pulumi-vault 6.5.0a1736850018__py3-none-any.whl → 6.5.0a1737047276__py3-none-any.whl

pulumi_vault/__init__.py

@@ -1013,6 +1013,22 @@ _utilities.register(
    "vault:okta/authBackendUser:AuthBackendUser": "AuthBackendUser"
   }
  },
+ {
+  "pkg": "vault",
+  "mod": "pkiSecret/backendAcmeEab",
+  "fqn": "pulumi_vault.pkisecret",
+  "classes": {
+   "vault:pkiSecret/backendAcmeEab:BackendAcmeEab": "BackendAcmeEab"
+  }
+ },
+ {
+  "pkg": "vault",
+  "mod": "pkiSecret/backendConfigAcme",
+  "fqn": "pulumi_vault.pkisecret",
+  "classes": {
+   "vault:pkiSecret/backendConfigAcme:BackendConfigAcme": "BackendConfigAcme"
+  }
+ },
  {
   "pkg": "vault",
   "mod": "pkiSecret/backendConfigCluster",
@@ -1021,6 +1037,14 @@ _utilities.register(
    "vault:pkiSecret/backendConfigCluster:BackendConfigCluster": "BackendConfigCluster"
   }
  },
+ {
+  "pkg": "vault",
+  "mod": "pkiSecret/backendConfigCmpv2",
+  "fqn": "pulumi_vault.pkisecret",
+  "classes": {
+   "vault:pkiSecret/backendConfigCmpv2:BackendConfigCmpv2": "BackendConfigCmpv2"
+  }
+ },
  {
   "pkg": "vault",
   "mod": "pkiSecret/backendConfigEst",

pulumi_vault/aws/auth_backend_sts_role.py

@@ -22,6 +22,7 @@ class AuthBackendStsRoleArgs:
                  account_id: pulumi.Input[str],
                  sts_role: pulumi.Input[str],
                  backend: Optional[pulumi.Input[str]] = None,
+                 external_id: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None):
         """
         The set of arguments for constructing a AuthBackendStsRole resource.
@@ -30,6 +31,7 @@ class AuthBackendStsRoleArgs:
                by EC2 instances in the account specified by `account_id`.
         :param pulumi.Input[str] backend: The path the AWS auth backend being configured was
                mounted at.  Defaults to `aws`.
+        :param pulumi.Input[str] external_id: External ID expected by the STS role. The associated STS role must be configured to require the external ID. Requires Vault 1.17+.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
@@ -39,6 +41,8 @@ class AuthBackendStsRoleArgs:
         pulumi.set(__self__, "sts_role", sts_role)
         if backend is not None:
             pulumi.set(__self__, "backend", backend)
+        if external_id is not None:
+            pulumi.set(__self__, "external_id", external_id)
         if namespace is not None:
             pulumi.set(__self__, "namespace", namespace)
 
@@ -80,6 +84,18 @@ class AuthBackendStsRoleArgs:
     def backend(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "backend", value)
 
+    @property
+    @pulumi.getter(name="externalId")
+    def external_id(self) -> Optional[pulumi.Input[str]]:
+        """
+        External ID expected by the STS role. The associated STS role must be configured to require the external ID. Requires Vault 1.17+.
+        """
+        return pulumi.get(self, "external_id")
+
+    @external_id.setter
+    def external_id(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "external_id", value)
+
     @property
     @pulumi.getter
     def namespace(self) -> Optional[pulumi.Input[str]]:
@@ -101,6 +117,7 @@ class _AuthBackendStsRoleState:
     def __init__(__self__, *,
                  account_id: Optional[pulumi.Input[str]] = None,
                  backend: Optional[pulumi.Input[str]] = None,
+                 external_id: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  sts_role: Optional[pulumi.Input[str]] = None):
         """
@@ -108,6 +125,7 @@ class _AuthBackendStsRoleState:
         :param pulumi.Input[str] account_id: The AWS account ID to configure the STS role for.
         :param pulumi.Input[str] backend: The path the AWS auth backend being configured was
                mounted at.  Defaults to `aws`.
+        :param pulumi.Input[str] external_id: External ID expected by the STS role. The associated STS role must be configured to require the external ID. Requires Vault 1.17+.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
@@ -119,6 +137,8 @@ class _AuthBackendStsRoleState:
             pulumi.set(__self__, "account_id", account_id)
         if backend is not None:
             pulumi.set(__self__, "backend", backend)
+        if external_id is not None:
+            pulumi.set(__self__, "external_id", external_id)
         if namespace is not None:
             pulumi.set(__self__, "namespace", namespace)
         if sts_role is not None:
@@ -149,6 +169,18 @@ class _AuthBackendStsRoleState:
     def backend(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "backend", value)
 
