pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736850018.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/top_level.txt +0 -0
pulumi_vault/managed/_inputs.py
CHANGED
|
@@ -4,17 +4,88 @@
|
|
|
4
4
|
|
|
5
5
|
import copy
|
|
6
6
|
import warnings
|
|
7
|
+
import sys
|
|
7
8
|
import pulumi
|
|
8
9
|
import pulumi.runtime
|
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
|
11
|
+
if sys.version_info >= (3, 11):
|
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
|
13
|
+
else:
|
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
|
10
15
|
from .. import _utilities
|
|
11
16
|
|
|
12
17
|
__all__ = [
|
|
13
18
|
'KeysAwArgs',
|
|
19
|
+
'KeysAwArgsDict',
|
|
14
20
|
'KeysAzureArgs',
|
|
21
|
+
'KeysAzureArgsDict',
|
|
15
22
|
'KeysPkcArgs',
|
|
23
|
+
'KeysPkcArgsDict',
|
|
16
24
|
]
|
|
17
25
|
|
|
26
|
+
MYPY = False
|
|
27
|
+
|
|
28
|
+
if not MYPY:
|
|
29
|
+
class KeysAwArgsDict(TypedDict):
|
|
30
|
+
access_key: pulumi.Input[str]
|
|
31
|
+
"""
|
|
32
|
+
The AWS access key to use
|
|
33
|
+
"""
|
|
34
|
+
key_bits: pulumi.Input[str]
|
|
35
|
+
"""
|
|
36
|
+
The size in bits for an RSA key. This field is required when 'key_type' is 'RSA'
|
|
37
|
+
"""
|
|
38
|
+
key_type: pulumi.Input[str]
|
|
39
|
+
"""
|
|
40
|
+
The type of key to use
|
|
41
|
+
"""
|
|
42
|
+
kms_key: pulumi.Input[str]
|
|
43
|
+
"""
|
|
44
|
+
An identifier for the key
|
|
45
|
+
"""
|
|
46
|
+
name: pulumi.Input[str]
|
|
47
|
+
"""
|
|
48
|
+
A unique lowercase name that serves as identifying the key
|
|
49
|
+
"""
|
|
50
|
+
secret_key: pulumi.Input[str]
|
|
51
|
+
"""
|
|
52
|
+
The AWS secret key to use
|
|
53
|
+
"""
|
|
54
|
+
allow_generate_key: NotRequired[pulumi.Input[bool]]
|
|
55
|
+
"""
|
|
56
|
+
If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
|
|
57
|
+
"""
|
|
58
|
+
allow_replace_key: NotRequired[pulumi.Input[bool]]
|
|
59
|
+
"""
|
|
60
|
+
Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
|
|
61
|
+
"""
|
|
62
|
+
allow_store_key: NotRequired[pulumi.Input[bool]]
|
|
63
|
+
"""
|
|
64
|
+
Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
|
|
65
|
+
"""
|
|
66
|
+
any_mount: NotRequired[pulumi.Input[bool]]
|
|
67
|
+
"""
|
|
68
|
+
Allow usage from any mount point within the namespace if 'true'
|
|
69
|
+
"""
|
|
70
|
+
curve: NotRequired[pulumi.Input[str]]
|
|
71
|
+
"""
|
|
72
|
+
The curve to use for an ECDSA key. Used when key_type is 'ECDSA'. Required if 'allow_generate_key' is true
|
|
73
|
+
"""
|
|
74
|
+
endpoint: NotRequired[pulumi.Input[str]]
|
|
75
|
+
"""
|
|
76
|
+
Used to specify a custom AWS endpoint
|
|
77
|
+
"""
|
|
78
|
+
region: NotRequired[pulumi.Input[str]]
|
|
79
|
+
"""
|
|
80
|
+
The AWS region where the keys are stored (or will be stored)
|
|
81
|
+
"""
|
|
82
|
+
uuid: NotRequired[pulumi.Input[str]]
|
|
83
|
+
"""
|
|
84
|
+
ID of the managed key read from Vault
|
|
85
|
+
"""
|
|
86
|
+
elif False:
|
|
87
|
+
KeysAwArgsDict: TypeAlias = Mapping[str, Any]
|
|
88
|
+
|
|
18
89
|
@pulumi.input_type
|
|
19
90
|
class KeysAwArgs:
|
|
20
91
|
def __init__(__self__, *,
|
|
@@ -33,26 +104,19 @@ class KeysAwArgs:
|
|
|
33
104
|
region: Optional[pulumi.Input[str]] = None,
|
|
34
105
|
uuid: Optional[pulumi.Input[str]] = None):
|
|
35
106
|
"""
|
|
36
|
-
:param pulumi.Input[str] access_key: The AWS access key to use
|
|
37
|
-
:param pulumi.Input[str] key_bits: The size in bits for an RSA key.
|
|
38
|
-
:param pulumi.Input[str] key_type: The type of key to use
|
|
39
|
-
:param pulumi.Input[str] kms_key: An identifier for the key
|
|
40
|
-
:param pulumi.Input[str] name: A unique lowercase name that serves as identifying the key
|
|
41
|
-
:param pulumi.Input[str] secret_key: The AWS
|
|
42
|
-
:param pulumi.Input[bool] allow_generate_key: If no existing key can be found in
|
|
43
|
-
|
|
44
|
-
:param pulumi.Input[bool]
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
:param pulumi.Input[
|
|
49
|
-
configured backend, if `false`, those operations will be forbidden.
|
|
50
|
-
:param pulumi.Input[bool] any_mount: If `true`, allows usage from any mount point within the
|
|
51
|
-
namespace.
|
|
52
|
-
:param pulumi.Input[str] curve: The curve to use for an ECDSA key. Used when `key_type`
|
|
53
|
-
is `ECDSA`. Required if `allow_generate_key` is `true`.
|
|
54
|
-
:param pulumi.Input[str] endpoint: Used to specify a custom AWS endpoint.
|
|
55
|
-
:param pulumi.Input[str] region: The AWS region where the keys are stored (or will be stored).
|
|
107
|
+
:param pulumi.Input[str] access_key: The AWS access key to use
|
|
108
|
+
:param pulumi.Input[str] key_bits: The size in bits for an RSA key. This field is required when 'key_type' is 'RSA'
|
|
109
|
+
:param pulumi.Input[str] key_type: The type of key to use
|
|
110
|
+
:param pulumi.Input[str] kms_key: An identifier for the key
|
|
111
|
+
:param pulumi.Input[str] name: A unique lowercase name that serves as identifying the key
|
|
112
|
+
:param pulumi.Input[str] secret_key: The AWS secret key to use
|
|
113
|
+
:param pulumi.Input[bool] allow_generate_key: If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
|
|
114
|
+
:param pulumi.Input[bool] allow_replace_key: Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
|
|
115
|
+
:param pulumi.Input[bool] allow_store_key: Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
|
|
116
|
+
:param pulumi.Input[bool] any_mount: Allow usage from any mount point within the namespace if 'true'
|
|
117
|
+
:param pulumi.Input[str] curve: The curve to use for an ECDSA key. Used when key_type is 'ECDSA'. Required if 'allow_generate_key' is true
|
|
118
|
+
:param pulumi.Input[str] endpoint: Used to specify a custom AWS endpoint
|
|
119
|
+
:param pulumi.Input[str] region: The AWS region where the keys are stored (or will be stored)
|
|
56
120
|
:param pulumi.Input[str] uuid: ID of the managed key read from Vault
|
|
57
121
|
"""
|
|
58
122
|
pulumi.set(__self__, "access_key", access_key)
|
|
@@ -82,7 +146,7 @@ class KeysAwArgs:
|
|
|
82
146
|
@pulumi.getter(name="accessKey")
|
|
83
147
|
def access_key(self) -> pulumi.Input[str]:
|
|
84
148
|
"""
|
|
85
|
-
The AWS access key to use
|
|
149
|
+
The AWS access key to use
|
|
86
150
|
"""
|
|
87
151
|
return pulumi.get(self, "access_key")
|
|
88
152
|
|
|
@@ -94,7 +158,7 @@ class KeysAwArgs:
|
|
|
94
158
|
@pulumi.getter(name="keyBits")
|
|
95
159
|
def key_bits(self) -> pulumi.Input[str]:
|
|
96
160
|
"""
|
|
97
|
-
The size in bits for an RSA key.
|
|
161
|
+
The size in bits for an RSA key. This field is required when 'key_type' is 'RSA'
|
|
98
162
|
"""
|
|
99
163
|
return pulumi.get(self, "key_bits")
|
|
100
164
|
|
|
@@ -106,7 +170,7 @@ class KeysAwArgs:
|
|
|
106
170
|
@pulumi.getter(name="keyType")
|
|
107
171
|
def key_type(self) -> pulumi.Input[str]:
|
|
108
172
|
"""
|
|
109
|
-
The type of key to use
|
|
173
|
+
The type of key to use
|
|
110
174
|
"""
|
|
111
175
|
return pulumi.get(self, "key_type")
|
|
112
176
|
|
|
@@ -118,7 +182,7 @@ class KeysAwArgs:
|
|
|
118
182
|
@pulumi.getter(name="kmsKey")
|
|
119
183
|
def kms_key(self) -> pulumi.Input[str]:
|
|
120
184
|
"""
|
|
121
|
-
An identifier for the key
|
|
185
|
+
An identifier for the key
|
|
122
186
|
"""
|
|
123
187
|
return pulumi.get(self, "kms_key")
|
|
124
188
|
|
|
@@ -130,7 +194,7 @@ class KeysAwArgs:
|
|
|
130
194
|
@pulumi.getter
|
|
131
195
|
def name(self) -> pulumi.Input[str]:
|
|
132
196
|
"""
|
|
133
|
-
A unique lowercase name that serves as identifying the key
|
|
197
|
+
A unique lowercase name that serves as identifying the key
|
|
134
198
|
"""
|
|
135
199
|
return pulumi.get(self, "name")
|
|
136
200
|
|
|
@@ -142,7 +206,7 @@ class KeysAwArgs:
|
|
|
142
206
|
@pulumi.getter(name="secretKey")
|
|
143
207
|
def secret_key(self) -> pulumi.Input[str]:
|
|
144
208
|
"""
|
|
145
|
-
The AWS
|
|
209
|
+
The AWS secret key to use
|
|
146
210
|
"""
|
|
147
211
|
return pulumi.get(self, "secret_key")
|
|
148
212
|
|
|
@@ -154,8 +218,7 @@ class KeysAwArgs:
|
|
|
154
218
|
@pulumi.getter(name="allowGenerateKey")
|
|
155
219
|
def allow_generate_key(self) -> Optional[pulumi.Input[bool]]:
|
|
156
220
|
"""
|
|
157
|
-
If no existing key can be found in
|
|
158
|
-
the referenced backend, instructs Vault to generate a key within the backend.
|
|
221
|
+
If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
|
|
159
222
|
"""
|
|
160
223
|
return pulumi.get(self, "allow_generate_key")
|
|
161
224
|
|
|
@@ -167,10 +230,7 @@ class KeysAwArgs:
|
|
|
167
230
|
@pulumi.getter(name="allowReplaceKey")
|
|
168
231
|
def allow_replace_key(self) -> Optional[pulumi.Input[bool]]:
|
|
169
232
|
"""
|
|
170
|
-
Controls the ability for Vault to replace through
|
|
171
|
-
generation or importing a key into the configured backend even
|
|
172
|
-
if a key is present, if set to `false` those operations are forbidden
|
|
173
|
-
if a key exists.
|
|
233
|
+
Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
|
|
174
234
|
"""
|
|
175
235
|
return pulumi.get(self, "allow_replace_key")
|
|
176
236
|
|
|
@@ -182,8 +242,7 @@ class KeysAwArgs:
|
|
|
182
242
|
@pulumi.getter(name="allowStoreKey")
|
|
183
243
|
def allow_store_key(self) -> Optional[pulumi.Input[bool]]:
|
|
184
244
|
"""
|
|
185
|
-
Controls the ability for Vault to import a key to the
|
|
186
|
-
configured backend, if `false`, those operations will be forbidden.
|
|
245
|
+
Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
|
|
187
246
|
"""
|
|
188
247
|
return pulumi.get(self, "allow_store_key")
|
|
189
248
|
|
|
@@ -195,8 +254,7 @@ class KeysAwArgs:
|
|
|
195
254
|
@pulumi.getter(name="anyMount")
|
|
196
255
|
def any_mount(self) -> Optional[pulumi.Input[bool]]:
|
|
197
256
|
"""
|
|
198
|
-
|
|
199
|
-
namespace.
|
|
257
|
+
Allow usage from any mount point within the namespace if 'true'
|
|
200
258
|
"""
|
|
201
259
|
return pulumi.get(self, "any_mount")
|
|
202
260
|
|
|
@@ -208,8 +266,7 @@ class KeysAwArgs:
|
|
|
208
266
|
@pulumi.getter
|
|
209
267
|
def curve(self) -> Optional[pulumi.Input[str]]:
|
|
210
268
|
"""
|
|
211
|
-
The curve to use for an ECDSA key. Used when
|
|
212
|
-
is `ECDSA`. Required if `allow_generate_key` is `true`.
|
|
269
|
+
The curve to use for an ECDSA key. Used when key_type is 'ECDSA'. Required if 'allow_generate_key' is true
|
|
213
270
|
"""
|
|
214
271
|
return pulumi.get(self, "curve")
|
|
215
272
|
|
|
@@ -221,7 +278,7 @@ class KeysAwArgs:
|
|
|
221
278
|
@pulumi.getter
|
|
222
279
|
def endpoint(self) -> Optional[pulumi.Input[str]]:
|
|
223
280
|
"""
|
|
224
|
-
Used to specify a custom AWS endpoint
|
|
281
|
+
Used to specify a custom AWS endpoint
|
|
225
282
|
"""
|
|
226
283
|
return pulumi.get(self, "endpoint")
|
|
227
284
|
|
|
@@ -233,7 +290,7 @@ class KeysAwArgs:
|
|
|
233
290
|
@pulumi.getter
|
|
234
291
|
def region(self) -> Optional[pulumi.Input[str]]:
|
|
235
292
|
"""
|
|
236
|
-
The AWS region where the keys are stored (or will be stored)
|
|
293
|
+
The AWS region where the keys are stored (or will be stored)
|
|
237
294
|
"""
|
|
238
295
|
return pulumi.get(self, "region")
|
|
239
296
|
|
|
@@ -254,6 +311,71 @@ class KeysAwArgs:
|
|
|
254
311
|
pulumi.set(self, "uuid", value)
|
|
255
312
|
|
|
256
313
|
|
|
314
|
+
if not MYPY:
|
|
315
|
+
class KeysAzureArgsDict(TypedDict):
|
|
316
|
+
client_id: pulumi.Input[str]
|
|
317
|
+
"""
|
|
318
|
+
The client id for credentials to query the Azure APIs
|
|
319
|
+
"""
|
|
320
|
+
client_secret: pulumi.Input[str]
|
|
321
|
+
"""
|
|
322
|
+
The client secret for credentials to query the Azure APIs
|
|
323
|
+
"""
|
|
324
|
+
key_name: pulumi.Input[str]
|
|
325
|
+
"""
|
|
326
|
+
The Key Vault key to use for encryption and decryption
|
|
327
|
+
"""
|
|
328
|
+
key_type: pulumi.Input[str]
|
|
329
|
+
"""
|
|
330
|
+
The type of key to use
|
|
331
|
+
"""
|
|
332
|
+
name: pulumi.Input[str]
|
|
333
|
+
"""
|
|
334
|
+
A unique lowercase name that serves as identifying the key
|
|
335
|
+
"""
|
|
336
|
+
tenant_id: pulumi.Input[str]
|
|
337
|
+
"""
|
|
338
|
+
The tenant id for the Azure Active Directory organization
|
|
339
|
+
"""
|
|
340
|
+
vault_name: pulumi.Input[str]
|
|
341
|
+
"""
|
|
342
|
+
The Key Vault vault to use the encryption keys for encryption and decryption
|
|
343
|
+
"""
|
|
344
|
+
allow_generate_key: NotRequired[pulumi.Input[bool]]
|
|
345
|
+
"""
|
|
346
|
+
If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
|
|
347
|
+
"""
|
|
348
|
+
allow_replace_key: NotRequired[pulumi.Input[bool]]
|
|
349
|
+
"""
|
|
350
|
+
Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
|
|
351
|
+
"""
|
|
352
|
+
allow_store_key: NotRequired[pulumi.Input[bool]]
|
|
353
|
+
"""
|
|
354
|
+
Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
|
|
355
|
+
"""
|
|
356
|
+
any_mount: NotRequired[pulumi.Input[bool]]
|
|
357
|
+
"""
|
|
358
|
+
Allow usage from any mount point within the namespace if 'true'
|
|
359
|
+
"""
|
|
360
|
+
environment: NotRequired[pulumi.Input[str]]
|
|
361
|
+
"""
|
|
362
|
+
The Azure Cloud environment API endpoints to use
|
|
363
|
+
"""
|
|
364
|
+
key_bits: NotRequired[pulumi.Input[str]]
|
|
365
|
+
"""
|
|
366
|
+
The size in bits for an RSA key. This field is required when 'key_type' is 'RSA' or when 'allow_generate_key' is true
|
|
367
|
+
"""
|
|
368
|
+
resource: NotRequired[pulumi.Input[str]]
|
|
369
|
+
"""
|
|
370
|
+
The Azure Key Vault resource's DNS Suffix to connect to
|
|
371
|
+
"""
|
|
372
|
+
uuid: NotRequired[pulumi.Input[str]]
|
|
373
|
+
"""
|
|
374
|
+
ID of the managed key read from Vault
|
|
375
|
+
"""
|
|
376
|
+
elif False:
|
|
377
|
+
KeysAzureArgsDict: TypeAlias = Mapping[str, Any]
|
|
378
|
+
|
|
257
379
|
@pulumi.input_type
|
|
258
380
|
class KeysAzureArgs:
|
|
259
381
|
def __init__(__self__, *,
|
|
@@ -273,26 +395,20 @@ class KeysAzureArgs:
|
|
|
273
395
|
resource: Optional[pulumi.Input[str]] = None,
|
|
274
396
|
uuid: Optional[pulumi.Input[str]] = None):
|
|
275
397
|
"""
|
|
276
|
-
:param pulumi.Input[str] client_id: The client id for credentials to query the Azure APIs
|
|
277
|
-
:param pulumi.Input[str] client_secret: The client secret for credentials to query the Azure APIs
|
|
278
|
-
:param pulumi.Input[str] key_name: The Key Vault key to use for encryption and decryption
|
|
279
|
-
:param pulumi.Input[str] key_type: The type of key to use
|
|
280
|
-
:param pulumi.Input[str] name: A unique lowercase name that serves as identifying the key
|
|
281
|
-
:param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory organization
|
|
282
|
-
:param pulumi.Input[str] vault_name: The Key Vault vault to use for encryption and decryption
|
|
283
|
-
:param pulumi.Input[bool] allow_generate_key: If no existing key can be found in
|
|
284
|
-
|
|
285
|
-
:param pulumi.Input[bool]
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
:param pulumi.Input[
|
|
290
|
-
configured backend, if `false`, those operations will be forbidden.
|
|
291
|
-
:param pulumi.Input[bool] any_mount: If `true`, allows usage from any mount point within the
|
|
292
|
-
namespace.
|
|
293
|
-
:param pulumi.Input[str] environment: The Azure Cloud environment API endpoints to use.
|
|
294
|
-
:param pulumi.Input[str] key_bits: The size in bits for an RSA key.
|
|
295
|
-
:param pulumi.Input[str] resource: The Azure Key Vault resource's DNS Suffix to connect to.
|
|
398
|
+
:param pulumi.Input[str] client_id: The client id for credentials to query the Azure APIs
|
|
399
|
+
:param pulumi.Input[str] client_secret: The client secret for credentials to query the Azure APIs
|
|
400
|
+
:param pulumi.Input[str] key_name: The Key Vault key to use for encryption and decryption
|
|
401
|
+
:param pulumi.Input[str] key_type: The type of key to use
|
|
402
|
+
:param pulumi.Input[str] name: A unique lowercase name that serves as identifying the key
|
|
403
|
+
:param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory organization
|
|
404
|
+
:param pulumi.Input[str] vault_name: The Key Vault vault to use the encryption keys for encryption and decryption
|
|
405
|
+
:param pulumi.Input[bool] allow_generate_key: If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
|
|
406
|
+
:param pulumi.Input[bool] allow_replace_key: Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
|
|
407
|
+
:param pulumi.Input[bool] allow_store_key: Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
|
|
408
|
+
:param pulumi.Input[bool] any_mount: Allow usage from any mount point within the namespace if 'true'
|
|
409
|
+
:param pulumi.Input[str] environment: The Azure Cloud environment API endpoints to use
|
|
410
|
+
:param pulumi.Input[str] key_bits: The size in bits for an RSA key. This field is required when 'key_type' is 'RSA' or when 'allow_generate_key' is true
|
|
411
|
+
:param pulumi.Input[str] resource: The Azure Key Vault resource's DNS Suffix to connect to
|
|
296
412
|
:param pulumi.Input[str] uuid: ID of the managed key read from Vault
|
|
297
413
|
"""
|
|
298
414
|
pulumi.set(__self__, "client_id", client_id)
|
|
@@ -323,7 +439,7 @@ class KeysAzureArgs:
|
|
|
323
439
|
@pulumi.getter(name="clientId")
|
|
324
440
|
def client_id(self) -> pulumi.Input[str]:
|
|
325
441
|
"""
|
|
326
|
-
The client id for credentials to query the Azure APIs
|
|
442
|
+
The client id for credentials to query the Azure APIs
|
|
327
443
|
"""
|
|
328
444
|
return pulumi.get(self, "client_id")
|
|
329
445
|
|
|
@@ -335,7 +451,7 @@ class KeysAzureArgs:
|
|
|
335
451
|
@pulumi.getter(name="clientSecret")
|
|
336
452
|
def client_secret(self) -> pulumi.Input[str]:
|
|
337
453
|
"""
|
|
338
|
-
The client secret for credentials to query the Azure APIs
|
|
454
|
+
The client secret for credentials to query the Azure APIs
|
|
339
455
|
"""
|
|
340
456
|
return pulumi.get(self, "client_secret")
|
|
341
457
|
|
|
@@ -347,7 +463,7 @@ class KeysAzureArgs:
|
|
|
347
463
|
@pulumi.getter(name="keyName")
|
|
348
464
|
def key_name(self) -> pulumi.Input[str]:
|
|
349
465
|
"""
|
|
350
|
-
The Key Vault key to use for encryption and decryption
|
|
466
|
+
The Key Vault key to use for encryption and decryption
|
|
351
467
|
"""
|
|
352
468
|
return pulumi.get(self, "key_name")
|
|
353
469
|
|
|
@@ -359,7 +475,7 @@ class KeysAzureArgs:
|
|
|
359
475
|
@pulumi.getter(name="keyType")
|
|
360
476
|
def key_type(self) -> pulumi.Input[str]:
|
|
361
477
|
"""
|
|
362
|
-
The type of key to use
|
|
478
|
+
The type of key to use
|
|
363
479
|
"""
|
|
364
480
|
return pulumi.get(self, "key_type")
|
|
365
481
|
|
|
@@ -371,7 +487,7 @@ class KeysAzureArgs:
|
|
|
371
487
|
@pulumi.getter
|
|
372
488
|
def name(self) -> pulumi.Input[str]:
|
|
373
489
|
"""
|
|
374
|
-
A unique lowercase name that serves as identifying the key
|
|
490
|
+
A unique lowercase name that serves as identifying the key
|
|
375
491
|
"""
|
|
376
492
|
return pulumi.get(self, "name")
|
|
377
493
|
|
|
@@ -383,7 +499,7 @@ class KeysAzureArgs:
|
|
|
383
499
|
@pulumi.getter(name="tenantId")
|
|
384
500
|
def tenant_id(self) -> pulumi.Input[str]:
|
|
385
501
|
"""
|
|
386
|
-
The tenant id for the Azure Active Directory organization
|
|
502
|
+
The tenant id for the Azure Active Directory organization
|
|
387
503
|
"""
|
|
388
504
|
return pulumi.get(self, "tenant_id")
|
|
389
505
|
|
|
@@ -395,7 +511,7 @@ class KeysAzureArgs:
|
|
|
395
511
|
@pulumi.getter(name="vaultName")
|
|
396
512
|
def vault_name(self) -> pulumi.Input[str]:
|
|
397
513
|
"""
|
|
398
|
-
The Key Vault vault to use for encryption and decryption
|
|
514
|
+
The Key Vault vault to use the encryption keys for encryption and decryption
|
|
399
515
|
"""
|
|
400
516
|
return pulumi.get(self, "vault_name")
|
|
401
517
|
|
|
@@ -407,8 +523,7 @@ class KeysAzureArgs:
|
|
|
407
523
|
@pulumi.getter(name="allowGenerateKey")
|
|
408
524
|
def allow_generate_key(self) -> Optional[pulumi.Input[bool]]:
|
|
409
525
|
"""
|
|
410
|
-
If no existing key can be found in
|
|
411
|
-
the referenced backend, instructs Vault to generate a key within the backend.
|
|
526
|
+
If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
|
|
412
527
|
"""
|
|
413
528
|
return pulumi.get(self, "allow_generate_key")
|
|
414
529
|
|
|
@@ -420,10 +535,7 @@ class KeysAzureArgs:
|
|
|
420
535
|
@pulumi.getter(name="allowReplaceKey")
|
|
421
536
|
def allow_replace_key(self) -> Optional[pulumi.Input[bool]]:
|
|
422
537
|
"""
|
|
423
|
-
Controls the ability for Vault to replace through
|
|
424
|
-
generation or importing a key into the configured backend even
|
|
425
|
-
if a key is present, if set to `false` those operations are forbidden
|
|
426
|
-
if a key exists.
|
|
538
|
+
Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
|
|
427
539
|
"""
|
|
428
540
|
return pulumi.get(self, "allow_replace_key")
|
|
429
541
|
|
|
@@ -435,8 +547,7 @@ class KeysAzureArgs:
|
|
|
435
547
|
@pulumi.getter(name="allowStoreKey")
|
|
436
548
|
def allow_store_key(self) -> Optional[pulumi.Input[bool]]:
|
|
437
549
|
"""
|
|
438
|
-
Controls the ability for Vault to import a key to the
|
|
439
|
-
configured backend, if `false`, those operations will be forbidden.
|
|
550
|
+
Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
|
|
440
551
|
"""
|
|
441
552
|
return pulumi.get(self, "allow_store_key")
|
|
442
553
|
|
|
@@ -448,8 +559,7 @@ class KeysAzureArgs:
|
|
|
448
559
|
@pulumi.getter(name="anyMount")
|
|
449
560
|
def any_mount(self) -> Optional[pulumi.Input[bool]]:
|
|
450
561
|
"""
|
|
451
|
-
|
|
452
|
-
namespace.
|
|
562
|
+
Allow usage from any mount point within the namespace if 'true'
|
|
453
563
|
"""
|
|
454
564
|
return pulumi.get(self, "any_mount")
|
|
455
565
|
|
|
@@ -461,7 +571,7 @@ class KeysAzureArgs:
|
|
|
461
571
|
@pulumi.getter
|
|
462
572
|
def environment(self) -> Optional[pulumi.Input[str]]:
|
|
463
573
|
"""
|
|
464
|
-
The Azure Cloud environment API endpoints to use
|
|
574
|
+
The Azure Cloud environment API endpoints to use
|
|
465
575
|
"""
|
|
466
576
|
return pulumi.get(self, "environment")
|
|
467
577
|
|
|
@@ -473,7 +583,7 @@ class KeysAzureArgs:
|
|
|
473
583
|
@pulumi.getter(name="keyBits")
|
|
474
584
|
def key_bits(self) -> Optional[pulumi.Input[str]]:
|
|
475
585
|
"""
|
|
476
|
-
The size in bits for an RSA key.
|
|
586
|
+
The size in bits for an RSA key. This field is required when 'key_type' is 'RSA' or when 'allow_generate_key' is true
|
|
477
587
|
"""
|
|
478
588
|
return pulumi.get(self, "key_bits")
|
|
479
589
|
|
|
@@ -485,7 +595,7 @@ class KeysAzureArgs:
|
|
|
485
595
|
@pulumi.getter
|
|
486
596
|
def resource(self) -> Optional[pulumi.Input[str]]:
|
|
487
597
|
"""
|
|
488
|
-
The Azure Key Vault resource's DNS Suffix to connect to
|
|
598
|
+
The Azure Key Vault resource's DNS Suffix to connect to
|
|
489
599
|
"""
|
|
490
600
|
return pulumi.get(self, "resource")
|
|
491
601
|
|
|
@@ -506,6 +616,75 @@ class KeysAzureArgs:
|
|
|
506
616
|
pulumi.set(self, "uuid", value)
|
|
507
617
|
|
|
508
618
|
|
|
619
|
+
if not MYPY:
|
|
620
|
+
class KeysPkcArgsDict(TypedDict):
|
|
621
|
+
key_id: pulumi.Input[str]
|
|
622
|
+
"""
|
|
623
|
+
The id of a PKCS#11 key to use
|
|
624
|
+
"""
|
|
625
|
+
key_label: pulumi.Input[str]
|
|
626
|
+
"""
|
|
627
|
+
The label of the key to use
|
|
628
|
+
"""
|
|
629
|
+
library: pulumi.Input[str]
|
|
630
|
+
"""
|
|
631
|
+
The name of the kms_library stanza to use from Vault's config to lookup the local library path
|
|
632
|
+
"""
|
|
633
|
+
mechanism: pulumi.Input[str]
|
|
634
|
+
"""
|
|
635
|
+
The encryption/decryption mechanism to use, specified as a hexadecimal (prefixed by 0x) string.
|
|
636
|
+
"""
|
|
637
|
+
name: pulumi.Input[str]
|
|
638
|
+
"""
|
|
639
|
+
A unique lowercase name that serves as identifying the key
|
|
640
|
+
"""
|
|
641
|
+
pin: pulumi.Input[str]
|
|
642
|
+
"""
|
|
643
|
+
The PIN for login
|
|
644
|
+
"""
|
|
645
|
+
allow_generate_key: NotRequired[pulumi.Input[bool]]
|
|
646
|
+
"""
|
|
647
|
+
If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
|
|
648
|
+
"""
|
|
649
|
+
allow_replace_key: NotRequired[pulumi.Input[bool]]
|
|
650
|
+
"""
|
|
651
|
+
Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
|
|
652
|
+
"""
|
|
653
|
+
allow_store_key: NotRequired[pulumi.Input[bool]]
|
|
654
|
+
"""
|
|
655
|
+
Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
|
|
656
|
+
"""
|
|
657
|
+
any_mount: NotRequired[pulumi.Input[bool]]
|
|
658
|
+
"""
|
|
659
|
+
Allow usage from any mount point within the namespace if 'true'
|
|
660
|
+
"""
|
|
661
|
+
curve: NotRequired[pulumi.Input[str]]
|
|
662
|
+
"""
|
|
663
|
+
Supplies the curve value when using the 'CKM_ECDSA' mechanism. Required if 'allow_generate_key' is true
|
|
664
|
+
"""
|
|
665
|
+
force_rw_session: NotRequired[pulumi.Input[str]]
|
|
666
|
+
"""
|
|
667
|
+
Force all operations to open up a read-write session to the HSM
|
|
668
|
+
"""
|
|
669
|
+
key_bits: NotRequired[pulumi.Input[str]]
|
|
670
|
+
"""
|
|
671
|
+
Supplies the size in bits of the key when using 'CKM_RSA_PKCS_PSS', 'CKM_RSA_PKCS_OAEP' or 'CKM_RSA_PKCS' as a value for 'mechanism'. Required if 'allow_generate_key' is true
|
|
672
|
+
"""
|
|
673
|
+
slot: NotRequired[pulumi.Input[str]]
|
|
674
|
+
"""
|
|
675
|
+
The slot number to use, specified as a string in a decimal format (e.g. '2305843009213693953')
|
|
676
|
+
"""
|
|
677
|
+
token_label: NotRequired[pulumi.Input[str]]
|
|
678
|
+
"""
|
|
679
|
+
The slot token label to use
|
|
680
|
+
"""
|
|
681
|
+
uuid: NotRequired[pulumi.Input[str]]
|
|
682
|
+
"""
|
|
683
|
+
ID of the managed key read from Vault
|
|
684
|
+
"""
|
|
685
|
+
elif False:
|
|
686
|
+
KeysPkcArgsDict: TypeAlias = Mapping[str, Any]
|
|
687
|
+
|
|
509
688
|
@pulumi.input_type
|
|
510
689
|
class KeysPkcArgs:
|
|
511
690
|
def __init__(__self__, *,
|
|
@@ -526,32 +705,21 @@ class KeysPkcArgs:
|
|
|
526
705
|
token_label: Optional[pulumi.Input[str]] = None,
|
|
527
706
|
uuid: Optional[pulumi.Input[str]] = None):
|
|
528
707
|
"""
|
|
529
|
-
:param pulumi.Input[str] key_id: The id of a PKCS#11 key to use
|
|
530
|
-
:param pulumi.Input[str] key_label: The label of the key to use
|
|
531
|
-
:param pulumi.Input[str] library: The name of the kms_library stanza to use from Vault's config
|
|
532
|
-
|
|
533
|
-
:param pulumi.Input[str]
|
|
534
|
-
|
|
535
|
-
:param pulumi.Input[
|
|
536
|
-
:param pulumi.Input[
|
|
537
|
-
:param pulumi.Input[bool]
|
|
538
|
-
|
|
539
|
-
:param pulumi.Input[
|
|
540
|
-
|
|
541
|
-
|
|
542
|
-
|
|
543
|
-
:param pulumi.Input[
|
|
544
|
-
configured backend, if `false`, those operations will be forbidden.
|
|
545
|
-
:param pulumi.Input[bool] any_mount: If `true`, allows usage from any mount point within the
|
|
546
|
-
namespace.
|
|
547
|
-
:param pulumi.Input[str] curve: The curve to use for an ECDSA key. Used when `key_type`
|
|
548
|
-
is `ECDSA`. Required if `allow_generate_key` is `true`.
|
|
549
|
-
:param pulumi.Input[str] force_rw_session: Force all operations to open up a read-write session to
|
|
550
|
-
the HSM.
|
|
551
|
-
:param pulumi.Input[str] key_bits: The size in bits for an RSA key.
|
|
552
|
-
:param pulumi.Input[str] slot: The slot number to use, specified as a string in a decimal format
|
|
553
|
-
(e.g. `2305843009213693953`).
|
|
554
|
-
:param pulumi.Input[str] token_label: The slot token label to use.
|
|
708
|
+
:param pulumi.Input[str] key_id: The id of a PKCS#11 key to use
|
|
709
|
+
:param pulumi.Input[str] key_label: The label of the key to use
|
|
710
|
+
:param pulumi.Input[str] library: The name of the kms_library stanza to use from Vault's config to lookup the local library path
|
|
711
|
+
:param pulumi.Input[str] mechanism: The encryption/decryption mechanism to use, specified as a hexadecimal (prefixed by 0x) string.
|
|
712
|
+
:param pulumi.Input[str] name: A unique lowercase name that serves as identifying the key
|
|
713
|
+
:param pulumi.Input[str] pin: The PIN for login
|
|
714
|
+
:param pulumi.Input[bool] allow_generate_key: If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
|
|
715
|
+
:param pulumi.Input[bool] allow_replace_key: Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
|
|
716
|
+
:param pulumi.Input[bool] allow_store_key: Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
|
|
717
|
+
:param pulumi.Input[bool] any_mount: Allow usage from any mount point within the namespace if 'true'
|
|
718
|
+
:param pulumi.Input[str] curve: Supplies the curve value when using the 'CKM_ECDSA' mechanism. Required if 'allow_generate_key' is true
|
|
719
|
+
:param pulumi.Input[str] force_rw_session: Force all operations to open up a read-write session to the HSM
|
|
720
|
+
:param pulumi.Input[str] key_bits: Supplies the size in bits of the key when using 'CKM_RSA_PKCS_PSS', 'CKM_RSA_PKCS_OAEP' or 'CKM_RSA_PKCS' as a value for 'mechanism'. Required if 'allow_generate_key' is true
|
|
721
|
+
:param pulumi.Input[str] slot: The slot number to use, specified as a string in a decimal format (e.g. '2305843009213693953')
|
|
722
|
+
:param pulumi.Input[str] token_label: The slot token label to use
|
|
555
723
|
:param pulumi.Input[str] uuid: ID of the managed key read from Vault
|
|
556
724
|
"""
|
|
557
725
|
pulumi.set(__self__, "key_id", key_id)
|
|
@@ -585,7 +753,7 @@ class KeysPkcArgs:
|
|
|
585
753
|
@pulumi.getter(name="keyId")
|
|
586
754
|
def key_id(self) -> pulumi.Input[str]:
|
|
587
755
|
"""
|
|
588
|
-
The id of a PKCS#11 key to use
|
|
756
|
+
The id of a PKCS#11 key to use
|
|
589
757
|
"""
|
|
590
758
|
return pulumi.get(self, "key_id")
|
|
591
759
|
|
|
@@ -597,7 +765,7 @@ class KeysPkcArgs:
|
|
|
597
765
|
@pulumi.getter(name="keyLabel")
|
|
598
766
|
def key_label(self) -> pulumi.Input[str]:
|
|
599
767
|
"""
|
|
600
|
-
The label of the key to use
|
|
768
|
+
The label of the key to use
|
|
601
769
|
"""
|
|
602
770
|
return pulumi.get(self, "key_label")
|
|
603
771
|
|
|
@@ -609,8 +777,7 @@ class KeysPkcArgs:
|
|
|
609
777
|
@pulumi.getter
|
|
610
778
|
def library(self) -> pulumi.Input[str]:
|
|
611
779
|
"""
|
|
612
|
-
The name of the kms_library stanza to use from Vault's config
|
|
613
|
-
to lookup the local library path.
|
|
780
|
+
The name of the kms_library stanza to use from Vault's config to lookup the local library path
|
|
614
781
|
"""
|
|
615
782
|
return pulumi.get(self, "library")
|
|
616
783
|
|
|
@@ -622,8 +789,7 @@ class KeysPkcArgs:
|
|
|
622
789
|
@pulumi.getter
|
|
623
790
|
def mechanism(self) -> pulumi.Input[str]:
|
|
624
791
|
"""
|
|
625
|
-
The encryption/decryption mechanism to use, specified as a
|
|
626
|
-
hexadecimal (prefixed by 0x) string.
|
|
792
|
+
The encryption/decryption mechanism to use, specified as a hexadecimal (prefixed by 0x) string.
|
|
627
793
|
"""
|
|
628
794
|
return pulumi.get(self, "mechanism")
|
|
629
795
|
|
|
@@ -635,7 +801,7 @@ class KeysPkcArgs:
|
|
|
635
801
|
@pulumi.getter
|
|
636
802
|
def name(self) -> pulumi.Input[str]:
|
|
637
803
|
"""
|
|
638
|
-
A unique lowercase name that serves as identifying the key
|
|
804
|
+
A unique lowercase name that serves as identifying the key
|
|
639
805
|
"""
|
|
640
806
|
return pulumi.get(self, "name")
|
|
641
807
|
|
|
@@ -647,7 +813,7 @@ class KeysPkcArgs:
|
|
|
647
813
|
@pulumi.getter
|
|
648
814
|
def pin(self) -> pulumi.Input[str]:
|
|
649
815
|
"""
|
|
650
|
-
The PIN for login
|
|
816
|
+
The PIN for login
|
|
651
817
|
"""
|
|
652
818
|
return pulumi.get(self, "pin")
|
|
653
819
|
|
|
@@ -659,8 +825,7 @@ class KeysPkcArgs:
|
|
|
659
825
|
@pulumi.getter(name="allowGenerateKey")
|
|
660
826
|
def allow_generate_key(self) -> Optional[pulumi.Input[bool]]:
|
|
661
827
|
"""
|
|
662
|
-
If no existing key can be found in
|
|
663
|
-
the referenced backend, instructs Vault to generate a key within the backend.
|
|
828
|
+
If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
|
|
664
829
|
"""
|
|
665
830
|
return pulumi.get(self, "allow_generate_key")
|
|
666
831
|
|
|
@@ -672,10 +837,7 @@ class KeysPkcArgs:
|
|
|
672
837
|
@pulumi.getter(name="allowReplaceKey")
|
|
673
838
|
def allow_replace_key(self) -> Optional[pulumi.Input[bool]]:
|
|
674
839
|
"""
|
|
675
|
-
Controls the ability for Vault to replace through
|
|
676
|
-
generation or importing a key into the configured backend even
|
|
677
|
-
if a key is present, if set to `false` those operations are forbidden
|
|
678
|
-
if a key exists.
|
|
840
|
+
Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
|
|
679
841
|
"""
|
|
680
842
|
return pulumi.get(self, "allow_replace_key")
|
|
681
843
|
|
|
@@ -687,8 +849,7 @@ class KeysPkcArgs:
|
|
|
687
849
|
@pulumi.getter(name="allowStoreKey")
|
|
688
850
|
def allow_store_key(self) -> Optional[pulumi.Input[bool]]:
|
|
689
851
|
"""
|
|
690
|
-
Controls the ability for Vault to import a key to the
|
|
691
|
-
configured backend, if `false`, those operations will be forbidden.
|
|
852
|
+
Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
|
|
692
853
|
"""
|
|
693
854
|
return pulumi.get(self, "allow_store_key")
|
|
694
855
|
|
|
@@ -700,8 +861,7 @@ class KeysPkcArgs:
|
|
|
700
861
|
@pulumi.getter(name="anyMount")
|
|
701
862
|
def any_mount(self) -> Optional[pulumi.Input[bool]]:
|
|
702
863
|
"""
|
|
703
|
-
|
|
704
|
-
namespace.
|
|
864
|
+
Allow usage from any mount point within the namespace if 'true'
|
|
705
865
|
"""
|
|
706
866
|
return pulumi.get(self, "any_mount")
|
|
707
867
|
|
|
@@ -713,8 +873,7 @@ class KeysPkcArgs:
|
|
|
713
873
|
@pulumi.getter
|
|
714
874
|
def curve(self) -> Optional[pulumi.Input[str]]:
|
|
715
875
|
"""
|
|
716
|
-
|
|
717
|
-
is `ECDSA`. Required if `allow_generate_key` is `true`.
|
|
876
|
+
Supplies the curve value when using the 'CKM_ECDSA' mechanism. Required if 'allow_generate_key' is true
|
|
718
877
|
"""
|
|
719
878
|
return pulumi.get(self, "curve")
|
|
720
879
|
|
|
@@ -726,8 +885,7 @@ class KeysPkcArgs:
|
|
|
726
885
|
@pulumi.getter(name="forceRwSession")
|
|
727
886
|
def force_rw_session(self) -> Optional[pulumi.Input[str]]:
|
|
728
887
|
"""
|
|
729
|
-
Force all operations to open up a read-write session to
|
|
730
|
-
the HSM.
|
|
888
|
+
Force all operations to open up a read-write session to the HSM
|
|
731
889
|
"""
|
|
732
890
|
return pulumi.get(self, "force_rw_session")
|
|
733
891
|
|
|
@@ -739,7 +897,7 @@ class KeysPkcArgs:
|
|
|
739
897
|
@pulumi.getter(name="keyBits")
|
|
740
898
|
def key_bits(self) -> Optional[pulumi.Input[str]]:
|
|
741
899
|
"""
|
|
742
|
-
|
|
900
|
+
Supplies the size in bits of the key when using 'CKM_RSA_PKCS_PSS', 'CKM_RSA_PKCS_OAEP' or 'CKM_RSA_PKCS' as a value for 'mechanism'. Required if 'allow_generate_key' is true
|
|
743
901
|
"""
|
|
744
902
|
return pulumi.get(self, "key_bits")
|
|
745
903
|
|
|
@@ -751,8 +909,7 @@ class KeysPkcArgs:
|
|
|
751
909
|
@pulumi.getter
|
|
752
910
|
def slot(self) -> Optional[pulumi.Input[str]]:
|
|
753
911
|
"""
|
|
754
|
-
The slot number to use, specified as a string in a decimal format
|
|
755
|
-
(e.g. `2305843009213693953`).
|
|
912
|
+
The slot number to use, specified as a string in a decimal format (e.g. '2305843009213693953')
|
|
756
913
|
"""
|
|
757
914
|
return pulumi.get(self, "slot")
|
|
758
915
|
|
|
@@ -764,7 +921,7 @@ class KeysPkcArgs:
|
|
|
764
921
|
@pulumi.getter(name="tokenLabel")
|
|
765
922
|
def token_label(self) -> Optional[pulumi.Input[str]]:
|
|
766
923
|
"""
|
|
767
|
-
The slot token label to use
|
|
924
|
+
The slot token label to use
|
|
768
925
|
"""
|
|
769
926
|
return pulumi.get(self, "token_label")
|
|
770
927
|
|