pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.6.0a1741836364__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. pulumi_vault/__init__.py +8 -0
  2. pulumi_vault/aws/auth_backend_client.py +228 -4
  3. pulumi_vault/aws/secret_backend.py +266 -50
  4. pulumi_vault/aws/secret_backend_static_role.py +217 -0
  5. pulumi_vault/azure/auth_backend_config.py +257 -5
  6. pulumi_vault/azure/backend.py +249 -4
  7. pulumi_vault/database/_inputs.py +1692 -36
  8. pulumi_vault/database/outputs.py +1170 -18
  9. pulumi_vault/database/secret_backend_connection.py +220 -0
  10. pulumi_vault/database/secret_backend_static_role.py +143 -1
  11. pulumi_vault/database/secrets_mount.py +8 -0
  12. pulumi_vault/gcp/auth_backend.py +222 -2
  13. pulumi_vault/gcp/secret_backend.py +244 -4
  14. pulumi_vault/ldap/auth_backend.py +222 -2
  15. pulumi_vault/ldap/secret_backend.py +222 -2
  16. pulumi_vault/pkisecret/__init__.py +2 -0
  17. pulumi_vault/pkisecret/_inputs.py +0 -6
  18. pulumi_vault/pkisecret/backend_config_acme.py +47 -0
  19. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
  20. pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
  21. pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
  22. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
  23. pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
  24. pulumi_vault/pkisecret/outputs.py +0 -4
  25. pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
  26. pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
  27. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
  28. pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
  29. pulumi_vault/pkisecret/secret_backend_role.py +252 -3
  30. pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
  31. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
  32. pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
  33. pulumi_vault/pulumi-plugin.json +1 -1
  34. pulumi_vault/ssh/__init__.py +1 -0
  35. pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
  36. pulumi_vault/terraformcloud/secret_role.py +7 -7
  37. pulumi_vault/transit/__init__.py +2 -0
  38. pulumi_vault/transit/get_sign.py +324 -0
  39. pulumi_vault/transit/get_verify.py +354 -0
  40. pulumi_vault/transit/secret_backend_key.py +162 -0
  41. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/METADATA +1 -1
  42. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/RECORD +44 -39
  43. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/WHEEL +1 -1
  44. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/top_level.txt +0 -0
@@ -22,6 +22,7 @@ class SecretBackendArgs:
22
22
  credentials: Optional[pulumi.Input[str]] = None,
23
23
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
24
24
  description: Optional[pulumi.Input[str]] = None,
25
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
25
26
  disable_remount: Optional[pulumi.Input[bool]] = None,
26
27
  identity_token_audience: Optional[pulumi.Input[str]] = None,
27
28
  identity_token_key: Optional[pulumi.Input[str]] = None,
@@ -30,6 +31,9 @@ class SecretBackendArgs:
30
31
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
31
32
  namespace: Optional[pulumi.Input[str]] = None,
32
33
  path: Optional[pulumi.Input[str]] = None,
34
+ rotation_period: Optional[pulumi.Input[int]] = None,
35
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
36
+ rotation_window: Optional[pulumi.Input[int]] = None,
33
37
  service_account_email: Optional[pulumi.Input[str]] = None):
34
38
  """
35
39
  The set of arguments for constructing a SecretBackend resource.
@@ -37,6 +41,8 @@ class SecretBackendArgs:
37
41
  :param pulumi.Input[int] default_lease_ttl_seconds: The default TTL for credentials
38
42
  issued by this backend. Defaults to '0'.
39
43
  :param pulumi.Input[str] description: A human-friendly description for this backend.
44
+ :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
45
+ *Available only for Vault Enterprise*.
40
46
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
41
47
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
42
48
  :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
@@ -54,6 +60,14 @@ class SecretBackendArgs:
54
60
  *Available only for Vault Enterprise*.
55
61
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
56
62
  not begin or end with a `/`. Defaults to `gcp`.
63
+ :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
64
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
65
+ *Available only for Vault Enterprise*.
66
+ :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
67
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
68
+ :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
69
+ a rotation when a scheduled token rotation occurs. The default rotation window is
70
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
57
71
  :param pulumi.Input[str] service_account_email: Service Account to impersonate for plugin workload identity federation.
58
72
  Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
59
73
  """
@@ -63,6 +77,8 @@ class SecretBackendArgs:
63
77
  pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
64
78
  if description is not None:
65
79
  pulumi.set(__self__, "description", description)
80
+ if disable_automated_rotation is not None:
81
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
66
82
  if disable_remount is not None:
67
83
  pulumi.set(__self__, "disable_remount", disable_remount)
68
84
  if identity_token_audience is not None:
@@ -79,6 +95,12 @@ class SecretBackendArgs:
79
95
  pulumi.set(__self__, "namespace", namespace)
80
96
  if path is not None:
81
97
  pulumi.set(__self__, "path", path)
98
+ if rotation_period is not None:
99
+ pulumi.set(__self__, "rotation_period", rotation_period)
100
+ if rotation_schedule is not None:
101
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
102
+ if rotation_window is not None:
103
+ pulumi.set(__self__, "rotation_window", rotation_window)
82
104
  if service_account_email is not None:
83
105
  pulumi.set(__self__, "service_account_email", service_account_email)
84
106
 