+    @property
+    @pulumi.getter(name="externalId")
+    def external_id(self) -> Optional[pulumi.Input[str]]:
+        """
+        External ID expected by the STS role. The associated STS role must be configured to require the external ID. Requires Vault 1.17+.
+        """
+        return pulumi.get(self, "external_id")
+
+    @external_id.setter
+    def external_id(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "external_id", value)
+
     @property
     @pulumi.getter
     def namespace(self) -> Optional[pulumi.Input[str]]:
@@ -185,6 +217,7 @@ class AuthBackendStsRole(pulumi.CustomResource):
                  opts: Optional[pulumi.ResourceOptions] = None,
                  account_id: Optional[pulumi.Input[str]] = None,
                  backend: Optional[pulumi.Input[str]] = None,
+                 external_id: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  sts_role: Optional[pulumi.Input[str]] = None,
                  __props__=None):
@@ -215,6 +248,7 @@ class AuthBackendStsRole(pulumi.CustomResource):
         :param pulumi.Input[str] account_id: The AWS account ID to configure the STS role for.
         :param pulumi.Input[str] backend: The path the AWS auth backend being configured was
                mounted at.  Defaults to `aws`.
+        :param pulumi.Input[str] external_id: External ID expected by the STS role. The associated STS role must be configured to require the external ID. Requires Vault 1.17+.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
@@ -267,6 +301,7 @@ class AuthBackendStsRole(pulumi.CustomResource):
                  opts: Optional[pulumi.ResourceOptions] = None,
                  account_id: Optional[pulumi.Input[str]] = None,
                  backend: Optional[pulumi.Input[str]] = None,
+                 external_id: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  sts_role: Optional[pulumi.Input[str]] = None,
                  __props__=None):
@@ -282,6 +317,7 @@ class AuthBackendStsRole(pulumi.CustomResource):
                 raise TypeError("Missing required property 'account_id'")
             __props__.__dict__["account_id"] = account_id
             __props__.__dict__["backend"] = backend
+            __props__.__dict__["external_id"] = external_id
             __props__.__dict__["namespace"] = namespace
             if sts_role is None and not opts.urn:
                 raise TypeError("Missing required property 'sts_role'")
@@ -298,6 +334,7 @@ class AuthBackendStsRole(pulumi.CustomResource):
             opts: Optional[pulumi.ResourceOptions] = None,
             account_id: Optional[pulumi.Input[str]] = None,
             backend: Optional[pulumi.Input[str]] = None,
+            external_id: Optional[pulumi.Input[str]] = None,
             namespace: Optional[pulumi.Input[str]] = None,
             sts_role: Optional[pulumi.Input[str]] = None) -> 'AuthBackendStsRole':
         """
@@ -310,6 +347,7 @@ class AuthBackendStsRole(pulumi.CustomResource):
         :param pulumi.Input[str] account_id: The AWS account ID to configure the STS role for.
         :param pulumi.Input[str] backend: The path the AWS auth backend being configured was
                mounted at.  Defaults to `aws`.
+        :param pulumi.Input[str] external_id: External ID expected by the STS role. The associated STS role must be configured to require the external ID. Requires Vault 1.17+.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
@@ -323,6 +361,7 @@ class AuthBackendStsRole(pulumi.CustomResource):
 
