pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.6.0a1741836364__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. pulumi_vault/__init__.py +8 -0
  2. pulumi_vault/aws/auth_backend_client.py +228 -4
  3. pulumi_vault/aws/secret_backend.py +266 -50
  4. pulumi_vault/aws/secret_backend_static_role.py +217 -0
  5. pulumi_vault/azure/auth_backend_config.py +257 -5
  6. pulumi_vault/azure/backend.py +249 -4
  7. pulumi_vault/database/_inputs.py +1692 -36
  8. pulumi_vault/database/outputs.py +1170 -18
  9. pulumi_vault/database/secret_backend_connection.py +220 -0
  10. pulumi_vault/database/secret_backend_static_role.py +143 -1
  11. pulumi_vault/database/secrets_mount.py +8 -0
  12. pulumi_vault/gcp/auth_backend.py +222 -2
  13. pulumi_vault/gcp/secret_backend.py +244 -4
  14. pulumi_vault/ldap/auth_backend.py +222 -2
  15. pulumi_vault/ldap/secret_backend.py +222 -2
  16. pulumi_vault/pkisecret/__init__.py +2 -0
  17. pulumi_vault/pkisecret/_inputs.py +0 -6
  18. pulumi_vault/pkisecret/backend_config_acme.py +47 -0
  19. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
  20. pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
  21. pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
  22. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
  23. pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
  24. pulumi_vault/pkisecret/outputs.py +0 -4
  25. pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
  26. pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
  27. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
  28. pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
  29. pulumi_vault/pkisecret/secret_backend_role.py +252 -3
  30. pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
  31. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
  32. pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
  33. pulumi_vault/pulumi-plugin.json +1 -1
  34. pulumi_vault/ssh/__init__.py +1 -0
  35. pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
  36. pulumi_vault/terraformcloud/secret_role.py +7 -7
  37. pulumi_vault/transit/__init__.py +2 -0
  38. pulumi_vault/transit/get_sign.py +324 -0
  39. pulumi_vault/transit/get_verify.py +354 -0
  40. pulumi_vault/transit/secret_backend_key.py +162 -0
  41. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/METADATA +1 -1
  42. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/RECORD +44 -39
  43. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/WHEEL +1 -1
  44. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/top_level.txt +0 -0
@@ -22,18 +22,23 @@ class SecretBackendStaticRoleArgs:
22
22
  backend: pulumi.Input[str],
23
23
  db_name: pulumi.Input[str],
24
24
  username: pulumi.Input[str],
25
+ credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
26
+ credential_type: Optional[pulumi.Input[str]] = None,
25
27
  name: Optional[pulumi.Input[str]] = None,
26
28
  namespace: Optional[pulumi.Input[str]] = None,
27
29
  rotation_period: Optional[pulumi.Input[int]] = None,
28
30
  rotation_schedule: Optional[pulumi.Input[str]] = None,
29
31
  rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
30
32
  rotation_window: Optional[pulumi.Input[int]] = None,
31
- self_managed_password: Optional[pulumi.Input[str]] = None):
33
+ self_managed_password: Optional[pulumi.Input[str]] = None,
34
+ skip_import_rotation: Optional[pulumi.Input[bool]] = None):
32
35
  """
33
36
  The set of arguments for constructing a SecretBackendStaticRole resource.
34
37
  :param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
35
38
  :param pulumi.Input[str] db_name: The unique name of the database connection to use for the static role.
36
39
  :param pulumi.Input[str] username: The database username that this static role corresponds to.
40
+ :param pulumi.Input[str] credential_type: The credential type for the user, can be one of "password", "rsa_private_key" or "client_certificate".The configuration
41
+ can be done in `credential_config`.
37
42
  :param pulumi.Input[str] name: A unique name to give the static role.
38
43
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
39
44
  The value should not contain leading or trailing forward slashes.
@@ -52,10 +57,16 @@ class SecretBackendStaticRoleArgs:
52
57
  :param pulumi.Input[str] self_managed_password: The password corresponding to the username in the database.
53
58
  Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
54
59
  select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
60
+ :param pulumi.Input[bool] skip_import_rotation: If set to true, Vault will skip the
61
+ initial secret rotation on import. Requires Vault 1.18+ Enterprise.
55
62
  """
56
63
  pulumi.set(__self__, "backend", backend)
57
64
  pulumi.set(__self__, "db_name", db_name)
58
65
  pulumi.set(__self__, "username", username)
66
+ if credential_config is not None:
67
+ pulumi.set(__self__, "credential_config", credential_config)
68
+ if credential_type is not None:
69
+ pulumi.set(__self__, "credential_type", credential_type)
59
70
  if name is not None:
60
71
  pulumi.set(__self__, "name", name)
61
72
  if namespace is not None:
@@ -70,6 +81,8 @@ class SecretBackendStaticRoleArgs:
70
81
  pulumi.set(__self__, "rotation_window", rotation_window)
71
82
  if self_managed_password is not None:
72
83
  pulumi.set(__self__, "self_managed_password", self_managed_password)
84
+ if skip_import_rotation is not None:
85
+ pulumi.set(__self__, "skip_import_rotation", skip_import_rotation)
73
86
 
74
87
  @property
75
88
  @pulumi.getter
@@ -107,6 +120,28 @@ class SecretBackendStaticRoleArgs:
107
120
  def username(self, value: pulumi.Input[str]):
108
121
  pulumi.set(self, "username", value)
109
122
 
123
+ @property
124
+ @pulumi.getter(name="credentialConfig")
125
+ def credential_config(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
126
+ return pulumi.get(self, "credential_config")
127
+
128
+ @credential_config.setter
129
+ def credential_config(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
130
+ pulumi.set(self, "credential_config", value)
131
+
132
+ @property
133
+ @pulumi.getter(name="credentialType")
134
+ def credential_type(self) -> Optional[pulumi.Input[str]]:
135
+ """
136
+ The credential type for the user, can be one of "password", "rsa_private_key" or "client_certificate".The configuration
137
+ can be done in `credential_config`.
138
+ """
139
+ return pulumi.get(self, "credential_type")
140
+
141
+ @credential_type.setter
142
+ def credential_type(self, value: Optional[pulumi.Input[str]]):
143
+ pulumi.set(self, "credential_type", value)
144
+
110
145
  @property
111
146
  @pulumi.getter
112
147
  def name(self) -> Optional[pulumi.Input[str]]:
@@ -202,11 +237,26 @@ class SecretBackendStaticRoleArgs:
202
237
  def self_managed_password(self, value: Optional[pulumi.Input[str]]):
203
238
  pulumi.set(self, "self_managed_password", value)
204
239
 
240
+ @property
241
+ @pulumi.getter(name="skipImportRotation")
242
+ def skip_import_rotation(self) -> Optional[pulumi.Input[bool]]:
243
+ """
244
+ If set to true, Vault will skip the
245
+ initial secret rotation on import. Requires Vault 1.18+ Enterprise.
246
+ """
247
+ return pulumi.get(self, "skip_import_rotation")
248
+
249
+ @skip_import_rotation.setter
250
+ def skip_import_rotation(self, value: Optional[pulumi.Input[bool]]):
251
+ pulumi.set(self, "skip_import_rotation", value)
252
+
205
253
 
206
254
  @pulumi.input_type
207
255
  class _SecretBackendStaticRoleState:
208
256
  def __init__(__self__, *,
209
257
  backend: Optional[pulumi.Input[str]] = None,
258
+ credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
259
+ credential_type: Optional[pulumi.Input[str]] = None,
210
260
  db_name: Optional[pulumi.Input[str]] = None,
211
261
  name: Optional[pulumi.Input[str]] = None,
212
262
  namespace: Optional[pulumi.Input[str]] = None,
@@ -215,10 +265,13 @@ class _SecretBackendStaticRoleState:
215
265
  rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
216
266
  rotation_window: Optional[pulumi.Input[int]] = None,
217
267
  self_managed_password: Optional[pulumi.Input[str]] = None,
268
+ skip_import_rotation: Optional[pulumi.Input[bool]] = None,
218
269
  username: Optional[pulumi.Input[str]] = None):
219
270
  """
220
271
  Input properties used for looking up and filtering SecretBackendStaticRole resources.
221
272
  :param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
273
+ :param pulumi.Input[str] credential_type: The credential type for the user, can be one of "password", "rsa_private_key" or "client_certificate".The configuration
274
+ can be done in `credential_config`.
222
275
  :param pulumi.Input[str] db_name: The unique name of the database connection to use for the static role.
223
276
  :param pulumi.Input[str] name: A unique name to give the static role.
224
277
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
@@ -238,10 +291,16 @@ class _SecretBackendStaticRoleState:
238
291
  :param pulumi.Input[str] self_managed_password: The password corresponding to the username in the database.
239
292
  Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
240
293
  select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
294
+ :param pulumi.Input[bool] skip_import_rotation: If set to true, Vault will skip the
295
+ initial secret rotation on import. Requires Vault 1.18+ Enterprise.
241
296
  :param pulumi.Input[str] username: The database username that this static role corresponds to.
242
297
  """
243
298
  if backend is not None:
244
299
  pulumi.set(__self__, "backend", backend)
300
+ if credential_config is not None:
301
+ pulumi.set(__self__, "credential_config", credential_config)
302
+ if credential_type is not None:
303
+ pulumi.set(__self__, "credential_type", credential_type)
245
304
  if db_name is not None:
246
305
  pulumi.set(__self__, "db_name", db_name)
247
306
  if name is not None:
@@ -258,6 +317,8 @@ class _SecretBackendStaticRoleState:
258
317
  pulumi.set(__self__, "rotation_window", rotation_window)
259
318
  if self_managed_password is not None:
260
319
  pulumi.set(__self__, "self_managed_password", self_managed_password)
320
+ if skip_import_rotation is not None:
321
+ pulumi.set(__self__, "skip_import_rotation", skip_import_rotation)
261
322
  if username is not None:
262
323
  pulumi.set(__self__, "username", username)
263
324
 
@@ -273,6 +334,28 @@ class _SecretBackendStaticRoleState:
273
334
  def backend(self, value: Optional[pulumi.Input[str]]):
274
335
  pulumi.set(self, "backend", value)
275
336
 
337
+ @property
338
+ @pulumi.getter(name="credentialConfig")
339
+ def credential_config(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
340
+ return pulumi.get(self, "credential_config")
341
+
342
+ @credential_config.setter
343
+ def credential_config(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
344
+ pulumi.set(self, "credential_config", value)
345
+
346
+ @property
347
+ @pulumi.getter(name="credentialType")
348
+ def credential_type(self) -> Optional[pulumi.Input[str]]:
349
+ """
350
+ The credential type for the user, can be one of "password", "rsa_private_key" or "client_certificate".The configuration
351
+ can be done in `credential_config`.
352
+ """
353
+ return pulumi.get(self, "credential_type")
354
+
355
+ @credential_type.setter
356
+ def credential_type(self, value: Optional[pulumi.Input[str]]):
357
+ pulumi.set(self, "credential_type", value)
358
+
276
359
  @property
277
360
  @pulumi.getter(name="dbName")
278
361
  def db_name(self) -> Optional[pulumi.Input[str]]:
@@ -380,6 +463,19 @@ class _SecretBackendStaticRoleState:
380
463
  def self_managed_password(self, value: Optional[pulumi.Input[str]]):
381
464
  pulumi.set(self, "self_managed_password", value)
382
465
 
466
+ @property
467
+ @pulumi.getter(name="skipImportRotation")
468
+ def skip_import_rotation(self) -> Optional[pulumi.Input[bool]]:
469
+ """
470
+ If set to true, Vault will skip the
471
+ initial secret rotation on import. Requires Vault 1.18+ Enterprise.
472
+ """
473
+ return pulumi.get(self, "skip_import_rotation")
474
+
475
+ @skip_import_rotation.setter
476
+ def skip_import_rotation(self, value: Optional[pulumi.Input[bool]]):
477
+ pulumi.set(self, "skip_import_rotation", value)
478
+
383
479
  @property
384
480
  @pulumi.getter
385
481
  def username(self) -> Optional[pulumi.Input[str]]:
@@ -399,6 +495,8 @@ class SecretBackendStaticRole(pulumi.CustomResource):
399
495
  resource_name: str,
400
496
  opts: Optional[pulumi.ResourceOptions] = None,
401
497
  backend: Optional[pulumi.Input[str]] = None,
498
+ credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
499
+ credential_type: Optional[pulumi.Input[str]] = None,
402
500
  db_name: Optional[pulumi.Input[str]] = None,
403
501
  name: Optional[pulumi.Input[str]] = None,
404
502
  namespace: Optional[pulumi.Input[str]] = None,
@@ -407,6 +505,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
407
505
  rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
408
506
  rotation_window: Optional[pulumi.Input[int]] = None,
409
507
  self_managed_password: Optional[pulumi.Input[str]] = None,
508
+ skip_import_rotation: Optional[pulumi.Input[bool]] = None,
410
509
  username: Optional[pulumi.Input[str]] = None,
411
510
  __props__=None):
412
511
  """
@@ -460,6 +559,8 @@ class SecretBackendStaticRole(pulumi.CustomResource):
460
559
  :param str resource_name: The name of the resource.
461
560
  :param pulumi.ResourceOptions opts: Options for the resource.
462
561
  :param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
562
+ :param pulumi.Input[str] credential_type: The credential type for the user, can be one of "password", "rsa_private_key" or "client_certificate".The configuration
563
+ can be done in `credential_config`.
463
564
  :param pulumi.Input[str] db_name: The unique name of the database connection to use for the static role.
464
565
  :param pulumi.Input[str] name: A unique name to give the static role.
465
566
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
@@ -479,6 +580,8 @@ class SecretBackendStaticRole(pulumi.CustomResource):
479
580
  :param pulumi.Input[str] self_managed_password: The password corresponding to the username in the database.
480
581
  Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
481
582
  select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
583
+ :param pulumi.Input[bool] skip_import_rotation: If set to true, Vault will skip the
584
+ initial secret rotation on import. Requires Vault 1.18+ Enterprise.
482
585
  :param pulumi.Input[str] username: The database username that this static role corresponds to.
483
586
  """
484
587
  ...
@@ -551,6 +654,8 @@ class SecretBackendStaticRole(pulumi.CustomResource):
551
654
  resource_name: str,
552
655
  opts: Optional[pulumi.ResourceOptions] = None,
553
656
  backend: Optional[pulumi.Input[str]] = None,
657
+ credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
658
+ credential_type: Optional[pulumi.Input[str]] = None,
554
659
  db_name: Optional[pulumi.Input[str]] = None,
555
660
  name: Optional[pulumi.Input[str]] = None,
556
661
  namespace: Optional[pulumi.Input[str]] = None,
@@ -559,6 +664,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
559
664
  rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
560
665
  rotation_window: Optional[pulumi.Input[int]] = None,
561
666
  self_managed_password: Optional[pulumi.Input[str]] = None,
667
+ skip_import_rotation: Optional[pulumi.Input[bool]] = None,
562
668
  username: Optional[pulumi.Input[str]] = None,
563
669
  __props__=None):
564
670
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
@@ -572,6 +678,8 @@ class SecretBackendStaticRole(pulumi.CustomResource):
572
678
  if backend is None and not opts.urn:
573
679
  raise TypeError("Missing required property 'backend'")
574
680
  __props__.__dict__["backend"] = backend
681
+ __props__.__dict__["credential_config"] = credential_config
682
+ __props__.__dict__["credential_type"] = credential_type
575
683
  if db_name is None and not opts.urn:
576
684
  raise TypeError("Missing required property 'db_name'")
577
685
  __props__.__dict__["db_name"] = db_name
@@ -582,6 +690,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
582
690
  __props__.__dict__["rotation_statements"] = rotation_statements
583
691
  __props__.__dict__["rotation_window"] = rotation_window
584
692
  __props__.__dict__["self_managed_password"] = None if self_managed_password is None else pulumi.Output.secret(self_managed_password)
693
+ __props__.__dict__["skip_import_rotation"] = skip_import_rotation
585
694
  if username is None and not opts.urn:
586
695
  raise TypeError("Missing required property 'username'")
587
696
  __props__.__dict__["username"] = username
@@ -598,6 +707,8 @@ class SecretBackendStaticRole(pulumi.CustomResource):
598
707
  id: pulumi.Input[str],
599
708
  opts: Optional[pulumi.ResourceOptions] = None,
600
709
  backend: Optional[pulumi.Input[str]] = None,
710
+ credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
711
+ credential_type: Optional[pulumi.Input[str]] = None,
601
712
  db_name: Optional[pulumi.Input[str]] = None,
602
713
  name: Optional[pulumi.Input[str]] = None,
603
714
  namespace: Optional[pulumi.Input[str]] = None,
@@ -606,6 +717,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
606
717
  rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
607
718
  rotation_window: Optional[pulumi.Input[int]] = None,
608
719
  self_managed_password: Optional[pulumi.Input[str]] = None,
720
+ skip_import_rotation: Optional[pulumi.Input[bool]] = None,
609
721
  username: Optional[pulumi.Input[str]] = None) -> 'SecretBackendStaticRole':
610
722
  """
611
723
  Get an existing SecretBackendStaticRole resource's state with the given name, id, and optional extra
@@ -615,6 +727,8 @@ class SecretBackendStaticRole(pulumi.CustomResource):
615
727
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
616
728
  :param pulumi.ResourceOptions opts: Options for the resource.
617
729
  :param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
730
+ :param pulumi.Input[str] credential_type: The credential type for the user, can be one of "password", "rsa_private_key" or "client_certificate".The configuration
731
+ can be done in `credential_config`.
618
732
  :param pulumi.Input[str] db_name: The unique name of the database connection to use for the static role.
619
733
  :param pulumi.Input[str] name: A unique name to give the static role.
620
734
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
@@ -634,6 +748,8 @@ class SecretBackendStaticRole(pulumi.CustomResource):
634
748
  :param pulumi.Input[str] self_managed_password: The password corresponding to the username in the database.
635
749
  Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
636
750
  select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
751
+ :param pulumi.Input[bool] skip_import_rotation: If set to true, Vault will skip the
752
+ initial secret rotation on import. Requires Vault 1.18+ Enterprise.
637
753
  :param pulumi.Input[str] username: The database username that this static role corresponds to.
638
754
  """
639
755
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -641,6 +757,8 @@ class SecretBackendStaticRole(pulumi.CustomResource):
641
757
  __props__ = _SecretBackendStaticRoleState.__new__(_SecretBackendStaticRoleState)
642
758
 
643
759
  __props__.__dict__["backend"] = backend
760
+ __props__.__dict__["credential_config"] = credential_config
761
+ __props__.__dict__["credential_type"] = credential_type
644
762
  __props__.__dict__["db_name"] = db_name
645
763
  __props__.__dict__["name"] = name
646
764
  __props__.__dict__["namespace"] = namespace
@@ -649,6 +767,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
649
767
  __props__.__dict__["rotation_statements"] = rotation_statements
650
768
  __props__.__dict__["rotation_window"] = rotation_window
651
769
  __props__.__dict__["self_managed_password"] = self_managed_password
770
+ __props__.__dict__["skip_import_rotation"] = skip_import_rotation
652
771
  __props__.__dict__["username"] = username
653
772
  return SecretBackendStaticRole(resource_name, opts=opts, __props__=__props__)
654
773
 
@@ -660,6 +779,20 @@ class SecretBackendStaticRole(pulumi.CustomResource):
660
779
  """
661
780
  return pulumi.get(self, "backend")
662
781
 
782
+ @property
783
+ @pulumi.getter(name="credentialConfig")
784
+ def credential_config(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
785
+ return pulumi.get(self, "credential_config")
786
+
787
+ @property
788
+ @pulumi.getter(name="credentialType")
789
+ def credential_type(self) -> pulumi.Output[str]:
790
+ """
791
+ The credential type for the user, can be one of "password", "rsa_private_key" or "client_certificate".The configuration
792
+ can be done in `credential_config`.
793
+ """
794
+ return pulumi.get(self, "credential_type")
795
+
663
796
  @property
664
797
  @pulumi.getter(name="dbName")
665
798
  def db_name(self) -> pulumi.Output[str]:
@@ -735,6 +868,15 @@ class SecretBackendStaticRole(pulumi.CustomResource):
735
868
  """
736
869
  return pulumi.get(self, "self_managed_password")
737
870
 
871
+ @property
872
+ @pulumi.getter(name="skipImportRotation")
873
+ def skip_import_rotation(self) -> pulumi.Output[Optional[bool]]:
874
+ """
875
+ If set to true, Vault will skip the
876
+ initial secret rotation on import. Requires Vault 1.18+ Enterprise.
877
+ """
878
+ return pulumi.get(self, "skip_import_rotation")
879
+
738
880
  @property
739
881
  @pulumi.getter
740
882
  def username(self) -> pulumi.Output[str]:
@@ -1354,6 +1354,8 @@ class SecretsMount(pulumi.CustomResource):
1354
1354
  "password": "super_secret_1",
1355
1355
  "connection_url": "sqlserver://{{username}}:{{password}}@127.0.0.1:1433",
1356
1356
  "allowed_roles": ["dev1"],
1357
+ "rotation_schedule": "0 * * * SAT",
1358
+ "rotation_window": 3600,
1357
1359
  }],
1358
1360
  postgresqls=[{
1359
1361
  "name": "db2",
@@ -1362,6 +1364,8 @@ class SecretsMount(pulumi.CustomResource):
1362
1364
  "connection_url": "postgresql://{{username}}:{{password}}@127.0.0.1:5432/postgres",
1363
1365
  "verify_connection": True,
1364
1366
  "allowed_roles": ["dev2"],
1367
+ "rotation_schedule": "0 * * * SAT",
1368
+ "rotation_window": 3600,
1365
1369
  }])
1366
1370
  dev1 = vault.database.SecretBackendRole("dev1",
1367
1371
  name="dev1",
@@ -1470,6 +1474,8 @@ class SecretsMount(pulumi.CustomResource):
1470
1474
  "password": "super_secret_1",
1471
1475
  "connection_url": "sqlserver://{{username}}:{{password}}@127.0.0.1:1433",
1472
1476
  "allowed_roles": ["dev1"],
1477
+ "rotation_schedule": "0 * * * SAT",
1478
+ "rotation_window": 3600,
1473
1479
  }],
1474
1480
  postgresqls=[{
1475
1481
  "name": "db2",
@@ -1478,6 +1484,8 @@ class SecretsMount(pulumi.CustomResource):
1478
1484
  "connection_url": "postgresql://{{username}}:{{password}}@127.0.0.1:5432/postgres",
1479
1485
  "verify_connection": True,
1480
1486
  "allowed_roles": ["dev2"],
1487
+ "rotation_schedule": "0 * * * SAT",
1488
+ "rotation_window": 3600,
1481
1489
  }])
1482
1490
  dev1 = vault.database.SecretBackendRole("dev1",
1483
1491
  name="dev1",