@@ -119,6 +141,19 @@ class SecretBackendArgs:
119
141
  def description(self, value: Optional[pulumi.Input[str]]):
120
142
  pulumi.set(self, "description", value)
121
143
 
144
+ @property
145
+ @pulumi.getter(name="disableAutomatedRotation")
146
+ def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
147
+ """
148
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
149
+ *Available only for Vault Enterprise*.
150
+ """
151
+ return pulumi.get(self, "disable_automated_rotation")
152
+
153
+ @disable_automated_rotation.setter
154
+ def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
155
+ pulumi.set(self, "disable_automated_rotation", value)
156
+
122
157
  @property
123
158
  @pulumi.getter(name="disableRemount")
124
159
  def disable_remount(self) -> Optional[pulumi.Input[bool]]:
@@ -224,6 +259,47 @@ class SecretBackendArgs:
224
259
  def path(self, value: Optional[pulumi.Input[str]]):
225
260
  pulumi.set(self, "path", value)
226
261
 
262
+ @property
263
+ @pulumi.getter(name="rotationPeriod")
264
+ def rotation_period(self) -> Optional[pulumi.Input[int]]:
265
+ """
266
+ The amount of time in seconds Vault should wait before rotating the root credential.
267
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
268
+ *Available only for Vault Enterprise*.
269
+ """
270
+ return pulumi.get(self, "rotation_period")
271
+
272
+ @rotation_period.setter
273
+ def rotation_period(self, value: Optional[pulumi.Input[int]]):
274
+ pulumi.set(self, "rotation_period", value)
275
+
276
+ @property
277
+ @pulumi.getter(name="rotationSchedule")
278
+ def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
279
+ """
280
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
281
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
282
+ """
283
+ return pulumi.get(self, "rotation_schedule")
284
+
285
+ @rotation_schedule.setter
286
+ def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
287
+ pulumi.set(self, "rotation_schedule", value)
288
+
289
+ @property
290
+ @pulumi.getter(name="rotationWindow")
291
+ def rotation_window(self) -> Optional[pulumi.Input[int]]:
292
+ """
293
+ The maximum amount of time in seconds allowed to complete
294
+ a rotation when a scheduled token rotation occurs. The default rotation window is
295
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
296
+ """
297
+ return pulumi.get(self, "rotation_window")
298
+
299
+ @rotation_window.setter
300
+ def rotation_window(self, value: Optional[pulumi.Input[int]]):
301
+ pulumi.set(self, "rotation_window", value)
302
+
227
303
  @property
228
304
  @pulumi.getter(name="serviceAccountEmail")
229
305
  def service_account_email(self) -> Optional[pulumi.Input[str]]:
@@ -245,6 +321,7 @@ class _SecretBackendState:
245
321
  credentials: Optional[pulumi.Input[str]] = None,
246
322
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
247
323
  description: Optional[pulumi.Input[str]] = None,
324
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
248
325
  disable_remount: Optional[pulumi.Input[bool]] = None,
249
326
  identity_token_audience: Optional[pulumi.Input[str]] = None,
250
327
  identity_token_key: Optional[pulumi.Input[str]] = None,
@@ -253,6 +330,9 @@ class _SecretBackendState:
253
330
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
254
331
  namespace: Optional[pulumi.Input[str]] = None,
255
332
  path: Optional[pulumi.Input[str]] = None,
333
+ rotation_period: Optional[pulumi.Input[int]] = None,
334
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
335
+ rotation_window: Optional[pulumi.Input[int]] = None,
256
336
  service_account_email: Optional[pulumi.Input[str]] = None):
257
337