         __props__.__dict__["account_id"] = account_id
         __props__.__dict__["backend"] = backend
+        __props__.__dict__["external_id"] = external_id
         __props__.__dict__["namespace"] = namespace
         __props__.__dict__["sts_role"] = sts_role
         return AuthBackendStsRole(resource_name, opts=opts, __props__=__props__)
@@ -344,6 +383,14 @@ class AuthBackendStsRole(pulumi.CustomResource):
         """
         return pulumi.get(self, "backend")
 
+    @property
+    @pulumi.getter(name="externalId")
+    def external_id(self) -> pulumi.Output[Optional[str]]:
+        """
+        External ID expected by the STS role. The associated STS role must be configured to require the external ID. Requires Vault 1.17+.
+        """
+        return pulumi.get(self, "external_id")
+
     @property
     @pulumi.getter
     def namespace(self) -> pulumi.Output[Optional[str]]:

pulumi_vault/aws/secret_backend.py

@@ -35,6 +35,9 @@ class SecretBackendArgs:
                  role_arn: Optional[pulumi.Input[str]] = None,
                  secret_key: Optional[pulumi.Input[str]] = None,
                  sts_endpoint: Optional[pulumi.Input[str]] = None,
+                 sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 sts_fallback_regions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 sts_region: Optional[pulumi.Input[str]] = None,
                  username_template: Optional[pulumi.Input[str]] = None):
         """
         The set of arguments for constructing a SecretBackend resource.
@@ -71,6 +74,9 @@ class SecretBackendArgs:
                ```
         :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
         :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
+        :param pulumi.Input[str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
         :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
         """
         if access_key is not None:
@@ -105,6 +111,12 @@ class SecretBackendArgs:
             pulumi.set(__self__, "secret_key", secret_key)
         if sts_endpoint is not None:
             pulumi.set(__self__, "sts_endpoint", sts_endpoint)
+        if sts_fallback_endpoints is not None:
+            pulumi.set(__self__, "sts_fallback_endpoints", sts_fallback_endpoints)
+        if sts_fallback_regions is not None:
+            pulumi.set(__self__, "sts_fallback_regions", sts_fallback_regions)
+        if sts_region is not None:
+            pulumi.set(__self__, "sts_region", sts_region)
         if username_template is not None:
             pulumi.set(__self__, "username_template", username_template)
 
@@ -317,6 +329,42 @@ class SecretBackendArgs:
     def sts_endpoint(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "sts_endpoint", value)
 
+    @property
+    @pulumi.getter(name="stsFallbackEndpoints")
+    def sts_fallback_endpoints(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_fallback_endpoints")
+
+    @sts_fallback_endpoints.setter
+    def sts_fallback_endpoints(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "sts_fallback_endpoints", value)
+
+    @property
+    @pulumi.getter(name="stsFallbackRegions")
+    def sts_fallback_regions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_fallback_regions")
+
+    @sts_fallback_regions.setter
+    def sts_fallback_regions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "sts_fallback_regions", value)
+
+    @property
+    @pulumi.getter(name="stsRegion")
+    def sts_region(self) -> Optional[pulumi.Input[str]]:
+        """
+        Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_region")
+
+    @sts_region.setter
+    def sts_region(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "sts_region", value)
+
     @property
     @pulumi.getter(name="usernameTemplate")
     def username_template(self) -> Optional[pulumi.Input[str]]:
@@ -349,6 +397,9 @@ class _SecretBackendState:
                  role_arn: Optional[pulumi.Input[str]] = None,
                  secret_key: Optional[pulumi.Input[str]] = None,
                  sts_endpoint: Optional[pulumi.Input[str]] = None,
+                 sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 sts_fallback_regions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 sts_region: Optional[pulumi.Input[str]] = None,
                  username_template: Optional[pulumi.Input[str]] = None):
         """
         Input properties used for looking up and filtering SecretBackend resources.
@@ -385,6 +436,9 @@ class _SecretBackendState:
                ```
         :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
         :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
+        :param pulumi.Input[str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
         :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
         """
         if access_key is not None:
@@ -419,6 +473,12 @@ class _SecretBackendState:
             pulumi.set(__self__, "secret_key", secret_key)
         if sts_endpoint is not None:
             pulumi.set(__self__, "sts_endpoint", sts_endpoint)
+        if sts_fallback_endpoints is not None:
+            pulumi.set(__self__, "sts_fallback_endpoints", sts_fallback_endpoints)
+        if sts_fallback_regions is not None:
+            pulumi.set(__self__, "sts_fallback_regions", sts_fallback_regions)
+        if sts_region is not None:
+            pulumi.set(__self__, "sts_region", sts_region)
         if username_template is not None:
             pulumi.set(__self__, "username_template", username_template)
 
@@ -631,6 +691,42 @@ class _SecretBackendState:
     def sts_endpoint(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "sts_endpoint", value)
 
+    @property
+    @pulumi.getter(name="stsFallbackEndpoints")
+    def sts_fallback_endpoints(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_fallback_endpoints")
+
+    @sts_fallback_endpoints.setter
+    def sts_fallback_endpoints(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "sts_fallback_endpoints", value)
+
+    @property
+    @pulumi.getter(name="stsFallbackRegions")
+    def sts_fallback_regions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_fallback_regions")
+
+    @sts_fallback_regions.setter
+    def sts_fallback_regions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "sts_fallback_regions", value)
+
+    @property
+    @pulumi.getter(name="stsRegion")
+    def sts_region(self) -> Optional[pulumi.Input[str]]:
+        """
+        Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_region")
+
+    @sts_region.setter
+    def sts_region(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "sts_region", value)
+
     @property
     @pulumi.getter(name="usernameTemplate")
     def username_template(self) -> Optional[pulumi.Input[str]]:
@@ -665,6 +761,9 @@ class SecretBackend(pulumi.CustomResource):
                  role_arn: Optional[pulumi.Input[str]] = None,
                  secret_key: Optional[pulumi.Input[str]] = None,
                  sts_endpoint: Optional[pulumi.Input[str]] = None,
+                 sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 sts_fallback_regions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 sts_region: Optional[pulumi.Input[str]] = None,
                  username_template: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
@@ -711,6 +810,9 @@ class SecretBackend(pulumi.CustomResource):
                ```
         :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
         :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
+        :param pulumi.Input[str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
         :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
         """
         ...
@@ -759,6 +861,9 @@ class SecretBackend(pulumi.CustomResource):
                  role_arn: Optional[pulumi.Input[str]] = None,
                  secret_key: Optional[pulumi.Input[str]] = None,
                  sts_endpoint: Optional[pulumi.Input[str]] = None,
+                 sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 sts_fallback_regions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 sts_region: Optional[pulumi.Input[str]] = None,
                  username_template: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
@@ -785,6 +890,9 @@ class SecretBackend(pulumi.CustomResource):
             __props__.__dict__["role_arn"] = role_arn
             __props__.__dict__["secret_key"] = None if secret_key is None else pulumi.Output.secret(secret_key)
             __props__.__dict__["sts_endpoint"] = sts_endpoint
+            __props__.__dict__["sts_fallback_endpoints"] = sts_fallback_endpoints
+            __props__.__dict__["sts_fallback_regions"] = sts_fallback_regions
+            __props__.__dict__["sts_region"] = sts_region
             __props__.__dict__["username_template"] = username_template
         secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["accessKey", "secretKey"])
         opts = pulumi.ResourceOptions.merge(opts, secret_opts)
@@ -814,6 +922,9 @@ class SecretBackend(pulumi.CustomResource):
             role_arn: Optional[pulumi.Input[str]] = None,
             secret_key: Optional[pulumi.Input[str]] = None,
             sts_endpoint: Optional[pulumi.Input[str]] = None,
+            sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+            sts_fallback_regions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+            sts_region: Optional[pulumi.Input[str]] = None,
             username_template: Optional[pulumi.Input[str]] = None) -> 'SecretBackend':
         """
         Get an existing SecretBackend resource's state with the given name, id, and optional extra
@@ -855,6 +966,9 @@ class SecretBackend(pulumi.CustomResource):
                ```
         :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
         :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
+        :param pulumi.Input[str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
         :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -877,6 +991,9 @@ class SecretBackend(pulumi.CustomResource):
         __props__.__dict__["role_arn"] = role_arn
         __props__.__dict__["secret_key"] = secret_key
         __props__.__dict__["sts_endpoint"] = sts_endpoint
+        __props__.__dict__["sts_fallback_endpoints"] = sts_fallback_endpoints
+        __props__.__dict__["sts_fallback_regions"] = sts_fallback_regions
+        __props__.__dict__["sts_region"] = sts_region
         __props__.__dict__["username_template"] = username_template
         return SecretBackend(resource_name, opts=opts, __props__=__props__)
 
@@ -1025,6 +1142,30 @@ class SecretBackend(pulumi.CustomResource):
         """
         return pulumi.get(self, "sts_endpoint")
 
+    @property
+    @pulumi.getter(name="stsFallbackEndpoints")
+    def sts_fallback_endpoints(self) -> pulumi.Output[Optional[Sequence[str]]]:
+        """
+        Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_fallback_endpoints")
+
+    @property
+    @pulumi.getter(name="stsFallbackRegions")
+    def sts_fallback_regions(self) -> pulumi.Output[Optional[Sequence[str]]]:
+        """
+        Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_fallback_regions")
+
+    @property
+    @pulumi.getter(name="stsRegion")
+    def sts_region(self) -> pulumi.Output[Optional[str]]:
+        """
+        Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_region")
+
     @property
     @pulumi.getter(name="usernameTemplate")
     def username_template(self) -> pulumi.Output[str]:

pulumi_vault/database/_inputs.py

@@ -2625,6 +2625,10 @@ if not MYPY:
         """
         The root credential password used in the connection URL
         """
+        password_authentication: NotRequired[pulumi.Input[str]]
+        """
+        When set to `scram-sha-256`, passwords will be hashed by Vault before being sent to PostgreSQL.
+        """
         private_key: NotRequired[pulumi.Input[str]]
         """
         The secret key used for the x509 client certificate. Must be PEM encoded.
@@ -2666,6 +2670,7 @@ class SecretBackendConnectionPostgresqlArgs:
                  max_idle_connections: Optional[pulumi.Input[int]] = None,
                  max_open_connections: Optional[pulumi.Input[int]] = None,
                  password: Optional[pulumi.Input[str]] = None,
+                 password_authentication: Optional[pulumi.Input[str]] = None,
                  private_key: Optional[pulumi.Input[str]] = None,
                  self_managed: Optional[pulumi.Input[bool]] = None,
                  service_account_json: Optional[pulumi.Input[str]] = None,
@@ -2681,6 +2686,7 @@ class SecretBackendConnectionPostgresqlArgs:
         :param pulumi.Input[int] max_idle_connections: Maximum number of idle connections to the database.
         :param pulumi.Input[int] max_open_connections: Maximum number of open connections to the database.
         :param pulumi.Input[str] password: The root credential password used in the connection URL
+        :param pulumi.Input[str] password_authentication: When set to `scram-sha-256`, passwords will be hashed by Vault before being sent to PostgreSQL.
         :param pulumi.Input[str] private_key: The secret key used for the x509 client certificate. Must be PEM encoded.
         :param pulumi.Input[bool] self_managed: If set, allows onboarding static roles with a rootless connection configuration.
         :param pulumi.Input[str] service_account_json: A JSON encoded credential for use with IAM authorization
@@ -2703,6 +2709,8 @@ class SecretBackendConnectionPostgresqlArgs:
             pulumi.set(__self__, "max_open_connections", max_open_connections)
         if password is not None:
             pulumi.set(__self__, "password", password)
+        if password_authentication is not None:
+            pulumi.set(__self__, "password_authentication", password_authentication)
         if private_key is not None:
             pulumi.set(__self__, "private_key", private_key)
         if self_managed is not None:
@@ -2802,6 +2810,18 @@ class SecretBackendConnectionPostgresqlArgs:
     def password(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "password", value)
 
