccessTokenTrustedIp {
628
+ ipAddress?: pulumi.Input<string>;
629
+ }
630
+ export interface IdentityKubernetesAuthAccessTokenTrustedIp {
631
+ ipAddress?: pulumi.Input<string>;
632
+ }
633
+ export interface IdentityMetadata {
634
+ /**
635
+ * The key of the metadata object
636
+ */
637
+ key: pulumi.Input<string>;
638
+ /**
639
+ * The value of the metadata object
640
+ */
641
+ value: pulumi.Input<string>;
642
+ }
643
+ export interface IdentityOidcAuthAccessTokenTrustedIp {
644
+ ipAddress?: pulumi.Input<string>;
645
+ }
646
+ export interface IdentityUniversalAuthAccessTokenTrustedIp {
647
+ ipAddress?: pulumi.Input<string>;
648
+ }
649
+ export interface IdentityUniversalAuthClientSecretTrustedIp {
650
+ ipAddress?: pulumi.Input<string>;
651
+ }
652
+ export interface IntegrationAwsParameterStoreOptions {
653
+ /**
654
+ * Tags to attach to the AWS parameter store secrets.
655
+ */
656
+ awsTags?: pulumi.Input<pulumi.Input<inputs.IntegrationAwsParameterStoreOptionsAwsTag>[]>;
657
+ /**
658
+ * Whether to disable deletion of existing secrets in AWS Parameter Store.
659
+ */
660
+ shouldDisableDelete?: pulumi.Input<boolean>;
661
+ }
662
+ export interface IntegrationAwsParameterStoreOptionsAwsTag {
663
+ /**
664
+ * The key of the tag.
665
+ */
666
+ key?: pulumi.Input<string>;
667
+ /**
668
+ * The value of the tag.
669
+ */
670
+ value?: pulumi.Input<string>;
671
+ }
672
+ export interface IntegrationAwsSecretsManagerOptions {
673
+ /**
674
+ * Tags to attach to the AWS Secrets Manager secrets.
675
+ */
676
+ awsTags?: pulumi.Input<pulumi.Input<inputs.IntegrationAwsSecretsManagerOptionsAwsTag>[]>;
677
+ /**
678
+ * The sync mode for AWS tags. The supported options are `secret-metadata` and `custom`. If `secret-metadata` is selected, the metadata of the Infisical secrets are used as tags in AWS (only supported for one-to-one integrations). If `custom` is selected, then the key/value pairs in the `aws_tags` field is used.
679
+ */
680
+ metadataSyncMode?: pulumi.Input<string>;
681
+ /**
682
+ * The prefix to add to the secret name in AWS Secrets Manager.
683
+ */
684
+ secretPrefix?: pulumi.Input<string>;
685
+ }
686
+ export interface IntegrationAwsSecretsManagerOptionsAwsTag {
687
+ /**
688
+ * The key of the tag.
689
+ */
690
+ key?: pulumi.Input<string>;
691
+ /**
692
+ * The value of the tag.
693
+ */
694
+ value?: pulumi.Input<string>;
695
+ }
696
+ export interface IntegrationGcpSecretManagerOptions {
697
+ /**
698
+ * The prefix to add to the secret name in GCP Secret Manager.
699
+ */
700
+ secretPrefix?: pulumi.Input<string>;
701
+ /**
702
+ * The suffix to add to the secret name in GCP Secret Manager.
703
+ */
704
+ secretSuffix?: pulumi.Input<string>;
705
+ }
706
+ export interface ProjectGroupRole {
707
+ /**
708
+ * Flag to indicate the assigned role is temporary or not. When is_temporary is true fields temporary_mode, temporary_range and temporary_access_start_time is required.
709
+ */
710
+ isTemporary?: pulumi.Input<boolean>;
711
+ /**
712
+ * The slug of the role
713
+ */
714
+ roleSlug: pulumi.Input<string>;
715
+ /**
716
+ * ISO time for which temporary access should begin. This is in the format YYYY-MM-DDTHH:MM:SSZ e.g. 2024-09-19T12:43:13Z
717
+ */
718
+ temporaryAccessStartTime?: pulumi.Input<string>;
719
+ /**
720
+ * TTL for the temporary time. Eg: 1m, 1h, 1d. Default: 1h
721
+ */
722
+ temporaryRange?: pulumi.Input<string>;
723
+ }
724
+ export interface ProjectIdentityIdentity {
725
+ /**
726
+ * The auth methods for the identity
727
+ */
728
+ authMethods?: pulumi.Input<pulumi.Input<string>[]>;
729
+ /**
730
+ * The ID of the identity
731
+ */
732
+ id?: pulumi.Input<string>;
733
+ /**
734
+ * The name of the identity
735
+ */
736
+ name?: pulumi.Input<string>;
737
+ }
738
+ export interface ProjectIdentityRole {
739
+ /**
740
+ * The id of the custom role slug
741
+ */
742
+ customRoleId?: pulumi.Input<string>;
743
+ /**
744
+ * The ID of the project identity role.
745
+ */
746
+ id?: pulumi.Input<string>;
747
+ /**
748
+ * Flag to indicate the assigned role is temporary or not. When is_temporary is true fields temporary_mode, temporary_range and temporary_access_start_time is required.
749
+ */
750
+ isTemporary?: pulumi.Input<boolean>;
751
+ /**
752
+ * The slug of the role
753
+ */
754
+ roleSlug: pulumi.Input<string>;
755
+ /**
756
+ * ISO time for which temporary access will end. Computed based on temporary_range and temporary_access_start_time
757
+ */
758
+ temporaryAccessEndTime?: pulumi.Input<string>;
759
+ /**
760
+ * ISO time for which temporary access should begin. The current time is used by default.