  """
258
338
  Input properties used for looking up and filtering SecretBackend resources.
@@ -261,6 +341,8 @@ class _SecretBackendState:
261
341
  :param pulumi.Input[int] default_lease_ttl_seconds: The default TTL for credentials
262
342
  issued by this backend. Defaults to '0'.
263
343
  :param pulumi.Input[str] description: A human-friendly description for this backend.
344
+ :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
345
+ *Available only for Vault Enterprise*.
264
346
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
265
347
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
266
348
  :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
@@ -278,6 +360,14 @@ class _SecretBackendState:
278
360
  *Available only for Vault Enterprise*.
279
361
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
280
362
  not begin or end with a `/`. Defaults to `gcp`.
363
+ :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
364
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
365
+ *Available only for Vault Enterprise*.
366
+ :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
367
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
368
+ :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
369
+ a rotation when a scheduled token rotation occurs. The default rotation window is
370
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
281
371
  :param pulumi.Input[str] service_account_email: Service Account to impersonate for plugin workload identity federation.
282
372
  Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
283
373
  """
@@ -289,6 +379,8 @@ class _SecretBackendState:
289
379
  pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
290
380
  if description is not None:
291
381
  pulumi.set(__self__, "description", description)
382
+ if disable_automated_rotation is not None:
383
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
292
384
  if disable_remount is not None:
293
385
  pulumi.set(__self__, "disable_remount", disable_remount)
294
386
  if identity_token_audience is not None:
@@ -305,6 +397,12 @@ class _SecretBackendState:
305
397
  pulumi.set(__self__, "namespace", namespace)
306
398
  if path is not None:
307
399
  pulumi.set(__self__, "path", path)
400
+ if rotation_period is not None:
401
+ pulumi.set(__self__, "rotation_period", rotation_period)
402
+ if rotation_schedule is not None:
403
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
404
+ if rotation_window is not None:
405
+ pulumi.set(__self__, "rotation_window", rotation_window)
308
406
  if service_account_email is not None:
309
407
  pulumi.set(__self__, "service_account_email", service_account_email)
310
408
 
@@ -357,6 +455,19 @@ class _SecretBackendState:
357
455
  def description(self, value: Optional[pulumi.Input[str]]):
358
456
  pulumi.set(self, "description", value)
359
457
 
458
+ @property
459
+ @pulumi.getter(name="disableAutomatedRotation")
460
+ def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
461
+ """
462
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
463
+ *Available only for Vault Enterprise*.
464
+ """
465
+ return pulumi.get(self, "disable_automated_rotation")
466
+
467
+ @disable_automated_rotation.setter
468
+ def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
469
+ pulumi.set(self, "disable_automated_rotation", value)
470
+
360
471
  @property
361
472
  @pulumi.getter(name="disableRemount")
362
473
  def disable_remount(self) -> Optional[pulumi.Input[bool]]:
@@ -462,6 +573,47 @@ class _SecretBackendState:
462
573
  def path(self, value: Optional[pulumi.Input[str]]):
463
574
  pulumi.set(self, "path", value)
464
575
 
576
+ @property
577
+ @pulumi.getter(name="rotationPeriod")
578
+ def rotation_period(self) -> Optional[pulumi.Input[int]]:
579
+ """
580
+ The amount of time in seconds Vault should wait before rotating the root credential.
581
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
582
+ *Available only for Vault Enterprise*.
583
+ """
584
+ return pulumi.get(self, "rotation_period")
585
+
586
+ @rotation_period.setter
587
+ def rotation_period(self, value: Optional[pulumi.Input[int]]):
588
+ pulumi.set(self, "rotation_period", value)
589
+
590
+ @property
591
+ @pulumi.getter(name="rotationSchedule")
592
+ def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
593
+ """
594
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
595
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
596
+ """
597
+ return pulumi.get(self, "rotation_schedule")
598
+
599
+ @rotation_schedule.setter
600
+ def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
601
+ pulumi.set(self, "rotation_schedule", value)
602
+
603
+ @property
604
+ @pulumi.getter(name="rotationWindow")
605
+ def rotation_window(self) -> Optional[pulumi.Input[int]]:
606
+ """
607
+ The maximum amount of time in seconds allowed to complete
608
+ a rotation when a scheduled token rotation occurs. The default rotation window is
609
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
610
+ """
611
+ return pulumi.get(self, "rotation_window")
612
+
613
+ @rotation_window.setter
614
+ def rotation_window(self, value: Optional[pulumi.Input[int]]):
615
+ pulumi.set(self, "rotation_window", value)
616
+
465
617
  @property
466
618
  @pulumi.getter(name="serviceAccountEmail")
467
619
  def service_account_email(self) -> Optional[pulumi.Input[str]]:
@@ -484,6 +636,7 @@ class SecretBackend(pulumi.CustomResource):
484
636
  credentials: Optional[pulumi.Input[str]] = None,
485
637
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
486
638
  description: Optional[pulumi.Input[str]] = None,
639
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
487
640
  disable_remount: Optional[pulumi.Input[bool]] = None,
488
641
  identity_token_audience: Optional[pulumi.Input[str]] = None,
489
642
  identity_token_key: Optional[pulumi.Input[str]] = None,
@@ -492,6 +645,9 @@ class SecretBackend(pulumi.CustomResource):
492
645
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
493
646
  namespace: Optional[pulumi.Input[str]] = None,
494
647
  path: Optional[pulumi.Input[str]] = None,
648
+ rotation_period: Optional[pulumi.Input[int]] = None,
649
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
650
+ rotation_window: Optional[pulumi.Input[int]] = None,
495
651
  service_account_email: Optional[pulumi.Input[str]] = None,
496
652
  __props__=None):
497
653
  """
@@ -506,7 +662,9 @@ class SecretBackend(pulumi.CustomResource):
506
662
  identity_token_key="example-key",
507
663
  identity_token_ttl=1800,
508
664
  identity_token_audience="<TOKEN_AUDIENCE>",
509
- service_account_email="<SERVICE_ACCOUNT_EMAIL>")
665
+ service_account_email="<SERVICE_ACCOUNT_EMAIL>",
666
+ rotation_schedule="0 * * * SAT",
667
+ rotation_window=3600)
510
668
  ```
511
669
 
512
670
  ```python
@@ -514,7 +672,10 @@ class SecretBackend(pulumi.CustomResource):
514
672
  import pulumi_std as std
515
673
  import pulumi_vault as vault
516
674
 
517
- gcp = vault.gcp.SecretBackend("gcp", credentials=std.file(input="credentials.json").result)
675
+ gcp = vault.gcp.SecretBackend("gcp",
676
+ credentials=std.file(input="credentials.json").result,
677
+ rotation_schedule="0 * * * SAT",
678
+ rotation_window=3600)
518
679
  ```
519
680
 
520
681
  :param str resource_name: The name of the resource.
@@ -523,6 +684,8 @@ class SecretBackend(pulumi.CustomResource):
523
684
  :param pulumi.Input[int] default_lease_ttl_seconds: The default TTL for credentials
524
685
  issued by this backend. Defaults to '0'.
525
686
  :param pulumi.Input[str] description: A human-friendly description for this backend.
687
+ :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
688
+ *Available only for Vault Enterprise*.
526
689
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
527
690
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
528
691
  :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
@@ -540,6 +703,14 @@ class SecretBackend(pulumi.CustomResource):
540
703
  *Available only for Vault Enterprise*.
541
704
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
542
705
  not begin or end with a `/`. Defaults to `gcp`.
706
+ :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
707
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
708
+ *Available only for Vault Enterprise*.
709
+ :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
710
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
711
+ :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
712
+ a rotation when a scheduled token rotation occurs. The default rotation window is
713
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
543
714
  :param pulumi.Input[str] service_account_email: Service Account to impersonate for plugin workload identity federation.
544
715
  Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
545
716
  """
@@ -561,7 +732,9 @@ class SecretBackend(pulumi.CustomResource):
561
732
  identity_token_key="example-key",
562
733
  identity_token_ttl=1800,
563
734
  identity_token_audience="<TOKEN_AUDIENCE>",
564
- service_account_email="<SERVICE_ACCOUNT_EMAIL>")
735
+ service_account_email="<SERVICE_ACCOUNT_EMAIL>",
736
+ rotation_schedule="0 * * * SAT",
737
+ rotation_window=3600)
565
738
  ```
566
739
 
