pulumi-vault 6.2.0__py3-none-any.whl → 6.2.0a1712470779__py3-none-any.whl

pulumi_vault/managed/keys.py

@@ -24,7 +24,10 @@ class KeysArgs:
         The set of arguments for constructing a Keys resource.
         :param pulumi.Input[Sequence[pulumi.Input['KeysAwArgs']]] aws: Configuration block for AWS Managed Keys
         :param pulumi.Input[Sequence[pulumi.Input['KeysAzureArgs']]] azures: Configuration block for Azure Managed Keys
-        :param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
+        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured namespace.
+               *Available only for Vault Enterprise*.
         :param pulumi.Input[Sequence[pulumi.Input['KeysPkcArgs']]] pkcs: Configuration block for PKCS Managed Keys
         """
         if aws is not None:
@@ -64,7 +67,10 @@ class KeysArgs:
     @pulumi.getter
     def namespace(self) -> Optional[pulumi.Input[str]]:
         """
-        Target namespace. (requires Enterprise)
+        The namespace to provision the resource in.
+        The value should not contain leading or trailing forward slashes.
+        The `namespace` is always relative to the provider's configured namespace.
+        *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
 
@@ -96,7 +102,10 @@ class _KeysState:
         Input properties used for looking up and filtering Keys resources.
         :param pulumi.Input[Sequence[pulumi.Input['KeysAwArgs']]] aws: Configuration block for AWS Managed Keys
         :param pulumi.Input[Sequence[pulumi.Input['KeysAzureArgs']]] azures: Configuration block for Azure Managed Keys
-        :param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
+        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured namespace.
+               *Available only for Vault Enterprise*.
         :param pulumi.Input[Sequence[pulumi.Input['KeysPkcArgs']]] pkcs: Configuration block for PKCS Managed Keys
         """
         if aws is not None:
@@ -136,7 +145,10 @@ class _KeysState:
     @pulumi.getter
     def namespace(self) -> Optional[pulumi.Input[str]]:
         """
-        Target namespace. (requires Enterprise)
+        The namespace to provision the resource in.
+        The value should not contain leading or trailing forward slashes.
+        The `namespace` is always relative to the provider's configured namespace.
+        *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
 
@@ -184,7 +196,10 @@ class Keys(pulumi.CustomResource):
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KeysAwArgs']]]] aws: Configuration block for AWS Managed Keys
         :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KeysAzureArgs']]]] azures: Configuration block for Azure Managed Keys
-        :param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
+        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured namespace.
+               *Available only for Vault Enterprise*.
         :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KeysPkcArgs']]]] pkcs: Configuration block for PKCS Managed Keys
         """
         ...
@@ -261,7 +276,10 @@ class Keys(pulumi.CustomResource):
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KeysAwArgs']]]] aws: Configuration block for AWS Managed Keys
         :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KeysAzureArgs']]]] azures: Configuration block for Azure Managed Keys
-        :param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
+        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured namespace.
+               *Available only for Vault Enterprise*.
         :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KeysPkcArgs']]]] pkcs: Configuration block for PKCS Managed Keys
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -294,7 +312,10 @@ class Keys(pulumi.CustomResource):
     @pulumi.getter
     def namespace(self) -> pulumi.Output[Optional[str]]:
         """
-        Target namespace. (requires Enterprise)
+        The namespace to provision the resource in.
+        The value should not contain leading or trailing forward slashes.
+        The `namespace` is always relative to the provider's configured namespace.
+        *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
 