+    @property
+    @pulumi.getter(name="passwordAuthentication")
+    def password_authentication(self) -> Optional[pulumi.Input[str]]:
+        """
+        When set to `scram-sha-256`, passwords will be hashed by Vault before being sent to PostgreSQL.
+        """
+        return pulumi.get(self, "password_authentication")
+
+    @password_authentication.setter
+    def password_authentication(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "password_authentication", value)
+
     @property
     @pulumi.getter(name="privateKey")
     def private_key(self) -> Optional[pulumi.Input[str]]:
@@ -7703,6 +7723,10 @@ if not MYPY:
         """
         The root credential password used in the connection URL
         """
+        password_authentication: NotRequired[pulumi.Input[str]]
+        """
+        When set to `scram-sha-256`, passwords will be hashed by Vault before being sent to PostgreSQL.
+        """
         plugin_name: NotRequired[pulumi.Input[str]]
         """
         Specifies the name of the plugin to use.
@@ -7760,6 +7784,7 @@ class SecretsMountPostgresqlArgs:
                  max_idle_connections: Optional[pulumi.Input[int]] = None,
                  max_open_connections: Optional[pulumi.Input[int]] = None,
                  password: Optional[pulumi.Input[str]] = None,
+                 password_authentication: Optional[pulumi.Input[str]] = None,
                  plugin_name: Optional[pulumi.Input[str]] = None,
                  private_key: Optional[pulumi.Input[str]] = None,
                  root_rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
@@ -7784,6 +7809,7 @@ class SecretsMountPostgresqlArgs:
         :param pulumi.Input[int] max_idle_connections: Maximum number of idle connections to the database.
         :param pulumi.Input[int] max_open_connections: Maximum number of open connections to the database.
         :param pulumi.Input[str] password: The root credential password used in the connection URL
+        :param pulumi.Input[str] password_authentication: When set to `scram-sha-256`, passwords will be hashed by Vault before being sent to PostgreSQL.
         :param pulumi.Input[str] plugin_name: Specifies the name of the plugin to use.
         :param pulumi.Input[str] private_key: The secret key used for the x509 client certificate. Must be PEM encoded.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
@@ -7815,6 +7841,8 @@ class SecretsMountPostgresqlArgs:
             pulumi.set(__self__, "max_open_connections", max_open_connections)
         if password is not None:
             pulumi.set(__self__, "password", password)
+        if password_authentication is not None:
+            pulumi.set(__self__, "password_authentication", password_authentication)
         if plugin_name is not None:
             pulumi.set(__self__, "plugin_name", plugin_name)
         if private_key is not None:
@@ -7959,6 +7987,18 @@ class SecretsMountPostgresqlArgs:
     def password(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "password", value)
 
+    @property
+    @pulumi.getter(name="passwordAuthentication")
+    def password_authentication(self) -> Optional[pulumi.Input[str]]:
+        """
+        When set to `scram-sha-256`, passwords will be hashed by Vault before being sent to PostgreSQL.
+        """
+        return pulumi.get(self, "password_authentication")
+
+    @password_authentication.setter
+    def password_authentication(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "password_authentication", value)
+
     @property
     @pulumi.getter(name="pluginName")
     def plugin_name(self) -> Optional[pulumi.Input[str]]:

pulumi_vault/database/outputs.py

@@ -1928,6 +1928,8 @@ class SecretBackendConnectionPostgresql(dict):
             suggest = "max_idle_connections"
         elif key == "maxOpenConnections":
             suggest = "max_open_connections"
+        elif key == "passwordAuthentication":
+            suggest = "password_authentication"
         elif key == "privateKey":
             suggest = "private_key"
         elif key == "selfManaged":
@@ -1960,6 +1962,7 @@ class SecretBackendConnectionPostgresql(dict):
                  max_idle_connections: Optional[int] = None,
                  max_open_connections: Optional[int] = None,
                  password: Optional[str] = None,
+                 password_authentication: Optional[str] = None,
                  private_key: Optional[str] = None,
                  self_managed: Optional[bool] = None,
                  service_account_json: Optional[str] = None,
@@ -1975,6 +1978,7 @@ class SecretBackendConnectionPostgresql(dict):
         :param int max_idle_connections: Maximum number of idle connections to the database.
         :param int max_open_connections: Maximum number of open connections to the database.
         :param str password: The root credential password used in the connection URL
+        :param str password_authentication: When set to `scram-sha-256`, passwords will be hashed by Vault before being sent to PostgreSQL.
         :param str private_key: The secret key used for the x509 client certificate. Must be PEM encoded.
         :param bool self_managed: If set, allows onboarding static roles with a rootless connection configuration.
         :param str service_account_json: A JSON encoded credential for use with IAM authorization
@@ -1997,6 +2001,8 @@ class SecretBackendConnectionPostgresql(dict):
             pulumi.set(__self__, "max_open_connections", max_open_connections)
         if password is not None:
             pulumi.set(__self__, "password", password)
+        if password_authentication is not None:
+            pulumi.set(__self__, "password_authentication", password_authentication)
         if private_key is not None:
             pulumi.set(__self__, "private_key", private_key)
         if self_managed is not None:
@@ -2068,6 +2074,14 @@ class SecretBackendConnectionPostgresql(dict):
         """
         return pulumi.get(self, "password")
 