567
740
  ```python
@@ -569,7 +742,10 @@ class SecretBackend(pulumi.CustomResource):
569
742
  import pulumi_std as std
570
743
  import pulumi_vault as vault
571
744
 
572
- gcp = vault.gcp.SecretBackend("gcp", credentials=std.file(input="credentials.json").result)
745
+ gcp = vault.gcp.SecretBackend("gcp",
746
+ credentials=std.file(input="credentials.json").result,
747
+ rotation_schedule="0 * * * SAT",
748
+ rotation_window=3600)
573
749
  ```
574
750
 
575
751
  :param str resource_name: The name of the resource.
@@ -590,6 +766,7 @@ class SecretBackend(pulumi.CustomResource):
590
766
  credentials: Optional[pulumi.Input[str]] = None,
591
767
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
592
768
  description: Optional[pulumi.Input[str]] = None,
769
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
593
770
  disable_remount: Optional[pulumi.Input[bool]] = None,
594
771
  identity_token_audience: Optional[pulumi.Input[str]] = None,
595
772
  identity_token_key: Optional[pulumi.Input[str]] = None,
@@ -598,6 +775,9 @@ class SecretBackend(pulumi.CustomResource):
598
775
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
599
776
  namespace: Optional[pulumi.Input[str]] = None,
600
777
  path: Optional[pulumi.Input[str]] = None,
778
+ rotation_period: Optional[pulumi.Input[int]] = None,
779
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
780
+ rotation_window: Optional[pulumi.Input[int]] = None,
601
781
  service_account_email: Optional[pulumi.Input[str]] = None,
602
782
  __props__=None):
603
783
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
@@ -611,6 +791,7 @@ class SecretBackend(pulumi.CustomResource):
611
791
  __props__.__dict__["credentials"] = None if credentials is None else pulumi.Output.secret(credentials)
612
792
  __props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
613
793
  __props__.__dict__["description"] = description
794
+ __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
614
795
  __props__.__dict__["disable_remount"] = disable_remount
615
796
  __props__.__dict__["identity_token_audience"] = identity_token_audience
616
797
  __props__.__dict__["identity_token_key"] = identity_token_key
@@ -619,6 +800,9 @@ class SecretBackend(pulumi.CustomResource):
619
800
  __props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
620
801
  __props__.__dict__["namespace"] = namespace
621
802
  __props__.__dict__["path"] = path
803
+ __props__.__dict__["rotation_period"] = rotation_period
804
+ __props__.__dict__["rotation_schedule"] = rotation_schedule
805
+ __props__.__dict__["rotation_window"] = rotation_window
622
806
  __props__.__dict__["service_account_email"] = service_account_email
623
807
  __props__.__dict__["accessor"] = None
624
808
  secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["credentials"])
@@ -637,6 +821,7 @@ class SecretBackend(pulumi.CustomResource):
637
821
  credentials: Optional[pulumi.Input[str]] = None,
638
822
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
639
823
  description: Optional[pulumi.Input[str]] = None,
824
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
640
825
  disable_remount: Optional[pulumi.Input[bool]] = None,
641
826
  identity_token_audience: Optional[pulumi.Input[str]] = None,
642
827
  identity_token_key: Optional[pulumi.Input[str]] = None,
@@ -645,6 +830,9 @@ class SecretBackend(pulumi.CustomResource):
645
830
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
646
831
  namespace: Optional[pulumi.Input[str]] = None,
647
832
  path: Optional[pulumi.Input[str]] = None,
833
+ rotation_period: Optional[pulumi.Input[int]] = None,
834
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
835
+ rotation_window: Optional[pulumi.Input[int]] = None,
648
836
  service_account_email: Optional[pulumi.Input[str]] = None) -> 'SecretBackend':
649
837
  """
650
838
  Get an existing SecretBackend resource's state with the given name, id, and optional extra
@@ -658,6 +846,8 @@ class SecretBackend(pulumi.CustomResource):
658
846
  :param pulumi.Input[int] default_lease_ttl_seconds: The default TTL for credentials
659
847
  issued by this backend. Defaults to '0'.
660
848
  :param pulumi.Input[str] description: A human-friendly description for this backend.
849
+ :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
850
+ *Available only for Vault Enterprise*.
661
851
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
662
852
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
663
853
  :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
@@ -675,6 +865,14 @@ class SecretBackend(pulumi.CustomResource):
675
865
  *Available only for Vault Enterprise*.
676
866
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
677
867
  not begin or end with a `/`. Defaults to `gcp`.
868
+ :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
869
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
870
+ *Available only for Vault Enterprise*.
871
+ :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
872
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
873
+ :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
874
+ a rotation when a scheduled token rotation occurs. The default rotation window is
875
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
678
876
  :param pulumi.Input[str] service_account_email: Service Account to impersonate for plugin workload identity federation.
679
877
  Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
680
878
  """
@@ -686,6 +884,7 @@ class SecretBackend(pulumi.CustomResource):
686
884
  __props__.__dict__["credentials"] = credentials
687
885
  __props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
688
886
  __props__.__dict__["description"] = description
887
+ __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
689
888
  __props__.__dict__["disable_remount"] = disable_remount
690
889
  __props__.__dict__["identity_token_audience"] = identity_token_audience
691
890
  __props__.__dict__["identity_token_key"] = identity_token_key
@@ -694,6 +893,9 @@ class SecretBackend(pulumi.CustomResource):
694
893
  __props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
695
894
  __props__.__dict__["namespace"] = namespace
696
895
  __props__.__dict__["path"] = path
896
+ __props__.__dict__["rotation_period"] = rotation_period
897
+ __props__.__dict__["rotation_schedule"] = rotation_schedule
898
+ __props__.__dict__["rotation_window"] = rotation_window
697
899
  __props__.__dict__["service_account_email"] = service_account_email
698
900
  return SecretBackend(resource_name, opts=opts, __props__=__props__)
699
901
 