pulumi_vault/managed/outputs.py

@@ -66,19 +66,26 @@ class KeysAw(dict):
                  region: Optional[str] = None,
                  uuid: Optional[str] = None):
         """
-        :param str access_key: The AWS access key to use
-        :param str key_bits: The size in bits for an RSA key. This field is required when 'key_type' is 'RSA'
-        :param str key_type: The type of key to use
-        :param str kms_key: An identifier for the key
-        :param str name: A unique lowercase name that serves as identifying the key
-        :param str secret_key: The AWS secret key to use
-        :param bool allow_generate_key: If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
-        :param bool allow_replace_key: Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
-        :param bool allow_store_key: Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
-        :param bool any_mount: Allow usage from any mount point within the namespace if 'true'
-        :param str curve: The curve to use for an ECDSA key. Used when key_type is 'ECDSA'. Required if 'allow_generate_key' is true
-        :param str endpoint: Used to specify a custom AWS endpoint
-        :param str region: The AWS region where the keys are stored (or will be stored)
+        :param str access_key: The AWS access key to use.
+        :param str key_bits: The size in bits for an RSA key.
+        :param str key_type: The type of key to use.
+        :param str kms_key: An identifier for the key.
+        :param str name: A unique lowercase name that serves as identifying the key.
+        :param str secret_key: The AWS access key to use.
+        :param bool allow_generate_key: If no existing key can be found in 
+               the referenced backend, instructs Vault to generate a key within the backend.
+        :param bool allow_replace_key: Controls the ability for Vault to replace through
+               generation or importing a key into the configured backend even
+               if a key is present, if set to `false` those operations are forbidden
+               if a key exists.
+        :param bool allow_store_key: Controls the ability for Vault to import a key to the
+               configured backend, if `false`, those operations will be forbidden.
+        :param bool any_mount: If `true`, allows usage from any mount point within the
+               namespace.
+        :param str curve: The curve to use for an ECDSA key. Used when `key_type` 
+               is `ECDSA`. Required if `allow_generate_key` is `true`.
+        :param str endpoint: Used to specify a custom AWS endpoint.
+        :param str region: The AWS region where the keys are stored (or will be stored).
         :param str uuid: ID of the managed key read from Vault
         """
         pulumi.set(__self__, "access_key", access_key)
@@ -108,7 +115,7 @@ class KeysAw(dict):
     @pulumi.getter(name="accessKey")
     def access_key(self) -> str:
         """
-        The AWS access key to use
+        The AWS access key to use.
         """
         return pulumi.get(self, "access_key")
 
@@ -116,7 +123,7 @@ class KeysAw(dict):
     @pulumi.getter(name="keyBits")
     def key_bits(self) -> str:
         """
-        The size in bits for an RSA key. This field is required when 'key_type' is 'RSA'
+        The size in bits for an RSA key.
         """
         return pulumi.get(self, "key_bits")
 
@@ -124,7 +131,7 @@ class KeysAw(dict):
     @pulumi.getter(name="keyType")
     def key_type(self) -> str:
         """
-        The type of key to use
+        The type of key to use.
         """
         return pulumi.get(self, "key_type")
 
@@ -132,7 +139,7 @@ class KeysAw(dict):
     @pulumi.getter(name="kmsKey")
     def kms_key(self) -> str:
         """
-        An identifier for the key
+        An identifier for the key.
         """
         return pulumi.get(self, "kms_key")
 
@@ -140,7 +147,7 @@ class KeysAw(dict):
     @pulumi.getter
     def name(self) -> str:
         """
-        A unique lowercase name that serves as identifying the key
+        A unique lowercase name that serves as identifying the key.
         """
         return pulumi.get(self, "name")
 
@@ -148,7 +155,7 @@ class KeysAw(dict):
     @pulumi.getter(name="secretKey")
     def secret_key(self) -> str:
         """
-        The AWS secret key to use
+        The AWS access key to use.
         """
         return pulumi.get(self, "secret_key")
 
@@ -156,7 +163,8 @@ class KeysAw(dict):
     @pulumi.getter(name="allowGenerateKey")
     def allow_generate_key(self) -> Optional[bool]:
         """
-        If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
+        If no existing key can be found in 
+        the referenced backend, instructs Vault to generate a key within the backend.
         """
         return pulumi.get(self, "allow_generate_key")
 
@@ -164,7 +172,10 @@ class KeysAw(dict):
     @pulumi.getter(name="allowReplaceKey")
     def allow_replace_key(self) -> Optional[bool]:
         """
-        Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
+        Controls the ability for Vault to replace through
+        generation or importing a key into the configured backend even
+        if a key is present, if set to `false` those operations are forbidden
+        if a key exists.
         """
         return pulumi.get(self, "allow_replace_key")
 
@@ -172,7 +183,8 @@ class KeysAw(dict):
     @pulumi.getter(name="allowStoreKey")
     def allow_store_key(self) -> Optional[bool]:
         """
-        Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
+        Controls the ability for Vault to import a key to the
+        configured backend, if `false`, those operations will be forbidden.
         """
         return pulumi.get(self, "allow_store_key")
 
@@ -180,7 +192,8 @@ class KeysAw(dict):
     @pulumi.getter(name="anyMount")
     def any_mount(self) -> Optional[bool]:
         """
-        Allow usage from any mount point within the namespace if 'true'
+        If `true`, allows usage from any mount point within the
+        namespace.
         """
         return pulumi.get(self, "any_mount")
 
@@ -188,7 +201,8 @@ class KeysAw(dict):
     @pulumi.getter
     def curve(self) -> Optional[str]:
         """
-        The curve to use for an ECDSA key. Used when key_type is 'ECDSA'. Required if 'allow_generate_key' is true
+        The curve to use for an ECDSA key. Used when `key_type` 
+        is `ECDSA`. Required if `allow_generate_key` is `true`.
         """
         return pulumi.get(self, "curve")
 
@@ -196,7 +210,7 @@ class KeysAw(dict):
     @pulumi.getter
     def endpoint(self) -> Optional[str]:
         """
-        Used to specify a custom AWS endpoint
+        Used to specify a custom AWS endpoint.
         """
         return pulumi.get(self, "endpoint")
 
@@ -204,7 +218,7 @@ class KeysAw(dict):
     @pulumi.getter
     def region(self) -> Optional[str]:
         """
-        The AWS region where the keys are stored (or will be stored)
+        The AWS region where the keys are stored (or will be stored).
         """
         return pulumi.get(self, "region")
 
@@ -273,20 +287,26 @@ class KeysAzure(dict):
                  resource: Optional[str] = None,
                  uuid: Optional[str] = None):
         """
-        :param str client_id: The client id for credentials to query the Azure APIs
-        :param str client_secret: The client secret for credentials to query the Azure APIs
-        :param str key_name: The Key Vault key to use for encryption and decryption
-        :param str key_type: The type of key to use
-        :param str name: A unique lowercase name that serves as identifying the key
-        :param str tenant_id: The tenant id for the Azure Active Directory organization
-        :param str vault_name: The Key Vault vault to use the encryption keys for encryption and decryption
-        :param bool allow_generate_key: If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
-        :param bool allow_replace_key: Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
-        :param bool allow_store_key: Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
-        :param bool any_mount: Allow usage from any mount point within the namespace if 'true'
-        :param str environment: The Azure Cloud environment API endpoints to use
-        :param str key_bits: The size in bits for an RSA key. This field is required when 'key_type' is 'RSA' or when 'allow_generate_key' is true
-        :param str resource: The Azure Key Vault resource's DNS Suffix to connect to
+        :param str client_id: The client id for credentials to query the Azure APIs.
+        :param str client_secret: The client secret for credentials to query the Azure APIs.
+        :param str key_name: The Key Vault key to use for encryption and decryption.
+        :param str key_type: The type of key to use.
+        :param str name: A unique lowercase name that serves as identifying the key.
+        :param str tenant_id: The tenant id for the Azure Active Directory organization.
+        :param str vault_name: The Key Vault vault to use for encryption and decryption.
+        :param bool allow_generate_key: If no existing key can be found in 
+               the referenced backend, instructs Vault to generate a key within the backend.
+        :param bool allow_replace_key: Controls the ability for Vault to replace through
+               generation or importing a key into the configured backend even
+               if a key is present, if set to `false` those operations are forbidden
+               if a key exists.
+        :param bool allow_store_key: Controls the ability for Vault to import a key to the
+               configured backend, if `false`, those operations will be forbidden.
+        :param bool any_mount: If `true`, allows usage from any mount point within the
+               namespace.
+        :param str environment: The Azure Cloud environment API endpoints to use.
+        :param str key_bits: The size in bits for an RSA key.
+        :param str resource: The Azure Key Vault resource's DNS Suffix to connect to.
         :param str uuid: ID of the managed key read from Vault
         """
         pulumi.set(__self__, "client_id", client_id)
@@ -317,7 +337,7 @@ class KeysAzure(dict):
     @pulumi.getter(name="clientId")
     def client_id(self) -> str:
         """
-        The client id for credentials to query the Azure APIs
+        The client id for credentials to query the Azure APIs.
         """
         return pulumi.get(self, "client_id")
 
@@ -325,7 +345,7 @@ class KeysAzure(dict):
     @pulumi.getter(name="clientSecret")
     def client_secret(self) -> str:
         """
-        The client secret for credentials to query the Azure APIs
+        The client secret for credentials to query the Azure APIs.
         """
         return pulumi.get(self, "client_secret")
 
@@ -333,7 +353,7 @@ class KeysAzure(dict):
     @pulumi.getter(name="keyName")
     def key_name(self) -> str:
         """
-        The Key Vault key to use for encryption and decryption
+        The Key Vault key to use for encryption and decryption.
         """
         return pulumi.get(self, "key_name")
 
@@ -341,7 +361,7 @@ class KeysAzure(dict):
     @pulumi.getter(name="keyType")
     def key_type(self) -> str:
         """
-        The type of key to use
+        The type of key to use.
         """
         return pulumi.get(self, "key_type")
 
@@ -349,7 +369,7 @@ class KeysAzure(dict):
     @pulumi.getter
     def name(self) -> str:
         """
-        A unique lowercase name that serves as identifying the key
+        A unique lowercase name that serves as identifying the key.
         """
         return pulumi.get(self, "name")
 
@@ -357,7 +377,7 @@ class KeysAzure(dict):
     @pulumi.getter(name="tenantId")
     def tenant_id(self) -> str:
         """
-        The tenant id for the Azure Active Directory organization
+        The tenant id for the Azure Active Directory organization.
         """
         return pulumi.get(self, "tenant_id")
 
@@ -365,7 +385,7 @@ class KeysAzure(dict):
     @pulumi.getter(name="vaultName")
     def vault_name(self) -> str:
         """
-        The Key Vault vault to use the encryption keys for encryption and decryption
+        The Key Vault vault to use for encryption and decryption.
         """
         return pulumi.get(self, "vault_name")
 
@@ -373,7 +393,8 @@ class KeysAzure(dict):
     @pulumi.getter(name="allowGenerateKey")
     def allow_generate_key(self) -> Optional[bool]:
         """
-        If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
+        If no existing key can be found in 
+        the referenced backend, instructs Vault to generate a key within the backend.
         """
         return pulumi.get(self, "allow_generate_key")
 
@@ -381,7 +402,10 @@ class KeysAzure(dict):
     @pulumi.getter(name="allowReplaceKey")
     def allow_replace_key(self) -> Optional[bool]:
         """
-        Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
+        Controls the ability for Vault to replace through
+        generation or importing a key into the configured backend even
+        if a key is present, if set to `false` those operations are forbidden
+        if a key exists.
         """
         return pulumi.get(self, "allow_replace_key")
 