761
+ */
762
+ temporaryAccessStartTime?: pulumi.Input<string>;
763
+ /**
764
+ * Type of temporary access given. Types: relative. Default: relative
765
+ */
766
+ temporaryMode?: pulumi.Input<string>;
767
+ /**
768
+ * TTL for the temporary time. Eg: 1m, 1h, 1d. Default: 1h
769
+ */
770
+ temporaryRange?: pulumi.Input<string>;
771
+ }
772
+ export interface ProjectIdentitySpecificPrivilegePermission {
773
+ /**
774
+ * Describe what action an entity can take. Enum: create,edit,delete,read
775
+ */
776
+ actions: pulumi.Input<pulumi.Input<string>[]>;
777
+ /**
778
+ * The conditions to scope permissions
779
+ */
780
+ conditions: pulumi.Input<inputs.ProjectIdentitySpecificPrivilegePermissionConditions>;
781
+ /**
782
+ * Describe what action an entity can take. Enum: role,member,groups,settings,integrations,webhooks,service-tokens,environments,tags,audit-logs,ip-allowlist,workspace,secrets,secret-rollback,secret-approval,secret-rotation,identity,certificate-authorities,certificates,certificate-templates,kms,pki-alerts,pki-collections
783
+ */
784
+ subject: pulumi.Input<string>;
785
+ }
786
+ export interface ProjectIdentitySpecificPrivilegePermissionConditions {
787
+ /**
788
+ * The environment slug this permission should allow.
789
+ */
790
+ environment: pulumi.Input<string>;
791
+ /**
792
+ * The secret path this permission should be scoped to
793
+ */
794
+ secretPath?: pulumi.Input<string>;
795
+ }
796
+ export interface ProjectIdentitySpecificPrivilegePermissionsV2 {
797
+ /**
798
+ * Describe what actions an entity can take.
799
+ */
800
+ actions: pulumi.Input<pulumi.Input<string>[]>;
801
+ /**
802
+ * When specified, only matching conditions will be allowed to access given resource. Refer to the documentation in https://infisical.com/docs/internals/permissions#conditions for the complete list of supported properties and operators.
803
+ */
804
+ conditions?: pulumi.Input<string>;
805
+ /**
806
+ * Whether rule forbids. Set this to true if permission forbids.
807
+ */
808
+ inverted?: pulumi.Input<boolean>;
809
+ /**
810
+ * Describe the entity the permission pertains to.
811
+ */
812
+ subject: pulumi.Input<string>;
813
+ }
814
+ export interface ProjectRolePermission {
815
+ /**
816
+ * Describe what action an entity can take. Enum: create,edit,delete,read
817
+ */
818
+ action: pulumi.Input<string>;
819
+ /**
820
+ * The conditions to scope permissions
821
+ */
822
+ conditions?: pulumi.Input<inputs.ProjectRolePermissionConditions>;
823
+ /**
824
+ * Describe what action an entity can take. Enum: role,member,groups,settings,integrations,webhooks,service-tokens,environments,tags,audit-logs,ip-allowlist,workspace,secrets,secret-rollback,secret-approval,secret-rotation,identity,certificate-authorities,certificates,certificate-templates,kms,pki-alerts,pki-collections
825
+ */
826
+ subject: pulumi.Input<string>;
827
+ }
828
+ export interface ProjectRolePermissionConditions {
829
+ /**
830
+ * The environment slug this permission should allow.
831
+ */
832
+ environment?: pulumi.Input<string>;
833
+ /**
834
+ * The secret path this permission should be scoped to
835
+ */
836
+ secretPath?: pulumi.Input<string>;
837
+ }
838
+ export interface ProjectRolePermissionsV2 {
839
+ /**
840
+ * Describe what actions an entity can take.
841
+ */
842
+ actions: pulumi.Input<pulumi.Input<string>[]>;
843
+ /**
844
+ * When specified, only matching conditions will be allowed to access given resource. Refer to the documentation in https://infisical.com/docs/internals/permissions#conditions for the complete list of supported properties and operators.
845
+ */
846
+ conditions?: pulumi.Input<string>;
847
+ /**
848
+ * Whether rule forbids. Set this to true if permission forbids.
849
+ */
850
+ inverted?: pulumi.Input<boolean>;
851
+ /**
852
+ * Describe the entity the permission pertains to.
853
+ */
854
+ subject: pulumi.Input<string>;
855
+ }
856
+ export interface ProjectTemplateEnvironment {
857
+ /**
858
+ * The name of the environment
859
+ */
860
+ name: pulumi.Input<string>;
861
+ /**
862
+ * The position of the environment
863
+ */
864
+ position: pulumi.Input<number>;
865
+ /**
866
+ * The slug of the environment
867
+ */
868
+ slug: pulumi.Input<string>;
869
+ }
870
+ export interface ProjectTemplateRole {
871
+ /**
872
+ * The name of the role
873
+ */
874
+ name: pulumi.Input<string>;
875
+ /**
876
+ * The permissions assigned to the role. Refer to the documentation here https://infisical.com/docs/api-reference/endpoints/project-templates/create#body-roles-permissions for its usage.
877
+ */
878
+ permissions?: pulumi.Input<pulumi.Input<inputs.ProjectTemplateRolePermission>[]>;
879
+ /**
880
+ * The slug of the role
881
+ */
882
+ slug: pulumi.Input<string>;
883
+ }
884
+ export interface ProjectTemplateRolePermission {
885
+ /**
886
+ * Describe what actions an entity can take.
887
+ */
888
+ actions: pulumi.Input<pulumi.Input<string>[]>;
889
+ /**
890
+ * When specified, only matching conditions will be allowed to access given resource. Refer to the documentation in https://infisical.com/docs/internals/permissions#conditions for the complete list of supported properties and operators.
891
+ */
892
+ conditions?: pulumi.Input<string>;
893
+ /**
894
+ * Whether rule forbids. Set this to true if permission forbids.
895
+ */
896
+ inverted?: pulumi.Input<boolean>;
897
+ /**
898
+ * Describe the entity the permission pertains to.
899
+ */
900
+ subject: pulumi.Input<string>;
901
+ }
902
+ export interface ProjectUserRole {
903
+ /**
904
+ * The id of the custom role slug
905
+ */
906
+ customRoleId?: pulumi.Input<string>;
907
+ /**
908
+ * The ID of the project user role.
909
+ */
910
+ id?: pulumi.Input<string>;
911
+ /**
912
+ * Flag to indicate the assigned role is temporary or not. When is_temporary is true fields temporary_mode, temporary_range and temporary_access_start_time is required.
913
+ */
914
+ isTemporary?: pulumi.Input<boolean>;
915
+ /**
916
+ * The slug of the role
917
+ */
918
+ roleSlug: pulumi.Input<string>;
919
+ /**
920
+ * ISO time for which temporary access will end. Computed based on temporary_range and temporary_access_start_time
921
+ */
922
+ temporaryAccessEndTime?: pulumi.Input<string>;
923
+ /**
924
+ * ISO time for which temporary access should begin. The current time is used by default.
925
+ */
926
+ temporaryAccessStartTime?: pulumi.Input<string>;
927
+ /**
928
+ * Type of temporary access given. Types: relative. Default: relative
929
+ */
930
+ temporaryMode?: pulumi.Input<string>;
931
+ /**
932
+ * TTL for the temporary time. Eg: 1m, 1h, 1d. Default: 1h
933
+ */
934
+ temporaryRange?: pulumi.Input<string>;
935
+ }
936
+ export interface ProjectUserUser {
937
+ /**
938
+ * The email of the user
939
+ */
940
+ email?: pulumi.Input<string>;
941
+ /**
942
+ * The first name of the user
943
+ */
944
+ firstName?: pulumi.Input<string>;
945
+ /**
946
+ * The id of the user
947
+ */
948
+ id?: pulumi.Input<string>;
949
+ /**
950
+ * The last name of the user
951
+ */
952
+ lastName?: pulumi.Input<string>;
953
+ }
954
+ export interface ProviderAuth {
955
+ /**
956
+ * The configuration values for AWS IAM Auth
957
+ */
958
+ awsIam?: pulumi.Input<inputs.ProviderAuthAwsIam>;
959
+ /**
960
+ * The configuration values for Kubernetes Auth
961
+ */
962
+ kubernetes?: pulumi.Input<inputs.ProviderAuthKubernetes>;
963
+ /**
964
+ * The configuration values for OIDC Auth
965
+ */
966
+ oidc?: pulumi.Input<inputs.ProviderAuthOidc>;
967
+ /**
968
+ * The authentication token for Machine Identity Token Auth. This attribute can also be set using the `INFISICAL_TOKEN` environment variable
969
+ */
970
+ token?: pulumi.Input<string>;
971
+ /**
972
+ * The configuration values for Universal Auth
973
+ */
974
+ universal?: pulumi.Input<inputs.ProviderAuthUniversal>;
975
+ }
976
+ export interface ProviderAuthAwsIam {
977
+ /**
978
+ * Machine identity ID. This attribute can also be set using the `INFISICAL_MACHINE_IDENTITY_ID` environment variable
979
+ */
980
+ identityId?: pulumi.Input<string>;
981
+ }
982
+ export interface ProviderAuthKubernetes {
983
+ /**
984
+ * Machine identity ID. This attribute can also be set using the `INFISICAL_MACHINE_IDENTITY_ID` environment variable
985
+ */
986
+ identityId?: pulumi.Input<string>;
987
+ /**
988
+ * The service account token. This attribute can also be set using the `INFISICAL_KUBERNETES_SERVICE_ACCOUNT_TOKEN` environment variable
989
+ */
990
+ serviceAccountToken?: pulumi.Input<string>;
991
+ /**
992
+ * The path to the service account token. This attribute can also be set using the `INFISICAL_KUBERNETES_SERVICE_ACCOUNT_TOKEN_PATH` environment variable. Default is `/var/run/secrets/kubernetes.io/serviceaccount/token`.
993
+ */
994
+ serviceAccountTokenPath?: pulumi.Input<string>;
995
+ }
996
+ export interface ProviderAuthOidc {
997
+ /**
998
+ * Machine identity ID. This attribute can also be set using the `INFISICAL_MACHINE_IDENTITY_ID` environment variable
999
+ */
1000
+ identityId?: pulumi.Input<string>;
1001
+ /**
1002
+ * The environment variable name for the OIDC JWT token. This attribute can also be set using the `INFISICAL_OIDC_AUTH_TOKEN_KEY_NAME` environment variable. Default is `INFISICAL_AUTH_JWT`.
1003
+ */
1004
+ tokenEnvironmentVariableName?: pulumi.Input<string>;
1005
+ }
1006
+ export interface ProviderAuthUniversal {
1007
+ /**
1008
+ * Machine identity client ID. This attribute can also be set using the `INFISICAL_UNIVERSAL_AUTH_CLIENT_ID` environment variable
1009
+ */
1010
+ clientId?: pulumi.Input<string>;
1011
+ /**
1012
+ * Machine identity client secret. This attribute can also be set using the `INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET` environment variable
1013
+ */
1014
+ clientSecret?: pulumi.Input<string>;
1015
+ }
1016
+ export interface SecretApprovalPolicyApprover {
1017
+ /**
1018
+ * The ID of the approver
1019
+ */
1020
+ id?: pulumi.Input<string>;
1021
+ /**
1022
+ * The type of approver. Either group or user
1023
+ */
1024
+ type: pulumi.Input<string>;
1025
+ /**
1026
+ * The username of the approver. By default, this is the email
1027
+ */
1028
+ username?: pulumi.Input<string>;
1029
+ }
1030
+ export interface SecretRotationAwsIamUserSecretParameters {
1031
+ /**
1032
+ * The AWS region the client is present in.
1033
+ */
1034
+ region: pulumi.Input<string>;
1035
+ /**
1036
+ * The name of the client to rotate credentials for.
1037
+ */
1038
+ userName: pulumi.Input<string>;
1039
+ }
1040
+ export interface SecretRotationAwsIamUserSecretRotateAtUtc {
1041
+ /**
1042
+ * The hour at which the rotation should occur (UTC).
1043
+ */
1044
+ hours?: pulumi.Input<number>;
1045
+ /**
1046
+ * The minute at which the rotation should occur (UTC).
1047
+ */
1048
+ minutes?: pulumi.Input<number>;
1049
+ }
1050
+ export interface SecretRotationAwsIamUserSecretSecretsMapping {
1051
+ /**
1052
+ * The name of the secret that the access key ID will be mapped to.
1053
+ */
1054
+ accessKeyId: pulumi.Input<string>;
1055
+ /**
1056
+ * The name of the secret that the rotated secret access key will be mapped to.
1057
+ */
1058
+ secretAccessKey: pulumi.Input<string>;
1059
+ }
1060
+ export interface SecretRotationAwsIamUserSecretTemporaryParameters {
1061
+ }
1062
+ export interface SecretRotationAzureClientSecretParameters {
1063
+ /**
1064
+ * The client ID of the Azure Application to rotate the client secret for.
1065
+ */
1066
+ clientId: pulumi.Input<string>;
1067
+ /**
1068
+ * The ID of the Azure Application to rotate the client secret for.
1069
+ */
1070
+ objectId: pulumi.Input<string>;
1071
+ }
1072
+ export interface SecretRotationAzureClientSecretRotateAtUtc {
1073
+ /**
1074
+ * The hour at which the rotation should occur (UTC).