@@ -730,6 +932,15 @@ class SecretBackend(pulumi.CustomResource):
730
932
  """
731
933
  return pulumi.get(self, "description")
732
934
 
935
+ @property
936
+ @pulumi.getter(name="disableAutomatedRotation")
937
+ def disable_automated_rotation(self) -> pulumi.Output[Optional[bool]]:
938
+ """
939
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
940
+ *Available only for Vault Enterprise*.
941
+ """
942
+ return pulumi.get(self, "disable_automated_rotation")
943
+
733
944
  @property
734
945
  @pulumi.getter(name="disableRemount")
735
946
  def disable_remount(self) -> pulumi.Output[Optional[bool]]:
@@ -803,6 +1014,35 @@ class SecretBackend(pulumi.CustomResource):
803
1014
  """
804
1015
  return pulumi.get(self, "path")
805
1016
 
1017
+ @property
1018
+ @pulumi.getter(name="rotationPeriod")
1019
+ def rotation_period(self) -> pulumi.Output[Optional[int]]:
1020
+ """
1021
+ The amount of time in seconds Vault should wait before rotating the root credential.
1022
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
1023
+ *Available only for Vault Enterprise*.
1024
+ """
1025
+ return pulumi.get(self, "rotation_period")
1026
+
1027
+ @property
1028
+ @pulumi.getter(name="rotationSchedule")
1029
+ def rotation_schedule(self) -> pulumi.Output[Optional[str]]:
1030
+ """
1031
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
1032
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
1033
+ """
1034
+ return pulumi.get(self, "rotation_schedule")
1035
+
1036
+ @property
1037
+ @pulumi.getter(name="rotationWindow")
1038
+ def rotation_window(self) -> pulumi.Output[Optional[int]]:
1039
+ """
1040
+ The maximum amount of time in seconds allowed to complete
1041
+ a rotation when a scheduled token rotation occurs. The default rotation window is
1042
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
1043
+ """
1044
+ return pulumi.get(self, "rotation_window")
1045
+
806
1046
  @property
807
1047
  @pulumi.getter(name="serviceAccountEmail")
808
1048
  def service_account_email(self) -> pulumi.Output[Optional[str]]: