pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (264) hide show
  1. pulumi_vault/__init__.py +9 -0
  2. pulumi_vault/_inputs.py +583 -562
  3. pulumi_vault/ad/__init__.py +1 -0
  4. pulumi_vault/ad/get_access_credentials.py +20 -19
  5. pulumi_vault/ad/secret_backend.py +477 -476
  6. pulumi_vault/ad/secret_library.py +99 -98
  7. pulumi_vault/ad/secret_role.py +85 -84
  8. pulumi_vault/alicloud/__init__.py +1 -0
  9. pulumi_vault/alicloud/auth_backend_role.py +183 -182
  10. pulumi_vault/approle/__init__.py +1 -0
  11. pulumi_vault/approle/auth_backend_login.py +106 -105
  12. pulumi_vault/approle/auth_backend_role.py +239 -238
  13. pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
  14. pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
  15. pulumi_vault/audit.py +85 -84
  16. pulumi_vault/audit_request_header.py +43 -42
  17. pulumi_vault/auth_backend.py +106 -105
  18. pulumi_vault/aws/__init__.py +1 -0
  19. pulumi_vault/aws/auth_backend_cert.py +71 -70
  20. pulumi_vault/aws/auth_backend_client.py +425 -200
  21. pulumi_vault/aws/auth_backend_config_identity.py +85 -84
  22. pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
  23. pulumi_vault/aws/auth_backend_login.py +209 -208
  24. pulumi_vault/aws/auth_backend_role.py +400 -399
  25. pulumi_vault/aws/auth_backend_role_tag.py +127 -126
  26. pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
  27. pulumi_vault/aws/auth_backend_sts_role.py +71 -70
  28. pulumi_vault/aws/get_access_credentials.py +44 -43
  29. pulumi_vault/aws/get_static_access_credentials.py +13 -12
  30. pulumi_vault/aws/secret_backend.py +523 -306
  31. pulumi_vault/aws/secret_backend_role.py +211 -210
  32. pulumi_vault/aws/secret_backend_static_role.py +288 -70
  33. pulumi_vault/azure/__init__.py +1 -0
  34. pulumi_vault/azure/_inputs.py +21 -20
  35. pulumi_vault/azure/auth_backend_config.py +383 -130
  36. pulumi_vault/azure/auth_backend_role.py +253 -252
  37. pulumi_vault/azure/backend.py +432 -186
  38. pulumi_vault/azure/backend_role.py +188 -140
  39. pulumi_vault/azure/get_access_credentials.py +58 -57
  40. pulumi_vault/azure/outputs.py +11 -10
  41. pulumi_vault/cert_auth_backend_role.py +365 -364
  42. pulumi_vault/config/__init__.py +1 -0
  43. pulumi_vault/config/__init__.pyi +1 -0
  44. pulumi_vault/config/_inputs.py +11 -10
  45. pulumi_vault/config/outputs.py +287 -286
  46. pulumi_vault/config/ui_custom_message.py +113 -112
  47. pulumi_vault/config/vars.py +1 -0
  48. pulumi_vault/consul/__init__.py +1 -0
  49. pulumi_vault/consul/secret_backend.py +197 -196
  50. pulumi_vault/consul/secret_backend_role.py +183 -182
  51. pulumi_vault/database/__init__.py +1 -0
  52. pulumi_vault/database/_inputs.py +3857 -2200
  53. pulumi_vault/database/outputs.py +2483 -1330
  54. pulumi_vault/database/secret_backend_connection.py +333 -112
  55. pulumi_vault/database/secret_backend_role.py +169 -168
  56. pulumi_vault/database/secret_backend_static_role.py +283 -140
  57. pulumi_vault/database/secrets_mount.py +275 -266
  58. pulumi_vault/egp_policy.py +71 -70
  59. pulumi_vault/gcp/__init__.py +1 -0
  60. pulumi_vault/gcp/_inputs.py +82 -81
  61. pulumi_vault/gcp/auth_backend.py +426 -205
  62. pulumi_vault/gcp/auth_backend_role.py +281 -280
  63. pulumi_vault/gcp/get_auth_backend_role.py +70 -69
  64. pulumi_vault/gcp/outputs.py +50 -49
  65. pulumi_vault/gcp/secret_backend.py +420 -179
  66. pulumi_vault/gcp/secret_impersonated_account.py +92 -91
  67. pulumi_vault/gcp/secret_roleset.py +92 -91
  68. pulumi_vault/gcp/secret_static_account.py +92 -91
  69. pulumi_vault/generic/__init__.py +1 -0
  70. pulumi_vault/generic/endpoint.py +113 -112
  71. pulumi_vault/generic/get_secret.py +28 -27
  72. pulumi_vault/generic/secret.py +78 -77
  73. pulumi_vault/get_auth_backend.py +19 -18
  74. pulumi_vault/get_auth_backends.py +14 -13
  75. pulumi_vault/get_namespace.py +15 -14
  76. pulumi_vault/get_namespaces.py +68 -18
  77. pulumi_vault/get_nomad_access_token.py +19 -18
  78. pulumi_vault/get_policy_document.py +6 -5
  79. pulumi_vault/get_raft_autopilot_state.py +18 -17
  80. pulumi_vault/github/__init__.py +1 -0
  81. pulumi_vault/github/_inputs.py +42 -41
  82. pulumi_vault/github/auth_backend.py +232 -231
  83. pulumi_vault/github/outputs.py +26 -25
  84. pulumi_vault/github/team.py +57 -56
  85. pulumi_vault/github/user.py +57 -56
  86. pulumi_vault/identity/__init__.py +1 -0
  87. pulumi_vault/identity/entity.py +85 -84
  88. pulumi_vault/identity/entity_alias.py +71 -70
  89. pulumi_vault/identity/entity_policies.py +64 -63
  90. pulumi_vault/identity/get_entity.py +43 -42
  91. pulumi_vault/identity/get_group.py +50 -49
  92. pulumi_vault/identity/get_oidc_client_creds.py +14 -13
  93. pulumi_vault/identity/get_oidc_openid_config.py +24 -23
  94. pulumi_vault/identity/get_oidc_public_keys.py +13 -12
  95. pulumi_vault/identity/group.py +141 -140
  96. pulumi_vault/identity/group_alias.py +57 -56
  97. pulumi_vault/identity/group_member_entity_ids.py +57 -56
  98. pulumi_vault/identity/group_member_group_ids.py +57 -56
  99. pulumi_vault/identity/group_policies.py +64 -63
  100. pulumi_vault/identity/mfa_duo.py +148 -147
  101. pulumi_vault/identity/mfa_login_enforcement.py +120 -119
  102. pulumi_vault/identity/mfa_okta.py +134 -133
  103. pulumi_vault/identity/mfa_pingid.py +127 -126
  104. pulumi_vault/identity/mfa_totp.py +176 -175
  105. pulumi_vault/identity/oidc.py +29 -28
  106. pulumi_vault/identity/oidc_assignment.py +57 -56
  107. pulumi_vault/identity/oidc_client.py +127 -126
  108. pulumi_vault/identity/oidc_key.py +85 -84
  109. pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
  110. pulumi_vault/identity/oidc_provider.py +92 -91
  111. pulumi_vault/identity/oidc_role.py +85 -84
  112. pulumi_vault/identity/oidc_scope.py +57 -56
  113. pulumi_vault/identity/outputs.py +32 -31
  114. pulumi_vault/jwt/__init__.py +1 -0
  115. pulumi_vault/jwt/_inputs.py +42 -41
  116. pulumi_vault/jwt/auth_backend.py +288 -287
  117. pulumi_vault/jwt/auth_backend_role.py +407 -406
  118. pulumi_vault/jwt/outputs.py +26 -25
  119. pulumi_vault/kmip/__init__.py +1 -0
  120. pulumi_vault/kmip/secret_backend.py +183 -182
  121. pulumi_vault/kmip/secret_role.py +295 -294
  122. pulumi_vault/kmip/secret_scope.py +57 -56
  123. pulumi_vault/kubernetes/__init__.py +1 -0
  124. pulumi_vault/kubernetes/auth_backend_config.py +141 -140
  125. pulumi_vault/kubernetes/auth_backend_role.py +225 -224
  126. pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
  127. pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
  128. pulumi_vault/kubernetes/get_service_account_token.py +38 -37
  129. pulumi_vault/kubernetes/secret_backend.py +316 -315
  130. pulumi_vault/kubernetes/secret_backend_role.py +197 -196
  131. pulumi_vault/kv/__init__.py +1 -0
  132. pulumi_vault/kv/_inputs.py +21 -20
  133. pulumi_vault/kv/get_secret.py +17 -16
  134. pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
  135. pulumi_vault/kv/get_secret_v2.py +29 -28
  136. pulumi_vault/kv/get_secrets_list.py +13 -12
  137. pulumi_vault/kv/get_secrets_list_v2.py +19 -18
  138. pulumi_vault/kv/outputs.py +13 -12
  139. pulumi_vault/kv/secret.py +50 -49
  140. pulumi_vault/kv/secret_backend_v2.py +71 -70
  141. pulumi_vault/kv/secret_v2.py +134 -133
  142. pulumi_vault/ldap/__init__.py +1 -0
  143. pulumi_vault/ldap/auth_backend.py +754 -533
  144. pulumi_vault/ldap/auth_backend_group.py +57 -56
  145. pulumi_vault/ldap/auth_backend_user.py +71 -70
  146. pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
  147. pulumi_vault/ldap/get_static_credentials.py +18 -17
  148. pulumi_vault/ldap/secret_backend.py +720 -499
  149. pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
  150. pulumi_vault/ldap/secret_backend_library_set.py +99 -98
  151. pulumi_vault/ldap/secret_backend_static_role.py +99 -98
  152. pulumi_vault/managed/__init__.py +1 -0
  153. pulumi_vault/managed/_inputs.py +229 -228
  154. pulumi_vault/managed/keys.py +15 -14
  155. pulumi_vault/managed/outputs.py +139 -138
  156. pulumi_vault/mfa_duo.py +113 -112
  157. pulumi_vault/mfa_okta.py +113 -112
  158. pulumi_vault/mfa_pingid.py +120 -119
  159. pulumi_vault/mfa_totp.py +127 -126
  160. pulumi_vault/mongodbatlas/__init__.py +1 -0
  161. pulumi_vault/mongodbatlas/secret_backend.py +64 -63
  162. pulumi_vault/mongodbatlas/secret_role.py +155 -154
  163. pulumi_vault/mount.py +274 -273
  164. pulumi_vault/namespace.py +64 -63
  165. pulumi_vault/nomad_secret_backend.py +211 -210
  166. pulumi_vault/nomad_secret_role.py +85 -84
  167. pulumi_vault/okta/__init__.py +1 -0
  168. pulumi_vault/okta/_inputs.py +26 -25
  169. pulumi_vault/okta/auth_backend.py +274 -273
  170. pulumi_vault/okta/auth_backend_group.py +57 -56
  171. pulumi_vault/okta/auth_backend_user.py +71 -70
  172. pulumi_vault/okta/outputs.py +16 -15
  173. pulumi_vault/outputs.py +73 -60
  174. pulumi_vault/password_policy.py +43 -42
  175. pulumi_vault/pkisecret/__init__.py +3 -0
  176. pulumi_vault/pkisecret/_inputs.py +31 -36
  177. pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
  178. pulumi_vault/pkisecret/backend_config_acme.py +174 -126
  179. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
  180. pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
  181. pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
  182. pulumi_vault/pkisecret/backend_config_est.py +120 -119
  183. pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
  184. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
  185. pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
  186. pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
  187. pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
  188. pulumi_vault/pkisecret/get_backend_key.py +20 -19
  189. pulumi_vault/pkisecret/get_backend_keys.py +15 -14
  190. pulumi_vault/pkisecret/outputs.py +28 -31
  191. pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
  192. pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
  193. pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
  194. pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
  195. pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
  196. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
  197. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
  198. pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
  199. pulumi_vault/pkisecret/secret_backend_key.py +120 -119
  200. pulumi_vault/pkisecret/secret_backend_role.py +894 -644
  201. pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
  202. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
  203. pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
  204. pulumi_vault/plugin.py +127 -126
  205. pulumi_vault/plugin_pinned_version.py +43 -42
  206. pulumi_vault/policy.py +43 -42
  207. pulumi_vault/provider.py +120 -119
  208. pulumi_vault/pulumi-plugin.json +1 -1
  209. pulumi_vault/quota_lease_count.py +85 -84
  210. pulumi_vault/quota_rate_limit.py +113 -112
  211. pulumi_vault/rabbitmq/__init__.py +1 -0
  212. pulumi_vault/rabbitmq/_inputs.py +41 -40
  213. pulumi_vault/rabbitmq/outputs.py +25 -24
  214. pulumi_vault/rabbitmq/secret_backend.py +169 -168
  215. pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
  216. pulumi_vault/raft_autopilot.py +113 -112
  217. pulumi_vault/raft_snapshot_agent_config.py +393 -392
  218. pulumi_vault/rgp_policy.py +57 -56
  219. pulumi_vault/saml/__init__.py +1 -0
  220. pulumi_vault/saml/auth_backend.py +155 -154
  221. pulumi_vault/saml/auth_backend_role.py +239 -238
  222. pulumi_vault/secrets/__init__.py +1 -0
  223. pulumi_vault/secrets/_inputs.py +16 -15
  224. pulumi_vault/secrets/outputs.py +10 -9
  225. pulumi_vault/secrets/sync_association.py +71 -70
  226. pulumi_vault/secrets/sync_aws_destination.py +148 -147
  227. pulumi_vault/secrets/sync_azure_destination.py +148 -147
  228. pulumi_vault/secrets/sync_config.py +43 -42
  229. pulumi_vault/secrets/sync_gcp_destination.py +106 -105
  230. pulumi_vault/secrets/sync_gh_destination.py +134 -133
  231. pulumi_vault/secrets/sync_github_apps.py +64 -63
  232. pulumi_vault/secrets/sync_vercel_destination.py +120 -119
  233. pulumi_vault/ssh/__init__.py +2 -0
  234. pulumi_vault/ssh/_inputs.py +11 -10
  235. pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
  236. pulumi_vault/ssh/outputs.py +7 -6
  237. pulumi_vault/ssh/secret_backend_ca.py +99 -98
  238. pulumi_vault/ssh/secret_backend_role.py +365 -364
  239. pulumi_vault/terraformcloud/__init__.py +1 -0
  240. pulumi_vault/terraformcloud/secret_backend.py +111 -110
  241. pulumi_vault/terraformcloud/secret_creds.py +74 -73
  242. pulumi_vault/terraformcloud/secret_role.py +96 -95
  243. pulumi_vault/token.py +246 -245
  244. pulumi_vault/tokenauth/__init__.py +1 -0
  245. pulumi_vault/tokenauth/auth_backend_role.py +267 -266
  246. pulumi_vault/transform/__init__.py +1 -0
  247. pulumi_vault/transform/alphabet.py +57 -56
  248. pulumi_vault/transform/get_decode.py +47 -46
  249. pulumi_vault/transform/get_encode.py +47 -46
  250. pulumi_vault/transform/role.py +57 -56
  251. pulumi_vault/transform/template.py +113 -112
  252. pulumi_vault/transform/transformation.py +141 -140
  253. pulumi_vault/transit/__init__.py +3 -0
  254. pulumi_vault/transit/get_decrypt.py +18 -17
  255. pulumi_vault/transit/get_encrypt.py +21 -20
  256. pulumi_vault/transit/get_sign.py +325 -0
  257. pulumi_vault/transit/get_verify.py +355 -0
  258. pulumi_vault/transit/secret_backend_key.py +394 -231
  259. pulumi_vault/transit/secret_cache_config.py +43 -42
  260. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
  261. pulumi_vault-6.7.0.dist-info/RECORD +265 -0
  262. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
  263. pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
  264. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
2
2
  # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
3
3
  # *** Do not edit by hand unless you're certain you know what you are doing! ***
4
4
 
5
+ import builtins
5
6
  import copy
6
7
  import warnings
7
8
  import sys
@@ -19,39 +20,48 @@ __all__ = ['SecretBackendKeyArgs', 'SecretBackendKey']
19
20
  @pulumi.input_type
20
21
  class SecretBackendKeyArgs:
21
22
  def __init__(__self__, *,
22
- backend: pulumi.Input[str],
23
- allow_plaintext_backup: Optional[pulumi.Input[bool]] = None,
24
- auto_rotate_period: Optional[pulumi.Input[int]] = None,
25
- convergent_encryption: Optional[pulumi.Input[bool]] = None,
26
- deletion_allowed: Optional[pulumi.Input[bool]] = None,
27
- derived: Optional[pulumi.Input[bool]] = None,
28
- exportable: Optional[pulumi.Input[bool]] = None,
29
- key_size: Optional[pulumi.Input[int]] = None,
30
- min_decryption_version: Optional[pulumi.Input[int]] = None,
31
- min_encryption_version: Optional[pulumi.Input[int]] = None,
32
- name: Optional[pulumi.Input[str]] = None,
33
- namespace: Optional[pulumi.Input[str]] = None,
34
- type: Optional[pulumi.Input[str]] = None):
23
+ backend: pulumi.Input[builtins.str],
24
+ allow_plaintext_backup: Optional[pulumi.Input[builtins.bool]] = None,
25
+ auto_rotate_period: Optional[pulumi.Input[builtins.int]] = None,
26
+ convergent_encryption: Optional[pulumi.Input[builtins.bool]] = None,
27
+ deletion_allowed: Optional[pulumi.Input[builtins.bool]] = None,
28
+ derived: Optional[pulumi.Input[builtins.bool]] = None,
29
+ exportable: Optional[pulumi.Input[builtins.bool]] = None,
30
+ hybrid_key_type_ec: Optional[pulumi.Input[builtins.str]] = None,
31
+ hybrid_key_type_pqc: Optional[pulumi.Input[builtins.str]] = None,
32
+ key_size: Optional[pulumi.Input[builtins.int]] = None,
33
+ min_decryption_version: Optional[pulumi.Input[builtins.int]] = None,
34
+ min_encryption_version: Optional[pulumi.Input[builtins.int]] = None,
35
+ name: Optional[pulumi.Input[builtins.str]] = None,
36
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
37
+ parameter_set: Optional[pulumi.Input[builtins.str]] = None,
38
+ type: Optional[pulumi.Input[builtins.str]] = None):
35
39
  """
36
40
  The set of arguments for constructing a SecretBackendKey resource.
37
- :param pulumi.Input[str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
38
- :param pulumi.Input[bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
41
+ :param pulumi.Input[builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
42
+ :param pulumi.Input[builtins.bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
39
43
  * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
40
- :param pulumi.Input[int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
44
+ :param pulumi.Input[builtins.int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
41
45
  A value of 0 disables automatic rotation for the key.
42
- :param pulumi.Input[bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
43
- :param pulumi.Input[bool] deletion_allowed: Specifies if the key is allowed to be deleted.
44
- :param pulumi.Input[bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
45
- :param pulumi.Input[bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
46
- :param pulumi.Input[int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
47
- :param pulumi.Input[int] min_decryption_version: Minimum key version to use for decryption.
48
- :param pulumi.Input[int] min_encryption_version: Minimum key version to use for encryption
49
- :param pulumi.Input[str] name: The name to identify this key within the backend. Must be unique within the backend.
50
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
46
+ :param pulumi.Input[builtins.bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
47
+ :param pulumi.Input[builtins.bool] deletion_allowed: Specifies if the key is allowed to be deleted.
48
+ :param pulumi.Input[builtins.bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
49
+ :param pulumi.Input[builtins.bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
50
+ :param pulumi.Input[builtins.str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
51
+ Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
52
+ :param pulumi.Input[builtins.str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
53
+ Currently, ML-DSA is the only supported key type.
54
+ :param pulumi.Input[builtins.int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
55
+ :param pulumi.Input[builtins.int] min_decryption_version: Minimum key version to use for decryption.
56
+ :param pulumi.Input[builtins.int] min_encryption_version: Minimum key version to use for encryption
57
+ :param pulumi.Input[builtins.str] name: The name to identify this key within the backend. Must be unique within the backend.
58
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
51
59
  The value should not contain leading or trailing forward slashes.
52
60
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
53
61
  *Available only for Vault Enterprise*.
54
- :param pulumi.Input[str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
62
+ :param pulumi.Input[builtins.str] parameter_set: The parameter set to use for ML-DSA. Required for
63
+ ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
64
+ :param pulumi.Input[builtins.str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
55
65
  * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
56
66
  """
57
67
  pulumi.set(__self__, "backend", backend)
@@ -67,6 +77,10 @@ class SecretBackendKeyArgs:
67
77
  pulumi.set(__self__, "derived", derived)
68
78
  if exportable is not None:
69
79
  pulumi.set(__self__, "exportable", exportable)
80
+ if hybrid_key_type_ec is not None:
81
+ pulumi.set(__self__, "hybrid_key_type_ec", hybrid_key_type_ec)
82
+ if hybrid_key_type_pqc is not None:
83
+ pulumi.set(__self__, "hybrid_key_type_pqc", hybrid_key_type_pqc)
70
84
  if key_size is not None:
71
85
  pulumi.set(__self__, "key_size", key_size)
72
86
  if min_decryption_version is not None:
@@ -77,24 +91,26 @@ class SecretBackendKeyArgs:
77
91
  pulumi.set(__self__, "name", name)
78
92
  if namespace is not None:
79
93
  pulumi.set(__self__, "namespace", namespace)
94
+ if parameter_set is not None:
95
+ pulumi.set(__self__, "parameter_set", parameter_set)
80
96
  if type is not None:
81
97
  pulumi.set(__self__, "type", type)
82
98
 
83
99
  @property
84
100
  @pulumi.getter
85
- def backend(self) -> pulumi.Input[str]:
101
+ def backend(self) -> pulumi.Input[builtins.str]:
86
102
  """
87
103
  The path the transit secret backend is mounted at, with no leading or trailing `/`s.
88
104
  """
89
105
  return pulumi.get(self, "backend")
90
106
 
91
107
  @backend.setter
92
- def backend(self, value: pulumi.Input[str]):
108
+ def backend(self, value: pulumi.Input[builtins.str]):
93
109
  pulumi.set(self, "backend", value)
94
110
 
95
111
  @property
96
112
  @pulumi.getter(name="allowPlaintextBackup")
97
- def allow_plaintext_backup(self) -> Optional[pulumi.Input[bool]]:
113
+ def allow_plaintext_backup(self) -> Optional[pulumi.Input[builtins.bool]]:
98
114
  """
99
115
  Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
100
116
  * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
@@ -102,12 +118,12 @@ class SecretBackendKeyArgs:
102
118
  return pulumi.get(self, "allow_plaintext_backup")
103
119
 
104
120
  @allow_plaintext_backup.setter
105
- def allow_plaintext_backup(self, value: Optional[pulumi.Input[bool]]):
121
+ def allow_plaintext_backup(self, value: Optional[pulumi.Input[builtins.bool]]):
106
122
  pulumi.set(self, "allow_plaintext_backup", value)
107
123
 
108
124
  @property
109
125
  @pulumi.getter(name="autoRotatePeriod")
110
- def auto_rotate_period(self) -> Optional[pulumi.Input[int]]:
126
+ def auto_rotate_period(self) -> Optional[pulumi.Input[builtins.int]]:
111
127
  """
112
128
  Amount of seconds the key should live before being automatically rotated.
113
129
  A value of 0 disables automatic rotation for the key.
@@ -115,108 +131,134 @@ class SecretBackendKeyArgs:
115
131
  return pulumi.get(self, "auto_rotate_period")
116
132
 
117
133
  @auto_rotate_period.setter
118
- def auto_rotate_period(self, value: Optional[pulumi.Input[int]]):
134
+ def auto_rotate_period(self, value: Optional[pulumi.Input[builtins.int]]):
119
135
  pulumi.set(self, "auto_rotate_period", value)
120
136
 
121
137
  @property
122
138
  @pulumi.getter(name="convergentEncryption")
123
- def convergent_encryption(self) -> Optional[pulumi.Input[bool]]:
139
+ def convergent_encryption(self) -> Optional[pulumi.Input[builtins.bool]]:
124
140
  """
125
141
  Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
126
142
  """
127
143
  return pulumi.get(self, "convergent_encryption")
128
144
 
129
145
  @convergent_encryption.setter
130
- def convergent_encryption(self, value: Optional[pulumi.Input[bool]]):
146
+ def convergent_encryption(self, value: Optional[pulumi.Input[builtins.bool]]):
131
147
  pulumi.set(self, "convergent_encryption", value)
132
148
 
133
149
  @property
134
150
  @pulumi.getter(name="deletionAllowed")
135
- def deletion_allowed(self) -> Optional[pulumi.Input[bool]]:
151
+ def deletion_allowed(self) -> Optional[pulumi.Input[builtins.bool]]:
136
152
  """
137
153
  Specifies if the key is allowed to be deleted.
138
154
  """
139
155
  return pulumi.get(self, "deletion_allowed")
140
156
 
141
157
  @deletion_allowed.setter
142
- def deletion_allowed(self, value: Optional[pulumi.Input[bool]]):
158
+ def deletion_allowed(self, value: Optional[pulumi.Input[builtins.bool]]):
143
159
  pulumi.set(self, "deletion_allowed", value)
144
160
 
145
161
  @property
146
162
  @pulumi.getter
147
- def derived(self) -> Optional[pulumi.Input[bool]]:
163
+ def derived(self) -> Optional[pulumi.Input[builtins.bool]]:
148
164
  """
149
165
  Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
150
166
  """
151
167
  return pulumi.get(self, "derived")
152
168
 
153
169
  @derived.setter
154
- def derived(self, value: Optional[pulumi.Input[bool]]):
170
+ def derived(self, value: Optional[pulumi.Input[builtins.bool]]):
155
171
  pulumi.set(self, "derived", value)
156
172
 
157
173
  @property
158
174
  @pulumi.getter
159
- def exportable(self) -> Optional[pulumi.Input[bool]]:
175
+ def exportable(self) -> Optional[pulumi.Input[builtins.bool]]:
160
176
  """
161
177
  Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
162
178
  """
163
179
  return pulumi.get(self, "exportable")
164
180
 
165
181
  @exportable.setter
166
- def exportable(self, value: Optional[pulumi.Input[bool]]):
182
+ def exportable(self, value: Optional[pulumi.Input[builtins.bool]]):
167
183
  pulumi.set(self, "exportable", value)
168
184
 
185
+ @property
186
+ @pulumi.getter(name="hybridKeyTypeEc")
187
+ def hybrid_key_type_ec(self) -> Optional[pulumi.Input[builtins.str]]:
188
+ """
189
+ The elliptic curve algorithm to use for hybrid signatures.
190
+ Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
191
+ """
192
+ return pulumi.get(self, "hybrid_key_type_ec")
193
+
194
+ @hybrid_key_type_ec.setter
195
+ def hybrid_key_type_ec(self, value: Optional[pulumi.Input[builtins.str]]):
196
+ pulumi.set(self, "hybrid_key_type_ec", value)
197
+
198
+ @property
199
+ @pulumi.getter(name="hybridKeyTypePqc")
200
+ def hybrid_key_type_pqc(self) -> Optional[pulumi.Input[builtins.str]]:
201
+ """
202
+ The post-quantum algorithm to use for hybrid signatures.
203
+ Currently, ML-DSA is the only supported key type.
204
+ """
205
+ return pulumi.get(self, "hybrid_key_type_pqc")
206
+
207
+ @hybrid_key_type_pqc.setter
208
+ def hybrid_key_type_pqc(self, value: Optional[pulumi.Input[builtins.str]]):
209
+ pulumi.set(self, "hybrid_key_type_pqc", value)
210
+
169
211
  @property
170
212
  @pulumi.getter(name="keySize")
171
- def key_size(self) -> Optional[pulumi.Input[int]]:
213
+ def key_size(self) -> Optional[pulumi.Input[builtins.int]]:
172
214
  """
173
215
  The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
174
216
  """
175
217
  return pulumi.get(self, "key_size")
176
218
 
177
219
  @key_size.setter
178
- def key_size(self, value: Optional[pulumi.Input[int]]):
220
+ def key_size(self, value: Optional[pulumi.Input[builtins.int]]):
179
221
  pulumi.set(self, "key_size", value)
180
222
 
181
223
  @property
182
224
  @pulumi.getter(name="minDecryptionVersion")
183
- def min_decryption_version(self) -> Optional[pulumi.Input[int]]:
225
+ def min_decryption_version(self) -> Optional[pulumi.Input[builtins.int]]:
184
226
  """
185
227
  Minimum key version to use for decryption.
186
228
  """
187
229
  return pulumi.get(self, "min_decryption_version")
188
230
 
189
231
  @min_decryption_version.setter
190
- def min_decryption_version(self, value: Optional[pulumi.Input[int]]):
232
+ def min_decryption_version(self, value: Optional[pulumi.Input[builtins.int]]):
191
233
  pulumi.set(self, "min_decryption_version", value)
192
234
 
193
235
  @property
194
236
  @pulumi.getter(name="minEncryptionVersion")
195
- def min_encryption_version(self) -> Optional[pulumi.Input[int]]:
237
+ def min_encryption_version(self) -> Optional[pulumi.Input[builtins.int]]:
196
238
  """
197
239
  Minimum key version to use for encryption
198
240
  """
199
241
  return pulumi.get(self, "min_encryption_version")
200
242
 
201
243
  @min_encryption_version.setter
202
- def min_encryption_version(self, value: Optional[pulumi.Input[int]]):
244
+ def min_encryption_version(self, value: Optional[pulumi.Input[builtins.int]]):
203
245
  pulumi.set(self, "min_encryption_version", value)
204
246
 
205
247
  @property
206
248
  @pulumi.getter
207
- def name(self) -> Optional[pulumi.Input[str]]:
249
+ def name(self) -> Optional[pulumi.Input[builtins.str]]:
208
250
  """
209
251
  The name to identify this key within the backend. Must be unique within the backend.
210
252
  """
211
253
  return pulumi.get(self, "name")
212
254
 
213
255
  @name.setter
214
- def name(self, value: Optional[pulumi.Input[str]]):
256
+ def name(self, value: Optional[pulumi.Input[builtins.str]]):
215
257
  pulumi.set(self, "name", value)
216
258
 
217
259
  @property
218
260
  @pulumi.getter
219
- def namespace(self) -> Optional[pulumi.Input[str]]:
261
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
220
262
  """
221
263
  The namespace to provision the resource in.
222
264
  The value should not contain leading or trailing forward slashes.
@@ -226,12 +268,25 @@ class SecretBackendKeyArgs:
226
268
  return pulumi.get(self, "namespace")
227
269
 
228
270
  @namespace.setter
229
- def namespace(self, value: Optional[pulumi.Input[str]]):
271
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
230
272
  pulumi.set(self, "namespace", value)
231
273
 
274
+ @property
275
+ @pulumi.getter(name="parameterSet")
276
+ def parameter_set(self) -> Optional[pulumi.Input[builtins.str]]:
277
+ """
278
+ The parameter set to use for ML-DSA. Required for
279
+ ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
280
+ """
281
+ return pulumi.get(self, "parameter_set")
282
+
283
+ @parameter_set.setter
284
+ def parameter_set(self, value: Optional[pulumi.Input[builtins.str]]):
285
+ pulumi.set(self, "parameter_set", value)
286
+
232
287
  @property
233
288
  @pulumi.getter
234
- def type(self) -> Optional[pulumi.Input[str]]:
289
+ def type(self) -> Optional[pulumi.Input[builtins.str]]:
235
290
  """
236
291
  Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
237
292
  * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
@@ -239,62 +294,71 @@ class SecretBackendKeyArgs:
239
294
  return pulumi.get(self, "type")
240
295
 
241
296
  @type.setter
242
- def type(self, value: Optional[pulumi.Input[str]]):
297
+ def type(self, value: Optional[pulumi.Input[builtins.str]]):
243
298
  pulumi.set(self, "type", value)
244
299
 
245
300
 
246
301
  @pulumi.input_type
247
302
  class _SecretBackendKeyState:
248
303
  def __init__(__self__, *,
249
- allow_plaintext_backup: Optional[pulumi.Input[bool]] = None,
250
- auto_rotate_period: Optional[pulumi.Input[int]] = None,
251
- backend: Optional[pulumi.Input[str]] = None,
252
- convergent_encryption: Optional[pulumi.Input[bool]] = None,
253
- deletion_allowed: Optional[pulumi.Input[bool]] = None,
254
- derived: Optional[pulumi.Input[bool]] = None,
255
- exportable: Optional[pulumi.Input[bool]] = None,
256
- key_size: Optional[pulumi.Input[int]] = None,
257
- keys: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[str]]]]]] = None,
258
- latest_version: Optional[pulumi.Input[int]] = None,
259
- min_available_version: Optional[pulumi.Input[int]] = None,
260
- min_decryption_version: Optional[pulumi.Input[int]] = None,
261
- min_encryption_version: Optional[pulumi.Input[int]] = None,
262
- name: Optional[pulumi.Input[str]] = None,
263
- namespace: Optional[pulumi.Input[str]] = None,
264
- supports_decryption: Optional[pulumi.Input[bool]] = None,
265
- supports_derivation: Optional[pulumi.Input[bool]] = None,
266
- supports_encryption: Optional[pulumi.Input[bool]] = None,
267
- supports_signing: Optional[pulumi.Input[bool]] = None,
268
- type: Optional[pulumi.Input[str]] = None):
304
+ allow_plaintext_backup: Optional[pulumi.Input[builtins.bool]] = None,
305
+ auto_rotate_period: Optional[pulumi.Input[builtins.int]] = None,
306
+ backend: Optional[pulumi.Input[builtins.str]] = None,
307
+ convergent_encryption: Optional[pulumi.Input[builtins.bool]] = None,
308
+ deletion_allowed: Optional[pulumi.Input[builtins.bool]] = None,
309
+ derived: Optional[pulumi.Input[builtins.bool]] = None,
310
+ exportable: Optional[pulumi.Input[builtins.bool]] = None,
311
+ hybrid_key_type_ec: Optional[pulumi.Input[builtins.str]] = None,
312
+ hybrid_key_type_pqc: Optional[pulumi.Input[builtins.str]] = None,
313
+ key_size: Optional[pulumi.Input[builtins.int]] = None,
314
+ keys: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]]] = None,
315
+ latest_version: Optional[pulumi.Input[builtins.int]] = None,
316
+ min_available_version: Optional[pulumi.Input[builtins.int]] = None,
317
+ min_decryption_version: Optional[pulumi.Input[builtins.int]] = None,
318
+ min_encryption_version: Optional[pulumi.Input[builtins.int]] = None,
319
+ name: Optional[pulumi.Input[builtins.str]] = None,
320
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
321
+ parameter_set: Optional[pulumi.Input[builtins.str]] = None,
322
+ supports_decryption: Optional[pulumi.Input[builtins.bool]] = None,
323
+ supports_derivation: Optional[pulumi.Input[builtins.bool]] = None,
324
+ supports_encryption: Optional[pulumi.Input[builtins.bool]] = None,
325
+ supports_signing: Optional[pulumi.Input[builtins.bool]] = None,
326
+ type: Optional[pulumi.Input[builtins.str]] = None):
269
327
  """
270
328
  Input properties used for looking up and filtering SecretBackendKey resources.
271
- :param pulumi.Input[bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
329
+ :param pulumi.Input[builtins.bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
272
330
  * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
273
- :param pulumi.Input[int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
331
+ :param pulumi.Input[builtins.int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
274
332
  A value of 0 disables automatic rotation for the key.
275
- :param pulumi.Input[str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
276
- :param pulumi.Input[bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
277
- :param pulumi.Input[bool] deletion_allowed: Specifies if the key is allowed to be deleted.
278
- :param pulumi.Input[bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
279
- :param pulumi.Input[bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
280
- :param pulumi.Input[int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
281
- :param pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[str]]]]] keys: List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
333
+ :param pulumi.Input[builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
334
+ :param pulumi.Input[builtins.bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
335
+ :param pulumi.Input[builtins.bool] deletion_allowed: Specifies if the key is allowed to be deleted.
336
+ :param pulumi.Input[builtins.bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
337
+ :param pulumi.Input[builtins.bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
338
+ :param pulumi.Input[builtins.str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
339
+ Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
340
+ :param pulumi.Input[builtins.str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
341
+ Currently, ML-DSA is the only supported key type.
342
+ :param pulumi.Input[builtins.int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
343
+ :param pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]] keys: List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
282
344
  * for key types `aes128-gcm96`, `aes256-gcm96` and `chacha20-poly1305`, each key version will be a map of a single value `id` which is just a hash of the key's metadata.
283
345
  * for key types `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `rsa-2048`, `rsa-3072` and `rsa-4096`, each key version will be a map of the following:
284
- :param pulumi.Input[int] latest_version: Latest key version available. This value is 1-indexed, so if `latest_version` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
285
- :param pulumi.Input[int] min_available_version: Minimum key version available for use. If keys have been archived by increasing `min_decryption_version`, this attribute will reflect that change.
286
- :param pulumi.Input[int] min_decryption_version: Minimum key version to use for decryption.
287
- :param pulumi.Input[int] min_encryption_version: Minimum key version to use for encryption
288
- :param pulumi.Input[str] name: The name to identify this key within the backend. Must be unique within the backend.
289
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
346
+ :param pulumi.Input[builtins.int] latest_version: Latest key version available. This value is 1-indexed, so if `latest_version` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
347
+ :param pulumi.Input[builtins.int] min_available_version: Minimum key version available for use. If keys have been archived by increasing `min_decryption_version`, this attribute will reflect that change.
348
+ :param pulumi.Input[builtins.int] min_decryption_version: Minimum key version to use for decryption.
349
+ :param pulumi.Input[builtins.int] min_encryption_version: Minimum key version to use for encryption
350
+ :param pulumi.Input[builtins.str] name: The name to identify this key within the backend. Must be unique within the backend.
351
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
290
352
  The value should not contain leading or trailing forward slashes.
291
353
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
292
354
  *Available only for Vault Enterprise*.
293
- :param pulumi.Input[bool] supports_decryption: Whether or not the key supports decryption, based on key type.
294
- :param pulumi.Input[bool] supports_derivation: Whether or not the key supports derivation, based on key type.
295
- :param pulumi.Input[bool] supports_encryption: Whether or not the key supports encryption, based on key type.
296
- :param pulumi.Input[bool] supports_signing: Whether or not the key supports signing, based on key type.
297
- :param pulumi.Input[str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
355
+ :param pulumi.Input[builtins.str] parameter_set: The parameter set to use for ML-DSA. Required for
356
+ ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
357
+ :param pulumi.Input[builtins.bool] supports_decryption: Whether or not the key supports decryption, based on key type.
358
+ :param pulumi.Input[builtins.bool] supports_derivation: Whether or not the key supports derivation, based on key type.
359
+ :param pulumi.Input[builtins.bool] supports_encryption: Whether or not the key supports encryption, based on key type.
360
+ :param pulumi.Input[builtins.bool] supports_signing: Whether or not the key supports signing, based on key type.
361
+ :param pulumi.Input[builtins.str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
298
362
  * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
299
363
  """
300
364
  if allow_plaintext_backup is not None:
@@ -311,6 +375,10 @@ class _SecretBackendKeyState:
311
375
  pulumi.set(__self__, "derived", derived)
312
376
  if exportable is not None:
313
377
  pulumi.set(__self__, "exportable", exportable)
378
+ if hybrid_key_type_ec is not None:
379
+ pulumi.set(__self__, "hybrid_key_type_ec", hybrid_key_type_ec)
380
+ if hybrid_key_type_pqc is not None:
381
+ pulumi.set(__self__, "hybrid_key_type_pqc", hybrid_key_type_pqc)
314
382
  if key_size is not None:
315
383
  pulumi.set(__self__, "key_size", key_size)
316
384
  if keys is not None:
@@ -327,6 +395,8 @@ class _SecretBackendKeyState:
327
395
  pulumi.set(__self__, "name", name)
328
396
  if namespace is not None:
329
397
  pulumi.set(__self__, "namespace", namespace)
398
+ if parameter_set is not None:
399
+ pulumi.set(__self__, "parameter_set", parameter_set)
330
400
  if supports_decryption is not None:
331
401
  pulumi.set(__self__, "supports_decryption", supports_decryption)
332
402
  if supports_derivation is not None:
@@ -340,7 +410,7 @@ class _SecretBackendKeyState:
340
410
 
341
411
  @property
342
412
  @pulumi.getter(name="allowPlaintextBackup")
343
- def allow_plaintext_backup(self) -> Optional[pulumi.Input[bool]]:
413
+ def allow_plaintext_backup(self) -> Optional[pulumi.Input[builtins.bool]]:
344
414
  """
345
415
  Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
346
416
  * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
@@ -348,12 +418,12 @@ class _SecretBackendKeyState:
348
418
  return pulumi.get(self, "allow_plaintext_backup")
349
419
 
350
420
  @allow_plaintext_backup.setter
351
- def allow_plaintext_backup(self, value: Optional[pulumi.Input[bool]]):
421
+ def allow_plaintext_backup(self, value: Optional[pulumi.Input[builtins.bool]]):
352
422
  pulumi.set(self, "allow_plaintext_backup", value)
353
423
 
354
424
  @property
355
425
  @pulumi.getter(name="autoRotatePeriod")
356
- def auto_rotate_period(self) -> Optional[pulumi.Input[int]]:
426
+ def auto_rotate_period(self) -> Optional[pulumi.Input[builtins.int]]:
357
427
  """
358
428
  Amount of seconds the key should live before being automatically rotated.
359
429
  A value of 0 disables automatic rotation for the key.
@@ -361,84 +431,110 @@ class _SecretBackendKeyState:
361
431
  return pulumi.get(self, "auto_rotate_period")
362
432
 
363
433
  @auto_rotate_period.setter
364
- def auto_rotate_period(self, value: Optional[pulumi.Input[int]]):
434
+ def auto_rotate_period(self, value: Optional[pulumi.Input[builtins.int]]):
365
435
  pulumi.set(self, "auto_rotate_period", value)
366
436
 
367
437
  @property
368
438
  @pulumi.getter
369
- def backend(self) -> Optional[pulumi.Input[str]]:
439
+ def backend(self) -> Optional[pulumi.Input[builtins.str]]:
370
440
  """
371
441
  The path the transit secret backend is mounted at, with no leading or trailing `/`s.
372
442
  """
373
443
  return pulumi.get(self, "backend")
374
444
 
375
445
  @backend.setter
376
- def backend(self, value: Optional[pulumi.Input[str]]):
446
+ def backend(self, value: Optional[pulumi.Input[builtins.str]]):
377
447
  pulumi.set(self, "backend", value)
378
448
 
379
449
  @property
380
450
  @pulumi.getter(name="convergentEncryption")
381
- def convergent_encryption(self) -> Optional[pulumi.Input[bool]]:
451
+ def convergent_encryption(self) -> Optional[pulumi.Input[builtins.bool]]:
382
452
  """
383
453
  Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
384
454
  """
385
455
  return pulumi.get(self, "convergent_encryption")
386
456
 
387
457
  @convergent_encryption.setter
388
- def convergent_encryption(self, value: Optional[pulumi.Input[bool]]):
458
+ def convergent_encryption(self, value: Optional[pulumi.Input[builtins.bool]]):
389
459
  pulumi.set(self, "convergent_encryption", value)
390
460
 
391
461
  @property
392
462
  @pulumi.getter(name="deletionAllowed")
393
- def deletion_allowed(self) -> Optional[pulumi.Input[bool]]:
463
+ def deletion_allowed(self) -> Optional[pulumi.Input[builtins.bool]]:
394
464
  """
395
465
  Specifies if the key is allowed to be deleted.
396
466
  """
397
467
  return pulumi.get(self, "deletion_allowed")
398
468
 
399
469
  @deletion_allowed.setter
400
- def deletion_allowed(self, value: Optional[pulumi.Input[bool]]):
470
+ def deletion_allowed(self, value: Optional[pulumi.Input[builtins.bool]]):
401
471
  pulumi.set(self, "deletion_allowed", value)
402
472
 
403
473
  @property
404
474
  @pulumi.getter
405
- def derived(self) -> Optional[pulumi.Input[bool]]:
475
+ def derived(self) -> Optional[pulumi.Input[builtins.bool]]:
406
476
  """
407
477
  Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
408
478
  """
409
479
  return pulumi.get(self, "derived")
410
480
 
411
481
  @derived.setter
412
- def derived(self, value: Optional[pulumi.Input[bool]]):
482
+ def derived(self, value: Optional[pulumi.Input[builtins.bool]]):
413
483
  pulumi.set(self, "derived", value)
414
484
 
415
485
  @property
416
486
  @pulumi.getter
417
- def exportable(self) -> Optional[pulumi.Input[bool]]:
487
+ def exportable(self) -> Optional[pulumi.Input[builtins.bool]]:
418
488
  """
419
489
  Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
420
490
  """
421
491
  return pulumi.get(self, "exportable")
422
492
 
423
493
  @exportable.setter
424
- def exportable(self, value: Optional[pulumi.Input[bool]]):
494
+ def exportable(self, value: Optional[pulumi.Input[builtins.bool]]):
425
495
  pulumi.set(self, "exportable", value)
426
496
 
497
+ @property
498
+ @pulumi.getter(name="hybridKeyTypeEc")
499
+ def hybrid_key_type_ec(self) -> Optional[pulumi.Input[builtins.str]]:
500
+ """
501
+ The elliptic curve algorithm to use for hybrid signatures.
502
+ Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
503
+ """
504
+ return pulumi.get(self, "hybrid_key_type_ec")
505
+
506
+ @hybrid_key_type_ec.setter
507
+ def hybrid_key_type_ec(self, value: Optional[pulumi.Input[builtins.str]]):
508
+ pulumi.set(self, "hybrid_key_type_ec", value)
509
+
510
+ @property
511
+ @pulumi.getter(name="hybridKeyTypePqc")
512
+ def hybrid_key_type_pqc(self) -> Optional[pulumi.Input[builtins.str]]:
513
+ """
514
+ The post-quantum algorithm to use for hybrid signatures.
515
+ Currently, ML-DSA is the only supported key type.
516
+ """
517
+ return pulumi.get(self, "hybrid_key_type_pqc")
518
+
519
+ @hybrid_key_type_pqc.setter
520
+ def hybrid_key_type_pqc(self, value: Optional[pulumi.Input[builtins.str]]):
521
+ pulumi.set(self, "hybrid_key_type_pqc", value)
522
+
427
523
  @property
428
524
  @pulumi.getter(name="keySize")
429
- def key_size(self) -> Optional[pulumi.Input[int]]:
525
+ def key_size(self) -> Optional[pulumi.Input[builtins.int]]:
430
526
  """
431
527
  The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
432
528
  """
433
529
  return pulumi.get(self, "key_size")
434
530
 
435
531
  @key_size.setter
436
- def key_size(self, value: Optional[pulumi.Input[int]]):
532
+ def key_size(self, value: Optional[pulumi.Input[builtins.int]]):
437
533
  pulumi.set(self, "key_size", value)
438
534
 
439
535
  @property
440
536
  @pulumi.getter
441
- def keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[str]]]]]]:
537
+ def keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]]]:
442
538
  """
443
539
  List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
444
540
  * for key types `aes128-gcm96`, `aes256-gcm96` and `chacha20-poly1305`, each key version will be a map of a single value `id` which is just a hash of the key's metadata.
@@ -447,72 +543,72 @@ class _SecretBackendKeyState:
447
543
  return pulumi.get(self, "keys")
448
544
 
449
545
  @keys.setter
450
- def keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[str]]]]]]):
546
+ def keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]]]):
451
547
  pulumi.set(self, "keys", value)
452
548
 
453
549
  @property
454
550
  @pulumi.getter(name="latestVersion")
455
- def latest_version(self) -> Optional[pulumi.Input[int]]:
551
+ def latest_version(self) -> Optional[pulumi.Input[builtins.int]]:
456
552
  """
457
553
  Latest key version available. This value is 1-indexed, so if `latest_version` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
458
554
  """
459
555
  return pulumi.get(self, "latest_version")
460
556
 
461
557
  @latest_version.setter
462
- def latest_version(self, value: Optional[pulumi.Input[int]]):
558
+ def latest_version(self, value: Optional[pulumi.Input[builtins.int]]):
463
559
  pulumi.set(self, "latest_version", value)
464
560
 
465
561
  @property
466
562
  @pulumi.getter(name="minAvailableVersion")
467
- def min_available_version(self) -> Optional[pulumi.Input[int]]:
563
+ def min_available_version(self) -> Optional[pulumi.Input[builtins.int]]:
468
564
  """
469
565
  Minimum key version available for use. If keys have been archived by increasing `min_decryption_version`, this attribute will reflect that change.
470
566
  """
471
567
  return pulumi.get(self, "min_available_version")
472
568
 
473
569
  @min_available_version.setter
474
- def min_available_version(self, value: Optional[pulumi.Input[int]]):
570
+ def min_available_version(self, value: Optional[pulumi.Input[builtins.int]]):
475
571
  pulumi.set(self, "min_available_version", value)
476
572
 
477
573
  @property
478
574
  @pulumi.getter(name="minDecryptionVersion")
479
- def min_decryption_version(self) -> Optional[pulumi.Input[int]]:
575
+ def min_decryption_version(self) -> Optional[pulumi.Input[builtins.int]]:
480
576
  """
481
577
  Minimum key version to use for decryption.
482
578
  """
483
579
  return pulumi.get(self, "min_decryption_version")
484
580
 
485
581
  @min_decryption_version.setter
486
- def min_decryption_version(self, value: Optional[pulumi.Input[int]]):
582
+ def min_decryption_version(self, value: Optional[pulumi.Input[builtins.int]]):
487
583
  pulumi.set(self, "min_decryption_version", value)
488
584
 
489
585
  @property
490
586
  @pulumi.getter(name="minEncryptionVersion")
491
- def min_encryption_version(self) -> Optional[pulumi.Input[int]]:
587
+ def min_encryption_version(self) -> Optional[pulumi.Input[builtins.int]]:
492
588
  """
493
589
  Minimum key version to use for encryption
494
590
  """
495
591
  return pulumi.get(self, "min_encryption_version")
496
592
 
497
593
  @min_encryption_version.setter
498
- def min_encryption_version(self, value: Optional[pulumi.Input[int]]):
594
+ def min_encryption_version(self, value: Optional[pulumi.Input[builtins.int]]):
499
595
  pulumi.set(self, "min_encryption_version", value)
500
596
 
501
597
  @property
502
598
  @pulumi.getter
503
- def name(self) -> Optional[pulumi.Input[str]]:
599
+ def name(self) -> Optional[pulumi.Input[builtins.str]]:
504
600
  """
505
601
  The name to identify this key within the backend. Must be unique within the backend.
506
602
  """
507
603
  return pulumi.get(self, "name")
508
604
 
509
605
  @name.setter
510
- def name(self, value: Optional[pulumi.Input[str]]):
606
+ def name(self, value: Optional[pulumi.Input[builtins.str]]):
511
607
  pulumi.set(self, "name", value)
512
608
 
513
609
  @property
514
610
  @pulumi.getter
515
- def namespace(self) -> Optional[pulumi.Input[str]]:
611
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
516
612
  """
517
613
  The namespace to provision the resource in.
518
614
  The value should not contain leading or trailing forward slashes.
@@ -522,60 +618,73 @@ class _SecretBackendKeyState:
522
618
  return pulumi.get(self, "namespace")
523
619
 
524
620
  @namespace.setter
525
- def namespace(self, value: Optional[pulumi.Input[str]]):
621
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
526
622
  pulumi.set(self, "namespace", value)
527
623
 
624
+ @property
625
+ @pulumi.getter(name="parameterSet")
626
+ def parameter_set(self) -> Optional[pulumi.Input[builtins.str]]:
627
+ """
628
+ The parameter set to use for ML-DSA. Required for
629
+ ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
630
+ """
631
+ return pulumi.get(self, "parameter_set")
632
+
633
+ @parameter_set.setter
634
+ def parameter_set(self, value: Optional[pulumi.Input[builtins.str]]):
635
+ pulumi.set(self, "parameter_set", value)
636
+
528
637
  @property
529
638
  @pulumi.getter(name="supportsDecryption")
530
- def supports_decryption(self) -> Optional[pulumi.Input[bool]]:
639
+ def supports_decryption(self) -> Optional[pulumi.Input[builtins.bool]]:
531
640
  """
532
641
  Whether or not the key supports decryption, based on key type.
533
642
  """
534
643
  return pulumi.get(self, "supports_decryption")
535
644
 
536
645
  @supports_decryption.setter
537
- def supports_decryption(self, value: Optional[pulumi.Input[bool]]):
646
+ def supports_decryption(self, value: Optional[pulumi.Input[builtins.bool]]):
538
647
  pulumi.set(self, "supports_decryption", value)
539
648
 
540
649
  @property
541
650
  @pulumi.getter(name="supportsDerivation")
542
- def supports_derivation(self) -> Optional[pulumi.Input[bool]]:
651
+ def supports_derivation(self) -> Optional[pulumi.Input[builtins.bool]]:
543
652
  """
544
653
  Whether or not the key supports derivation, based on key type.
545
654
  """
546
655
  return pulumi.get(self, "supports_derivation")
547
656
 
548
657
  @supports_derivation.setter
549
- def supports_derivation(self, value: Optional[pulumi.Input[bool]]):
658
+ def supports_derivation(self, value: Optional[pulumi.Input[builtins.bool]]):
550
659
  pulumi.set(self, "supports_derivation", value)
551
660
 
552
661
  @property
553
662
  @pulumi.getter(name="supportsEncryption")
554
- def supports_encryption(self) -> Optional[pulumi.Input[bool]]:
663
+ def supports_encryption(self) -> Optional[pulumi.Input[builtins.bool]]:
555
664
  """
556
665
  Whether or not the key supports encryption, based on key type.
557
666
  """
558
667
  return pulumi.get(self, "supports_encryption")
559
668
 
560
669
  @supports_encryption.setter
561
- def supports_encryption(self, value: Optional[pulumi.Input[bool]]):
670
+ def supports_encryption(self, value: Optional[pulumi.Input[builtins.bool]]):
562
671
  pulumi.set(self, "supports_encryption", value)
563
672
 
564
673
  @property
565
674
  @pulumi.getter(name="supportsSigning")
566
- def supports_signing(self) -> Optional[pulumi.Input[bool]]:
675
+ def supports_signing(self) -> Optional[pulumi.Input[builtins.bool]]:
567
676
  """
568
677
  Whether or not the key supports signing, based on key type.
569
678
  """
570
679
  return pulumi.get(self, "supports_signing")
571
680
 
572
681
  @supports_signing.setter
573
- def supports_signing(self, value: Optional[pulumi.Input[bool]]):
682
+ def supports_signing(self, value: Optional[pulumi.Input[builtins.bool]]):
574
683
  pulumi.set(self, "supports_signing", value)
575
684
 
576
685
  @property
577
686
  @pulumi.getter
578
- def type(self) -> Optional[pulumi.Input[str]]:
687
+ def type(self) -> Optional[pulumi.Input[builtins.str]]:
579
688
  """
580
689
  Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
581
690
  * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
@@ -583,7 +692,7 @@ class _SecretBackendKeyState:
583
692
  return pulumi.get(self, "type")
584
693
 
585
694
  @type.setter
586
- def type(self, value: Optional[pulumi.Input[str]]):
695
+ def type(self, value: Optional[pulumi.Input[builtins.str]]):
587
696
  pulumi.set(self, "type", value)
588
697
 
589
698
 
@@ -592,19 +701,22 @@ class SecretBackendKey(pulumi.CustomResource):
592
701
  def __init__(__self__,
593
702
  resource_name: str,
594
703
  opts: Optional[pulumi.ResourceOptions] = None,
595
- allow_plaintext_backup: Optional[pulumi.Input[bool]] = None,
596
- auto_rotate_period: Optional[pulumi.Input[int]] = None,
597
- backend: Optional[pulumi.Input[str]] = None,
598
- convergent_encryption: Optional[pulumi.Input[bool]] = None,
599
- deletion_allowed: Optional[pulumi.Input[bool]] = None,
600
- derived: Optional[pulumi.Input[bool]] = None,
601
- exportable: Optional[pulumi.Input[bool]] = None,
602
- key_size: Optional[pulumi.Input[int]] = None,
603
- min_decryption_version: Optional[pulumi.Input[int]] = None,
604
- min_encryption_version: Optional[pulumi.Input[int]] = None,
605
- name: Optional[pulumi.Input[str]] = None,
606
- namespace: Optional[pulumi.Input[str]] = None,
607
- type: Optional[pulumi.Input[str]] = None,
704
+ allow_plaintext_backup: Optional[pulumi.Input[builtins.bool]] = None,
705
+ auto_rotate_period: Optional[pulumi.Input[builtins.int]] = None,
706
+ backend: Optional[pulumi.Input[builtins.str]] = None,
707
+ convergent_encryption: Optional[pulumi.Input[builtins.bool]] = None,
708
+ deletion_allowed: Optional[pulumi.Input[builtins.bool]] = None,
709
+ derived: Optional[pulumi.Input[builtins.bool]] = None,
710
+ exportable: Optional[pulumi.Input[builtins.bool]] = None,
711
+ hybrid_key_type_ec: Optional[pulumi.Input[builtins.str]] = None,
712
+ hybrid_key_type_pqc: Optional[pulumi.Input[builtins.str]] = None,
713
+ key_size: Optional[pulumi.Input[builtins.int]] = None,
714
+ min_decryption_version: Optional[pulumi.Input[builtins.int]] = None,
715
+ min_encryption_version: Optional[pulumi.Input[builtins.int]] = None,
716
+ name: Optional[pulumi.Input[builtins.str]] = None,
717
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
718
+ parameter_set: Optional[pulumi.Input[builtins.str]] = None,
719
+ type: Optional[pulumi.Input[builtins.str]] = None,
608
720
  __props__=None):
609
721
  """
610
722
  Creates an Encryption Keyring on a Transit Secret Backend for Vault.
@@ -636,24 +748,30 @@ class SecretBackendKey(pulumi.CustomResource):
636
748
 
637
749
  :param str resource_name: The name of the resource.
638
750
  :param pulumi.ResourceOptions opts: Options for the resource.
639
- :param pulumi.Input[bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
751
+ :param pulumi.Input[builtins.bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
640
752
  * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
641
- :param pulumi.Input[int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
753
+ :param pulumi.Input[builtins.int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
642
754
  A value of 0 disables automatic rotation for the key.
643
- :param pulumi.Input[str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
644
- :param pulumi.Input[bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
645
- :param pulumi.Input[bool] deletion_allowed: Specifies if the key is allowed to be deleted.
646
- :param pulumi.Input[bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
647
- :param pulumi.Input[bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
648
- :param pulumi.Input[int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
649
- :param pulumi.Input[int] min_decryption_version: Minimum key version to use for decryption.
650
- :param pulumi.Input[int] min_encryption_version: Minimum key version to use for encryption
651
- :param pulumi.Input[str] name: The name to identify this key within the backend. Must be unique within the backend.
652
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
755
+ :param pulumi.Input[builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
756
+ :param pulumi.Input[builtins.bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
757
+ :param pulumi.Input[builtins.bool] deletion_allowed: Specifies if the key is allowed to be deleted.
758
+ :param pulumi.Input[builtins.bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
759
+ :param pulumi.Input[builtins.bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
760
+ :param pulumi.Input[builtins.str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
761
+ Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
762
+ :param pulumi.Input[builtins.str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
763
+ Currently, ML-DSA is the only supported key type.
764
+ :param pulumi.Input[builtins.int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
765
+ :param pulumi.Input[builtins.int] min_decryption_version: Minimum key version to use for decryption.
766
+ :param pulumi.Input[builtins.int] min_encryption_version: Minimum key version to use for encryption
767
+ :param pulumi.Input[builtins.str] name: The name to identify this key within the backend. Must be unique within the backend.
768
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
653
769
  The value should not contain leading or trailing forward slashes.
654
770
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
655
771
  *Available only for Vault Enterprise*.
656
- :param pulumi.Input[str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
772
+ :param pulumi.Input[builtins.str] parameter_set: The parameter set to use for ML-DSA. Required for
773
+ ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
774
+ :param pulumi.Input[builtins.str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
657
775
  * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
658
776
  """
659
777
  ...
@@ -705,19 +823,22 @@ class SecretBackendKey(pulumi.CustomResource):
705
823
  def _internal_init(__self__,
706
824
  resource_name: str,
707
825
  opts: Optional[pulumi.ResourceOptions] = None,
708
- allow_plaintext_backup: Optional[pulumi.Input[bool]] = None,
709
- auto_rotate_period: Optional[pulumi.Input[int]] = None,
710
- backend: Optional[pulumi.Input[str]] = None,
711
- convergent_encryption: Optional[pulumi.Input[bool]] = None,
712
- deletion_allowed: Optional[pulumi.Input[bool]] = None,
713
- derived: Optional[pulumi.Input[bool]] = None,
714
- exportable: Optional[pulumi.Input[bool]] = None,
715
- key_size: Optional[pulumi.Input[int]] = None,
716
- min_decryption_version: Optional[pulumi.Input[int]] = None,
717
- min_encryption_version: Optional[pulumi.Input[int]] = None,
718
- name: Optional[pulumi.Input[str]] = None,
719
- namespace: Optional[pulumi.Input[str]] = None,
720
- type: Optional[pulumi.Input[str]] = None,
826
+ allow_plaintext_backup: Optional[pulumi.Input[builtins.bool]] = None,
827
+ auto_rotate_period: Optional[pulumi.Input[builtins.int]] = None,
828
+ backend: Optional[pulumi.Input[builtins.str]] = None,
829
+ convergent_encryption: Optional[pulumi.Input[builtins.bool]] = None,
830
+ deletion_allowed: Optional[pulumi.Input[builtins.bool]] = None,
831
+ derived: Optional[pulumi.Input[builtins.bool]] = None,
832
+ exportable: Optional[pulumi.Input[builtins.bool]] = None,
833
+ hybrid_key_type_ec: Optional[pulumi.Input[builtins.str]] = None,
834
+ hybrid_key_type_pqc: Optional[pulumi.Input[builtins.str]] = None,
835
+ key_size: Optional[pulumi.Input[builtins.int]] = None,
836
+ min_decryption_version: Optional[pulumi.Input[builtins.int]] = None,
837
+ min_encryption_version: Optional[pulumi.Input[builtins.int]] = None,
838
+ name: Optional[pulumi.Input[builtins.str]] = None,
839
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
840
+ parameter_set: Optional[pulumi.Input[builtins.str]] = None,
841
+ type: Optional[pulumi.Input[builtins.str]] = None,
721
842
  __props__=None):
722
843
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
723
844
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -736,11 +857,14 @@ class SecretBackendKey(pulumi.CustomResource):
736
857
  __props__.__dict__["deletion_allowed"] = deletion_allowed
737
858
  __props__.__dict__["derived"] = derived
738
859
  __props__.__dict__["exportable"] = exportable
860
+ __props__.__dict__["hybrid_key_type_ec"] = hybrid_key_type_ec
861
+ __props__.__dict__["hybrid_key_type_pqc"] = hybrid_key_type_pqc
739
862
  __props__.__dict__["key_size"] = key_size
740
863
  __props__.__dict__["min_decryption_version"] = min_decryption_version
741
864
  __props__.__dict__["min_encryption_version"] = min_encryption_version
742
865
  __props__.__dict__["name"] = name
743
866
  __props__.__dict__["namespace"] = namespace
867
+ __props__.__dict__["parameter_set"] = parameter_set
744
868
  __props__.__dict__["type"] = type
745
869
  __props__.__dict__["keys"] = None
746
870
  __props__.__dict__["latest_version"] = None
@@ -759,26 +883,29 @@ class SecretBackendKey(pulumi.CustomResource):
759
883
  def get(resource_name: str,
760
884
  id: pulumi.Input[str],
761
885
  opts: Optional[pulumi.ResourceOptions] = None,
762
- allow_plaintext_backup: Optional[pulumi.Input[bool]] = None,
763
- auto_rotate_period: Optional[pulumi.Input[int]] = None,
764
- backend: Optional[pulumi.Input[str]] = None,
765
- convergent_encryption: Optional[pulumi.Input[bool]] = None,
766
- deletion_allowed: Optional[pulumi.Input[bool]] = None,
767
- derived: Optional[pulumi.Input[bool]] = None,
768
- exportable: Optional[pulumi.Input[bool]] = None,
769
- key_size: Optional[pulumi.Input[int]] = None,
770
- keys: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[str]]]]]] = None,
771
- latest_version: Optional[pulumi.Input[int]] = None,
772
- min_available_version: Optional[pulumi.Input[int]] = None,
773
- min_decryption_version: Optional[pulumi.Input[int]] = None,
774
- min_encryption_version: Optional[pulumi.Input[int]] = None,
775
- name: Optional[pulumi.Input[str]] = None,
776
- namespace: Optional[pulumi.Input[str]] = None,
777
- supports_decryption: Optional[pulumi.Input[bool]] = None,
778
- supports_derivation: Optional[pulumi.Input[bool]] = None,
779
- supports_encryption: Optional[pulumi.Input[bool]] = None,
780
- supports_signing: Optional[pulumi.Input[bool]] = None,
781
- type: Optional[pulumi.Input[str]] = None) -> 'SecretBackendKey':
886
+ allow_plaintext_backup: Optional[pulumi.Input[builtins.bool]] = None,
887
+ auto_rotate_period: Optional[pulumi.Input[builtins.int]] = None,
888
+ backend: Optional[pulumi.Input[builtins.str]] = None,
889
+ convergent_encryption: Optional[pulumi.Input[builtins.bool]] = None,
890
+ deletion_allowed: Optional[pulumi.Input[builtins.bool]] = None,
891
+ derived: Optional[pulumi.Input[builtins.bool]] = None,
892
+ exportable: Optional[pulumi.Input[builtins.bool]] = None,
893
+ hybrid_key_type_ec: Optional[pulumi.Input[builtins.str]] = None,
894
+ hybrid_key_type_pqc: Optional[pulumi.Input[builtins.str]] = None,
895
+ key_size: Optional[pulumi.Input[builtins.int]] = None,
896
+ keys: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]]] = None,
897
+ latest_version: Optional[pulumi.Input[builtins.int]] = None,
898
+ min_available_version: Optional[pulumi.Input[builtins.int]] = None,
899
+ min_decryption_version: Optional[pulumi.Input[builtins.int]] = None,
900
+ min_encryption_version: Optional[pulumi.Input[builtins.int]] = None,
901
+ name: Optional[pulumi.Input[builtins.str]] = None,
902
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
903
+ parameter_set: Optional[pulumi.Input[builtins.str]] = None,
904
+ supports_decryption: Optional[pulumi.Input[builtins.bool]] = None,
905
+ supports_derivation: Optional[pulumi.Input[builtins.bool]] = None,
906
+ supports_encryption: Optional[pulumi.Input[builtins.bool]] = None,
907
+ supports_signing: Optional[pulumi.Input[builtins.bool]] = None,
908
+ type: Optional[pulumi.Input[builtins.str]] = None) -> 'SecretBackendKey':
782
909
  """
783
910
  Get an existing SecretBackendKey resource's state with the given name, id, and optional extra
784
911
  properties used to qualify the lookup.
@@ -786,33 +913,39 @@ class SecretBackendKey(pulumi.CustomResource):
786
913
  :param str resource_name: The unique name of the resulting resource.
787
914
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
788
915
  :param pulumi.ResourceOptions opts: Options for the resource.
789
- :param pulumi.Input[bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
916
+ :param pulumi.Input[builtins.bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
790
917
  * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
791
- :param pulumi.Input[int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
918
+ :param pulumi.Input[builtins.int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
792
919
  A value of 0 disables automatic rotation for the key.
793
- :param pulumi.Input[str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
794
- :param pulumi.Input[bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
795
- :param pulumi.Input[bool] deletion_allowed: Specifies if the key is allowed to be deleted.
796
- :param pulumi.Input[bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
797
- :param pulumi.Input[bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
798
- :param pulumi.Input[int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
799
- :param pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[str]]]]] keys: List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
920
+ :param pulumi.Input[builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
921
+ :param pulumi.Input[builtins.bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
922
+ :param pulumi.Input[builtins.bool] deletion_allowed: Specifies if the key is allowed to be deleted.
923
+ :param pulumi.Input[builtins.bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
924
+ :param pulumi.Input[builtins.bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
925
+ :param pulumi.Input[builtins.str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
926
+ Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
927
+ :param pulumi.Input[builtins.str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
928
+ Currently, ML-DSA is the only supported key type.
929
+ :param pulumi.Input[builtins.int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
930
+ :param pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]] keys: List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
800
931
  * for key types `aes128-gcm96`, `aes256-gcm96` and `chacha20-poly1305`, each key version will be a map of a single value `id` which is just a hash of the key's metadata.
801
932
  * for key types `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `rsa-2048`, `rsa-3072` and `rsa-4096`, each key version will be a map of the following:
802
- :param pulumi.Input[int] latest_version: Latest key version available. This value is 1-indexed, so if `latest_version` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
803
- :param pulumi.Input[int] min_available_version: Minimum key version available for use. If keys have been archived by increasing `min_decryption_version`, this attribute will reflect that change.
804
- :param pulumi.Input[int] min_decryption_version: Minimum key version to use for decryption.
805
- :param pulumi.Input[int] min_encryption_version: Minimum key version to use for encryption
806
- :param pulumi.Input[str] name: The name to identify this key within the backend. Must be unique within the backend.
807
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
933
+ :param pulumi.Input[builtins.int] latest_version: Latest key version available. This value is 1-indexed, so if `latest_version` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
934
+ :param pulumi.Input[builtins.int] min_available_version: Minimum key version available for use. If keys have been archived by increasing `min_decryption_version`, this attribute will reflect that change.
935
+ :param pulumi.Input[builtins.int] min_decryption_version: Minimum key version to use for decryption.
936
+ :param pulumi.Input[builtins.int] min_encryption_version: Minimum key version to use for encryption
937
+ :param pulumi.Input[builtins.str] name: The name to identify this key within the backend. Must be unique within the backend.
938
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
808
939
  The value should not contain leading or trailing forward slashes.
809
940
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
810
941
  *Available only for Vault Enterprise*.
811
- :param pulumi.Input[bool] supports_decryption: Whether or not the key supports decryption, based on key type.
812
- :param pulumi.Input[bool] supports_derivation: Whether or not the key supports derivation, based on key type.
813
- :param pulumi.Input[bool] supports_encryption: Whether or not the key supports encryption, based on key type.
814
- :param pulumi.Input[bool] supports_signing: Whether or not the key supports signing, based on key type.
815
- :param pulumi.Input[str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
942
+ :param pulumi.Input[builtins.str] parameter_set: The parameter set to use for ML-DSA. Required for
943
+ ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
944
+ :param pulumi.Input[builtins.bool] supports_decryption: Whether or not the key supports decryption, based on key type.
945
+ :param pulumi.Input[builtins.bool] supports_derivation: Whether or not the key supports derivation, based on key type.
946
+ :param pulumi.Input[builtins.bool] supports_encryption: Whether or not the key supports encryption, based on key type.
947
+ :param pulumi.Input[builtins.bool] supports_signing: Whether or not the key supports signing, based on key type.
948
+ :param pulumi.Input[builtins.str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
816
949
  * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
817
950
  """
818
951
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -826,6 +959,8 @@ class SecretBackendKey(pulumi.CustomResource):
826
959
  __props__.__dict__["deletion_allowed"] = deletion_allowed
827
960
  __props__.__dict__["derived"] = derived
828
961
  __props__.__dict__["exportable"] = exportable
962
+ __props__.__dict__["hybrid_key_type_ec"] = hybrid_key_type_ec
963
+ __props__.__dict__["hybrid_key_type_pqc"] = hybrid_key_type_pqc
829
964
  __props__.__dict__["key_size"] = key_size
830
965
  __props__.__dict__["keys"] = keys
831
966
  __props__.__dict__["latest_version"] = latest_version
@@ -834,6 +969,7 @@ class SecretBackendKey(pulumi.CustomResource):
834
969
  __props__.__dict__["min_encryption_version"] = min_encryption_version
835
970
  __props__.__dict__["name"] = name
836
971
  __props__.__dict__["namespace"] = namespace
972
+ __props__.__dict__["parameter_set"] = parameter_set
837
973
  __props__.__dict__["supports_decryption"] = supports_decryption
838
974
  __props__.__dict__["supports_derivation"] = supports_derivation
839
975
  __props__.__dict__["supports_encryption"] = supports_encryption
@@ -843,7 +979,7 @@ class SecretBackendKey(pulumi.CustomResource):
843
979
 
844
980
  @property
845
981
  @pulumi.getter(name="allowPlaintextBackup")
846
- def allow_plaintext_backup(self) -> pulumi.Output[Optional[bool]]:
982
+ def allow_plaintext_backup(self) -> pulumi.Output[Optional[builtins.bool]]:
847
983
  """
848
984
  Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
849
985
  * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
@@ -852,7 +988,7 @@ class SecretBackendKey(pulumi.CustomResource):
852
988
 
853
989
  @property
854
990
  @pulumi.getter(name="autoRotatePeriod")
855
- def auto_rotate_period(self) -> pulumi.Output[int]:
991
+ def auto_rotate_period(self) -> pulumi.Output[builtins.int]:
856
992
  """
857
993
  Amount of seconds the key should live before being automatically rotated.
858
994
  A value of 0 disables automatic rotation for the key.
@@ -861,7 +997,7 @@ class SecretBackendKey(pulumi.CustomResource):
861
997
 
862
998
  @property
863
999
  @pulumi.getter
864
- def backend(self) -> pulumi.Output[str]:
1000
+ def backend(self) -> pulumi.Output[builtins.str]:
865
1001
  """
866
1002
  The path the transit secret backend is mounted at, with no leading or trailing `/`s.
867
1003
  """
@@ -869,7 +1005,7 @@ class SecretBackendKey(pulumi.CustomResource):
869
1005
 
870
1006
  @property
871
1007
  @pulumi.getter(name="convergentEncryption")
872
- def convergent_encryption(self) -> pulumi.Output[Optional[bool]]:
1008
+ def convergent_encryption(self) -> pulumi.Output[Optional[builtins.bool]]:
873
1009
  """
874
1010
  Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
875
1011
  """
@@ -877,7 +1013,7 @@ class SecretBackendKey(pulumi.CustomResource):
877
1013
 
878
1014
  @property
879
1015
  @pulumi.getter(name="deletionAllowed")
880
- def deletion_allowed(self) -> pulumi.Output[Optional[bool]]:
1016
+ def deletion_allowed(self) -> pulumi.Output[Optional[builtins.bool]]:
881
1017
  """
882
1018
  Specifies if the key is allowed to be deleted.
883
1019
  """
@@ -885,7 +1021,7 @@ class SecretBackendKey(pulumi.CustomResource):
885
1021
 
886
1022
  @property
887
1023
  @pulumi.getter
888
- def derived(self) -> pulumi.Output[Optional[bool]]:
1024
+ def derived(self) -> pulumi.Output[Optional[builtins.bool]]:
889
1025
  """
890
1026
  Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
891
1027
  """
@@ -893,15 +1029,33 @@ class SecretBackendKey(pulumi.CustomResource):
893
1029
 
894
1030
  @property
895
1031
  @pulumi.getter
896
- def exportable(self) -> pulumi.Output[Optional[bool]]:
1032
+ def exportable(self) -> pulumi.Output[Optional[builtins.bool]]:
897
1033
  """
898
1034
  Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
899
1035
  """
900
1036
  return pulumi.get(self, "exportable")
901
1037
 
1038
+ @property
1039
+ @pulumi.getter(name="hybridKeyTypeEc")
1040
+ def hybrid_key_type_ec(self) -> pulumi.Output[Optional[builtins.str]]:
1041
+ """
1042
+ The elliptic curve algorithm to use for hybrid signatures.
1043
+ Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
1044
+ """
1045
+ return pulumi.get(self, "hybrid_key_type_ec")
1046
+
1047
+ @property
1048
+ @pulumi.getter(name="hybridKeyTypePqc")
1049
+ def hybrid_key_type_pqc(self) -> pulumi.Output[Optional[builtins.str]]:
1050
+ """
1051
+ The post-quantum algorithm to use for hybrid signatures.
1052
+ Currently, ML-DSA is the only supported key type.
1053
+ """
1054
+ return pulumi.get(self, "hybrid_key_type_pqc")
1055
+
902
1056
  @property
903
1057
  @pulumi.getter(name="keySize")
904
- def key_size(self) -> pulumi.Output[Optional[int]]:
1058
+ def key_size(self) -> pulumi.Output[Optional[builtins.int]]:
905
1059
  """
906
1060
  The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
907
1061
  """
@@ -909,7 +1063,7 @@ class SecretBackendKey(pulumi.CustomResource):
909
1063
 
910
1064
  @property
911
1065
  @pulumi.getter
912
- def keys(self) -> pulumi.Output[Sequence[Mapping[str, str]]]:
1066
+ def keys(self) -> pulumi.Output[Sequence[Mapping[str, builtins.str]]]:
913
1067
  """
914
1068
  List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
915
1069
  * for key types `aes128-gcm96`, `aes256-gcm96` and `chacha20-poly1305`, each key version will be a map of a single value `id` which is just a hash of the key's metadata.
@@ -919,7 +1073,7 @@ class SecretBackendKey(pulumi.CustomResource):
919
1073
 
920
1074
  @property
921
1075
  @pulumi.getter(name="latestVersion")
922
- def latest_version(self) -> pulumi.Output[int]:
1076
+ def latest_version(self) -> pulumi.Output[builtins.int]:
923
1077
  """
924
1078
  Latest key version available. This value is 1-indexed, so if `latest_version` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
925
1079
  """
@@ -927,7 +1081,7 @@ class SecretBackendKey(pulumi.CustomResource):
927
1081
 
928
1082
  @property
929
1083
  @pulumi.getter(name="minAvailableVersion")
930
- def min_available_version(self) -> pulumi.Output[int]:
1084
+ def min_available_version(self) -> pulumi.Output[builtins.int]:
931
1085
  """
932
1086
  Minimum key version available for use. If keys have been archived by increasing `min_decryption_version`, this attribute will reflect that change.
933
1087
  """
@@ -935,7 +1089,7 @@ class SecretBackendKey(pulumi.CustomResource):
935
1089
 
936
1090
  @property
937
1091
  @pulumi.getter(name="minDecryptionVersion")
938
- def min_decryption_version(self) -> pulumi.Output[Optional[int]]:
1092
+ def min_decryption_version(self) -> pulumi.Output[Optional[builtins.int]]:
939
1093
  """
940
1094
  Minimum key version to use for decryption.
941
1095
  """
@@ -943,7 +1097,7 @@ class SecretBackendKey(pulumi.CustomResource):
943
1097
 
944
1098
  @property
945
1099
  @pulumi.getter(name="minEncryptionVersion")
946
- def min_encryption_version(self) -> pulumi.Output[Optional[int]]:
1100
+ def min_encryption_version(self) -> pulumi.Output[Optional[builtins.int]]:
947
1101
  """
948
1102
  Minimum key version to use for encryption
949
1103
  """
@@ -951,7 +1105,7 @@ class SecretBackendKey(pulumi.CustomResource):
951
1105
 
952
1106
  @property
953
1107
  @pulumi.getter
954
- def name(self) -> pulumi.Output[str]:
1108
+ def name(self) -> pulumi.Output[builtins.str]:
955
1109
  """
956
1110
  The name to identify this key within the backend. Must be unique within the backend.
957
1111
  """
@@ -959,7 +1113,7 @@ class SecretBackendKey(pulumi.CustomResource):
959
1113
 
960
1114
  @property
961
1115
  @pulumi.getter
962
- def namespace(self) -> pulumi.Output[Optional[str]]:
1116
+ def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
963
1117
  """
964
1118
  The namespace to provision the resource in.
965
1119
  The value should not contain leading or trailing forward slashes.
@@ -968,9 +1122,18 @@ class SecretBackendKey(pulumi.CustomResource):
968
1122
  """
969
1123
  return pulumi.get(self, "namespace")
970
1124
 
1125
+ @property
1126
+ @pulumi.getter(name="parameterSet")
1127
+ def parameter_set(self) -> pulumi.Output[Optional[builtins.str]]:
1128
+ """
1129
+ The parameter set to use for ML-DSA. Required for
1130
+ ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
1131
+ """
1132
+ return pulumi.get(self, "parameter_set")
1133
+
971
1134
  @property
972
1135
  @pulumi.getter(name="supportsDecryption")
973
- def supports_decryption(self) -> pulumi.Output[bool]:
1136
+ def supports_decryption(self) -> pulumi.Output[builtins.bool]:
974
1137
  """
975
1138
  Whether or not the key supports decryption, based on key type.
976
1139
  """
@@ -978,7 +1141,7 @@ class SecretBackendKey(pulumi.CustomResource):
978
1141
 
979
1142
  @property
980
1143
  @pulumi.getter(name="supportsDerivation")
981
- def supports_derivation(self) -> pulumi.Output[bool]:
1144
+ def supports_derivation(self) -> pulumi.Output[builtins.bool]:
982
1145
  """
983
1146
  Whether or not the key supports derivation, based on key type.
984
1147
  """
@@ -986,7 +1149,7 @@ class SecretBackendKey(pulumi.CustomResource):
986
1149
 
987
1150
  @property
988
1151
  @pulumi.getter(name="supportsEncryption")
989
- def supports_encryption(self) -> pulumi.Output[bool]:
1152
+ def supports_encryption(self) -> pulumi.Output[builtins.bool]:
990
1153
  """
991
1154
  Whether or not the key supports encryption, based on key type.
992
1155
  """
@@ -994,7 +1157,7 @@ class SecretBackendKey(pulumi.CustomResource):
994
1157
 
995
1158
  @property
996
1159
  @pulumi.getter(name="supportsSigning")
997
- def supports_signing(self) -> pulumi.Output[bool]:
1160
+ def supports_signing(self) -> pulumi.Output[builtins.bool]:
998
1161
  """
999
1162
  Whether or not the key supports signing, based on key type.
1000
1163
  """
@@ -1002,7 +1165,7 @@ class SecretBackendKey(pulumi.CustomResource):
1002
1165
 
1003
1166
  @property
1004
1167
  @pulumi.getter
1005
- def type(self) -> pulumi.Output[Optional[str]]:
1168
+ def type(self) -> pulumi.Output[Optional[builtins.str]]:
1006
1169
  """
1007
1170
  Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
1008
1171
  * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)