pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0__py3-none-any.whl

pulumi_vault/aws/secret_backend.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = ['SecretBackendArgs', 'SecretBackend']
@@ -30,6 +35,9 @@ class SecretBackendArgs:
                  role_arn: Optional[pulumi.Input[str]] = None,
                  secret_key: Optional[pulumi.Input[str]] = None,
                  sts_endpoint: Optional[pulumi.Input[str]] = None,
+                 sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 sts_fallback_regions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 sts_region: Optional[pulumi.Input[str]] = None,
                  username_template: Optional[pulumi.Input[str]] = None):
         """
         The set of arguments for constructing a SecretBackend resource.
@@ -49,14 +57,26 @@ class SecretBackendArgs:
                for credentials issued by this backend.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
                not begin or end with a `/`. Defaults to `aws`.
         :param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
         :param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
+               
+               ```
+               {{ if (eq .Type "STS") }}
+               {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
+               {{ else }}
+               {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
+               {{ end }}
+               
+               ```
         :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
         :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
+        :param pulumi.Input[str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
         :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
         """
         if access_key is not None:
@@ -91,6 +111,12 @@ class SecretBackendArgs:
             pulumi.set(__self__, "secret_key", secret_key)
         if sts_endpoint is not None:
             pulumi.set(__self__, "sts_endpoint", sts_endpoint)
+        if sts_fallback_endpoints is not None:
+            pulumi.set(__self__, "sts_fallback_endpoints", sts_fallback_endpoints)
+        if sts_fallback_regions is not None:
+            pulumi.set(__self__, "sts_fallback_regions", sts_fallback_regions)
+        if sts_region is not None:
+            pulumi.set(__self__, "sts_region", sts_region)
         if username_template is not None:
             pulumi.set(__self__, "username_template", username_template)
 
@@ -224,7 +250,7 @@ class SecretBackendArgs:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -263,6 +289,15 @@ class SecretBackendArgs:
     def role_arn(self) -> Optional[pulumi.Input[str]]:
         """
         Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
+
+        ```
+        {{ if (eq .Type "STS") }}
+        {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
+        {{ else }}
+        {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
+        {{ end }}
+
+        ```
         """
         return pulumi.get(self, "role_arn")
 
@@ -294,6 +329,42 @@ class SecretBackendArgs:
     def sts_endpoint(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "sts_endpoint", value)
 
+    @property
+    @pulumi.getter(name="stsFallbackEndpoints")
+    def sts_fallback_endpoints(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_fallback_endpoints")
+
+    @sts_fallback_endpoints.setter
+    def sts_fallback_endpoints(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "sts_fallback_endpoints", value)
+
+    @property
+    @pulumi.getter(name="stsFallbackRegions")
+    def sts_fallback_regions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_fallback_regions")
+
+    @sts_fallback_regions.setter
+    def sts_fallback_regions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "sts_fallback_regions", value)
+
+    @property
+    @pulumi.getter(name="stsRegion")
+    def sts_region(self) -> Optional[pulumi.Input[str]]:
+        """
+        Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_region")
+
+    @sts_region.setter
+    def sts_region(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "sts_region", value)
+
     @property
     @pulumi.getter(name="usernameTemplate")
     def username_template(self) -> Optional[pulumi.Input[str]]:
@@ -326,6 +397,9 @@ class _SecretBackendState:
                  role_arn: Optional[pulumi.Input[str]] = None,
                  secret_key: Optional[pulumi.Input[str]] = None,
                  sts_endpoint: Optional[pulumi.Input[str]] = None,
+                 sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 sts_fallback_regions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 sts_region: Optional[pulumi.Input[str]] = None,
                  username_template: Optional[pulumi.Input[str]] = None):
         """
         Input properties used for looking up and filtering SecretBackend resources.
@@ -345,14 +419,26 @@ class _SecretBackendState:
                for credentials issued by this backend.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
                not begin or end with a `/`. Defaults to `aws`.
         :param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
         :param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
+               
+               ```
+               {{ if (eq .Type "STS") }}
+               {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
+               {{ else }}
+               {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
+               {{ end }}
+               
+               ```
         :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
         :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
+        :param pulumi.Input[str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
         :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
         """
         if access_key is not None:
@@ -387,6 +473,12 @@ class _SecretBackendState:
             pulumi.set(__self__, "secret_key", secret_key)
         if sts_endpoint is not None:
             pulumi.set(__self__, "sts_endpoint", sts_endpoint)
+        if sts_fallback_endpoints is not None:
+            pulumi.set(__self__, "sts_fallback_endpoints", sts_fallback_endpoints)
+        if sts_fallback_regions is not None:
+            pulumi.set(__self__, "sts_fallback_regions", sts_fallback_regions)
+        if sts_region is not None:
+            pulumi.set(__self__, "sts_region", sts_region)
         if username_template is not None:
             pulumi.set(__self__, "username_template", username_template)
 
@@ -520,7 +612,7 @@ class _SecretBackendState:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -559,6 +651,15 @@ class _SecretBackendState:
     def role_arn(self) -> Optional[pulumi.Input[str]]:
         """
         Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
+
+        ```
+        {{ if (eq .Type "STS") }}
+        {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
+        {{ else }}
+        {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
+        {{ end }}
+
+        ```
         """
         return pulumi.get(self, "role_arn")
 
@@ -590,6 +691,42 @@ class _SecretBackendState:
     def sts_endpoint(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "sts_endpoint", value)
 
+    @property
+    @pulumi.getter(name="stsFallbackEndpoints")
+    def sts_fallback_endpoints(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_fallback_endpoints")
+
+    @sts_fallback_endpoints.setter
+    def sts_fallback_endpoints(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "sts_fallback_endpoints", value)
+
+    @property
+    @pulumi.getter(name="stsFallbackRegions")
+    def sts_fallback_regions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_fallback_regions")
+
+    @sts_fallback_regions.setter
+    def sts_fallback_regions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "sts_fallback_regions", value)
+
+    @property
+    @pulumi.getter(name="stsRegion")
+    def sts_region(self) -> Optional[pulumi.Input[str]]:
+        """
+        Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_region")
+
+    @sts_region.setter
+    def sts_region(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "sts_region", value)
+
     @property
     @pulumi.getter(name="usernameTemplate")
     def username_template(self) -> Optional[pulumi.Input[str]]:
@@ -624,6 +761,9 @@ class SecretBackend(pulumi.CustomResource):
                  role_arn: Optional[pulumi.Input[str]] = None,
                  secret_key: Optional[pulumi.Input[str]] = None,
                  sts_endpoint: Optional[pulumi.Input[str]] = None,
+                 sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 sts_fallback_regions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 sts_region: Optional[pulumi.Input[str]] = None,
                  username_template: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
@@ -632,7 +772,7 @@ class SecretBackend(pulumi.CustomResource):
         AWS secret backends can be imported using the `path`, e.g.
 
         ```sh
-         $ pulumi import vault:aws/secretBackend:SecretBackend aws aws
+        $ pulumi import vault:aws/secretBackend:SecretBackend aws aws
         ```
 
         :param str resource_name: The name of the resource.
@@ -653,14 +793,26 @@ class SecretBackend(pulumi.CustomResource):
                for credentials issued by this backend.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
                not begin or end with a `/`. Defaults to `aws`.
         :param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
         :param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
+               
+               ```
+               {{ if (eq .Type "STS") }}
+               {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
+               {{ else }}
+               {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
+               {{ end }}
+               
+               ```
         :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
         :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
+        :param pulumi.Input[str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
         :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
         """
         ...
@@ -675,7 +827,7 @@ class SecretBackend(pulumi.CustomResource):
         AWS secret backends can be imported using the `path`, e.g.
 
         ```sh
-         $ pulumi import vault:aws/secretBackend:SecretBackend aws aws
+        $ pulumi import vault:aws/secretBackend:SecretBackend aws aws
         ```
 
         :param str resource_name: The name of the resource.
@@ -709,6 +861,9 @@ class SecretBackend(pulumi.CustomResource):
                  role_arn: Optional[pulumi.Input[str]] = None,
                  secret_key: Optional[pulumi.Input[str]] = None,
                  sts_endpoint: Optional[pulumi.Input[str]] = None,
+                 sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 sts_fallback_regions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 sts_region: Optional[pulumi.Input[str]] = None,
                  username_template: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
@@ -735,6 +890,9 @@ class SecretBackend(pulumi.CustomResource):
             __props__.__dict__["role_arn"] = role_arn
             __props__.__dict__["secret_key"] = None if secret_key is None else pulumi.Output.secret(secret_key)
             __props__.__dict__["sts_endpoint"] = sts_endpoint
+            __props__.__dict__["sts_fallback_endpoints"] = sts_fallback_endpoints
+            __props__.__dict__["sts_fallback_regions"] = sts_fallback_regions
+            __props__.__dict__["sts_region"] = sts_region
             __props__.__dict__["username_template"] = username_template
         secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["accessKey", "secretKey"])
         opts = pulumi.ResourceOptions.merge(opts, secret_opts)
@@ -764,6 +922,9 @@ class SecretBackend(pulumi.CustomResource):
             role_arn: Optional[pulumi.Input[str]] = None,
             secret_key: Optional[pulumi.Input[str]] = None,
             sts_endpoint: Optional[pulumi.Input[str]] = None,
+            sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+            sts_fallback_regions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+            sts_region: Optional[pulumi.Input[str]] = None,
             username_template: Optional[pulumi.Input[str]] = None) -> 'SecretBackend':
         """
         Get an existing SecretBackend resource's state with the given name, id, and optional extra
@@ -788,14 +949,26 @@ class SecretBackend(pulumi.CustomResource):
                for credentials issued by this backend.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
                not begin or end with a `/`. Defaults to `aws`.
         :param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
         :param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
+               
+               ```
+               {{ if (eq .Type "STS") }}
+               {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
+               {{ else }}
+               {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
+               {{ end }}
+               
+               ```
         :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
         :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
+        :param pulumi.Input[str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
         :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -818,6 +991,9 @@ class SecretBackend(pulumi.CustomResource):
         __props__.__dict__["role_arn"] = role_arn
         __props__.__dict__["secret_key"] = secret_key
         __props__.__dict__["sts_endpoint"] = sts_endpoint
+        __props__.__dict__["sts_fallback_endpoints"] = sts_fallback_endpoints
+        __props__.__dict__["sts_fallback_regions"] = sts_fallback_regions
+        __props__.__dict__["sts_region"] = sts_region
         __props__.__dict__["username_template"] = username_template
         return SecretBackend(resource_name, opts=opts, __props__=__props__)
 
@@ -911,7 +1087,7 @@ class SecretBackend(pulumi.CustomResource):
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -938,6 +1114,15 @@ class SecretBackend(pulumi.CustomResource):
     def role_arn(self) -> pulumi.Output[Optional[str]]:
         """
         Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
+
+        ```
+        {{ if (eq .Type "STS") }}
+        {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
+        {{ else }}
+        {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
+        {{ end }}
+
+        ```
         """
         return pulumi.get(self, "role_arn")
 
@@ -957,6 +1142,30 @@ class SecretBackend(pulumi.CustomResource):
         """
         return pulumi.get(self, "sts_endpoint")
 
+    @property
+    @pulumi.getter(name="stsFallbackEndpoints")
+    def sts_fallback_endpoints(self) -> pulumi.Output[Optional[Sequence[str]]]:
+        """
+        Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_fallback_endpoints")
+
+    @property
+    @pulumi.getter(name="stsFallbackRegions")
+    def sts_fallback_regions(self) -> pulumi.Output[Optional[Sequence[str]]]:
+        """
+        Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_fallback_regions")
+
+    @property
+    @pulumi.getter(name="stsRegion")
+    def sts_region(self) -> pulumi.Output[Optional[str]]:
+        """
+        Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_region")
+
     @property
     @pulumi.getter(name="usernameTemplate")
     def username_template(self) -> pulumi.Output[str]: