pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0__py3-none-any.whl

pulumi_vault/database/secrets_mount.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 from . import outputs
 from ._inputs import *
@@ -18,16 +23,20 @@ class SecretsMountArgs:
     def __init__(__self__, *,
                  path: pulumi.Input[str],
                  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  cassandras: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountCassandraArgs']]]] = None,
                  couchbases: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountCouchbaseArgs']]]] = None,
                  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
+                 delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  description: Optional[pulumi.Input[str]] = None,
                  elasticsearches: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountElasticsearchArgs']]]] = None,
                  external_entropy_access: Optional[pulumi.Input[bool]] = None,
                  hanas: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountHanaArgs']]]] = None,
+                 identity_token_key: Optional[pulumi.Input[str]] = None,
                  influxdbs: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountInfluxdbArgs']]]] = None,
+                 listing_visibility: Optional[pulumi.Input[str]] = None,
                  local: Optional[pulumi.Input[bool]] = None,
                  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
                  mongodbatlas: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountMongodbatlaArgs']]]] = None,
@@ -38,8 +47,10 @@ class SecretsMountArgs:
                  mysql_rds: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountMysqlRdArgs']]]] = None,
                  mysqls: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountMysqlArgs']]]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
-                 options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  oracles: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountOracleArgs']]]] = None,
+                 passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 plugin_version: Optional[pulumi.Input[str]] = None,
                  postgresqls: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountPostgresqlArgs']]]] = None,
                  redis: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountRediArgs']]]] = None,
                  redis_elasticaches: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountRedisElasticachArgs']]]] = None,
@@ -52,6 +63,7 @@ class SecretsMountArgs:
         :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
                
                The following arguments are common to all database engines:
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
         :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
         :param pulumi.Input[Sequence[pulumi.Input['SecretsMountCassandraArgs']]] cassandras: A nested block containing configuration options for Cassandra connections.  
@@ -59,14 +71,17 @@ class SecretsMountArgs:
         :param pulumi.Input[Sequence[pulumi.Input['SecretsMountCouchbaseArgs']]] couchbases: A nested block containing configuration options for Couchbase connections.  
                *See Configuration Options for more info*
         :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
         :param pulumi.Input[str] description: Human-friendly description of the mount
         :param pulumi.Input[Sequence[pulumi.Input['SecretsMountElasticsearchArgs']]] elasticsearches: A nested block containing configuration options for Elasticsearch connections.  
                *See Configuration Options for more info*
         :param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
         :param pulumi.Input[Sequence[pulumi.Input['SecretsMountHanaArgs']]] hanas: A nested block containing configuration options for SAP HanaDB connections.  
                *See Configuration Options for more info*
+        :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
         :param pulumi.Input[Sequence[pulumi.Input['SecretsMountInfluxdbArgs']]] influxdbs: A nested block containing configuration options for InfluxDB connections.  
                *See Configuration Options for more info*
+        :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
         :param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
         :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
         :param pulumi.Input[Sequence[pulumi.Input['SecretsMountMongodbatlaArgs']]] mongodbatlas: A nested block containing configuration options for MongoDB Atlas connections.  
@@ -84,9 +99,11 @@ class SecretsMountArgs:
         :param pulumi.Input[Sequence[pulumi.Input['SecretsMountMysqlArgs']]] mysqls: A nested block containing configuration options for MySQL connections.  
                *See Configuration Options for more info*
         :param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
-        :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
         :param pulumi.Input[Sequence[pulumi.Input['SecretsMountOracleArgs']]] oracles: A nested block containing configuration options for Oracle connections.  
                *See Configuration Options for more info*
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
+        :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
         :param pulumi.Input[Sequence[pulumi.Input['SecretsMountPostgresqlArgs']]] postgresqls: A nested block containing configuration options for PostgreSQL connections.  
                *See Configuration Options for more info*
         :param pulumi.Input[Sequence[pulumi.Input['SecretsMountRediArgs']]] redis: A nested block containing configuration options for Redis connections.  
@@ -102,6 +119,8 @@ class SecretsMountArgs:
         pulumi.set(__self__, "path", path)
         if allowed_managed_keys is not None:
             pulumi.set(__self__, "allowed_managed_keys", allowed_managed_keys)
+        if allowed_response_headers is not None:
+            pulumi.set(__self__, "allowed_response_headers", allowed_response_headers)
         if audit_non_hmac_request_keys is not None:
             pulumi.set(__self__, "audit_non_hmac_request_keys", audit_non_hmac_request_keys)
         if audit_non_hmac_response_keys is not None:
@@ -112,6 +131,8 @@ class SecretsMountArgs:
             pulumi.set(__self__, "couchbases", couchbases)
         if default_lease_ttl_seconds is not None:
             pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
+        if delegated_auth_accessors is not None:
+            pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
         if description is not None:
             pulumi.set(__self__, "description", description)
         if elasticsearches is not None:
@@ -120,8 +141,12 @@ class SecretsMountArgs:
             pulumi.set(__self__, "external_entropy_access", external_entropy_access)
         if hanas is not None:
             pulumi.set(__self__, "hanas", hanas)
+        if identity_token_key is not None:
+            pulumi.set(__self__, "identity_token_key", identity_token_key)
         if influxdbs is not None:
             pulumi.set(__self__, "influxdbs", influxdbs)
+        if listing_visibility is not None:
+            pulumi.set(__self__, "listing_visibility", listing_visibility)
         if local is not None:
             pulumi.set(__self__, "local", local)
         if max_lease_ttl_seconds is not None:
@@ -146,6 +171,10 @@ class SecretsMountArgs:
             pulumi.set(__self__, "options", options)
         if oracles is not None:
             pulumi.set(__self__, "oracles", oracles)
+        if passthrough_request_headers is not None:
+            pulumi.set(__self__, "passthrough_request_headers", passthrough_request_headers)
+        if plugin_version is not None:
+            pulumi.set(__self__, "plugin_version", plugin_version)
         if postgresqls is not None:
             pulumi.set(__self__, "postgresqls", postgresqls)
         if redis is not None:
@@ -185,6 +214,18 @@ class SecretsMountArgs:
     def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
         pulumi.set(self, "allowed_managed_keys", value)
 
+    @property
+    @pulumi.getter(name="allowedResponseHeaders")
+    def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        List of headers to allow and pass from the request to the plugin
+        """
+        return pulumi.get(self, "allowed_response_headers")
+
+    @allowed_response_headers.setter
+    def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "allowed_response_headers", value)
+
     @property
     @pulumi.getter(name="auditNonHmacRequestKeys")
     def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -247,6 +288,18 @@ class SecretsMountArgs:
     def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
         pulumi.set(self, "default_lease_ttl_seconds", value)
 
+    @property
+    @pulumi.getter(name="delegatedAuthAccessors")
+    def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        List of headers to allow and pass from the request to the plugin
+        """
+        return pulumi.get(self, "delegated_auth_accessors")
+
+    @delegated_auth_accessors.setter
+    def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "delegated_auth_accessors", value)
+
     @property
     @pulumi.getter
     def description(self) -> Optional[pulumi.Input[str]]:
@@ -297,6 +350,18 @@ class SecretsMountArgs:
     def hanas(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountHanaArgs']]]]):
         pulumi.set(self, "hanas", value)
 
+    @property
+    @pulumi.getter(name="identityTokenKey")
+    def identity_token_key(self) -> Optional[pulumi.Input[str]]:
+        """
+        The key to use for signing plugin workload identity tokens
+        """
+        return pulumi.get(self, "identity_token_key")
+
+    @identity_token_key.setter
+    def identity_token_key(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "identity_token_key", value)
+
     @property
     @pulumi.getter
     def influxdbs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountInfluxdbArgs']]]]:
@@ -310,6 +375,18 @@ class SecretsMountArgs:
     def influxdbs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountInfluxdbArgs']]]]):
         pulumi.set(self, "influxdbs", value)
 
+    @property
+    @pulumi.getter(name="listingVisibility")
+    def listing_visibility(self) -> Optional[pulumi.Input[str]]:
+        """
+        Specifies whether to show this mount in the UI-specific listing endpoint
+        """
+        return pulumi.get(self, "listing_visibility")
+
+    @listing_visibility.setter
+    def listing_visibility(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "listing_visibility", value)
+
     @property
     @pulumi.getter
     def local(self) -> Optional[pulumi.Input[bool]]:
@@ -439,14 +516,14 @@ class SecretsMountArgs:
 
     @property
     @pulumi.getter
-    def options(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
+    def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
         """
         Specifies mount type specific options that are passed to the backend
         """
         return pulumi.get(self, "options")
 
     @options.setter
-    def options(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
+    def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
         pulumi.set(self, "options", value)
 
     @property
@@ -462,6 +539,30 @@ class SecretsMountArgs:
     def oracles(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountOracleArgs']]]]):
         pulumi.set(self, "oracles", value)
 
+    @property
+    @pulumi.getter(name="passthroughRequestHeaders")
+    def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        List of headers to allow and pass from the request to the plugin
+        """
+        return pulumi.get(self, "passthrough_request_headers")
+
+    @passthrough_request_headers.setter
+    def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "passthrough_request_headers", value)
+
+    @property
+    @pulumi.getter(name="pluginVersion")
+    def plugin_version(self) -> Optional[pulumi.Input[str]]:
+        """
+        Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
+        """
+        return pulumi.get(self, "plugin_version")
+
+    @plugin_version.setter
+    def plugin_version(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "plugin_version", value)
+
     @property
     @pulumi.getter
     def postgresqls(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountPostgresqlArgs']]]]:
@@ -545,17 +646,21 @@ class _SecretsMountState:
     def __init__(__self__, *,
                  accessor: Optional[pulumi.Input[str]] = None,
                  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  cassandras: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountCassandraArgs']]]] = None,
                  couchbases: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountCouchbaseArgs']]]] = None,
                  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
+                 delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  description: Optional[pulumi.Input[str]] = None,
                  elasticsearches: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountElasticsearchArgs']]]] = None,
                  engine_count: Optional[pulumi.Input[int]] = None,
                  external_entropy_access: Optional[pulumi.Input[bool]] = None,
                  hanas: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountHanaArgs']]]] = None,
+                 identity_token_key: Optional[pulumi.Input[str]] = None,
                  influxdbs: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountInfluxdbArgs']]]] = None,
+                 listing_visibility: Optional[pulumi.Input[str]] = None,
                  local: Optional[pulumi.Input[bool]] = None,
                  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
                  mongodbatlas: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountMongodbatlaArgs']]]] = None,
@@ -566,9 +671,11 @@ class _SecretsMountState:
                  mysql_rds: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountMysqlRdArgs']]]] = None,
                  mysqls: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountMysqlArgs']]]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
-                 options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  oracles: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountOracleArgs']]]] = None,
+                 passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  path: Optional[pulumi.Input[str]] = None,
+                 plugin_version: Optional[pulumi.Input[str]] = None,
                  postgresqls: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountPostgresqlArgs']]]] = None,
                  redis: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountRediArgs']]]] = None,
                  redis_elasticaches: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountRedisElasticachArgs']]]] = None,
@@ -581,6 +688,7 @@ class _SecretsMountState:
         :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
                