1075
+ */
1076
+ hours?: pulumi.Input<number>;
1077
+ /**
1078
+ * The minute at which the rotation should occur (UTC).
1079
+ */
1080
+ minutes?: pulumi.Input<number>;
1081
+ }
1082
+ export interface SecretRotationAzureClientSecretSecretsMapping {
1083
+ /**
1084
+ * The name of the secret that the client ID will be mapped to.
1085
+ */
1086
+ clientId: pulumi.Input<string>;
1087
+ /**
1088
+ * The name of the secret that the rotated client secret will be mapped to.
1089
+ */
1090
+ clientSecret: pulumi.Input<string>;
1091
+ }
1092
+ export interface SecretRotationAzureClientSecretTemporaryParameters {
1093
+ }
1094
+ export interface SecretRotationLdapPasswordParameters {
1095
+ /**
1096
+ * The Distinguished Name (DN) of the LDAP entry to rotate the password for.
1097
+ */
1098
+ dn: pulumi.Input<string>;
1099
+ /**
1100
+ * Password generation requirements.
1101
+ */
1102
+ passwordRequirements: pulumi.Input<inputs.SecretRotationLdapPasswordParametersPasswordRequirements>;
1103
+ /**
1104
+ * The method to use for rotating the password. Supported options: connection-principal and target-principal (default: connection-principal)
1105
+ */
1106
+ rotationMethod?: pulumi.Input<string>;
1107
+ }
1108
+ export interface SecretRotationLdapPasswordParametersPasswordRequirements {
1109
+ /**
1110
+ * String of allowed symbols for password generation.
1111
+ */
1112
+ allowedSymbols?: pulumi.Input<string>;
1113
+ /**
1114
+ * The length of the generated password.
1115
+ */
1116
+ length: pulumi.Input<number>;
1117
+ /**
1118
+ * Required character types in the generated password.
1119
+ */
1120
+ required: pulumi.Input<inputs.SecretRotationLdapPasswordParametersPasswordRequirementsRequired>;
1121
+ }
1122
+ export interface SecretRotationLdapPasswordParametersPasswordRequirementsRequired {
1123
+ /**
1124
+ * Minimum number of digits required in the password.
1125
+ */
1126
+ digits: pulumi.Input<number>;
1127
+ /**
1128
+ * Minimum number of lowercase letters required in the password.
1129
+ */
1130
+ lowercase: pulumi.Input<number>;
1131
+ /**
1132
+ * Minimum number of symbols required in the password.
1133
+ */
1134
+ symbols: pulumi.Input<number>;
1135
+ /**
1136
+ * Minimum number of uppercase letters required in the password.
1137
+ */
1138
+ uppercase: pulumi.Input<number>;
1139
+ }
1140
+ export interface SecretRotationLdapPasswordRotateAtUtc {
1141
+ /**
1142
+ * The hour at which the rotation should occur (UTC).
1143
+ */
1144
+ hours?: pulumi.Input<number>;
1145
+ /**
1146
+ * The minute at which the rotation should occur (UTC).
1147
+ */
1148
+ minutes?: pulumi.Input<number>;
1149
+ }
1150
+ export interface SecretRotationLdapPasswordSecretsMapping {
1151
+ /**
1152
+ * The name of the secret that the Distinguished Name will be mapped to.
1153
+ */
1154
+ dn: pulumi.Input<string>;
1155
+ /**
1156
+ * The name of the secret that the generated password will be mapped to.
1157
+ */
1158
+ password: pulumi.Input<string>;
1159
+ }
1160
+ export interface SecretRotationLdapPasswordTemporaryParameters {
1161
+ /**
1162
+ * The password of the provided principal if 'parameters.rotation_method' is set to 'target-principal'.
1163
+ */
1164
+ password?: pulumi.Input<string>;
1165
+ }
1166
+ export interface SecretRotationMssqlCredentialsParameters {
1167
+ /**
1168
+ * The username of the first login to rotate passwords for. This user must already exists in your database.
1169
+ */
1170
+ username1: pulumi.Input<string>;
1171
+ /**
1172
+ * The username of the second login to rotate passwords for. This user must already exists in your database.
1173
+ */
1174
+ username2: pulumi.Input<string>;
1175
+ }
1176
+ export interface SecretRotationMssqlCredentialsRotateAtUtc {
1177
+ /**
1178
+ * The hour at which the rotation should occur (UTC).
1179
+ */
1180
+ hours?: pulumi.Input<number>;
1181
+ /**
1182
+ * The minute at which the rotation should occur (UTC).
1183
+ */
1184
+ minutes?: pulumi.Input<number>;
1185
+ }
1186
+ export interface SecretRotationMssqlCredentialsSecretsMapping {
1187
+ /**
1188
+ * The name of the secret that the generated password will be mapped to.
1189
+ */
1190
+ password: pulumi.Input<string>;
1191
+ /**
1192
+ * The name of the secret that the active username will be mapped to.
1193
+ */
1194
+ username: pulumi.Input<string>;
1195
+ }
1196
+ export interface SecretRotationMssqlCredentialsTemporaryParameters {
1197
+ }
1198
+ export interface SecretRotationMysqlCredentialsParameters {
1199
+ /**
1200
+ * The username of the first login to rotate passwords for. This user must already exists in your database.
1201
+ */
1202
+ username1: pulumi.Input<string>;
1203
+ /**
1204
+ * The username of the second login to rotate passwords for. This user must already exists in your database.
1205
+ */
1206
+ username2: pulumi.Input<string>;
1207
+ }
1208
+ export interface SecretRotationMysqlCredentialsRotateAtUtc {
1209
+ /**
1210
+ * The hour at which the rotation should occur (UTC).
1211
+ */
1212
+ hours?: pulumi.Input<number>;
1213
+ /**
1214
+ * The minute at which the rotation should occur (UTC).
1215
+ */
1216
+ minutes?: pulumi.Input<number>;
1217
+ }
1218
+ export interface SecretRotationMysqlCredentialsSecretsMapping {
1219
+ /**
1220
+ * The name of the secret that the generated password will be mapped to.
1221
+ */
1222
+ password: pulumi.Input<string>;
1223
+ /**
1224
+ * The name of the secret that the active username will be mapped to.
1225
+ */
1226
+ username: pulumi.Input<string>;
1227
+ }
1228
+ export interface SecretRotationMysqlCredentialsTemporaryParameters {
1229
+ }
1230
+ export interface SecretRotationOracledbCredentialsParameters {
1231
+ /**
1232
+ * The username of the first login to rotate passwords for. This user must already exists in your database.
1233
+ */
1234
+ username1: pulumi.Input<string>;
1235
+ /**
1236
+ * The username of the second login to rotate passwords for. This user must already exists in your database.
1237
+ */
1238
+ username2: pulumi.Input<string>;
1239
+ }
1240
+ export interface SecretRotationOracledbCredentialsRotateAtUtc {
1241
+ /**
1242
+ * The hour at which the rotation should occur (UTC).
1243
+ */
1244
+ hours?: pulumi.Input<number>;
1245
+ /**
1246
+ * The minute at which the rotation should occur (UTC).
1247
+ */
1248
+ minutes?: pulumi.Input<number>;
1249
+ }
1250
+ export interface SecretRotationOracledbCredentialsSecretsMapping {
1251
+ /**
1252
+ * The name of the secret that the generated password will be mapped to.
1253
+ */
1254
+ password: pulumi.Input<string>;
1255
+ /**
1256
+ * The name of the secret that the active username will be mapped to.
1257
+ */
1258
+ username: pulumi.Input<string>;
1259
+ }
1260
+ export interface SecretRotationOracledbCredentialsTemporaryParameters {
1261
+ }
1262
+ export interface SecretRotationPostgresCredentialsParameters {
1263
+ /**
1264
+ * The username of the first login to rotate passwords for. This user must already exists in your database.
1265
+ */
1266
+ username1: pulumi.Input<string>;
1267
+ /**
1268
+ * The username of the second login to rotate passwords for. This user must already exists in your database.
1269
+ */
1270
+ username2: pulumi.Input<string>;
1271
+ }
1272
+ export interface SecretRotationPostgresCredentialsRotateAtUtc {
1273
+ /**
1274
+ * The hour at which the rotation should occur (UTC).
1275
+ */
1276
+ hours?: pulumi.Input<number>;
1277
+ /**
1278
+ * The minute at which the rotation should occur (UTC).
1279
+ */
1280
+ minutes?: pulumi.Input<number>;
1281
+ }
1282
+ export interface SecretRotationPostgresCredentialsSecretsMapping {
1283
+ /**
1284
+ * The name of the secret that the generated password will be mapped to.
1285
+ */
1286
+ password: pulumi.Input<string>;
1287
+ /**
1288
+ * The name of the secret that the active username will be mapped to.
1289
+ */
1290
+ username: pulumi.Input<string>;
1291
+ }
1292
+ export interface SecretRotationPostgresCredentialsTemporaryParameters {
1293
+ }
1294
+ export interface SecretSecretReminder {
1295
+ /**
1296
+ * Note for the secret rotation reminder
1297
+ */
1298
+ note?: pulumi.Input<string>;
1299
+ /**
1300
+ * Frequency of secret rotation reminder in days
1301
+ */
1302
+ repeatDays: pulumi.Input<number>;
1303
+ }
1304
+ export interface SecretSync1passwordDestinationConfig {
1305
+ /**
1306
+ * The label of the 1Password item field which will hold your secret value. For example, if you were to sync Infisical secret 'foo: bar', the 1Password item equivalent would have an item title of 'foo', and a field on that item 'value: bar'. The field label 'value' is what gets changed by this option
1307
+ */
1308
+ valueLabel?: pulumi.Input<string>;
1309
+ /**
1310
+ * The ID of the 1Password vault to sync secrets to
1311
+ */
1312
+ vaultId: pulumi.Input<string>;
1313
+ }
1314
+ export interface SecretSync1passwordSyncOptions {
1315
+ /**
1316
+ * When set to true, Infisical will not remove secrets from 1Password. Enable this option if you intend to manage some secrets manually outside of Infisical.
1317
+ */
1318
+ disableSecretDeletion?: pulumi.Input<boolean>;
1319
+ /**
1320
+ * Specify how Infisical should resolve the initial sync to the destination. Supported options: overwrite-destination, import-prioritize-source, import-prioritize-destination
1321
+ */
1322
+ initialSyncBehavior: pulumi.Input<string>;
1323
+ /**
1324
+ * The format to use for structuring secret keys in the 1Password destination.
1325
+ */
1326
+ keySchema?: pulumi.Input<string>;
1327
+ }
1328
+ export interface SecretSyncAwsParameterStoreDestinationConfig {
1329
+ /**
1330
+ * The AWS region of your AWS Parameter Store
1331
+ */
1332
+ awsRegion: pulumi.Input<string>;
1333
+ /**
1334
+ * The path in the AWS Parameter Store where the secrets will be stored, Example: /example/path/
1335
+ */
1336
+ path: pulumi.Input<string>;
1337
+ }
1338
+ export interface SecretSyncAwsParameterStoreSyncOptions {
1339
+ /**
1340
+ * The AWS KMS key ID to use for encryption
1341
+ */
1342
+ awsKmsKeyId?: pulumi.Input<string>;
1343
+ /**
1344
+ * When set to true, Infisical will not remove secrets from AWS Parameter Store. Enable this option if you intend to manage some secrets manually outside of Infisical.
1345
+ */
1346
+ disableSecretDeletion?: pulumi.Input<boolean>;
1347
+ /**
1348
+ * Specify how Infisical should resolve the initial sync to the destination. Supported options: overwrite-destination, import-prioritize-source, import-prioritize-destination
1349
+ */
1350
+ initialSyncBehavior: pulumi.Input<string>;
1351
+ /**
1352
+ * The format to use for structuring secret keys in the AWS Parameter Store destination.
1353
+ */
1354
+ keySchema?: pulumi.Input<string>;
1355
+ /**
1356
+ * Whether to sync the secret metadata as tags
1357
+ */
1358
+ syncSecretMetadataAsTags?: pulumi.Input<boolean>;
1359
+ /**
1360
+ * The tags to sync to the secret
1361
+ */
1362
+ tags?: pulumi.Input<pulumi.Input<inputs.SecretSyncAwsParameterStoreSyncOptionsTag>[]>;
1363
+ }
1364
+ export interface SecretSyncAwsParameterStoreSyncOptionsTag {
1365
+ /**
1366
+ * The key of the tag
1367
+ */
1368
+ key: pulumi.Input<string>;
1369
+ /**
1370
+ * The value of the tag
1371
+ */
1372
+ value: pulumi.Input<string>;
1373
+ }
1374
+ export interface SecretSyncAwsSecretsManagerDestinationConfig {
1375
+ /**
1376
+ * The AWS region of your AWS Secrets Manager
1377
+ */
1378
+ awsRegion: pulumi.Input<string>;
1379
+ /**
1380
+ * The name of the AWS secret to map to. This only applies when mapping_behavior is set to 'many-to-one'.
1381
+ */
1382
+ awsSecretsManagerSecretName?: pulumi.Input<string>;
1383
+ /**
1384
+ * The behavior of the mapping. Can be 'many-to-one' or 'one-to-one'. Many to One: All Infisical secrets will be mapped to a single AWS secret. One to One: Each Infisical secret will be mapped to its own AWS secret.
1385
+ */
1386
+ mappingBehavior?: pulumi.Input<string>;
1387
+ }
1388
+ export interface SecretSyncAwsSecretsManagerSyncOptions {
1389
+ /**
1390
+ * The AWS KMS key ID to use for encryption
1391
+ */
1392
+ awsKmsKeyId?: pulumi.Input<string>;
1393
+ /**
1394
+ * When set to true, Infisical will not remove secrets from AWS Secrets Manager. Enable this option if you intend to manage some secrets manually outside of Infisical.
1395
+ */
1396
+ disableSecretDeletion?: pulumi.Input<boolean>;
1397
+ /**
1398
+ * Specify how Infisical should resolve the initial sync to the destination. Supported options: overwrite-destination, import-prioritize-source, import-prioritize-destination
1399
+ */
1400
+ initialSyncBehavior: pulumi.Input<string>;
1401
+ /**
1402
+ * The format to use for structuring secret keys in the AWS Secrets Manager destination.
1403
+ */
1404
+ keySchema?: pulumi.Input<string>;
1405
+ /**
1406
+ * Whether to sync the secret metadata as tags. This is only supported for the 'one-to-one' mapping behavior.
1407
+ */
1408
+ syncSecretMetadataAsTags?: pulumi.Input<boolean>;
1409
+ /**
1410
+ * The tags to sync to the secret
1411
+ */
1412
+ tags?: pulumi.Input<pulumi.Input<inputs.SecretSyncAwsSecretsManagerSyncOptionsTag>[]>;
1413
+ }
1414
+ export interface SecretSyncAwsSecretsManagerSyncOptionsTag {
1415
+ /**
1416
+ * The key of the tag
1417
+ */
1418
+ key: pulumi.Input<string>;
1419
+ /**
1420
+ * The value of the tag
1421
+ */
1422
+ value: pulumi.Input<string>;
1423
+ }
1424
+ export interface SecretSyncAzureAppConfigurationDestinationConfig {
1425
+ /**
1426
+ * The URL of your Azure App Configuration
1427
+ */
1428
+ configurationUrl: pulumi.Input<string>;
1429
+ /**
1430
+ * The label to attach to secrets created in Azure App Configuration
1431
+ */
1432
+ label?: pulumi.Input<string>;
1433
+ }
1434
+ export interface SecretSyncAzureAppConfigurationSyncOptions {
1435
+ /**
1436
+ * When set to true, Infisical will not remove secrets from Azure App Configuration. Enable this option if you intend to manage some secrets manually outside of Infisical.
1437
+ */
1438
+ disableSecretDeletion?: pulumi.Input<boolean>;
1439
+ /**
1440
+ * Specify how Infisical should resolve the initial sync to the destination. Supported options: overwrite-destination, import-prioritize-source, import-prioritize-destination
1441
+ */
1442
+ initialSyncBehavior: pulumi.Input<string>;
1443
+ /**
1444
+ * The format to use for structuring secret keys in the Azure App Configuration destination.
1445
+ */
1446
+ keySchema?: pulumi.Input<string>;
1447
+ }
1448
+ export interface SecretSyncAzureDevopsDestinationConfig {
1449
+ /**
1450
+ * The ID of the Azure DevOps project to sync secrets to.
1451
+ */
1452
+ devopsProjectId: pulumi.Input<string>;
1453
+ }
1454
+ export interface SecretSyncAzureDevopsSyncOptions {
1455
+ /**
1456
+ * When set to true, Infisical will not remove secrets from Azure DevOps. Enable this option if you intend to manage some secrets manually outside of Infisical.
1457
+ */
1458
+ disableSecretDeletion?: pulumi.Input<boolean>;
1459
+ /**
1460
+ * The format to use for structuring secret keys in the Azure DevOps destination.
1461
+ */
1462
+ keySchema?: pulumi.Input<string>;
1463
+ }
1464
+ export interface SecretSyncAzureKeyVaultDestinationConfig {
1465
+ /**
1466
+ * The base URL of your Azure Key Vault
1467
+ */
1468
+ vaultBaseUrl: pulumi.Input<string>;
1469
+ }
1470
+ export interface SecretSyncAzureKeyVaultSyncOptions {
1471
+ /**
1472
+ * When set to true, Infisical will not remove secrets from Azure Key Vault. Enable this option if you intend to manage some secrets manually outside of Infisical.
1473
+ */
1474
+ disableSecretDeletion?: pulumi.Input<boolean>;
1475
+ /**
1476
+ * Specify how Infisical should resolve the initial sync to the destination. Supported options: overwrite-destination, import-prioritize-source, import-prioritize-destination
1477
+ */
1478
+ initialSyncBehavior: pulumi.Input<string>;
1479
+ /**
1480
+ * The format to use for structuring secret keys in the Azure Key Vault destination.
1481
+ */
1482
+ keySchema?: pulumi.Input<string>;
1483
+ }
1484
+ export interface SecretSyncBitbucketDestinationConfig {
1485
+ /**
1486
+ * The Bitbucket deployment environment ID (optional).
1487
+ */
1488
+ environmentId?: pulumi.Input<string>;
1489
+ /**
1490
+ * The Bitbucket repository slug to sync secrets to.
1491
+ */
1492
+ repositorySlug: pulumi.Input<string>;
1493
+ /**
1494
+ * The Bitbucket workspace slug.
1495
+ */
1496
+ workspaceSlug: pulumi.Input<string>;
1497
+ }
1498
+ export interface SecretSyncBitbucketSyncOptions {
1499
+ /**
1500
+ * When set to true, Infisical will not remove secrets from Bitbucket. Enable this option if you intend to manage some secrets manually outside of Infisical.
1501
+ */
1502
+ disableSecretDeletion?: pulumi.Input<boolean>;
1503
+ /**
1504
+ * Specify how Infisical should resolve the initial sync to the destination. Supported options: overwrite-destination
1505
+ */
1506
+ initialSyncBehavior: pulumi.Input<string>;
1507
+ /**
1508
+ * The format to use for structuring secret keys in the Bitbucket destination.
1509
+ */
1510
+ keySchema?: pulumi.Input<string>;
1511
+ }
1512
+ export interface SecretSyncCloudflarePagesDestinationConfig {
1513
+ /**
1514
+ * The Cloudflare Pages environment (production, preview) where the secrets will be synced
1515
+ */
1516
+ environment: pulumi.Input<string>;
1517
+ /**
1518
+ * The Cloudflare Pages project name where the secrets will be synced
1519
+ */
1520
+ projectName: pulumi.Input<string>;
1521
+ }
1522
+ export interface SecretSyncCloudflarePagesSyncOptions {
1523
+ /**
1524
+ * When set to true, Infisical will not remove secrets from Cloudflare Pages. Enable this option if you intend to manage some secrets manually outside of Infisical.
1525
+ */
1526
+ disableSecretDeletion?: pulumi.Input<boolean>;
1527
+ /**
1528
+ * Specify how Infisical should resolve the initial sync to the destination. Supported options: overwrite-destination, import-prioritize-source, import-prioritize-destination
1529
+ */
1530
+ initialSyncBehavior: pulumi.Input<string>;
1531
+ /**
1532
+ * The format to use for structuring secret keys in the Cloudflare Pages destination.
1533
+ */
1534
+ keySchema?: pulumi.Input<string>;
1535
+ }
1536
+ export interface SecretSyncCloudflareWorkersDestinationConfig {
1537
+ /**
1538
+ * The Cloudflare Workers script ID where the secrets will be synced
1539
+ */
1540
+ scriptId: pulumi.Input<string>;
1541
+ }
1542
+ export interface SecretSyncCloudflareWorkersSyncOptions {
1543
+ /**
1544
+ * When set to true, Infisical will not remove secrets from Cloudflare Workers. Enable this option if you intend to manage some secrets manually outside of Infisical.
1545
+ */
1546
+ disableSecretDeletion?: pulumi.Input<boolean>;
1547
+ /**
1548
+ * Specify how Infisical should resolve the initial sync to the destination. Supported options: overwrite-destination, import-prioritize-source, import-prioritize-destination
1549
+ */
1550
+ initialSyncBehavior: pulumi.Input<string>;
1551
+ /**
1552
+ * The format to use for structuring secret keys in the Cloudflare Workers destination.
1553
+ */
1554
+ keySchema?: pulumi.Input<string>;
1555
+ }
1556
+ export interface SecretSyncDatabricksDestinationConfig {
1557
+ /**
1558
+ * The Databricks secret scope to sync secrets to.
1559
+ */
1560
+ scope: pulumi.Input<string>;
1561
+ }
1562
+ export interface SecretSyncDatabricksSyncOptions {
1563
+ /**
1564
+ * When set to true, Infisical will not remove secrets from Databricks. Enable this option if you intend to manage some secrets manually outside of Infisical.
1565
+ */
1566
+ disableSecretDeletion?: pulumi.Input<boolean>;
1567
+ /**
1568
+ * Specify how Infisical should resolve the initial sync to the destination. Supported options: overwrite-destination
1569
+ */
1570
+ initialSyncBehavior: pulumi.Input<string>;
1571
+ /**
1572
+ * The format to use for structuring secret keys in the Databricks destination.
1573
+ */
1574
+ keySchema?: pulumi.Input<string>;
1575
+ }
1576
+ export interface SecretSyncFlyioDestinationConfig {
1577
+ /**
1578
+ * The Fly.io app ID to sync secrets to.
1579
+ */
1580
+ appId: pulumi.Input<string>;
1581
+ }
1582
+ export interface SecretSyncFlyioSyncOptions {
1583
+ /**
1584
+ * When set to true, Infisical will not remove secrets from Fly.io. Enable this option if you intend to manage some secrets manually outside of Infisical.
1585
+ */
1586
+ disableSecretDeletion?: pulumi.Input<boolean>;
1587
+ /**
1588
+ * Specify how Infisical should resolve the initial sync to the destination. Supported options: overwrite-destination
1589
+ */
1590
+ initialSyncBehavior: pulumi.Input<string>;
1591
+ /**
1592
+ * The format to use for structuring secret keys in the Fly.io destination.
1593
+ */
1594
+ keySchema?: pulumi.Input<string>;
1595
+ }
1596
+ export interface SecretSyncGcpSecretManagerDestinationConfig {
1597
+ /**
1598
+ * The ID of the GCP project to sync with
1599
+ */
1600
+ projectId: pulumi.Input<string>;
1601
+ /**
1602
+ * The scope of the sync with GCP Secret Manager. Supported options: global
1603
+ */
1604
+ scope?: pulumi.Input<string>;
1605
+ }
1606
+ export interface SecretSyncGcpSecretManagerSyncOptions {
1607
+ /**
1608
+ * When set to true, Infisical will not remove secrets from GCP Secret Manager. Enable this option if you intend to manage some secrets manually outside of Infisical.
1609
+ */
1610
+ disableSecretDeletion?: pulumi.Input<boolean>;
1611
+ /**
1612
+ * Specify how Infisical should resolve the initial sync to the destination. Supported options: overwrite-destination, import-prioritize-source, import-prioritize-destination
1613
+ */
1614
+ initialSyncBehavior: pulumi.Input<string>;
1615
+ /**
1616
+ * The format to use for structuring secret keys in the GCP Secret Manager destination.
1617
+ */
1618
+ keySchema?: pulumi.Input<string>;
1619
+ }
1620
+ export interface SecretSyncGithubDestinationConfig {
1621
+ /**
1622
+ * The environment to sync the secrets to, required if scope is `repository-environment`
1623
+ */
1624
+ repositoryEnvironment?: pulumi.Input<string>;
1625
+ /**
1626
+ * The repository to sync the secrets to, required if scope is `repository` or `repository-environment`. This is only the name of the repository, without the repository owner included. As an example if you have a repository called Infisical/go-sdk, you would only need to provide `go-sdk` here.
1627
+ */
1628
+ repositoryName?: pulumi.Input<string>;
1629
+ /**
1630
+ * The owner of the Github repository, required if scope is `repository`, `repository-environment`, or `organization`. This is the organization name, or the username for personal repositories. As an example if you have a repository called Infisical/go-sdk, you would only need to provide `Infisical` here.
1631
+ */
1632
+ repositoryOwner?: pulumi.Input<string>;
1633
+ /**
1634
+ * The scope to sync the secrets to, repository|organization
1635
+ */
1636
+ scope: pulumi.Input<string>;
1637
+ /**
1638
+ * The repository ids to sync the secrets to, required if scope is `organization` and the visibility field is set to `selected`
1639
+ */
1640
+ selectedRepositoryIds?: pulumi.Input<pulumi.Input<number>[]>;
1641
+ /**
1642
+ * The visibility of the Github repository, required if scope is `organization`. Accepted values are: `all`|`private`|`selected`
1643
+ */
1644
+ visibility?: pulumi.Input<string>;
1645
+ }
1646
+ export interface SecretSyncGithubSyncOptions {
1647
+ /**
1648
+ * When set to true, Infisical will not remove secrets from Github. Enable this option if you intend to manage some secrets manually outside of Infisical.
1649
+ */
1650
+ disableSecretDeletion?: pulumi.Input<boolean>;
1651
+ /**
1652
+ * Specify how Infisical should resolve the initial sync to the destination. Supported options: overwrite-destination
1653
+ */
1654
+ initialSyncBehavior: pulumi.Input<string>;
1655
+ /**
1656
+ * The format to use for structuring secret keys in the Github destination.
1657
+ */
1658
+ keySchema?: pulumi.Input<string>;
1659
+ }
1660
+ export interface SecretSyncGitlabDestinationConfig {
1661
+ /**
1662
+ * The GitLab Group ID to sync secrets to. Required when scope is 'group'.
1663
+ */
1664
+ groupId?: pulumi.Input<string>;
1665
+ /**
1666
+ * The GitLab Group Name to sync secrets to. Optional when scope is 'group'.
1667
+ */
1668
+ groupName?: pulumi.Input<string>;
1669
+ /**
1670
+ * The GitLab Project ID to sync secrets to. Required when scope is 'project'.
1671
+ */
1672
+ projectId?: pulumi.Input<string>;
1673
+ /**
1674
+ * The GitLab Project Name to sync secrets to. Optional when scope is 'project'.
1675
+ */
1676
+ projectName?: pulumi.Input<string>;
1677
+ /**
1678
+ * The GitLab scope that secrets should be synced to. Supported options: 'project', 'group'
1679
+ */
1680
+ scope: pulumi.Input<string>;
1681
+ /**
1682
+ * Whether variables should be hidden
1683
+ */
1684
+ shouldHideSecrets?: pulumi.Input<boolean>;
1685
+ /**
1686
+ * Whether variables should be masked in logs
1687
+ */
1688
+ shouldMaskSecrets?: pulumi.Input<boolean>;
1689
+ /**
1690
+ * Whether variables should be protected
1691
+ */
1692
+ shouldProtectSecrets?: pulumi.Input<boolean>;
1693
+ /**
1694
+ * The GitLab environment scope that secrets should be synced to. (default: *)
1695
+ */
1696
+ targetEnvironment: pulumi.Input<string>;
1697
+ }
1698
+ export interface SecretSyncGitlabSyncOptions {
1699
+ /**
1700
+ * When set to true, Infisical will not remove secrets from GitLab. Enable this option if you intend to manage some secrets manually outside of Infisical.
1701
+ */
1702
+ disableSecretDeletion?: pulumi.Input<boolean>;
1703
+ /**
1704
+ * Specify how Infisical should resolve the initial sync to the destination. Supported options: overwrite-destination
1705
+ */
1706
+ initialSyncBehavior: pulumi.Input<string>;
1707
+ /**
1708
+ * The format to use for structuring secret keys in the GitLab destination.
1709
+ */
1710
+ keySchema?: pulumi.Input<string>;
1711
+ }
1712
+ export interface SecretSyncRenderDestinationConfig {
1713
+ /**
1714
+ * The Render scope that secrets should be synced to. Supported options: service
1715
+ */
1716
+ scope: pulumi.Input<string>;
1717
+ /**
1718
+ * The ID of the Render service to sync secrets to.
1719
+ */
1720
+ serviceId: pulumi.Input<string>;
1721
+ /**
1722
+ * The Render resource type to sync secrets to. Supported options: env, file
1723
+ */
1724
+ type: pulumi.Input<string>;
1725
+ }
1726
+ export interface SecretSyncRenderSyncOptions {
1727
+ /**
1728
+ * When set to true, Infisical will not remove secrets from Render. Enable this option if you intend to manage some secrets manually outside of Infisical.
1729
+ */
1730
+ disableSecretDeletion?: pulumi.Input<boolean>;
1731
+ /**
1732
+ * Specify how Infisical should resolve the initial sync to the destination. Supported options: overwrite-destination
1733
+ */
1734
+ initialSyncBehavior: pulumi.Input<string>;
1735
+ /**
1736
+ * The format to use for structuring secret keys in the Render destination.
1737
+ */
1738
+ keySchema?: pulumi.Input<string>;
1739
+ }
1740
+ export interface SecretSyncSupabaseDestinationConfig {
1741
+ /**
1742
+ * The Supabase project ID to sync secrets to.
1743
+ */
1744
+ projectId: pulumi.Input<string>;
1745
+ /**
1746
+ * The Supabase project name (optional).
1747
+ */
1748
+ projectName?: pulumi.Input<string>;
1749
+ }
1750
+ export interface SecretSyncSupabaseSyncOptions {
1751
+ /**
1752
+ * When set to true, Infisical will not remove secrets from Supabase. Enable this option if you intend to manage some secrets manually outside of Infisical.
1753
+ */
1754
+ disableSecretDeletion?: pulumi.Input<boolean>;
1755
+ /**
1756
+ * Specify how Infisical should resolve the initial sync to the destination. Supported options: overwrite-destination
1757
+ */
1758
+ initialSyncBehavior: pulumi.Input<string>;
1759
+ /**
1760
+ * The format to use for structuring secret keys in the Supabase destination.
1761
+ */
1762
+ keySchema?: pulumi.Input<string>;
1763
+ }
1764
+ export declare namespace config {
1765
+ }
1766
+ //# sourceMappingURL=input.d.ts.map