@@ -389,7 +413,8 @@ class KeysAzure(dict):
     @pulumi.getter(name="allowStoreKey")
     def allow_store_key(self) -> Optional[bool]:
         """
-        Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
+        Controls the ability for Vault to import a key to the
+        configured backend, if `false`, those operations will be forbidden.
         """
         return pulumi.get(self, "allow_store_key")
 
@@ -397,7 +422,8 @@ class KeysAzure(dict):
     @pulumi.getter(name="anyMount")
     def any_mount(self) -> Optional[bool]:
         """
-        Allow usage from any mount point within the namespace if 'true'
+        If `true`, allows usage from any mount point within the
+        namespace.
         """
         return pulumi.get(self, "any_mount")
 
@@ -405,7 +431,7 @@ class KeysAzure(dict):
     @pulumi.getter
     def environment(self) -> Optional[str]:
         """
-        The Azure Cloud environment API endpoints to use
+        The Azure Cloud environment API endpoints to use.
         """
         return pulumi.get(self, "environment")
 
@@ -413,7 +439,7 @@ class KeysAzure(dict):
     @pulumi.getter(name="keyBits")
     def key_bits(self) -> Optional[str]:
         """
-        The size in bits for an RSA key. This field is required when 'key_type' is 'RSA' or when 'allow_generate_key' is true
+        The size in bits for an RSA key.
         """
         return pulumi.get(self, "key_bits")
 
@@ -421,7 +447,7 @@ class KeysAzure(dict):
     @pulumi.getter
     def resource(self) -> Optional[str]:
         """
-        The Azure Key Vault resource's DNS Suffix to connect to
+        The Azure Key Vault resource's DNS Suffix to connect to.
         """
         return pulumi.get(self, "resource")
 
@@ -487,21 +513,32 @@ class KeysPkc(dict):
                  token_label: Optional[str] = None,
                  uuid: Optional[str] = None):
         """
-        :param str key_id: The id of a PKCS#11 key to use
-        :param str key_label: The label of the key to use
-        :param str library: The name of the kms_library stanza to use from Vault's config to lookup the local library path
-        :param str mechanism: The encryption/decryption mechanism to use, specified as a hexadecimal (prefixed by 0x) string.
-        :param str name: A unique lowercase name that serves as identifying the key
-        :param str pin: The PIN for login
-        :param bool allow_generate_key: If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
-        :param bool allow_replace_key: Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
-        :param bool allow_store_key: Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
-        :param bool any_mount: Allow usage from any mount point within the namespace if 'true'
-        :param str curve: Supplies the curve value when using the 'CKM_ECDSA' mechanism. Required if 'allow_generate_key' is true
-        :param str force_rw_session: Force all operations to open up a read-write session to the HSM
-        :param str key_bits: Supplies the size in bits of the key when using 'CKM_RSA_PKCS_PSS', 'CKM_RSA_PKCS_OAEP' or 'CKM_RSA_PKCS' as a value for 'mechanism'. Required if 'allow_generate_key' is true
-        :param str slot: The slot number to use, specified as a string in a decimal format (e.g. '2305843009213693953')
-        :param str token_label: The slot token label to use
+        :param str key_id: The id of a PKCS#11 key to use.
+        :param str key_label: The label of the key to use.
+        :param str library: The name of the kms_library stanza to use from Vault's config
+               to lookup the local library path.
+        :param str mechanism: The encryption/decryption mechanism to use, specified as a
+               hexadecimal (prefixed by 0x) string.
+        :param str name: A unique lowercase name that serves as identifying the key.
+        :param str pin: The PIN for login.
+        :param bool allow_generate_key: If no existing key can be found in 
+               the referenced backend, instructs Vault to generate a key within the backend.
+        :param bool allow_replace_key: Controls the ability for Vault to replace through
+               generation or importing a key into the configured backend even
+               if a key is present, if set to `false` those operations are forbidden
+               if a key exists.
+        :param bool allow_store_key: Controls the ability for Vault to import a key to the
+               configured backend, if `false`, those operations will be forbidden.
+        :param bool any_mount: If `true`, allows usage from any mount point within the
+               namespace.
+        :param str curve: The curve to use for an ECDSA key. Used when `key_type` 
+               is `ECDSA`. Required if `allow_generate_key` is `true`.
+        :param str force_rw_session: Force all operations to open up a read-write session to
+               the HSM.
+        :param str key_bits: The size in bits for an RSA key.
+        :param str slot: The slot number to use, specified as a string in a decimal format
+               (e.g. `2305843009213693953`).
+        :param str token_label: The slot token label to use.
         :param str uuid: ID of the managed key read from Vault
         """
         pulumi.set(__self__, "key_id", key_id)
@@ -535,7 +572,7 @@ class KeysPkc(dict):
     @pulumi.getter(name="keyId")
     def key_id(self) -> str:
         """
-        The id of a PKCS#11 key to use
+        The id of a PKCS#11 key to use.
         """
         return pulumi.get(self, "key_id")
 
@@ -543,7 +580,7 @@ class KeysPkc(dict):
     @pulumi.getter(name="keyLabel")
     def key_label(self) -> str:
         """
-        The label of the key to use
+        The label of the key to use.
         """
         return pulumi.get(self, "key_label")
 
@@ -551,7 +588,8 @@ class KeysPkc(dict):
     @pulumi.getter
     def library(self) -> str:
         """
-        The name of the kms_library stanza to use from Vault's config to lookup the local library path
+        The name of the kms_library stanza to use from Vault's config
+        to lookup the local library path.
         """
         return pulumi.get(self, "library")
 
@@ -559,7 +597,8 @@ class KeysPkc(dict):
     @pulumi.getter
     def mechanism(self) -> str:
         """
-        The encryption/decryption mechanism to use, specified as a hexadecimal (prefixed by 0x) string.
+        The encryption/decryption mechanism to use, specified as a
+        hexadecimal (prefixed by 0x) string.
         """
         return pulumi.get(self, "mechanism")
 
@@ -567,7 +606,7 @@ class KeysPkc(dict):
     @pulumi.getter
     def name(self) -> str:
         """
-        A unique lowercase name that serves as identifying the key
+        A unique lowercase name that serves as identifying the key.
         """
         return pulumi.get(self, "name")
 
@@ -575,7 +614,7 @@ class KeysPkc(dict):
     @pulumi.getter
     def pin(self) -> str:
         """
-        The PIN for login
+        The PIN for login.
         """
         return pulumi.get(self, "pin")
 
@@ -583,7 +622,8 @@ class KeysPkc(dict):
     @pulumi.getter(name="allowGenerateKey")
     def allow_generate_key(self) -> Optional[bool]:
         """
-        If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
+        If no existing key can be found in 
+        the referenced backend, instructs Vault to generate a key within the backend.
         """
         return pulumi.get(self, "allow_generate_key")
 
@@ -591,7 +631,10 @@ class KeysPkc(dict):
     @pulumi.getter(name="allowReplaceKey")
     def allow_replace_key(self) -> Optional[bool]:
         """
-        Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
+        Controls the ability for Vault to replace through
+        generation or importing a key into the configured backend even
+        if a key is present, if set to `false` those operations are forbidden
+        if a key exists.
         """
         return pulumi.get(self, "allow_replace_key")
 
@@ -599,7 +642,8 @@ class KeysPkc(dict):
     @pulumi.getter(name="allowStoreKey")
     def allow_store_key(self) -> Optional[bool]:
         """
-        Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
+        Controls the ability for Vault to import a key to the
+        configured backend, if `false`, those operations will be forbidden.
         """
         return pulumi.get(self, "allow_store_key")
 
@@ -607,7 +651,8 @@ class KeysPkc(dict):
     @pulumi.getter(name="anyMount")
     def any_mount(self) -> Optional[bool]:
         """
-        Allow usage from any mount point within the namespace if 'true'
+        If `true`, allows usage from any mount point within the
+        namespace.
         """
         return pulumi.get(self, "any_mount")
 
@@ -615,7 +660,8 @@ class KeysPkc(dict):
     @pulumi.getter
     def curve(self) -> Optional[str]:
         """
-        Supplies the curve value when using the 'CKM_ECDSA' mechanism. Required if 'allow_generate_key' is true
+        The curve to use for an ECDSA key. Used when `key_type` 
+        is `ECDSA`. Required if `allow_generate_key` is `true`.
         """
         return pulumi.get(self, "curve")
 
@@ -623,7 +669,8 @@ class KeysPkc(dict):
     @pulumi.getter(name="forceRwSession")
     def force_rw_session(self) -> Optional[str]:
         """
-        Force all operations to open up a read-write session to the HSM
+        Force all operations to open up a read-write session to
+        the HSM.
         """
         return pulumi.get(self, "force_rw_session")
 
@@ -631,7 +678,7 @@ class KeysPkc(dict):
     @pulumi.getter(name="keyBits")
     def key_bits(self) -> Optional[str]:
         """
-        Supplies the size in bits of the key when using 'CKM_RSA_PKCS_PSS', 'CKM_RSA_PKCS_OAEP' or 'CKM_RSA_PKCS' as a value for 'mechanism'. Required if 'allow_generate_key' is true
+        The size in bits for an RSA key.
         """
         return pulumi.get(self, "key_bits")
 
@@ -639,7 +686,8 @@ class KeysPkc(dict):
     @pulumi.getter
     def slot(self) -> Optional[str]:
         """
-        The slot number to use, specified as a string in a decimal format (e.g. '2305843009213693953')
+        The slot number to use, specified as a string in a decimal format
+        (e.g. `2305843009213693953`).
         """
         return pulumi.get(self, "slot")
 
@@ -647,7 +695,7 @@ class KeysPkc(dict):
     @pulumi.getter(name="tokenLabel")
     def token_label(self) -> Optional[str]:
         """
-        The slot token label to use
+        The slot token label to use.
         """
         return pulumi.get(self, "token_label")
 

pulumi_vault/mfa_duo.py

@@ -328,6 +328,7 @@ class MfaDuo(pulumi.CustomResource):
 
         ## Example Usage
 
+        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
@@ -335,13 +336,13 @@ class MfaDuo(pulumi.CustomResource):
         userpass = vault.AuthBackend("userpass",
             type="userpass",
             path="userpass")
-        my_duo = vault.MfaDuo("my_duo",
-            name="my_duo",
+        my_duo = vault.MfaDuo("myDuo",
             mount_accessor=userpass.accessor,
             secret_key="8C7THtrIigh2rPZQMbguugt8IUftWhMRCOBzbuyz",
             integration_key="BIACEUEAXI20BNWTEYXT",
             api_hostname="api-2b5c39f5.duosecurity.com")
         ```
+        <!--End PulumiCodeChooser -->
 
         ## Import
 
@@ -382,6 +383,7 @@ class MfaDuo(pulumi.CustomResource):
 
         ## Example Usage
 
+        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
@@ -389,13 +391,13 @@ class MfaDuo(pulumi.CustomResource):
         userpass = vault.AuthBackend("userpass",
             type="userpass",
             path="userpass")
-        my_duo = vault.MfaDuo("my_duo",
-            name="my_duo",
+        my_duo = vault.MfaDuo("myDuo",
             mount_accessor=userpass.accessor,
             secret_key="8C7THtrIigh2rPZQMbguugt8IUftWhMRCOBzbuyz",
             integration_key="BIACEUEAXI20BNWTEYXT",
             api_hostname="api-2b5c39f5.duosecurity.com")
         ```
+        <!--End PulumiCodeChooser -->
 
         ## Import