pulumi-vault 5.19.0a1705621752__py3-none-any.whl → 5.20.0__py3-none-any.whl

pulumi_vault/identity/group_alias.py

@@ -199,16 +199,16 @@ class GroupAlias(pulumi.CustomResource):
 
         ## Import
 
-        The group alias can be imported with the group alias `id`, for example
+        The group alias can be imported with the group alias `id`, for example:
 
         ```sh
-         $ pulumi import vault:identity/groupAlias:GroupAlias group-alias id
+        $ pulumi import vault:identity/groupAlias:GroupAlias group-alias id
         ```
 
          Group aliases can also be imported using the UUID of the alias record, e.g.
 
         ```sh
-         $ pulumi import vault:identity/groupAlias:GroupAlias alias_name 63104e20-88e4-11eb-8d04-cf7ac9d60157
+        $ pulumi import vault:identity/groupAlias:GroupAlias alias_name 63104e20-88e4-11eb-8d04-cf7ac9d60157
         ```
 
         :param str resource_name: The name of the resource.
@@ -252,16 +252,16 @@ class GroupAlias(pulumi.CustomResource):
 
         ## Import
 
-        The group alias can be imported with the group alias `id`, for example
+        The group alias can be imported with the group alias `id`, for example:
 
         ```sh
-         $ pulumi import vault:identity/groupAlias:GroupAlias group-alias id
+        $ pulumi import vault:identity/groupAlias:GroupAlias group-alias id
         ```
 
          Group aliases can also be imported using the UUID of the alias record, e.g.
 
         ```sh
-         $ pulumi import vault:identity/groupAlias:GroupAlias alias_name 63104e20-88e4-11eb-8d04-cf7ac9d60157
+        $ pulumi import vault:identity/groupAlias:GroupAlias alias_name 63104e20-88e4-11eb-8d04-cf7ac9d60157
         ```
 
         :param str resource_name: The name of the resource.

pulumi_vault/kubernetes/secret_backend_role.py

@@ -633,10 +633,12 @@ class SecretBackendRole(pulumi.CustomResource):
 
         ## Import
 
-        The Kubernetes secret backend role can be imported using the full path to the role of the form`<backend_path>/roles/<role_name>` e.g.
+        The Kubernetes secret backend role can be imported using the full path to the role
+
+         of the form: `<backend_path>/roles/<role_name>` e.g.
 
         ```sh
-         $ pulumi import vault:kubernetes/secretBackendRole:SecretBackendRole example kubernetes kubernetes/roles/example-role
+        $ pulumi import vault:kubernetes/secretBackendRole:SecretBackendRole example kubernetes kubernetes/roles/example-role
         ```
 
         :param str resource_name: The name of the resource.
@@ -777,10 +779,12 @@ class SecretBackendRole(pulumi.CustomResource):
 
         ## Import
 
-        The Kubernetes secret backend role can be imported using the full path to the role of the form`<backend_path>/roles/<role_name>` e.g.
+        The Kubernetes secret backend role can be imported using the full path to the role
+
+         of the form: `<backend_path>/roles/<role_name>` e.g.
 
         ```sh
-         $ pulumi import vault:kubernetes/secretBackendRole:SecretBackendRole example kubernetes kubernetes/roles/example-role
+        $ pulumi import vault:kubernetes/secretBackendRole:SecretBackendRole example kubernetes kubernetes/roles/example-role
         ```
 
         :param str resource_name: The name of the resource.

pulumi_vault/kv/_inputs.py

@@ -21,10 +21,13 @@ class SecretV2CustomMetadataArgs:
                  delete_version_after: Optional[pulumi.Input[int]] = None,
                  max_versions: Optional[pulumi.Input[int]] = None):
         """
+        :param pulumi.Input[bool] cas_required: If true, all keys will require the cas parameter to be set on all write requests.
         :param pulumi.Input[Mapping[str, Any]] data: A mapping whose keys are the top-level data keys returned from
                Vault and whose values are the corresponding values. This map can only
                represent string data, so any non-string values returned from Vault are
                serialized as JSON.
+        :param pulumi.Input[int] delete_version_after: If set, specifies the length of time before a version is deleted.
+        :param pulumi.Input[int] max_versions: The number of versions to keep per key.
         """
         if cas_required is not None:
             pulumi.set(__self__, "cas_required", cas_required)
@@ -38,6 +41,9 @@ class SecretV2CustomMetadataArgs:
     @property
     @pulumi.getter(name="casRequired")
     def cas_required(self) -> Optional[pulumi.Input[bool]]:
+        """
+        If true, all keys will require the cas parameter to be set on all write requests.
+        """
         return pulumi.get(self, "cas_required")
 
     @cas_required.setter
@@ -62,6 +68,9 @@ class SecretV2CustomMetadataArgs:
     @property
     @pulumi.getter(name="deleteVersionAfter")
     def delete_version_after(self) -> Optional[pulumi.Input[int]]:
+        """
+        If set, specifies the length of time before a version is deleted.
+        """
         return pulumi.get(self, "delete_version_after")
 
     @delete_version_after.setter
@@ -71,6 +80,9 @@ class SecretV2CustomMetadataArgs:
     @property
     @pulumi.getter(name="maxVersions")
     def max_versions(self) -> Optional[pulumi.Input[int]]:
+        """
+        The number of versions to keep per key.
+        """
         return pulumi.get(self, "max_versions")
 
     @max_versions.setter

pulumi_vault/kv/outputs.py

@@ -42,10 +42,13 @@ class SecretV2CustomMetadata(dict):
                  delete_version_after: Optional[int] = None,
                  max_versions: Optional[int] = None):
         """
+        :param bool cas_required: If true, all keys will require the cas parameter to be set on all write requests.
         :param Mapping[str, Any] data: A mapping whose keys are the top-level data keys returned from
                Vault and whose values are the corresponding values. This map can only
                represent string data, so any non-string values returned from Vault are
                serialized as JSON.
+        :param int delete_version_after: If set, specifies the length of time before a version is deleted.
+        :param int max_versions: The number of versions to keep per key.
         """
         if cas_required is not None:
             pulumi.set(__self__, "cas_required", cas_required)
@@ -59,6 +62,9 @@ class SecretV2CustomMetadata(dict):
     @property
     @pulumi.getter(name="casRequired")
     def cas_required(self) -> Optional[bool]:
+        """
+        If true, all keys will require the cas parameter to be set on all write requests.
+        """
         return pulumi.get(self, "cas_required")
 
     @property
@@ -75,11 +81,17 @@ class SecretV2CustomMetadata(dict):
     @property
     @pulumi.getter(name="deleteVersionAfter")
     def delete_version_after(self) -> Optional[int]:
+        """
+        If set, specifies the length of time before a version is deleted.
+        """
         return pulumi.get(self, "delete_version_after")
 
     @property
     @pulumi.getter(name="maxVersions")
     def max_versions(self) -> Optional[int]:
+        """
+        The number of versions to keep per key.
+        """
         return pulumi.get(self, "max_versions")
 
 

pulumi_vault/ldap/secret_backend_dynamic_role.py

@@ -453,7 +453,7 @@ class SecretBackendDynamicRole(pulumi.CustomResource):
 
         ## Import
 
-        LDAP secret backend dynamic role can be imported using the full path to the role of the form`<mount_path>/dynamic-role/<role_name>` e.g.
+        LDAP secret backend dynamic role can be imported using the full path to the role of the form: `<mount_path>/dynamic-role/<role_name>` e.g.
 
         ```sh
          $ pulumi import vault:ldap/secretBackendDynamicRole:SecretBackendDynamicRole role ldap/role/dynamic-role
@@ -534,7 +534,7 @@ class SecretBackendDynamicRole(pulumi.CustomResource):
 
         ## Import
 
-        LDAP secret backend dynamic role can be imported using the full path to the role of the form`<mount_path>/dynamic-role/<role_name>` e.g.
+        LDAP secret backend dynamic role can be imported using the full path to the role of the form: `<mount_path>/dynamic-role/<role_name>` e.g.
 
         ```sh
          $ pulumi import vault:ldap/secretBackendDynamicRole:SecretBackendDynamicRole role ldap/role/dynamic-role

pulumi_vault/ldap/secret_backend_static_role.py

@@ -276,7 +276,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
 
         ## Import
 
-        LDAP secret backend static role can be imported using the full path to the role of the form`<mount_path>/static-role/<role_name>` e.g.
+        LDAP secret backend static role can be imported using the full path to the role of the form: `<mount_path>/static-role/<role_name>` e.g.
 
         ```sh
          $ pulumi import vault:ldap/secretBackendStaticRole:SecretBackendStaticRole role ldap/static-role/example-role
@@ -327,7 +327,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
 
         ## Import
 
-        LDAP secret backend static role can be imported using the full path to the role of the form`<mount_path>/static-role/<role_name>` e.g.
+        LDAP secret backend static role can be imported using the full path to the role of the form: `<mount_path>/static-role/<role_name>` e.g.
 
         ```sh
          $ pulumi import vault:ldap/secretBackendStaticRole:SecretBackendStaticRole role ldap/static-role/example-role

pulumi_vault/managed/_inputs.py

@@ -53,6 +53,7 @@ class KeysAwArgs:
                is `ECDSA`. Required if `allow_generate_key` is `true`.
         :param pulumi.Input[str] endpoint: Used to specify a custom AWS endpoint.
         :param pulumi.Input[str] region: The AWS region where the keys are stored (or will be stored).
+        :param pulumi.Input[str] uuid: ID of the managed key read from Vault
         """
         pulumi.set(__self__, "access_key", access_key)
         pulumi.set(__self__, "key_bits", key_bits)
@@ -243,6 +244,9 @@ class KeysAwArgs:
     @property
     @pulumi.getter
     def uuid(self) -> Optional[pulumi.Input[str]]:
+        """
+        ID of the managed key read from Vault
+        """
         return pulumi.get(self, "uuid")
 
     @uuid.setter
@@ -289,6 +293,7 @@ class KeysAzureArgs:
         :param pulumi.Input[str] environment: The Azure Cloud environment API endpoints to use.
         :param pulumi.Input[str] key_bits: The size in bits for an RSA key.
         :param pulumi.Input[str] resource: The Azure Key Vault resource's DNS Suffix to connect to.
+        :param pulumi.Input[str] uuid: ID of the managed key read from Vault
         """
         pulumi.set(__self__, "client_id", client_id)
         pulumi.set(__self__, "client_secret", client_secret)
@@ -491,6 +496,9 @@ class KeysAzureArgs:
     @property
     @pulumi.getter
     def uuid(self) -> Optional[pulumi.Input[str]]:
+        """
+        ID of the managed key read from Vault
+        """
         return pulumi.get(self, "uuid")
 
     @uuid.setter
@@ -544,6 +552,7 @@ class KeysPkcArgs:
         :param pulumi.Input[str] slot: The slot number to use, specified as a string in a decimal format
                (e.g. `2305843009213693953`).
         :param pulumi.Input[str] token_label: The slot token label to use.
+        :param pulumi.Input[str] uuid: ID of the managed key read from Vault
         """
         pulumi.set(__self__, "key_id", key_id)
         pulumi.set(__self__, "key_label", key_label)
@@ -766,6 +775,9 @@ class KeysPkcArgs:
     @property
     @pulumi.getter
     def uuid(self) -> Optional[pulumi.Input[str]]:
+        """
+        ID of the managed key read from Vault
+        """
         return pulumi.get(self, "uuid")
 
     @uuid.setter

pulumi_vault/managed/keys.py

@@ -180,6 +180,16 @@ class Keys(pulumi.CustomResource):
                  pkcs: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KeysPkcArgs']]]]] = None,
                  __props__=None):
         """
+        A resource that manages the lifecycle of all [Managed Keys](https://www.vaultproject.io/docs/enterprise/managed-keys) in Vault.
+
+        **Note** this feature is available only with Vault Enterprise.
+
+        ## Caveats
+
+        This single resource handles the lifecycle of _all_ the managed keys that must be created in Vault.
+        There can only be one such resource in the TF state, and if there are already provisioned managed
+        keys in Vault, we recommend using `pulumi import` instead.
+
         ## Import
 
         Mounts can be imported using the `id` of `default`, e.g.
@@ -205,6 +215,16 @@ class Keys(pulumi.CustomResource):
                  args: Optional[KeysArgs] = None,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
+        A resource that manages the lifecycle of all [Managed Keys](https://www.vaultproject.io/docs/enterprise/managed-keys) in Vault.
+
+        **Note** this feature is available only with Vault Enterprise.
+
+        ## Caveats
+
+        This single resource handles the lifecycle of _all_ the managed keys that must be created in Vault.
+        There can only be one such resource in the TF state, and if there are already provisioned managed
+        keys in Vault, we recommend using `pulumi import` instead.
+
         ## Import
 
         Mounts can be imported using the `id` of `default`, e.g.

pulumi_vault/managed/outputs.py

@@ -86,6 +86,7 @@ class KeysAw(dict):
                is `ECDSA`. Required if `allow_generate_key` is `true`.
         :param str endpoint: Used to specify a custom AWS endpoint.
         :param str region: The AWS region where the keys are stored (or will be stored).
+        :param str uuid: ID of the managed key read from Vault
         """
         pulumi.set(__self__, "access_key", access_key)
         pulumi.set(__self__, "key_bits", key_bits)
@@ -224,6 +225,9 @@ class KeysAw(dict):
     @property
     @pulumi.getter
     def uuid(self) -> Optional[str]:
+        """
+        ID of the managed key read from Vault
+        """
         return pulumi.get(self, "uuid")
 
 
@@ -303,6 +307,7 @@ class KeysAzure(dict):
         :param str environment: The Azure Cloud environment API endpoints to use.
         :param str key_bits: The size in bits for an RSA key.
         :param str resource: The Azure Key Vault resource's DNS Suffix to connect to.
+        :param str uuid: ID of the managed key read from Vault
         """
         pulumi.set(__self__, "client_id", client_id)
         pulumi.set(__self__, "client_secret", client_secret)
@@ -449,6 +454,9 @@ class KeysAzure(dict):
     @property
     @pulumi.getter
     def uuid(self) -> Optional[str]:
+        """
+        ID of the managed key read from Vault
+        """
         return pulumi.get(self, "uuid")
 
 
@@ -531,6 +539,7 @@ class KeysPkc(dict):
         :param str slot: The slot number to use, specified as a string in a decimal format
                (e.g. `2305843009213693953`).
         :param str token_label: The slot token label to use.
+        :param str uuid: ID of the managed key read from Vault
         """
         pulumi.set(__self__, "key_id", key_id)
         pulumi.set(__self__, "key_label", key_label)
@@ -693,6 +702,9 @@ class KeysPkc(dict):
     @property
     @pulumi.getter
     def uuid(self) -> Optional[str]:
+        """
+        ID of the managed key read from Vault
+        """
         return pulumi.get(self, "uuid")
 
 

pulumi_vault/mongodbatlas/secret_role.py

@@ -443,7 +443,7 @@ class SecretRole(pulumi.CustomResource):
 
         ## Import
 
-        The MongoDB Atlas secret role can be imported using the full path to the role of the form`<mount_path>/roles/<role_name>` e.g.
+        The MongoDB Atlas secret role can be imported using the full path to the role of the form: `<mount_path>/roles/<role_name>` e.g.
 
         ```sh
          $ pulumi import vault:mongodbatlas/secretRole:SecretRole example mongodbatlas/roles/example-role
@@ -503,7 +503,7 @@ class SecretRole(pulumi.CustomResource):
 
         ## Import
 
-        The MongoDB Atlas secret role can be imported using the full path to the role of the form`<mount_path>/roles/<role_name>` e.g.
+        The MongoDB Atlas secret role can be imported using the full path to the role of the form: `<mount_path>/roles/<role_name>` e.g.
 
         ```sh
          $ pulumi import vault:mongodbatlas/secretRole:SecretRole example mongodbatlas/roles/example-role

pulumi_vault/namespace.py

@@ -206,10 +206,14 @@ class Namespace(pulumi.CustomResource):
         Namespaces can be imported using its `name` as accessor id
 
         ```sh
-         $ pulumi import vault:index/namespace:Namespace example <name>
+        $ pulumi import vault:index/namespace:Namespace example <name>
         ```
 
-         If the declared resource is imported and intends to support namespaces using a provider alias, then the name is relative to the namespace path. hcl provider "vault" {
+         If the declared resource is imported and intends to support namespaces using a provider alias, then the name is relative to the namespace path.
+
+         hcl
+
+         provider "vault" {
 
         # Configuration options
 
@@ -217,19 +221,29 @@ class Namespace(pulumi.CustomResource):
 
          alias
 
-         = "example" } resource "vault_namespace" "example2" {
+         = "example"
+
+         }
+
+         resource "vault_namespace" "example2" {
 
          provider = vault.example
 
          path
 
-         = "example2" }
+         = "example2"
+
+         }
 
         ```sh
-         $ pulumi import vault:index/namespace:Namespace example2 example2
+        $ pulumi import vault:index/namespace:Namespace example2 example2
         ```
 
-         $ terraform state show vault_namespace.example2 vault_namespace.example2resource "vault_namespace" "example2" {
+         $ terraform state show vault_namespace.example2
+
+         vault_namespace.example2:
+
+         resource "vault_namespace" "example2" {
 
          id
 
@@ -243,7 +257,9 @@ class Namespace(pulumi.CustomResource):
 
          path_fq
 
-        = "example2" }
+        = "example2"
+
+         }
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
@@ -269,10 +285,14 @@ class Namespace(pulumi.CustomResource):
         Namespaces can be imported using its `name` as accessor id
 
         ```sh
-         $ pulumi import vault:index/namespace:Namespace example <name>
+        $ pulumi import vault:index/namespace:Namespace example <name>
         ```
 
-         If the declared resource is imported and intends to support namespaces using a provider alias, then the name is relative to the namespace path. hcl provider "vault" {
+         If the declared resource is imported and intends to support namespaces using a provider alias, then the name is relative to the namespace path.
+
+         hcl
+
+         provider "vault" {
 
         # Configuration options
 
@@ -280,19 +300,29 @@ class Namespace(pulumi.CustomResource):
 
          alias
 
-         = "example" } resource "vault_namespace" "example2" {
+         = "example"
+
+         }
+
+         resource "vault_namespace" "example2" {
 
          provider = vault.example
 
          path
 
-         = "example2" }
+         = "example2"
+
+         }
 
         ```sh
-         $ pulumi import vault:index/namespace:Namespace example2 example2
+        $ pulumi import vault:index/namespace:Namespace example2 example2
         ```
 
-         $ terraform state show vault_namespace.example2 vault_namespace.example2resource "vault_namespace" "example2" {
+         $ terraform state show vault_namespace.example2
+
+         vault_namespace.example2:
+
+         resource "vault_namespace" "example2" {
 
          id
 
@@ -306,7 +336,9 @@ class Namespace(pulumi.CustomResource):
 
          path_fq
 
-        = "example2" }
+        = "example2"
+
+         }
 
         :param str resource_name: The name of the resource.
         :param NamespaceArgs args: The arguments to use to populate this resource's properties.

pulumi_vault/pkisecret/secret_backend_config_issuers.py

@@ -185,9 +185,6 @@ class SecretBackendConfigIssuers(pulumi.CustomResource):
                  namespace: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
-        Allows setting the value of the default issuer. For more information, see the
-        [Vault documentation](https://developer.hashicorp.com/vault/api-docs/secret/pki#set-issuers-configuration)
-
         ## Example Usage
 
         ```python
@@ -241,9 +238,6 @@ class SecretBackendConfigIssuers(pulumi.CustomResource):
                  args: SecretBackendConfigIssuersArgs,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
-        Allows setting the value of the default issuer. For more information, see the
-        [Vault documentation](https://developer.hashicorp.com/vault/api-docs/secret/pki#set-issuers-configuration)
-
         ## Example Usage
 
         ```python

pulumi_vault/pkisecret/secret_backend_issuer.py

@@ -484,11 +484,6 @@ class SecretBackendIssuer(pulumi.CustomResource):
                  usage: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
-        Manages the lifecycle of an existing issuer on a PKI Secret Backend. This resource does not
-        create issuers. It instead tracks and performs updates made to an existing issuer that was
-        created by one of the PKI generate endpoints. For more information, see the
-        [Vault documentation](https://developer.hashicorp.com/vault/api-docs/secret/pki#managing-keys-and-issuers)
-
         ## Example Usage
 
         ```python
@@ -551,11 +546,6 @@ class SecretBackendIssuer(pulumi.CustomResource):
                  args: SecretBackendIssuerArgs,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
-        Manages the lifecycle of an existing issuer on a PKI Secret Backend. This resource does not
-        create issuers. It instead tracks and performs updates made to an existing issuer that was
-        created by one of the PKI generate endpoints. For more information, see the
-        [Vault documentation](https://developer.hashicorp.com/vault/api-docs/secret/pki#managing-keys-and-issuers)
-
         ## Example Usage
 
         ```python

pulumi_vault/pkisecret/secret_backend_role.py

@@ -106,7 +106,7 @@ class SecretBackendRoleArgs:
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
-        :param pulumi.Input[str] not_before_duration: Specifies the [duration](https://developer.hashicorp.com/vault/docs/concepts/duration-format) by which to backdate the NotBefore property.
+        :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] organization_unit: The organization unit of generated certificates
         :param pulumi.Input[Sequence[pulumi.Input[str]]] organizations: The organization of generated certificates
         :param pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
@@ -621,7 +621,7 @@ class SecretBackendRoleArgs:
     @pulumi.getter(name="notBeforeDuration")
     def not_before_duration(self) -> Optional[pulumi.Input[str]]:
         """
-        Specifies the [duration](https://developer.hashicorp.com/vault/docs/concepts/duration-format) by which to backdate the NotBefore property.
+        Specifies the duration by which to backdate the NotBefore property.
         """
         return pulumi.get(self, "not_before_duration")
 
@@ -867,7 +867,7 @@ class _SecretBackendRoleState:
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
-        :param pulumi.Input[str] not_before_duration: Specifies the [duration](https://developer.hashicorp.com/vault/docs/concepts/duration-format) by which to backdate the NotBefore property.
+        :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] organization_unit: The organization unit of generated certificates
         :param pulumi.Input[Sequence[pulumi.Input[str]]] organizations: The organization of generated certificates
         :param pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
@@ -1383,7 +1383,7 @@ class _SecretBackendRoleState:
     @pulumi.getter(name="notBeforeDuration")
     def not_before_duration(self) -> Optional[pulumi.Input[str]]:
         """
-        Specifies the [duration](https://developer.hashicorp.com/vault/docs/concepts/duration-format) by which to backdate the NotBefore property.
+        Specifies the duration by which to backdate the NotBefore property.
         """
         return pulumi.get(self, "not_before_duration")
 
@@ -1667,7 +1667,7 @@ class SecretBackendRole(pulumi.CustomResource):
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
-        :param pulumi.Input[str] not_before_duration: Specifies the [duration](https://developer.hashicorp.com/vault/docs/concepts/duration-format) by which to backdate the NotBefore property.
+        :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] organization_unit: The organization unit of generated certificates
         :param pulumi.Input[Sequence[pulumi.Input[str]]] organizations: The organization of generated certificates
         :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretBackendRolePolicyIdentifierArgs']]]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
@@ -1945,7 +1945,7 @@ class SecretBackendRole(pulumi.CustomResource):
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
-        :param pulumi.Input[str] not_before_duration: Specifies the [duration](https://developer.hashicorp.com/vault/docs/concepts/duration-format) by which to backdate the NotBefore property.
+        :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] organization_unit: The organization unit of generated certificates
         :param pulumi.Input[Sequence[pulumi.Input[str]]] organizations: The organization of generated certificates
         :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretBackendRolePolicyIdentifierArgs']]]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
@@ -2288,7 +2288,7 @@ class SecretBackendRole(pulumi.CustomResource):
     @pulumi.getter(name="notBeforeDuration")
     def not_before_duration(self) -> pulumi.Output[str]:
         """
-        Specifies the [duration](https://developer.hashicorp.com/vault/docs/concepts/duration-format) by which to backdate the NotBefore property.
+        Specifies the duration by which to backdate the NotBefore property.
         """
         return pulumi.get(self, "not_before_duration")