+    @property
+    @pulumi.getter(name="passwordAuthentication")
+    def password_authentication(self) -> Optional[str]:
+        """
+        When set to `scram-sha-256`, passwords will be hashed by Vault before being sent to PostgreSQL.
+        """
+        return pulumi.get(self, "password_authentication")
+
     @property
     @pulumi.getter(name="privateKey")
     def private_key(self) -> Optional[str]:
@@ -5540,6 +5554,8 @@ class SecretsMountPostgresql(dict):
             suggest = "max_idle_connections"
         elif key == "maxOpenConnections":
             suggest = "max_open_connections"
+        elif key == "passwordAuthentication":
+            suggest = "password_authentication"
         elif key == "pluginName":
             suggest = "plugin_name"
         elif key == "privateKey":
@@ -5581,6 +5597,7 @@ class SecretsMountPostgresql(dict):
                  max_idle_connections: Optional[int] = None,
                  max_open_connections: Optional[int] = None,
                  password: Optional[str] = None,
+                 password_authentication: Optional[str] = None,
                  plugin_name: Optional[str] = None,
                  private_key: Optional[str] = None,
                  root_rotation_statements: Optional[Sequence[str]] = None,
@@ -5605,6 +5622,7 @@ class SecretsMountPostgresql(dict):
         :param int max_idle_connections: Maximum number of idle connections to the database.
         :param int max_open_connections: Maximum number of open connections to the database.
         :param str password: The root credential password used in the connection URL
+        :param str password_authentication: When set to `scram-sha-256`, passwords will be hashed by Vault before being sent to PostgreSQL.
         :param str plugin_name: Specifies the name of the plugin to use.
         :param str private_key: The secret key used for the x509 client certificate. Must be PEM encoded.
         :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
@@ -5636,6 +5654,8 @@ class SecretsMountPostgresql(dict):
             pulumi.set(__self__, "max_open_connections", max_open_connections)
         if password is not None:
             pulumi.set(__self__, "password", password)
+        if password_authentication is not None:
+            pulumi.set(__self__, "password_authentication", password_authentication)
         if plugin_name is not None:
             pulumi.set(__self__, "plugin_name", plugin_name)
         if private_key is not None:
@@ -5740,6 +5760,14 @@ class SecretsMountPostgresql(dict):
         """
         return pulumi.get(self, "password")
 
+    @property
+    @pulumi.getter(name="passwordAuthentication")
+    def password_authentication(self) -> Optional[str]:
+        """
+        When set to `scram-sha-256`, passwords will be hashed by Vault before being sent to PostgreSQL.
+        """
+        return pulumi.get(self, "password_authentication")
+
     @property
     @pulumi.getter(name="pluginName")
     def plugin_name(self) -> Optional[str]:

pulumi_vault/pkisecret/__init__.py

@@ -5,8 +5,12 @@
 from .. import _utilities
 import typing
 # Export this package's modules as members:
+from .backend_acme_eab import *
+from .backend_config_acme import *
 from .backend_config_cluster import *
+from .backend_config_cmpv2 import *
 from .backend_config_est import *
+from .get_backend_config_cmpv2 import *
 from .get_backend_config_est import *
 from .get_backend_issuer import *
 from .get_backend_issuers import *