                The following arguments are common to all database engines:
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
         :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
         :param pulumi.Input[Sequence[pulumi.Input['SecretsMountCassandraArgs']]] cassandras: A nested block containing configuration options for Cassandra connections.  
@@ -588,6 +696,7 @@ class _SecretsMountState:
         :param pulumi.Input[Sequence[pulumi.Input['SecretsMountCouchbaseArgs']]] couchbases: A nested block containing configuration options for Couchbase connections.  
                *See Configuration Options for more info*
         :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
         :param pulumi.Input[str] description: Human-friendly description of the mount
         :param pulumi.Input[Sequence[pulumi.Input['SecretsMountElasticsearchArgs']]] elasticsearches: A nested block containing configuration options for Elasticsearch connections.  
                *See Configuration Options for more info*
@@ -595,8 +704,10 @@ class _SecretsMountState:
         :param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
         :param pulumi.Input[Sequence[pulumi.Input['SecretsMountHanaArgs']]] hanas: A nested block containing configuration options for SAP HanaDB connections.  
                *See Configuration Options for more info*
+        :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
         :param pulumi.Input[Sequence[pulumi.Input['SecretsMountInfluxdbArgs']]] influxdbs: A nested block containing configuration options for InfluxDB connections.  
                *See Configuration Options for more info*
+        :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
         :param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
         :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
         :param pulumi.Input[Sequence[pulumi.Input['SecretsMountMongodbatlaArgs']]] mongodbatlas: A nested block containing configuration options for MongoDB Atlas connections.  
@@ -614,10 +725,12 @@ class _SecretsMountState:
         :param pulumi.Input[Sequence[pulumi.Input['SecretsMountMysqlArgs']]] mysqls: A nested block containing configuration options for MySQL connections.  
                *See Configuration Options for more info*
         :param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
-        :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
         :param pulumi.Input[Sequence[pulumi.Input['SecretsMountOracleArgs']]] oracles: A nested block containing configuration options for Oracle connections.  
                *See Configuration Options for more info*
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
         :param pulumi.Input[str] path: Where the secret backend will be mounted
+        :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
         :param pulumi.Input[Sequence[pulumi.Input['SecretsMountPostgresqlArgs']]] postgresqls: A nested block containing configuration options for PostgreSQL connections.  
                *See Configuration Options for more info*
         :param pulumi.Input[Sequence[pulumi.Input['SecretsMountRediArgs']]] redis: A nested block containing configuration options for Redis connections.  
@@ -634,6 +747,8 @@ class _SecretsMountState:
             pulumi.set(__self__, "accessor", accessor)
         if allowed_managed_keys is not None:
             pulumi.set(__self__, "allowed_managed_keys", allowed_managed_keys)
+        if allowed_response_headers is not None:
+            pulumi.set(__self__, "allowed_response_headers", allowed_response_headers)
         if audit_non_hmac_request_keys is not None:
             pulumi.set(__self__, "audit_non_hmac_request_keys", audit_non_hmac_request_keys)
         if audit_non_hmac_response_keys is not None:
@@ -644,6 +759,8 @@ class _SecretsMountState:
             pulumi.set(__self__, "couchbases", couchbases)
         if default_lease_ttl_seconds is not None:
             pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
+        if delegated_auth_accessors is not None:
+            pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
         if description is not None:
             pulumi.set(__self__, "description", description)
         if elasticsearches is not None:
@@ -654,8 +771,12 @@ class _SecretsMountState:
             pulumi.set(__self__, "external_entropy_access", external_entropy_access)
         if hanas is not None:
             pulumi.set(__self__, "hanas", hanas)
+        if identity_token_key is not None:
+            pulumi.set(__self__, "identity_token_key", identity_token_key)
         if influxdbs is not None:
             pulumi.set(__self__, "influxdbs", influxdbs)
+        if listing_visibility is not None:
+            pulumi.set(__self__, "listing_visibility", listing_visibility)
         if local is not None:
             pulumi.set(__self__, "local", local)
         if max_lease_ttl_seconds is not None:
@@ -680,8 +801,12 @@ class _SecretsMountState:
             pulumi.set(__self__, "options", options)
         if oracles is not None:
             pulumi.set(__self__, "oracles", oracles)
+        if passthrough_request_headers is not None:
+            pulumi.set(__self__, "passthrough_request_headers", passthrough_request_headers)
         if path is not None:
             pulumi.set(__self__, "path", path)
+        if plugin_version is not None:
+            pulumi.set(__self__, "plugin_version", plugin_version)
         if postgresqls is not None:
             pulumi.set(__self__, "postgresqls", postgresqls)
         if redis is not None:
@@ -721,6 +846,18 @@ class _SecretsMountState:
     def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
         pulumi.set(self, "allowed_managed_keys", value)
 
+    @property
+    @pulumi.getter(name="allowedResponseHeaders")
+    def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        List of headers to allow and pass from the request to the plugin
+        """
+        return pulumi.get(self, "allowed_response_headers")
+
+    @allowed_response_headers.setter
+    def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "allowed_response_headers", value)
+
     @property
     @pulumi.getter(name="auditNonHmacRequestKeys")
     def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -783,6 +920,18 @@ class _SecretsMountState:
     def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
         pulumi.set(self, "default_lease_ttl_seconds", value)
 
+    @property
+    @pulumi.getter(name="delegatedAuthAccessors")
+    def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        List of headers to allow and pass from the request to the plugin
+        """
+        return pulumi.get(self, "delegated_auth_accessors")
+
+    @delegated_auth_accessors.setter
+    def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "delegated_auth_accessors", value)
+
     @property
     @pulumi.getter
     def description(self) -> Optional[pulumi.Input[str]]:
@@ -845,6 +994,18 @@ class _SecretsMountState:
     def hanas(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountHanaArgs']]]]):
         pulumi.set(self, "hanas", value)
 
+    @property
+    @pulumi.getter(name="identityTokenKey")
+    def identity_token_key(self) -> Optional[pulumi.Input[str]]:
+        """
+        The key to use for signing plugin workload identity tokens
+        """
+        return pulumi.get(self, "identity_token_key")
+
+    @identity_token_key.setter
+    def identity_token_key(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "identity_token_key", value)
+
     @property
     @pulumi.getter
     def influxdbs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountInfluxdbArgs']]]]:
@@ -858,6 +1019,18 @@ class _SecretsMountState:
     def influxdbs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountInfluxdbArgs']]]]):
         pulumi.set(self, "influxdbs", value)
 
+    @property
+    @pulumi.getter(name="listingVisibility")
+    def listing_visibility(self) -> Optional[pulumi.Input[str]]:
+        """
+        Specifies whether to show this mount in the UI-specific listing endpoint
+        """
+        return pulumi.get(self, "listing_visibility")
+
+    @listing_visibility.setter
+    def listing_visibility(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "listing_visibility", value)
+
     @property
     @pulumi.getter
     def local(self) -> Optional[pulumi.Input[bool]]:
@@ -987,14 +1160,14 @@ class _SecretsMountState:
 
     @property
     @pulumi.getter
-    def options(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
+    def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
         """
         Specifies mount type specific options that are passed to the backend
         """
         return pulumi.get(self, "options")
 
     @options.setter
-    def options(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
+    def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
         pulumi.set(self, "options", value)
 
     @property
@@ -1010,6 +1183,18 @@ class _SecretsMountState:
     def oracles(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountOracleArgs']]]]):
         pulumi.set(self, "oracles", value)
 
+    @property
+    @pulumi.getter(name="passthroughRequestHeaders")
+    def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        List of headers to allow and pass from the request to the plugin
+        """
+        return pulumi.get(self, "passthrough_request_headers")
+
+    @passthrough_request_headers.setter
+    def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "passthrough_request_headers", value)
+
     @property
     @pulumi.getter
     def path(self) -> Optional[pulumi.Input[str]]:
@@ -1022,6 +1207,18 @@ class _SecretsMountState:
     def path(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "path", value)
 
+    @property
+    @pulumi.getter(name="pluginVersion")
+    def plugin_version(self) -> Optional[pulumi.Input[str]]:
+        """
+        Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
+        """
+        return pulumi.get(self, "plugin_version")
+
+    @plugin_version.setter
+    def plugin_version(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "plugin_version", value)
+
     @property
     @pulumi.getter
     def postgresqls(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountPostgresqlArgs']]]]:
@@ -1106,35 +1303,41 @@ class SecretsMount(pulumi.CustomResource):
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
                  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 cassandras: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountCassandraArgs']]]]] = None,
-                 couchbases: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountCouchbaseArgs']]]]] = None,
+                 cassandras: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCassandraArgs', 'SecretsMountCassandraArgsDict']]]]] = None,
+                 couchbases: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCouchbaseArgs', 'SecretsMountCouchbaseArgsDict']]]]] = None,
                  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
+                 delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  description: Optional[pulumi.Input[str]] = None,
-                 elasticsearches: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountElasticsearchArgs']]]]] = None,
+                 elasticsearches: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountElasticsearchArgs', 'SecretsMountElasticsearchArgsDict']]]]] = None,
                  external_entropy_access: Optional[pulumi.Input[bool]] = None,
-                 hanas: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountHanaArgs']]]]] = None,
-                 influxdbs: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountInfluxdbArgs']]]]] = None,
+                 hanas: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountHanaArgs', 'SecretsMountHanaArgsDict']]]]] = None,
+                 identity_token_key: Optional[pulumi.Input[str]] = None,
+                 influxdbs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountInfluxdbArgs', 'SecretsMountInfluxdbArgsDict']]]]] = None,
+                 listing_visibility: Optional[pulumi.Input[str]] = None,
                  local: Optional[pulumi.Input[bool]] = None,
                  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
-                 mongodbatlas: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMongodbatlaArgs']]]]] = None,
-                 mongodbs: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMongodbArgs']]]]] = None,
-                 mssqls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMssqlArgs']]]]] = None,
-                 mysql_auroras: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlAuroraArgs']]]]] = None,
-                 mysql_legacies: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlLegacyArgs']]]]] = None,
-                 mysql_rds: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlRdArgs']]]]] = None,
-                 mysqls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlArgs']]]]] = None,
+                 mongodbatlas: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbatlaArgs', 'SecretsMountMongodbatlaArgsDict']]]]] = None,
+                 mongodbs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbArgs', 'SecretsMountMongodbArgsDict']]]]] = None,
+                 mssqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMssqlArgs', 'SecretsMountMssqlArgsDict']]]]] = None,
+                 mysql_auroras: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlAuroraArgs', 'SecretsMountMysqlAuroraArgsDict']]]]] = None,
+                 mysql_legacies: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlLegacyArgs', 'SecretsMountMysqlLegacyArgsDict']]]]] = None,
+                 mysql_rds: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlRdArgs', 'SecretsMountMysqlRdArgsDict']]]]] = None,
+                 mysqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlArgs', 'SecretsMountMysqlArgsDict']]]]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
-                 options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
-                 oracles: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountOracleArgs']]]]] = None,
+                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 oracles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountOracleArgs', 'SecretsMountOracleArgsDict']]]]] = None,
+                 passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  path: Optional[pulumi.Input[str]] = None,
-                 postgresqls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountPostgresqlArgs']]]]] = None,
-                 redis: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRediArgs']]]]] = None,
-                 redis_elasticaches: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRedisElasticachArgs']]]]] = None,
-                 redshifts: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRedshiftArgs']]]]] = None,
+                 plugin_version: Optional[pulumi.Input[str]] = None,
+                 postgresqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountPostgresqlArgs', 'SecretsMountPostgresqlArgsDict']]]]] = None,
+                 redis: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRediArgs', 'SecretsMountRediArgsDict']]]]] = None,
+                 redis_elasticaches: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedisElasticachArgs', 'SecretsMountRedisElasticachArgsDict']]]]] = None,
+                 redshifts: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedshiftArgs', 'SecretsMountRedshiftArgsDict']]]]] = None,
                  seal_wrap: Optional[pulumi.Input[bool]] = None,
-                 snowflakes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountSnowflakeArgs']]]]] = None,
+                 snowflakes: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountSnowflakeArgs', 'SecretsMountSnowflakeArgsDict']]]]] = None,
                  __props__=None):
         """
         ## Example Usage
@@ -1145,22 +1348,23 @@ class SecretsMount(pulumi.CustomResource):
 
         db = vault.database.SecretsMount("db",
             path="db",
-            mssqls=[vault.database.SecretsMountMssqlArgs(
-                name="db1",
-                username="sa",
-                password="super_secret_1",
-                connection_url="sqlserver://{{username}}:{{password}}@127.0.0.1:1433",
-                allowed_roles=["dev1"],
-            )],
-            postgresqls=[vault.database.SecretsMountPostgresqlArgs(
-                name="db2",
-                username="postgres",
-                password="super_secret_2",
-                connection_url="postgresql://{{username}}:{{password}}@127.0.0.1:5432/postgres",
-                verify_connection=True,
-                allowed_roles=["dev2"],
-            )])
+            mssqls=[{
+                "name": "db1",
+                "username": "sa",
+                "password": "super_secret_1",
+                "connection_url": "sqlserver://{{username}}:{{password}}@127.0.0.1:1433",
+                "allowed_roles": ["dev1"],
+            }],
+            postgresqls=[{
+                "name": "db2",
+                "username": "postgres",
+                "password": "super_secret_2",
+                "connection_url": "postgresql://{{username}}:{{password}}@127.0.0.1:5432/postgres",
+                "verify_connection": True,
+                "allowed_roles": ["dev2"],
+            }])
         dev1 = vault.database.SecretBackendRole("dev1",
+            name="dev1",
             backend=db.path,
             db_name=db.mssqls[0].name,
             creation_statements=[
@@ -1169,6 +1373,7 @@ class SecretsMount(pulumi.CustomResource):
                 "GRANT SELECT ON SCHEMA::dbo TO [{{name}}];",
             ])
         dev2 = vault.database.SecretBackendRole("dev2",
+            name="dev2",
             backend=db.path,
             db_name=db.postgresqls[0].name,
             creation_statements=[
@@ -1182,7 +1387,7 @@ class SecretsMount(pulumi.CustomResource):
         Database secret backend connections can be imported using the `path` e.g.
 
         ```sh
-         $ pulumi import vault:database/secretsMount:SecretsMount db db
+        $ pulumi import vault:database/secretsMount:SecretsMount db db
         ```
 
         :param str resource_name: The name of the resource.
@@ -1190,52 +1395,58 @@ class SecretsMount(pulumi.CustomResource):
         :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
                
                The following arguments are common to all database engines:
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
         :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountCassandraArgs']]]] cassandras: A nested block containing configuration options for Cassandra connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCassandraArgs', 'SecretsMountCassandraArgsDict']]]] cassandras: A nested block containing configuration options for Cassandra connections.  
                *See Configuration Options for more info*
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountCouchbaseArgs']]]] couchbases: A nested block containing configuration options for Couchbase connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCouchbaseArgs', 'SecretsMountCouchbaseArgsDict']]]] couchbases: A nested block containing configuration options for Couchbase connections.  
                *See Configuration Options for more info*
         :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
         :param pulumi.Input[str] description: Human-friendly description of the mount
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountElasticsearchArgs']]]] elasticsearches: A nested block containing configuration options for Elasticsearch connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountElasticsearchArgs', 'SecretsMountElasticsearchArgsDict']]]] elasticsearches: A nested block containing configuration options for Elasticsearch connections.  
                *See Configuration Options for more info*
         :param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountHanaArgs']]]] hanas: A nested block containing configuration options for SAP HanaDB connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountHanaArgs', 'SecretsMountHanaArgsDict']]]] hanas: A nested block containing configuration options for SAP HanaDB connections.  
                *See Configuration Options for more info*
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountInfluxdbArgs']]]] influxdbs: A nested block containing configuration options for InfluxDB connections.  
+        :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountInfluxdbArgs', 'SecretsMountInfluxdbArgsDict']]]] influxdbs: A nested block containing configuration options for InfluxDB connections.  
                *See Configuration Options for more info*
+        :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
         :param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
         :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMongodbatlaArgs']]]] mongodbatlas: A nested block containing configuration options for MongoDB Atlas connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbatlaArgs', 'SecretsMountMongodbatlaArgsDict']]]] mongodbatlas: A nested block containing configuration options for MongoDB Atlas connections.  
                *See Configuration Options for more info*
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMongodbArgs']]]] mongodbs: A nested block containing configuration options for MongoDB connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbArgs', 'SecretsMountMongodbArgsDict']]]] mongodbs: A nested block containing configuration options for MongoDB connections.  
                *See Configuration Options for more info*
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMssqlArgs']]]] mssqls: A nested block containing configuration options for MSSQL connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMssqlArgs', 'SecretsMountMssqlArgsDict']]]] mssqls: A nested block containing configuration options for MSSQL connections.  
                *See Configuration Options for more info*
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlAuroraArgs']]]] mysql_auroras: A nested block containing configuration options for Aurora MySQL connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlAuroraArgs', 'SecretsMountMysqlAuroraArgsDict']]]] mysql_auroras: A nested block containing configuration options for Aurora MySQL connections.  
                *See Configuration Options for more info*
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlLegacyArgs']]]] mysql_legacies: A nested block containing configuration options for legacy MySQL connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlLegacyArgs', 'SecretsMountMysqlLegacyArgsDict']]]] mysql_legacies: A nested block containing configuration options for legacy MySQL connections.  
                *See Configuration Options for more info*
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlRdArgs']]]] mysql_rds: A nested block containing configuration options for RDS MySQL connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlRdArgs', 'SecretsMountMysqlRdArgsDict']]]] mysql_rds: A nested block containing configuration options for RDS MySQL connections.  
                *See Configuration Options for more info*
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlArgs']]]] mysqls: A nested block containing configuration options for MySQL connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlArgs', 'SecretsMountMysqlArgsDict']]]] mysqls: A nested block containing configuration options for MySQL connections.  
                *See Configuration Options for more info*
         :param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
-        :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountOracleArgs']]]] oracles: A nested block containing configuration options for Oracle connections.  
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountOracleArgs', 'SecretsMountOracleArgsDict']]]] oracles: A nested block containing configuration options for Oracle connections.  
                *See Configuration Options for more info*
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
         :param pulumi.Input[str] path: Where the secret backend will be mounted
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountPostgresqlArgs']]]] postgresqls: A nested block containing configuration options for PostgreSQL connections.  
+        :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountPostgresqlArgs', 'SecretsMountPostgresqlArgsDict']]]] postgresqls: A nested block containing configuration options for PostgreSQL connections.  
                *See Configuration Options for more info*
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRediArgs']]]] redis: A nested block containing configuration options for Redis connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRediArgs', 'SecretsMountRediArgsDict']]]] redis: A nested block containing configuration options for Redis connections.  
                *See Configuration Options for more info*
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRedisElasticachArgs']]]] redis_elasticaches: A nested block containing configuration options for Redis ElastiCache connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedisElasticachArgs', 'SecretsMountRedisElasticachArgsDict']]]] redis_elasticaches: A nested block containing configuration options for Redis ElastiCache connections.  
                *See Configuration Options for more info*
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRedshiftArgs']]]] redshifts: A nested block containing configuration options for AWS Redshift connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedshiftArgs', 'SecretsMountRedshiftArgsDict']]]] redshifts: A nested block containing configuration options for AWS Redshift connections.  
                *See Configuration Options for more info*
         :param pulumi.Input[bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountSnowflakeArgs']]]] snowflakes: A nested block containing configuration options for Snowflake connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountSnowflakeArgs', 'SecretsMountSnowflakeArgsDict']]]] snowflakes: A nested block containing configuration options for Snowflake connections.  
                *See Configuration Options for more info*
         """
         ...
@@ -1253,22 +1464,23 @@ class SecretsMount(pulumi.CustomResource):
 
         db = vault.database.SecretsMount("db",
             path="db",
-            mssqls=[vault.database.SecretsMountMssqlArgs(
-                name="db1",
-                username="sa",
-                password="super_secret_1",
-                connection_url="sqlserver://{{username}}:{{password}}@127.0.0.1:1433",
-                allowed_roles=["dev1"],
-            )],
-            postgresqls=[vault.database.SecretsMountPostgresqlArgs(
-                name="db2",
-                username="postgres",
-                password="super_secret_2",
-                connection_url="postgresql://{{username}}:{{password}}@127.0.0.1:5432/postgres",
-                verify_connection=True,
-                allowed_roles=["dev2"],
-            )])
+            mssqls=[{
+                "name": "db1",
+                "username": "sa",
+                "password": "super_secret_1",
+                "connection_url": "sqlserver://{{username}}:{{password}}@127.0.0.1:1433",
+                "allowed_roles": ["dev1"],
+            }],
+            postgresqls=[{
+                "name": "db2",
+                "username": "postgres",
+                "password": "super_secret_2",
+                "connection_url": "postgresql://{{username}}:{{password}}@127.0.0.1:5432/postgres",
+                "verify_connection": True,
+                "allowed_roles": ["dev2"],
+            }])
         dev1 = vault.database.SecretBackendRole("dev1",
+            name="dev1",
             backend=db.path,
             db_name=db.mssqls[0].name,
             creation_statements=[
@@ -1277,6 +1489,7 @@ class SecretsMount(pulumi.CustomResource):
                 "GRANT SELECT ON SCHEMA::dbo TO [{{name}}];",
             ])
         dev2 = vault.database.SecretBackendRole("dev2",
+            name="dev2",
             backend=db.path,
             db_name=db.postgresqls[0].name,
             creation_statements=[
@@ -1290,7 +1503,7 @@ class SecretsMount(pulumi.CustomResource):
         Database secret backend connections can be imported using the `path` e.g.
 
         ```sh
-         $ pulumi import vault:database/secretsMount:SecretsMount db db
+        $ pulumi import vault:database/secretsMount:SecretsMount db db
         ```
 
         :param str resource_name: The name of the resource.
@@ -1309,35 +1522,41 @@ class SecretsMount(pulumi.CustomResource):
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
                  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 cassandras: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountCassandraArgs']]]]] = None,
-                 couchbases: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountCouchbaseArgs']]]]] = None,
+                 cassandras: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCassandraArgs', 'SecretsMountCassandraArgsDict']]]]] = None,
+                 couchbases: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCouchbaseArgs', 'SecretsMountCouchbaseArgsDict']]]]] = None,
                  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
+                 delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  description: Optional[pulumi.Input[str]] = None,
-                 elasticsearches: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountElasticsearchArgs']]]]] = None,
+                 elasticsearches: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountElasticsearchArgs', 'SecretsMountElasticsearchArgsDict']]]]] = None,
                  external_entropy_access: Optional[pulumi.Input[bool]] = None,
-                 hanas: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountHanaArgs']]]]] = None,
-                 influxdbs: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountInfluxdbArgs']]]]] = None,
+                 hanas: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountHanaArgs', 'SecretsMountHanaArgsDict']]]]] = None,
+                 identity_token_key: Optional[pulumi.Input[str]] = None,
+                 influxdbs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountInfluxdbArgs', 'SecretsMountInfluxdbArgsDict']]]]] = None,
+                 listing_visibility: Optional[pulumi.Input[str]] = None,
                  local: Optional[pulumi.Input[bool]] = None,
                  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
-                 mongodbatlas: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMongodbatlaArgs']]]]] = None,
-                 mongodbs: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMongodbArgs']]]]] = None,
-                 mssqls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMssqlArgs']]]]] = None,
-                 mysql_auroras: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlAuroraArgs']]]]] = None,
-                 mysql_legacies: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlLegacyArgs']]]]] = None,
-                 mysql_rds: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlRdArgs']]]]] = None,
-                 mysqls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlArgs']]]]] = None,
+                 mongodbatlas: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbatlaArgs', 'SecretsMountMongodbatlaArgsDict']]]]] = None,
+                 mongodbs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbArgs', 'SecretsMountMongodbArgsDict']]]]] = None,
+                 mssqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMssqlArgs', 'SecretsMountMssqlArgsDict']]]]] = None,
+                 mysql_auroras: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlAuroraArgs', 'SecretsMountMysqlAuroraArgsDict']]]]] = None,
+                 mysql_legacies: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlLegacyArgs', 'SecretsMountMysqlLegacyArgsDict']]]]] = None,
+                 mysql_rds: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlRdArgs', 'SecretsMountMysqlRdArgsDict']]]]] = None,
+                 mysqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlArgs', 'SecretsMountMysqlArgsDict']]]]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
-                 options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
-                 oracles: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountOracleArgs']]]]] = None,
+                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 oracles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountOracleArgs', 'SecretsMountOracleArgsDict']]]]] = None,
+                 passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  path: Optional[pulumi.Input[str]] = None,
-                 postgresqls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountPostgresqlArgs']]]]] = None,
-                 redis: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRediArgs']]]]] = None,
-                 redis_elasticaches: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRedisElasticachArgs']]]]] = None,
-                 redshifts: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRedshiftArgs']]]]] = None,
+                 plugin_version: Optional[pulumi.Input[str]] = None,
+                 postgresqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountPostgresqlArgs', 'SecretsMountPostgresqlArgsDict']]]]] = None,
+                 redis: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRediArgs', 'SecretsMountRediArgsDict']]]]] = None,
+                 redis_elasticaches: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedisElasticachArgs', 'SecretsMountRedisElasticachArgsDict']]]]] = None,
+                 redshifts: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedshiftArgs', 'SecretsMountRedshiftArgsDict']]]]] = None,
                  seal_wrap: Optional[pulumi.Input[bool]] = None,
-                 snowflakes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountSnowflakeArgs']]]]] = None,
+                 snowflakes: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountSnowflakeArgs', 'SecretsMountSnowflakeArgsDict']]]]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -1348,16 +1567,20 @@ class SecretsMount(pulumi.CustomResource):
             __props__ = SecretsMountArgs.__new__(SecretsMountArgs)
 
             __props__.__dict__["allowed_managed_keys"] = allowed_managed_keys
+            __props__.__dict__["allowed_response_headers"] = allowed_response_headers
             __props__.__dict__["audit_non_hmac_request_keys"] = audit_non_hmac_request_keys
             __props__.__dict__["audit_non_hmac_response_keys"] = audit_non_hmac_response_keys
             __props__.__dict__["cassandras"] = cassandras
             __props__.__dict__["couchbases"] = couchbases
             __props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
+            __props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
             __props__.__dict__["description"] = description
             __props__.__dict__["elasticsearches"] = elasticsearches
             __props__.__dict__["external_entropy_access"] = external_entropy_access
             __props__.__dict__["hanas"] = hanas
+            __props__.__dict__["identity_token_key"] = identity_token_key
             __props__.__dict__["influxdbs"] = influxdbs
+            __props__.__dict__["listing_visibility"] = listing_visibility
             __props__.__dict__["local"] = local
             __props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
             __props__.__dict__["mongodbatlas"] = mongodbatlas
@@ -1370,9 +1593,11 @@ class SecretsMount(pulumi.CustomResource):
             __props__.__dict__["namespace"] = namespace
             __props__.__dict__["options"] = options
             __props__.__dict__["oracles"] = oracles
+            __props__.__dict__["passthrough_request_headers"] = passthrough_request_headers
             if path is None and not opts.urn:
                 raise TypeError("Missing required property 'path'")
             __props__.__dict__["path"] = path
+            __props__.__dict__["plugin_version"] = plugin_version
             __props__.__dict__["postgresqls"] = postgresqls
             __props__.__dict__["redis"] = redis
             __props__.__dict__["redis_elasticaches"] = redis_elasticaches
@@ -1393,36 +1618,42 @@ class SecretsMount(pulumi.CustomResource):
             opts: Optional[pulumi.ResourceOptions] = None,
             accessor: Optional[pulumi.Input[str]] = None,
             allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+            allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-            cassandras: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountCassandraArgs']]]]] = None,
-            couchbases: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountCouchbaseArgs']]]]] = None,
+            cassandras: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCassandraArgs', 'SecretsMountCassandraArgsDict']]]]] = None,
+            couchbases: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCouchbaseArgs', 'SecretsMountCouchbaseArgsDict']]]]] = None,
             default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
+            delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             description: Optional[pulumi.Input[str]] = None,
-            elasticsearches: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountElasticsearchArgs']]]]] = None,
+            elasticsearches: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountElasticsearchArgs', 'SecretsMountElasticsearchArgsDict']]]]] = None,
             engine_count: Optional[pulumi.Input[int]] = None,
             external_entropy_access: Optional[pulumi.Input[bool]] = None,
-            hanas: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountHanaArgs']]]]] = None,
-            influxdbs: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountInfluxdbArgs']]]]] = None,
+            hanas: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountHanaArgs', 'SecretsMountHanaArgsDict']]]]] = None,
+            identity_token_key: Optional[pulumi.Input[str]] = None,
+            influxdbs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountInfluxdbArgs', 'SecretsMountInfluxdbArgsDict']]]]] = None,
+            listing_visibility: Optional[pulumi.Input[str]] = None,
             local: Optional[pulumi.Input[bool]] = None,
             max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
-            mongodbatlas: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMongodbatlaArgs']]]]] = None,
-            mongodbs: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMongodbArgs']]]]] = None,
-            mssqls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMssqlArgs']]]]] = None,
-            mysql_auroras: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlAuroraArgs']]]]] = None,
-            mysql_legacies: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlLegacyArgs']]]]] = None,
-            mysql_rds: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlRdArgs']]]]] = None,
-            mysqls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlArgs']]]]] = None,
+            mongodbatlas: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbatlaArgs', 'SecretsMountMongodbatlaArgsDict']]]]] = None,
+            mongodbs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbArgs', 'SecretsMountMongodbArgsDict']]]]] = None,
+            mssqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMssqlArgs', 'SecretsMountMssqlArgsDict']]]]] = None,
+            mysql_auroras: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlAuroraArgs', 'SecretsMountMysqlAuroraArgsDict']]]]] = None,
+            mysql_legacies: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlLegacyArgs', 'SecretsMountMysqlLegacyArgsDict']]]]] = None,
+            mysql_rds: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlRdArgs', 'SecretsMountMysqlRdArgsDict']]]]] = None,
+            mysqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlArgs', 'SecretsMountMysqlArgsDict']]]]] = None,
             namespace: Optional[pulumi.Input[str]] = None,
-            options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
-            oracles: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountOracleArgs']]]]] = None,
+            options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+            oracles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountOracleArgs', 'SecretsMountOracleArgsDict']]]]] = None,
+            passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             path: Optional[pulumi.Input[str]] = None,
-            postgresqls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountPostgresqlArgs']]]]] = None,
-            redis: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRediArgs']]]]] = None,
-            redis_elasticaches: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRedisElasticachArgs']]]]] = None,
-            redshifts: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRedshiftArgs']]]]] = None,
+            plugin_version: Optional[pulumi.Input[str]] = None,
+            postgresqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountPostgresqlArgs', 'SecretsMountPostgresqlArgsDict']]]]] = None,
+            redis: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRediArgs', 'SecretsMountRediArgsDict']]]]] = None,
+            redis_elasticaches: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedisElasticachArgs', 'SecretsMountRedisElasticachArgsDict']]]]] = None,
+            redshifts: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedshiftArgs', 'SecretsMountRedshiftArgsDict']]]]] = None,
             seal_wrap: Optional[pulumi.Input[bool]] = None,
-            snowflakes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountSnowflakeArgs']]]]] = None) -> 'SecretsMount':
+            snowflakes: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountSnowflakeArgs', 'SecretsMountSnowflakeArgsDict']]]]] = None) -> 'SecretsMount':
         """
         Get an existing SecretsMount resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -1434,53 +1665,59 @@ class SecretsMount(pulumi.CustomResource):
         :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
                
                The following arguments are common to all database engines:
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
         :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountCassandraArgs']]]] cassandras: A nested block containing configuration options for Cassandra connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCassandraArgs', 'SecretsMountCassandraArgsDict']]]] cassandras: A nested block containing configuration options for Cassandra connections.  
                *See Configuration Options for more info*
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountCouchbaseArgs']]]] couchbases: A nested block containing configuration options for Couchbase connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCouchbaseArgs', 'SecretsMountCouchbaseArgsDict']]]] couchbases: A nested block containing configuration options for Couchbase connections.  
                *See Configuration Options for more info*
         :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
         :param pulumi.Input[str] description: Human-friendly description of the mount
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountElasticsearchArgs']]]] elasticsearches: A nested block containing configuration options for Elasticsearch connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountElasticsearchArgs', 'SecretsMountElasticsearchArgsDict']]]] elasticsearches: A nested block containing configuration options for Elasticsearch connections.  
                *See Configuration Options for more info*
         :param pulumi.Input[int] engine_count: The total number of database secrets engines configured.
         :param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountHanaArgs']]]] hanas: A nested block containing configuration options for SAP HanaDB connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountHanaArgs', 'SecretsMountHanaArgsDict']]]] hanas: A nested block containing configuration options for SAP HanaDB connections.  
                *See Configuration Options for more info*
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountInfluxdbArgs']]]] influxdbs: A nested block containing configuration options for InfluxDB connections.  
+        :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountInfluxdbArgs', 'SecretsMountInfluxdbArgsDict']]]] influxdbs: A nested block containing configuration options for InfluxDB connections.  
                *See Configuration Options for more info*
+        :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
         :param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
         :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMongodbatlaArgs']]]] mongodbatlas: A nested block containing configuration options for MongoDB Atlas connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbatlaArgs', 'SecretsMountMongodbatlaArgsDict']]]] mongodbatlas: A nested block containing configuration options for MongoDB Atlas connections.  
                *See Configuration Options for more info*
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMongodbArgs']]]] mongodbs: A nested block containing configuration options for MongoDB connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbArgs', 'SecretsMountMongodbArgsDict']]]] mongodbs: A nested block containing configuration options for MongoDB connections.  
                *See Configuration Options for more info*
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMssqlArgs']]]] mssqls: A nested block containing configuration options for MSSQL connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMssqlArgs', 'SecretsMountMssqlArgsDict']]]] mssqls: A nested block containing configuration options for MSSQL connections.  
                *See Configuration Options for more info*
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlAuroraArgs']]]] mysql_auroras: A nested block containing configuration options for Aurora MySQL connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlAuroraArgs', 'SecretsMountMysqlAuroraArgsDict']]]] mysql_auroras: A nested block containing configuration options for Aurora MySQL connections.  
                *See Configuration Options for more info*
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlLegacyArgs']]]] mysql_legacies: A nested block containing configuration options for legacy MySQL connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlLegacyArgs', 'SecretsMountMysqlLegacyArgsDict']]]] mysql_legacies: A nested block containing configuration options for legacy MySQL connections.  
                *See Configuration Options for more info*
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlRdArgs']]]] mysql_rds: A nested block containing configuration options for RDS MySQL connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlRdArgs', 'SecretsMountMysqlRdArgsDict']]]] mysql_rds: A nested block containing configuration options for RDS MySQL connections.  
                *See Configuration Options for more info*
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlArgs']]]] mysqls: A nested block containing configuration options for MySQL connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlArgs', 'SecretsMountMysqlArgsDict']]]] mysqls: A nested block containing configuration options for MySQL connections.  
                *See Configuration Options for more info*
         :param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
-        :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountOracleArgs']]]] oracles: A nested block containing configuration options for Oracle connections.  
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountOracleArgs', 'SecretsMountOracleArgsDict']]]] oracles: A nested block containing configuration options for Oracle connections.  
                *See Configuration Options for more info*
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
         :param pulumi.Input[str] path: Where the secret backend will be mounted
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountPostgresqlArgs']]]] postgresqls: A nested block containing configuration options for PostgreSQL connections.  
+        :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountPostgresqlArgs', 'SecretsMountPostgresqlArgsDict']]]] postgresqls: A nested block containing configuration options for PostgreSQL connections.  
                *See Configuration Options for more info*
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRediArgs']]]] redis: A nested block containing configuration options for Redis connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRediArgs', 'SecretsMountRediArgsDict']]]] redis: A nested block containing configuration options for Redis connections.  
                *See Configuration Options for more info*
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRedisElasticachArgs']]]] redis_elasticaches: A nested block containing configuration options for Redis ElastiCache connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedisElasticachArgs', 'SecretsMountRedisElasticachArgsDict']]]] redis_elasticaches: A nested block containing configuration options for Redis ElastiCache connections.  
                *See Configuration Options for more info*
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRedshiftArgs']]]] redshifts: A nested block containing configuration options for AWS Redshift connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedshiftArgs', 'SecretsMountRedshiftArgsDict']]]] redshifts: A nested block containing configuration options for AWS Redshift connections.  
                *See Configuration Options for more info*
         :param pulumi.Input[bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountSnowflakeArgs']]]] snowflakes: A nested block containing configuration options for Snowflake connections.  
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountSnowflakeArgs', 'SecretsMountSnowflakeArgsDict']]]] snowflakes: A nested block containing configuration options for Snowflake connections.  
                *See Configuration Options for more info*
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -1489,17 +1726,21 @@ class SecretsMount(pulumi.CustomResource):
 
         __props__.__dict__["accessor"] = accessor
         __props__.__dict__["allowed_managed_keys"] = allowed_managed_keys
+        __props__.__dict__["allowed_response_headers"] = allowed_response_headers
         __props__.__dict__["audit_non_hmac_request_keys"] = audit_non_hmac_request_keys
         __props__.__dict__["audit_non_hmac_response_keys"] = audit_non_hmac_response_keys
         __props__.__dict__["cassandras"] = cassandras
         __props__.__dict__["couchbases"] = couchbases
         __props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
+        __props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
         __props__.__dict__["description"] = description
         __props__.__dict__["elasticsearches"] = elasticsearches
         __props__.__dict__["engine_count"] = engine_count
         __props__.__dict__["external_entropy_access"] = external_entropy_access
         __props__.__dict__["hanas"] = hanas
+        __props__.__dict__["identity_token_key"] = identity_token_key
         __props__.__dict__["influxdbs"] = influxdbs
+        __props__.__dict__["listing_visibility"] = listing_visibility
         __props__.__dict__["local"] = local
         __props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
         __props__.__dict__["mongodbatlas"] = mongodbatlas
@@ -1512,7 +1753,9 @@ class SecretsMount(pulumi.CustomResource):
         __props__.__dict__["namespace"] = namespace
         __props__.__dict__["options"] = options
         __props__.__dict__["oracles"] = oracles
+        __props__.__dict__["passthrough_request_headers"] = passthrough_request_headers
         __props__.__dict__["path"] = path
+        __props__.__dict__["plugin_version"] = plugin_version
         __props__.__dict__["postgresqls"] = postgresqls
         __props__.__dict__["redis"] = redis
         __props__.__dict__["redis_elasticaches"] = redis_elasticaches
@@ -1539,6 +1782,14 @@ class SecretsMount(pulumi.CustomResource):
         """
         return pulumi.get(self, "allowed_managed_keys")
 
+    @property
+    @pulumi.getter(name="allowedResponseHeaders")
+    def allowed_response_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
+        """
+        List of headers to allow and pass from the request to the plugin
+        """
+        return pulumi.get(self, "allowed_response_headers")
+
     @property
     @pulumi.getter(name="auditNonHmacRequestKeys")
     def audit_non_hmac_request_keys(self) -> pulumi.Output[Sequence[str]]:
@@ -1581,6 +1832,14 @@ class SecretsMount(pulumi.CustomResource):
         """
         return pulumi.get(self, "default_lease_ttl_seconds")
 
+    @property
+    @pulumi.getter(name="delegatedAuthAccessors")
+    def delegated_auth_accessors(self) -> pulumi.Output[Optional[Sequence[str]]]:
+        """
+        List of headers to allow and pass from the request to the plugin
+        """
+        return pulumi.get(self, "delegated_auth_accessors")
+
     @property
     @pulumi.getter
     def description(self) -> pulumi.Output[Optional[str]]:
@@ -1623,6 +1882,14 @@ class SecretsMount(pulumi.CustomResource):
         """
         return pulumi.get(self, "hanas")
 
+    @property
+    @pulumi.getter(name="identityTokenKey")
+    def identity_token_key(self) -> pulumi.Output[Optional[str]]:
+        """
+        The key to use for signing plugin workload identity tokens
+        """
+        return pulumi.get(self, "identity_token_key")
+
     @property
     @pulumi.getter
     def influxdbs(self) -> pulumi.Output[Optional[Sequence['outputs.SecretsMountInfluxdb']]]:
@@ -1632,6 +1899,14 @@ class SecretsMount(pulumi.CustomResource):
         """
         return pulumi.get(self, "influxdbs")
 
+    @property
+    @pulumi.getter(name="listingVisibility")
+    def listing_visibility(self) -> pulumi.Output[Optional[str]]:
+        """
+        Specifies whether to show this mount in the UI-specific listing endpoint
+        """
+        return pulumi.get(self, "listing_visibility")
+
     @property
     @pulumi.getter
     def local(self) -> pulumi.Output[Optional[bool]]:
@@ -1721,7 +1996,7 @@ class SecretsMount(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def options(self) -> pulumi.Output[Optional[Mapping[str, Any]]]:
+    def options(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
         """
         Specifies mount type specific options that are passed to the backend
         """
@@ -1736,6 +2011,14 @@ class SecretsMount(pulumi.CustomResource):
         """
         return pulumi.get(self, "oracles")
 
+    @property
+    @pulumi.getter(name="passthroughRequestHeaders")
+    def passthrough_request_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
+        """
+        List of headers to allow and pass from the request to the plugin
+        """
+        return pulumi.get(self, "passthrough_request_headers")
+
     @property
     @pulumi.getter
     def path(self) -> pulumi.Output[str]:
@@ -1744,6 +2027,14 @@ class SecretsMount(pulumi.CustomResource):
         """
         return pulumi.get(self, "path")
 
+    @property
+    @pulumi.getter(name="pluginVersion")
+    def plugin_version(self) -> pulumi.Output[Optional[str]]:
+        """
+        Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
+        """
+        return pulumi.get(self, "plugin_version")
+
     @property
     @pulumi.getter
     def postgresqls(self) -> pulumi.Output[Optional[Sequence['outputs.SecretsMountPostgresql']]]: