pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl

pulumi_vault/database/secret_backend_connection.py

@@ -2,6 +2,7 @@
 # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
 
+import builtins
 import copy
 import warnings
 import sys
@@ -21,11 +22,12 @@ __all__ = ['SecretBackendConnectionArgs', 'SecretBackendConnection']
 @pulumi.input_type
 class SecretBackendConnectionArgs:
     def __init__(__self__, *,
-                 backend: pulumi.Input[str],
-                 allowed_roles: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 backend: pulumi.Input[builtins.str],
+                 allowed_roles: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
                  cassandra: Optional[pulumi.Input['SecretBackendConnectionCassandraArgs']] = None,
                  couchbase: Optional[pulumi.Input['SecretBackendConnectionCouchbaseArgs']] = None,
-                 data: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 data: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
+                 disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
                  elasticsearch: Optional[pulumi.Input['SecretBackendConnectionElasticsearchArgs']] = None,
                  hana: Optional[pulumi.Input['SecretBackendConnectionHanaArgs']] = None,
                  influxdb: Optional[pulumi.Input['SecretBackendConnectionInfluxdbArgs']] = None,
@@ -36,25 +38,29 @@ class SecretBackendConnectionArgs:
                  mysql_aurora: Optional[pulumi.Input['SecretBackendConnectionMysqlAuroraArgs']] = None,
                  mysql_legacy: Optional[pulumi.Input['SecretBackendConnectionMysqlLegacyArgs']] = None,
                  mysql_rds: Optional[pulumi.Input['SecretBackendConnectionMysqlRdsArgs']] = None,
-                 name: Optional[pulumi.Input[str]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None,
+                 name: Optional[pulumi.Input[builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
                  oracle: Optional[pulumi.Input['SecretBackendConnectionOracleArgs']] = None,
-                 plugin_name: Optional[pulumi.Input[str]] = None,
+                 plugin_name: Optional[pulumi.Input[builtins.str]] = None,
                  postgresql: Optional[pulumi.Input['SecretBackendConnectionPostgresqlArgs']] = None,
                  redis: Optional[pulumi.Input['SecretBackendConnectionRedisArgs']] = None,
                  redis_elasticache: Optional[pulumi.Input['SecretBackendConnectionRedisElasticacheArgs']] = None,
                  redshift: Optional[pulumi.Input['SecretBackendConnectionRedshiftArgs']] = None,
-                 root_rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 root_rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 rotation_period: Optional[pulumi.Input[builtins.int]] = None,
+                 rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
+                 rotation_window: Optional[pulumi.Input[builtins.int]] = None,
                  snowflake: Optional[pulumi.Input['SecretBackendConnectionSnowflakeArgs']] = None,
-                 verify_connection: Optional[pulumi.Input[bool]] = None):
+                 verify_connection: Optional[pulumi.Input[builtins.bool]] = None):
         """
         The set of arguments for constructing a SecretBackendConnection resource.
-        :param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_roles: A list of roles that are allowed to use this
+        :param pulumi.Input[builtins.str] backend: The unique name of the Vault mount to configure.
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_roles: A list of roles that are allowed to use this
                connection.
         :param pulumi.Input['SecretBackendConnectionCassandraArgs'] cassandra: A nested block containing configuration options for Cassandra connections.
         :param pulumi.Input['SecretBackendConnectionCouchbaseArgs'] couchbase: A nested block containing configuration options for Couchbase connections.
-        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
+        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
+        :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
         :param pulumi.Input['SecretBackendConnectionElasticsearchArgs'] elasticsearch: A nested block containing configuration options for Elasticsearch connections.
         :param pulumi.Input['SecretBackendConnectionHanaArgs'] hana: A nested block containing configuration options for SAP HanaDB connections.
         :param pulumi.Input['SecretBackendConnectionInfluxdbArgs'] influxdb: A nested block containing configuration options for InfluxDB connections.
@@ -65,22 +71,29 @@ class SecretBackendConnectionArgs:
         :param pulumi.Input['SecretBackendConnectionMysqlAuroraArgs'] mysql_aurora: A nested block containing configuration options for Aurora MySQL connections.
         :param pulumi.Input['SecretBackendConnectionMysqlLegacyArgs'] mysql_legacy: A nested block containing configuration options for legacy MySQL connections.
         :param pulumi.Input['SecretBackendConnectionMysqlRdsArgs'] mysql_rds: A nested block containing configuration options for RDS MySQL connections.
-        :param pulumi.Input[str] name: A unique name to give the database connection.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.str] name: A unique name to give the database connection.
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured namespace.
                *Available only for Vault Enterprise*.
         :param pulumi.Input['SecretBackendConnectionOracleArgs'] oracle: A nested block containing configuration options for Oracle connections.
-        :param pulumi.Input[str] plugin_name: Specifies the name of the plugin to use.
+        :param pulumi.Input[builtins.str] plugin_name: Specifies the name of the plugin to use.
         :param pulumi.Input['SecretBackendConnectionPostgresqlArgs'] postgresql: A nested block containing configuration options for PostgreSQL connections.
         :param pulumi.Input['SecretBackendConnectionRedisArgs'] redis: A nested block containing configuration options for Redis connections.
         :param pulumi.Input['SecretBackendConnectionRedisElasticacheArgs'] redis_elasticache: A nested block containing configuration options for Redis ElastiCache connections.
                
                Exactly one of the nested blocks of configuration options must be supplied.
         :param pulumi.Input['SecretBackendConnectionRedshiftArgs'] redshift: Connection parameters for the redshift-database-plugin plugin.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
+        :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
+               A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+               defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
+               a rotation when a scheduled token rotation occurs. The default rotation window is
+               unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
         :param pulumi.Input['SecretBackendConnectionSnowflakeArgs'] snowflake: A nested block containing configuration options for Snowflake connections.
-        :param pulumi.Input[bool] verify_connection: Whether the connection should be verified on
+        :param pulumi.Input[builtins.bool] verify_connection: Whether the connection should be verified on
                initial configuration or not.
         """
         pulumi.set(__self__, "backend", backend)
@@ -92,6 +105,8 @@ class SecretBackendConnectionArgs:
             pulumi.set(__self__, "couchbase", couchbase)
         if data is not None:
             pulumi.set(__self__, "data", data)
+        if disable_automated_rotation is not None:
+            pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
         if elasticsearch is not None:
             pulumi.set(__self__, "elasticsearch", elasticsearch)
         if hana is not None:
@@ -130,6 +145,12 @@ class SecretBackendConnectionArgs:
             pulumi.set(__self__, "redshift", redshift)
         if root_rotation_statements is not None:
             pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
+        if rotation_period is not None:
+            pulumi.set(__self__, "rotation_period", rotation_period)
+        if rotation_schedule is not None:
+            pulumi.set(__self__, "rotation_schedule", rotation_schedule)
+        if rotation_window is not None:
+            pulumi.set(__self__, "rotation_window", rotation_window)
         if snowflake is not None:
             pulumi.set(__self__, "snowflake", snowflake)
         if verify_connection is not None:
@@ -137,19 +158,19 @@ class SecretBackendConnectionArgs:
 
     @property
     @pulumi.getter
-    def backend(self) -> pulumi.Input[str]:
+    def backend(self) -> pulumi.Input[builtins.str]:
         """
         The unique name of the Vault mount to configure.
         """
         return pulumi.get(self, "backend")
 
     @backend.setter
-    def backend(self, value: pulumi.Input[str]):
+    def backend(self, value: pulumi.Input[builtins.str]):
         pulumi.set(self, "backend", value)
 
     @property
     @pulumi.getter(name="allowedRoles")
-    def allowed_roles(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def allowed_roles(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
         """
         A list of roles that are allowed to use this
         connection.
@@ -157,7 +178,7 @@ class SecretBackendConnectionArgs:
         return pulumi.get(self, "allowed_roles")
 
     @allowed_roles.setter
-    def allowed_roles(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def allowed_roles(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
         pulumi.set(self, "allowed_roles", value)
 
     @property
@@ -186,16 +207,28 @@ class SecretBackendConnectionArgs:
 
     @property
     @pulumi.getter
-    def data(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
+    def data(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
         """
         A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
         """
         return pulumi.get(self, "data")
 
     @data.setter
-    def data(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
+    def data(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
         pulumi.set(self, "data", value)
 
+    @property
+    @pulumi.getter(name="disableAutomatedRotation")
+    def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
+        """
+        Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "disable_automated_rotation")
+
+    @disable_automated_rotation.setter
+    def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
+        pulumi.set(self, "disable_automated_rotation", value)
+
     @property
     @pulumi.getter
     def elasticsearch(self) -> Optional[pulumi.Input['SecretBackendConnectionElasticsearchArgs']]:
@@ -318,19 +351,19 @@ class SecretBackendConnectionArgs:
 
     @property
     @pulumi.getter
-    def name(self) -> Optional[pulumi.Input[str]]:
+    def name(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         A unique name to give the database connection.
         """
         return pulumi.get(self, "name")
 
     @name.setter
-    def name(self, value: Optional[pulumi.Input[str]]):
+    def name(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "name", value)
 
     @property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[str]]:
+    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -340,7 +373,7 @@ class SecretBackendConnectionArgs:
         return pulumi.get(self, "namespace")
 
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[str]]):
+    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "namespace", value)
 
     @property
@@ -357,14 +390,14 @@ class SecretBackendConnectionArgs:
 
     @property
     @pulumi.getter(name="pluginName")
-    def plugin_name(self) -> Optional[pulumi.Input[str]]:
+    def plugin_name(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Specifies the name of the plugin to use.
         """
         return pulumi.get(self, "plugin_name")
 
     @plugin_name.setter
-    def plugin_name(self, value: Optional[pulumi.Input[str]]):
+    def plugin_name(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "plugin_name", value)
 
     @property
@@ -419,16 +452,56 @@ class SecretBackendConnectionArgs:
 
     @property
     @pulumi.getter(name="rootRotationStatements")
-    def root_rotation_statements(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def root_rotation_statements(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
         """
         A list of database statements to be executed to rotate the root user's credentials.
         """
         return pulumi.get(self, "root_rotation_statements")
 
     @root_rotation_statements.setter
-    def root_rotation_statements(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def root_rotation_statements(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
         pulumi.set(self, "root_rotation_statements", value)
 
+    @property
+    @pulumi.getter(name="rotationPeriod")
+    def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
+        """
+        The amount of time in seconds Vault should wait before rotating the root credential.
+        A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_period")
+
+    @rotation_period.setter
+    def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
+        pulumi.set(self, "rotation_period", value)
+
+    @property
+    @pulumi.getter(name="rotationSchedule")
+    def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
+        """
+        The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+        defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_schedule")
+
+    @rotation_schedule.setter
+    def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
+        pulumi.set(self, "rotation_schedule", value)
+
+    @property
+    @pulumi.getter(name="rotationWindow")
+    def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
+        """
+        The maximum amount of time in seconds allowed to complete
+        a rotation when a scheduled token rotation occurs. The default rotation window is
+        unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_window")
+
+    @rotation_window.setter
+    def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
+        pulumi.set(self, "rotation_window", value)
+
     @property
     @pulumi.getter
     def snowflake(self) -> Optional[pulumi.Input['SecretBackendConnectionSnowflakeArgs']]:
@@ -443,7 +516,7 @@ class SecretBackendConnectionArgs:
 
     @property
     @pulumi.getter(name="verifyConnection")
-    def verify_connection(self) -> Optional[pulumi.Input[bool]]:
+    def verify_connection(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Whether the connection should be verified on
         initial configuration or not.
@@ -451,18 +524,19 @@ class SecretBackendConnectionArgs:
         return pulumi.get(self, "verify_connection")
 
     @verify_connection.setter
-    def verify_connection(self, value: Optional[pulumi.Input[bool]]):
+    def verify_connection(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "verify_connection", value)
 
 
 @pulumi.input_type
 class _SecretBackendConnectionState:
     def __init__(__self__, *,
-                 allowed_roles: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 backend: Optional[pulumi.Input[str]] = None,
+                 allowed_roles: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 backend: Optional[pulumi.Input[builtins.str]] = None,
                  cassandra: Optional[pulumi.Input['SecretBackendConnectionCassandraArgs']] = None,
                  couchbase: Optional[pulumi.Input['SecretBackendConnectionCouchbaseArgs']] = None,
-                 data: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 data: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
+                 disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
                  elasticsearch: Optional[pulumi.Input['SecretBackendConnectionElasticsearchArgs']] = None,
                  hana: Optional[pulumi.Input['SecretBackendConnectionHanaArgs']] = None,
                  influxdb: Optional[pulumi.Input['SecretBackendConnectionInfluxdbArgs']] = None,
@@ -473,25 +547,29 @@ class _SecretBackendConnectionState:
                  mysql_aurora: Optional[pulumi.Input['SecretBackendConnectionMysqlAuroraArgs']] = None,
                  mysql_legacy: Optional[pulumi.Input['SecretBackendConnectionMysqlLegacyArgs']] = None,
                  mysql_rds: Optional[pulumi.Input['SecretBackendConnectionMysqlRdsArgs']] = None,
-                 name: Optional[pulumi.Input[str]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None,
+                 name: Optional[pulumi.Input[builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
                  oracle: Optional[pulumi.Input['SecretBackendConnectionOracleArgs']] = None,
-                 plugin_name: Optional[pulumi.Input[str]] = None,
+                 plugin_name: Optional[pulumi.Input[builtins.str]] = None,
                  postgresql: Optional[pulumi.Input['SecretBackendConnectionPostgresqlArgs']] = None,
                  redis: Optional[pulumi.Input['SecretBackendConnectionRedisArgs']] = None,
                  redis_elasticache: Optional[pulumi.Input['SecretBackendConnectionRedisElasticacheArgs']] = None,
                  redshift: Optional[pulumi.Input['SecretBackendConnectionRedshiftArgs']] = None,
-                 root_rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 root_rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 rotation_period: Optional[pulumi.Input[builtins.int]] = None,
+                 rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
+                 rotation_window: Optional[pulumi.Input[builtins.int]] = None,
                  snowflake: Optional[pulumi.Input['SecretBackendConnectionSnowflakeArgs']] = None,
-                 verify_connection: Optional[pulumi.Input[bool]] = None):
+                 verify_connection: Optional[pulumi.Input[builtins.bool]] = None):
         """
         Input properties used for looking up and filtering SecretBackendConnection resources.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_roles: A list of roles that are allowed to use this
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_roles: A list of roles that are allowed to use this
                connection.
-        :param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
+        :param pulumi.Input[builtins.str] backend: The unique name of the Vault mount to configure.
         :param pulumi.Input['SecretBackendConnectionCassandraArgs'] cassandra: A nested block containing configuration options for Cassandra connections.
         :param pulumi.Input['SecretBackendConnectionCouchbaseArgs'] couchbase: A nested block containing configuration options for Couchbase connections.
-        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
+        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
+        :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
         :param pulumi.Input['SecretBackendConnectionElasticsearchArgs'] elasticsearch: A nested block containing configuration options for Elasticsearch connections.
         :param pulumi.Input['SecretBackendConnectionHanaArgs'] hana: A nested block containing configuration options for SAP HanaDB connections.
         :param pulumi.Input['SecretBackendConnectionInfluxdbArgs'] influxdb: A nested block containing configuration options for InfluxDB connections.
@@ -502,22 +580,29 @@ class _SecretBackendConnectionState:
         :param pulumi.Input['SecretBackendConnectionMysqlAuroraArgs'] mysql_aurora: A nested block containing configuration options for Aurora MySQL connections.
         :param pulumi.Input['SecretBackendConnectionMysqlLegacyArgs'] mysql_legacy: A nested block containing configuration options for legacy MySQL connections.
         :param pulumi.Input['SecretBackendConnectionMysqlRdsArgs'] mysql_rds: A nested block containing configuration options for RDS MySQL connections.
-        :param pulumi.Input[str] name: A unique name to give the database connection.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.str] name: A unique name to give the database connection.
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured namespace.
                *Available only for Vault Enterprise*.
         :param pulumi.Input['SecretBackendConnectionOracleArgs'] oracle: A nested block containing configuration options for Oracle connections.
-        :param pulumi.Input[str] plugin_name: Specifies the name of the plugin to use.
+        :param pulumi.Input[builtins.str] plugin_name: Specifies the name of the plugin to use.
         :param pulumi.Input['SecretBackendConnectionPostgresqlArgs'] postgresql: A nested block containing configuration options for PostgreSQL connections.
         :param pulumi.Input['SecretBackendConnectionRedisArgs'] redis: A nested block containing configuration options for Redis connections.
         :param pulumi.Input['SecretBackendConnectionRedisElasticacheArgs'] redis_elasticache: A nested block containing configuration options for Redis ElastiCache connections.
                
                Exactly one of the nested blocks of configuration options must be supplied.
         :param pulumi.Input['SecretBackendConnectionRedshiftArgs'] redshift: Connection parameters for the redshift-database-plugin plugin.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
+        :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
+               A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+               defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
+               a rotation when a scheduled token rotation occurs. The default rotation window is
+               unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
         :param pulumi.Input['SecretBackendConnectionSnowflakeArgs'] snowflake: A nested block containing configuration options for Snowflake connections.
-        :param pulumi.Input[bool] verify_connection: Whether the connection should be verified on
+        :param pulumi.Input[builtins.bool] verify_connection: Whether the connection should be verified on
                initial configuration or not.
         """
         if allowed_roles is not None:
@@ -530,6 +615,8 @@ class _SecretBackendConnectionState:
             pulumi.set(__self__, "couchbase", couchbase)
         if data is not None:
             pulumi.set(__self__, "data", data)
+        if disable_automated_rotation is not None:
+            pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
         if elasticsearch is not None:
             pulumi.set(__self__, "elasticsearch", elasticsearch)
         if hana is not None:
@@ -568,6 +655,12 @@ class _SecretBackendConnectionState:
             pulumi.set(__self__, "redshift", redshift)
         if root_rotation_statements is not None:
             pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
+        if rotation_period is not None:
+            pulumi.set(__self__, "rotation_period", rotation_period)
+        if rotation_schedule is not None:
+            pulumi.set(__self__, "rotation_schedule", rotation_schedule)
+        if rotation_window is not None:
+            pulumi.set(__self__, "rotation_window", rotation_window)
         if snowflake is not None:
             pulumi.set(__self__, "snowflake", snowflake)
         if verify_connection is not None:
@@ -575,7 +668,7 @@ class _SecretBackendConnectionState:
 
     @property
     @pulumi.getter(name="allowedRoles")
-    def allowed_roles(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def allowed_roles(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
         """
         A list of roles that are allowed to use this
         connection.
@@ -583,19 +676,19 @@ class _SecretBackendConnectionState:
         return pulumi.get(self, "allowed_roles")
 
     @allowed_roles.setter
-    def allowed_roles(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def allowed_roles(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
         pulumi.set(self, "allowed_roles", value)
 
     @property
     @pulumi.getter
-    def backend(self) -> Optional[pulumi.Input[str]]:
+    def backend(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The unique name of the Vault mount to configure.
         """
         return pulumi.get(self, "backend")
 
     @backend.setter
-    def backend(self, value: Optional[pulumi.Input[str]]):
+    def backend(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "backend", value)
 
     @property
@@ -624,16 +717,28 @@ class _SecretBackendConnectionState:
 
     @property
     @pulumi.getter
-    def data(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
+    def data(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
         """
         A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
         """
         return pulumi.get(self, "data")
 
     @data.setter
-    def data(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
+    def data(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
         pulumi.set(self, "data", value)
 
+    @property
+    @pulumi.getter(name="disableAutomatedRotation")
+    def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
+        """
+        Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "disable_automated_rotation")
+
+    @disable_automated_rotation.setter
+    def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
+        pulumi.set(self, "disable_automated_rotation", value)
+
     @property
     @pulumi.getter
     def elasticsearch(self) -> Optional[pulumi.Input['SecretBackendConnectionElasticsearchArgs']]:
@@ -756,19 +861,19 @@ class _SecretBackendConnectionState:
 
     @property
     @pulumi.getter
-    def name(self) -> Optional[pulumi.Input[str]]:
+    def name(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         A unique name to give the database connection.
         """
         return pulumi.get(self, "name")
 
     @name.setter
-    def name(self, value: Optional[pulumi.Input[str]]):
+    def name(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "name", value)
 
     @property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[str]]:
+    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -778,7 +883,7 @@ class _SecretBackendConnectionState:
         return pulumi.get(self, "namespace")
 
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[str]]):
+    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "namespace", value)
 
     @property
@@ -795,14 +900,14 @@ class _SecretBackendConnectionState:
 
     @property
     @pulumi.getter(name="pluginName")
-    def plugin_name(self) -> Optional[pulumi.Input[str]]:
+    def plugin_name(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Specifies the name of the plugin to use.
         """
         return pulumi.get(self, "plugin_name")
 
     @plugin_name.setter
-    def plugin_name(self, value: Optional[pulumi.Input[str]]):
+    def plugin_name(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "plugin_name", value)
 
     @property
@@ -857,16 +962,56 @@ class _SecretBackendConnectionState:
 
     @property
     @pulumi.getter(name="rootRotationStatements")
-    def root_rotation_statements(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def root_rotation_statements(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
         """
         A list of database statements to be executed to rotate the root user's credentials.
         """
         return pulumi.get(self, "root_rotation_statements")
 
     @root_rotation_statements.setter
-    def root_rotation_statements(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def root_rotation_statements(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
         pulumi.set(self, "root_rotation_statements", value)
 
+    @property
+    @pulumi.getter(name="rotationPeriod")
+    def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
+        """
+        The amount of time in seconds Vault should wait before rotating the root credential.
+        A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_period")
+
+    @rotation_period.setter
+    def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
+        pulumi.set(self, "rotation_period", value)
+
+    @property
+    @pulumi.getter(name="rotationSchedule")
+    def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
+        """
+        The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+        defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_schedule")
+
+    @rotation_schedule.setter
+    def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
+        pulumi.set(self, "rotation_schedule", value)
+
+    @property
+    @pulumi.getter(name="rotationWindow")
+    def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
+        """
+        The maximum amount of time in seconds allowed to complete
+        a rotation when a scheduled token rotation occurs. The default rotation window is
+        unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_window")
+
+    @rotation_window.setter
+    def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
+        pulumi.set(self, "rotation_window", value)
+
     @property
     @pulumi.getter
     def snowflake(self) -> Optional[pulumi.Input['SecretBackendConnectionSnowflakeArgs']]:
@@ -881,7 +1026,7 @@ class _SecretBackendConnectionState:
 
     @property
     @pulumi.getter(name="verifyConnection")
-    def verify_connection(self) -> Optional[pulumi.Input[bool]]:
+    def verify_connection(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Whether the connection should be verified on
         initial configuration or not.
@@ -889,7 +1034,7 @@ class _SecretBackendConnectionState:
         return pulumi.get(self, "verify_connection")
 
     @verify_connection.setter
-    def verify_connection(self, value: Optional[pulumi.Input[bool]]):
+    def verify_connection(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "verify_connection", value)
 
 
@@ -898,11 +1043,12 @@ class SecretBackendConnection(pulumi.CustomResource):
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 allowed_roles: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 backend: Optional[pulumi.Input[str]] = None,
+                 allowed_roles: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 backend: Optional[pulumi.Input[builtins.str]] = None,
                  cassandra: Optional[pulumi.Input[Union['SecretBackendConnectionCassandraArgs', 'SecretBackendConnectionCassandraArgsDict']]] = None,
                  couchbase: Optional[pulumi.Input[Union['SecretBackendConnectionCouchbaseArgs', 'SecretBackendConnectionCouchbaseArgsDict']]] = None,
-                 data: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 data: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
+                 disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
                  elasticsearch: Optional[pulumi.Input[Union['SecretBackendConnectionElasticsearchArgs', 'SecretBackendConnectionElasticsearchArgsDict']]] = None,
                  hana: Optional[pulumi.Input[Union['SecretBackendConnectionHanaArgs', 'SecretBackendConnectionHanaArgsDict']]] = None,
                  influxdb: Optional[pulumi.Input[Union['SecretBackendConnectionInfluxdbArgs', 'SecretBackendConnectionInfluxdbArgsDict']]] = None,
@@ -913,17 +1059,20 @@ class SecretBackendConnection(pulumi.CustomResource):
                  mysql_aurora: Optional[pulumi.Input[Union['SecretBackendConnectionMysqlAuroraArgs', 'SecretBackendConnectionMysqlAuroraArgsDict']]] = None,
                  mysql_legacy: Optional[pulumi.Input[Union['SecretBackendConnectionMysqlLegacyArgs', 'SecretBackendConnectionMysqlLegacyArgsDict']]] = None,
                  mysql_rds: Optional[pulumi.Input[Union['SecretBackendConnectionMysqlRdsArgs', 'SecretBackendConnectionMysqlRdsArgsDict']]] = None,
-                 name: Optional[pulumi.Input[str]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None,
+                 name: Optional[pulumi.Input[builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
                  oracle: Optional[pulumi.Input[Union['SecretBackendConnectionOracleArgs', 'SecretBackendConnectionOracleArgsDict']]] = None,
-                 plugin_name: Optional[pulumi.Input[str]] = None,
+                 plugin_name: Optional[pulumi.Input[builtins.str]] = None,
                  postgresql: Optional[pulumi.Input[Union['SecretBackendConnectionPostgresqlArgs', 'SecretBackendConnectionPostgresqlArgsDict']]] = None,
                  redis: Optional[pulumi.Input[Union['SecretBackendConnectionRedisArgs', 'SecretBackendConnectionRedisArgsDict']]] = None,
                  redis_elasticache: Optional[pulumi.Input[Union['SecretBackendConnectionRedisElasticacheArgs', 'SecretBackendConnectionRedisElasticacheArgsDict']]] = None,
                  redshift: Optional[pulumi.Input[Union['SecretBackendConnectionRedshiftArgs', 'SecretBackendConnectionRedshiftArgsDict']]] = None,
-                 root_rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 root_rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 rotation_period: Optional[pulumi.Input[builtins.int]] = None,
+                 rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
+                 rotation_window: Optional[pulumi.Input[builtins.int]] = None,
                  snowflake: Optional[pulumi.Input[Union['SecretBackendConnectionSnowflakeArgs', 'SecretBackendConnectionSnowflakeArgsDict']]] = None,
-                 verify_connection: Optional[pulumi.Input[bool]] = None,
+                 verify_connection: Optional[pulumi.Input[builtins.bool]] = None,
                  __props__=None):
         """
         ## Example Usage
@@ -942,6 +1091,8 @@ class SecretBackendConnection(pulumi.CustomResource):
                 "dev",
                 "prod",
             ],
+            rotation_schedule="0 * * * SAT",
+            rotation_window=3600,
             postgresql={
                 "connection_url": "postgres://username:password@host:port/database",
             })
@@ -957,12 +1108,13 @@ class SecretBackendConnection(pulumi.CustomResource):
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_roles: A list of roles that are allowed to use this
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_roles: A list of roles that are allowed to use this
                connection.
-        :param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
+        :param pulumi.Input[builtins.str] backend: The unique name of the Vault mount to configure.
         :param pulumi.Input[Union['SecretBackendConnectionCassandraArgs', 'SecretBackendConnectionCassandraArgsDict']] cassandra: A nested block containing configuration options for Cassandra connections.
         :param pulumi.Input[Union['SecretBackendConnectionCouchbaseArgs', 'SecretBackendConnectionCouchbaseArgsDict']] couchbase: A nested block containing configuration options for Couchbase connections.
-        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
+        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
+        :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
         :param pulumi.Input[Union['SecretBackendConnectionElasticsearchArgs', 'SecretBackendConnectionElasticsearchArgsDict']] elasticsearch: A nested block containing configuration options for Elasticsearch connections.
         :param pulumi.Input[Union['SecretBackendConnectionHanaArgs', 'SecretBackendConnectionHanaArgsDict']] hana: A nested block containing configuration options for SAP HanaDB connections.
         :param pulumi.Input[Union['SecretBackendConnectionInfluxdbArgs', 'SecretBackendConnectionInfluxdbArgsDict']] influxdb: A nested block containing configuration options for InfluxDB connections.
@@ -973,22 +1125,29 @@ class SecretBackendConnection(pulumi.CustomResource):
         :param pulumi.Input[Union['SecretBackendConnectionMysqlAuroraArgs', 'SecretBackendConnectionMysqlAuroraArgsDict']] mysql_aurora: A nested block containing configuration options for Aurora MySQL connections.
         :param pulumi.Input[Union['SecretBackendConnectionMysqlLegacyArgs', 'SecretBackendConnectionMysqlLegacyArgsDict']] mysql_legacy: A nested block containing configuration options for legacy MySQL connections.
         :param pulumi.Input[Union['SecretBackendConnectionMysqlRdsArgs', 'SecretBackendConnectionMysqlRdsArgsDict']] mysql_rds: A nested block containing configuration options for RDS MySQL connections.
-        :param pulumi.Input[str] name: A unique name to give the database connection.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.str] name: A unique name to give the database connection.
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured namespace.
                *Available only for Vault Enterprise*.
         :param pulumi.Input[Union['SecretBackendConnectionOracleArgs', 'SecretBackendConnectionOracleArgsDict']] oracle: A nested block containing configuration options for Oracle connections.
-        :param pulumi.Input[str] plugin_name: Specifies the name of the plugin to use.
+        :param pulumi.Input[builtins.str] plugin_name: Specifies the name of the plugin to use.
         :param pulumi.Input[Union['SecretBackendConnectionPostgresqlArgs', 'SecretBackendConnectionPostgresqlArgsDict']] postgresql: A nested block containing configuration options for PostgreSQL connections.
         :param pulumi.Input[Union['SecretBackendConnectionRedisArgs', 'SecretBackendConnectionRedisArgsDict']] redis: A nested block containing configuration options for Redis connections.
         :param pulumi.Input[Union['SecretBackendConnectionRedisElasticacheArgs', 'SecretBackendConnectionRedisElasticacheArgsDict']] redis_elasticache: A nested block containing configuration options for Redis ElastiCache connections.
                
                Exactly one of the nested blocks of configuration options must be supplied.
         :param pulumi.Input[Union['SecretBackendConnectionRedshiftArgs', 'SecretBackendConnectionRedshiftArgsDict']] redshift: Connection parameters for the redshift-database-plugin plugin.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
+        :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
+               A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+               defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
+               a rotation when a scheduled token rotation occurs. The default rotation window is
+               unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
         :param pulumi.Input[Union['SecretBackendConnectionSnowflakeArgs', 'SecretBackendConnectionSnowflakeArgsDict']] snowflake: A nested block containing configuration options for Snowflake connections.
-        :param pulumi.Input[bool] verify_connection: Whether the connection should be verified on
+        :param pulumi.Input[builtins.bool] verify_connection: Whether the connection should be verified on
                initial configuration or not.
         """
         ...
@@ -1014,6 +1173,8 @@ class SecretBackendConnection(pulumi.CustomResource):
                 "dev",
                 "prod",
             ],
+            rotation_schedule="0 * * * SAT",
+            rotation_window=3600,
             postgresql={
                 "connection_url": "postgres://username:password@host:port/database",
             })
@@ -1042,11 +1203,12 @@ class SecretBackendConnection(pulumi.CustomResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 allowed_roles: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 backend: Optional[pulumi.Input[str]] = None,
+                 allowed_roles: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 backend: Optional[pulumi.Input[builtins.str]] = None,
                  cassandra: Optional[pulumi.Input[Union['SecretBackendConnectionCassandraArgs', 'SecretBackendConnectionCassandraArgsDict']]] = None,
                  couchbase: Optional[pulumi.Input[Union['SecretBackendConnectionCouchbaseArgs', 'SecretBackendConnectionCouchbaseArgsDict']]] = None,
-                 data: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 data: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
+                 disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
                  elasticsearch: Optional[pulumi.Input[Union['SecretBackendConnectionElasticsearchArgs', 'SecretBackendConnectionElasticsearchArgsDict']]] = None,
                  hana: Optional[pulumi.Input[Union['SecretBackendConnectionHanaArgs', 'SecretBackendConnectionHanaArgsDict']]] = None,
                  influxdb: Optional[pulumi.Input[Union['SecretBackendConnectionInfluxdbArgs', 'SecretBackendConnectionInfluxdbArgsDict']]] = None,
@@ -1057,17 +1219,20 @@ class SecretBackendConnection(pulumi.CustomResource):
                  mysql_aurora: Optional[pulumi.Input[Union['SecretBackendConnectionMysqlAuroraArgs', 'SecretBackendConnectionMysqlAuroraArgsDict']]] = None,
                  mysql_legacy: Optional[pulumi.Input[Union['SecretBackendConnectionMysqlLegacyArgs', 'SecretBackendConnectionMysqlLegacyArgsDict']]] = None,
                  mysql_rds: Optional[pulumi.Input[Union['SecretBackendConnectionMysqlRdsArgs', 'SecretBackendConnectionMysqlRdsArgsDict']]] = None,
-                 name: Optional[pulumi.Input[str]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None,
+                 name: Optional[pulumi.Input[builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
                  oracle: Optional[pulumi.Input[Union['SecretBackendConnectionOracleArgs', 'SecretBackendConnectionOracleArgsDict']]] = None,
-                 plugin_name: Optional[pulumi.Input[str]] = None,
+                 plugin_name: Optional[pulumi.Input[builtins.str]] = None,
                  postgresql: Optional[pulumi.Input[Union['SecretBackendConnectionPostgresqlArgs', 'SecretBackendConnectionPostgresqlArgsDict']]] = None,
                  redis: Optional[pulumi.Input[Union['SecretBackendConnectionRedisArgs', 'SecretBackendConnectionRedisArgsDict']]] = None,
                  redis_elasticache: Optional[pulumi.Input[Union['SecretBackendConnectionRedisElasticacheArgs', 'SecretBackendConnectionRedisElasticacheArgsDict']]] = None,
                  redshift: Optional[pulumi.Input[Union['SecretBackendConnectionRedshiftArgs', 'SecretBackendConnectionRedshiftArgsDict']]] = None,
-                 root_rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 root_rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 rotation_period: Optional[pulumi.Input[builtins.int]] = None,
+                 rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
+                 rotation_window: Optional[pulumi.Input[builtins.int]] = None,
                  snowflake: Optional[pulumi.Input[Union['SecretBackendConnectionSnowflakeArgs', 'SecretBackendConnectionSnowflakeArgsDict']]] = None,
-                 verify_connection: Optional[pulumi.Input[bool]] = None,
+                 verify_connection: Optional[pulumi.Input[builtins.bool]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -1084,6 +1249,7 @@ class SecretBackendConnection(pulumi.CustomResource):
             __props__.__dict__["cassandra"] = cassandra
             __props__.__dict__["couchbase"] = couchbase
             __props__.__dict__["data"] = data
+            __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
             __props__.__dict__["elasticsearch"] = elasticsearch
             __props__.__dict__["hana"] = hana
             __props__.__dict__["influxdb"] = influxdb
@@ -1103,6 +1269,9 @@ class SecretBackendConnection(pulumi.CustomResource):
             __props__.__dict__["redis_elasticache"] = redis_elasticache
             __props__.__dict__["redshift"] = redshift
             __props__.__dict__["root_rotation_statements"] = root_rotation_statements
+            __props__.__dict__["rotation_period"] = rotation_period
+            __props__.__dict__["rotation_schedule"] = rotation_schedule
+            __props__.__dict__["rotation_window"] = rotation_window
             __props__.__dict__["snowflake"] = snowflake
             __props__.__dict__["verify_connection"] = verify_connection
         super(SecretBackendConnection, __self__).__init__(
@@ -1115,11 +1284,12 @@ class SecretBackendConnection(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
-            allowed_roles: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-            backend: Optional[pulumi.Input[str]] = None,
+            allowed_roles: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+            backend: Optional[pulumi.Input[builtins.str]] = None,
             cassandra: Optional[pulumi.Input[Union['SecretBackendConnectionCassandraArgs', 'SecretBackendConnectionCassandraArgsDict']]] = None,
             couchbase: Optional[pulumi.Input[Union['SecretBackendConnectionCouchbaseArgs', 'SecretBackendConnectionCouchbaseArgsDict']]] = None,
-            data: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+            data: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
+            disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
             elasticsearch: Optional[pulumi.Input[Union['SecretBackendConnectionElasticsearchArgs', 'SecretBackendConnectionElasticsearchArgsDict']]] = None,
             hana: Optional[pulumi.Input[Union['SecretBackendConnectionHanaArgs', 'SecretBackendConnectionHanaArgsDict']]] = None,
             influxdb: Optional[pulumi.Input[Union['SecretBackendConnectionInfluxdbArgs', 'SecretBackendConnectionInfluxdbArgsDict']]] = None,
@@ -1130,17 +1300,20 @@ class SecretBackendConnection(pulumi.CustomResource):
             mysql_aurora: Optional[pulumi.Input[Union['SecretBackendConnectionMysqlAuroraArgs', 'SecretBackendConnectionMysqlAuroraArgsDict']]] = None,
             mysql_legacy: Optional[pulumi.Input[Union['SecretBackendConnectionMysqlLegacyArgs', 'SecretBackendConnectionMysqlLegacyArgsDict']]] = None,
             mysql_rds: Optional[pulumi.Input[Union['SecretBackendConnectionMysqlRdsArgs', 'SecretBackendConnectionMysqlRdsArgsDict']]] = None,
-            name: Optional[pulumi.Input[str]] = None,
-            namespace: Optional[pulumi.Input[str]] = None,
+            name: Optional[pulumi.Input[builtins.str]] = None,
+            namespace: Optional[pulumi.Input[builtins.str]] = None,
             oracle: Optional[pulumi.Input[Union['SecretBackendConnectionOracleArgs', 'SecretBackendConnectionOracleArgsDict']]] = None,
-            plugin_name: Optional[pulumi.Input[str]] = None,
+            plugin_name: Optional[pulumi.Input[builtins.str]] = None,
             postgresql: Optional[pulumi.Input[Union['SecretBackendConnectionPostgresqlArgs', 'SecretBackendConnectionPostgresqlArgsDict']]] = None,
             redis: Optional[pulumi.Input[Union['SecretBackendConnectionRedisArgs', 'SecretBackendConnectionRedisArgsDict']]] = None,
             redis_elasticache: Optional[pulumi.Input[Union['SecretBackendConnectionRedisElasticacheArgs', 'SecretBackendConnectionRedisElasticacheArgsDict']]] = None,
             redshift: Optional[pulumi.Input[Union['SecretBackendConnectionRedshiftArgs', 'SecretBackendConnectionRedshiftArgsDict']]] = None,
-            root_rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+            root_rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+            rotation_period: Optional[pulumi.Input[builtins.int]] = None,
+            rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
+            rotation_window: Optional[pulumi.Input[builtins.int]] = None,
             snowflake: Optional[pulumi.Input[Union['SecretBackendConnectionSnowflakeArgs', 'SecretBackendConnectionSnowflakeArgsDict']]] = None,
-            verify_connection: Optional[pulumi.Input[bool]] = None) -> 'SecretBackendConnection':
+            verify_connection: Optional[pulumi.Input[builtins.bool]] = None) -> 'SecretBackendConnection':
         """
         Get an existing SecretBackendConnection resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -1148,12 +1321,13 @@ class SecretBackendConnection(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_roles: A list of roles that are allowed to use this
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_roles: A list of roles that are allowed to use this
                connection.
-        :param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
+        :param pulumi.Input[builtins.str] backend: The unique name of the Vault mount to configure.
         :param pulumi.Input[Union['SecretBackendConnectionCassandraArgs', 'SecretBackendConnectionCassandraArgsDict']] cassandra: A nested block containing configuration options for Cassandra connections.
         :param pulumi.Input[Union['SecretBackendConnectionCouchbaseArgs', 'SecretBackendConnectionCouchbaseArgsDict']] couchbase: A nested block containing configuration options for Couchbase connections.
-        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
+        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
+        :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
         :param pulumi.Input[Union['SecretBackendConnectionElasticsearchArgs', 'SecretBackendConnectionElasticsearchArgsDict']] elasticsearch: A nested block containing configuration options for Elasticsearch connections.
         :param pulumi.Input[Union['SecretBackendConnectionHanaArgs', 'SecretBackendConnectionHanaArgsDict']] hana: A nested block containing configuration options for SAP HanaDB connections.
         :param pulumi.Input[Union['SecretBackendConnectionInfluxdbArgs', 'SecretBackendConnectionInfluxdbArgsDict']] influxdb: A nested block containing configuration options for InfluxDB connections.
@@ -1164,22 +1338,29 @@ class SecretBackendConnection(pulumi.CustomResource):
         :param pulumi.Input[Union['SecretBackendConnectionMysqlAuroraArgs', 'SecretBackendConnectionMysqlAuroraArgsDict']] mysql_aurora: A nested block containing configuration options for Aurora MySQL connections.
         :param pulumi.Input[Union['SecretBackendConnectionMysqlLegacyArgs', 'SecretBackendConnectionMysqlLegacyArgsDict']] mysql_legacy: A nested block containing configuration options for legacy MySQL connections.
         :param pulumi.Input[Union['SecretBackendConnectionMysqlRdsArgs', 'SecretBackendConnectionMysqlRdsArgsDict']] mysql_rds: A nested block containing configuration options for RDS MySQL connections.
-        :param pulumi.Input[str] name: A unique name to give the database connection.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.str] name: A unique name to give the database connection.
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured namespace.
                *Available only for Vault Enterprise*.
         :param pulumi.Input[Union['SecretBackendConnectionOracleArgs', 'SecretBackendConnectionOracleArgsDict']] oracle: A nested block containing configuration options for Oracle connections.
-        :param pulumi.Input[str] plugin_name: Specifies the name of the plugin to use.
+        :param pulumi.Input[builtins.str] plugin_name: Specifies the name of the plugin to use.
         :param pulumi.Input[Union['SecretBackendConnectionPostgresqlArgs', 'SecretBackendConnectionPostgresqlArgsDict']] postgresql: A nested block containing configuration options for PostgreSQL connections.
         :param pulumi.Input[Union['SecretBackendConnectionRedisArgs', 'SecretBackendConnectionRedisArgsDict']] redis: A nested block containing configuration options for Redis connections.
         :param pulumi.Input[Union['SecretBackendConnectionRedisElasticacheArgs', 'SecretBackendConnectionRedisElasticacheArgsDict']] redis_elasticache: A nested block containing configuration options for Redis ElastiCache connections.
                
                Exactly one of the nested blocks of configuration options must be supplied.
         :param pulumi.Input[Union['SecretBackendConnectionRedshiftArgs', 'SecretBackendConnectionRedshiftArgsDict']] redshift: Connection parameters for the redshift-database-plugin plugin.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
+        :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
+               A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+               defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
+               a rotation when a scheduled token rotation occurs. The default rotation window is
+               unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
         :param pulumi.Input[Union['SecretBackendConnectionSnowflakeArgs', 'SecretBackendConnectionSnowflakeArgsDict']] snowflake: A nested block containing configuration options for Snowflake connections.
-        :param pulumi.Input[bool] verify_connection: Whether the connection should be verified on
+        :param pulumi.Input[builtins.bool] verify_connection: Whether the connection should be verified on
                initial configuration or not.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -1191,6 +1372,7 @@ class SecretBackendConnection(pulumi.CustomResource):
         __props__.__dict__["cassandra"] = cassandra
         __props__.__dict__["couchbase"] = couchbase
         __props__.__dict__["data"] = data
+        __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
         __props__.__dict__["elasticsearch"] = elasticsearch
         __props__.__dict__["hana"] = hana
         __props__.__dict__["influxdb"] = influxdb
@@ -1210,13 +1392,16 @@ class SecretBackendConnection(pulumi.CustomResource):
         __props__.__dict__["redis_elasticache"] = redis_elasticache
         __props__.__dict__["redshift"] = redshift
         __props__.__dict__["root_rotation_statements"] = root_rotation_statements
+        __props__.__dict__["rotation_period"] = rotation_period
+        __props__.__dict__["rotation_schedule"] = rotation_schedule
+        __props__.__dict__["rotation_window"] = rotation_window
         __props__.__dict__["snowflake"] = snowflake
         __props__.__dict__["verify_connection"] = verify_connection
         return SecretBackendConnection(resource_name, opts=opts, __props__=__props__)
 
     @property
     @pulumi.getter(name="allowedRoles")
-    def allowed_roles(self) -> pulumi.Output[Optional[Sequence[str]]]:
+    def allowed_roles(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
         """
         A list of roles that are allowed to use this
         connection.
@@ -1225,7 +1410,7 @@ class SecretBackendConnection(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def backend(self) -> pulumi.Output[str]:
+    def backend(self) -> pulumi.Output[builtins.str]:
         """
         The unique name of the Vault mount to configure.
         """
@@ -1249,12 +1434,20 @@ class SecretBackendConnection(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def data(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
+    def data(self) -> pulumi.Output[Optional[Mapping[str, builtins.str]]]:
         """
         A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
         """
         return pulumi.get(self, "data")
 
+    @property
+    @pulumi.getter(name="disableAutomatedRotation")
+    def disable_automated_rotation(self) -> pulumi.Output[Optional[builtins.bool]]:
+        """
+        Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "disable_automated_rotation")
+
     @property
     @pulumi.getter
     def elasticsearch(self) -> pulumi.Output[Optional['outputs.SecretBackendConnectionElasticsearch']]:
@@ -1337,7 +1530,7 @@ class SecretBackendConnection(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def name(self) -> pulumi.Output[str]:
+    def name(self) -> pulumi.Output[builtins.str]:
         """
         A unique name to give the database connection.
         """
@@ -1345,7 +1538,7 @@ class SecretBackendConnection(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def namespace(self) -> pulumi.Output[Optional[str]]:
+    def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -1364,7 +1557,7 @@ class SecretBackendConnection(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="pluginName")
-    def plugin_name(self) -> pulumi.Output[str]:
+    def plugin_name(self) -> pulumi.Output[builtins.str]:
         """
         Specifies the name of the plugin to use.
         """
@@ -1406,12 +1599,40 @@ class SecretBackendConnection(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="rootRotationStatements")
-    def root_rotation_statements(self) -> pulumi.Output[Optional[Sequence[str]]]:
+    def root_rotation_statements(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
         """
         A list of database statements to be executed to rotate the root user's credentials.
         """
         return pulumi.get(self, "root_rotation_statements")
 
+    @property
+    @pulumi.getter(name="rotationPeriod")
+    def rotation_period(self) -> pulumi.Output[Optional[builtins.int]]:
+        """
+        The amount of time in seconds Vault should wait before rotating the root credential.
+        A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_period")
+
+    @property
+    @pulumi.getter(name="rotationSchedule")
+    def rotation_schedule(self) -> pulumi.Output[Optional[builtins.str]]:
+        """
+        The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+        defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_schedule")
+
+    @property
+    @pulumi.getter(name="rotationWindow")
+    def rotation_window(self) -> pulumi.Output[Optional[builtins.int]]:
+        """
+        The maximum amount of time in seconds allowed to complete
+        a rotation when a scheduled token rotation occurs. The default rotation window is
+        unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_window")
+
     @property
     @pulumi.getter
     def snowflake(self) -> pulumi.Output[Optional['outputs.SecretBackendConnectionSnowflake']]:
@@ -1422,7 +1643,7 @@ class SecretBackendConnection(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="verifyConnection")
-    def verify_connection(self) -> pulumi.Output[Optional[bool]]:
+    def verify_connection(self) -> pulumi.Output[Optional[builtins.bool]]:
         """
         Whether the connection should be verified on
         initial configuration or not.