pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +9 -0
- pulumi_vault/_inputs.py +583 -562
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +425 -200
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +523 -306
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +288 -70
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +383 -130
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +432 -186
- pulumi_vault/azure/backend_role.py +188 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +3857 -2200
- pulumi_vault/database/outputs.py +2483 -1330
- pulumi_vault/database/secret_backend_connection.py +333 -112
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +283 -140
- pulumi_vault/database/secrets_mount.py +275 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +426 -205
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +420 -179
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +68 -18
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +754 -533
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +720 -499
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +73 -60
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +31 -36
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +174 -126
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -31
- pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +894 -644
- pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
- pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +2 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +96 -95
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +3 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +325 -0
- pulumi_vault/transit/get_verify.py +355 -0
- pulumi_vault/transit/secret_backend_key.py +394 -231
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
- pulumi_vault-6.7.0.dist-info/RECORD +265 -0
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
- pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -19,61 +20,61 @@ __all__ = ['SecretBackendArgs', 'SecretBackend']
|
|
19
20
|
@pulumi.input_type
|
20
21
|
class SecretBackendArgs:
|
21
22
|
def __init__(__self__, *,
|
22
|
-
path: pulumi.Input[str],
|
23
|
-
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
24
|
-
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
25
|
-
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
26
|
-
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
27
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
28
|
-
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
29
|
-
description: Optional[pulumi.Input[str]] = None,
|
30
|
-
disable_local_ca_jwt: Optional[pulumi.Input[bool]] = None,
|
31
|
-
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
32
|
-
identity_token_key: Optional[pulumi.Input[str]] = None,
|
33
|
-
kubernetes_ca_cert: Optional[pulumi.Input[str]] = None,
|
34
|
-
kubernetes_host: Optional[pulumi.Input[str]] = None,
|
35
|
-
listing_visibility: Optional[pulumi.Input[str]] = None,
|
36
|
-
local: Optional[pulumi.Input[bool]] = None,
|
37
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
38
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
39
|
-
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
40
|
-
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
41
|
-
plugin_version: Optional[pulumi.Input[str]] = None,
|
42
|
-
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
43
|
-
service_account_jwt: Optional[pulumi.Input[str]] = None):
|
23
|
+
path: pulumi.Input[builtins.str],
|
24
|
+
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
25
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
26
|
+
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
27
|
+
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
28
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
29
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
30
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
31
|
+
disable_local_ca_jwt: Optional[pulumi.Input[builtins.bool]] = None,
|
32
|
+
external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
|
33
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
34
|
+
kubernetes_ca_cert: Optional[pulumi.Input[builtins.str]] = None,
|
35
|
+
kubernetes_host: Optional[pulumi.Input[builtins.str]] = None,
|
36
|
+
listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
|
37
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
38
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
39
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
40
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
41
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
42
|
+
plugin_version: Optional[pulumi.Input[builtins.str]] = None,
|
43
|
+
seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
|
44
|
+
service_account_jwt: Optional[pulumi.Input[builtins.str]] = None):
|
44
45
|
"""
|
45
46
|
The set of arguments for constructing a SecretBackend resource.
|
46
|
-
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
47
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
48
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
49
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
50
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
51
|
-
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
52
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
53
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount
|
54
|
-
:param pulumi.Input[bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and
|
47
|
+
:param pulumi.Input[builtins.str] path: Where the secret backend will be mounted
|
48
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
49
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
50
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
51
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
52
|
+
:param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
53
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
54
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount
|
55
|
+
:param pulumi.Input[builtins.bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and
|
55
56
|
service account JWT when Vault is running in a Kubernetes pod.
|
56
|
-
:param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
57
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
58
|
-
:param pulumi.Input[str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the
|
57
|
+
:param pulumi.Input[builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
58
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
|
59
|
+
:param pulumi.Input[builtins.str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the
|
59
60
|
secrets engine to verify the Kubernetes API server certificate. Defaults to the local
|
60
61
|
pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where
|
61
62
|
Vault is running.
|
62
|
-
:param pulumi.Input[str] kubernetes_host: The Kubernetes API URL to connect to. Required if the
|
63
|
+
:param pulumi.Input[builtins.str] kubernetes_host: The Kubernetes API URL to connect to. Required if the
|
63
64
|
standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
|
64
65
|
are not set on the host that Vault is running on.
|
65
|
-
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
66
|
-
:param pulumi.Input[bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
|
67
|
-
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
68
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
66
|
+
:param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
67
|
+
:param pulumi.Input[builtins.bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
|
68
|
+
:param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
69
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
69
70
|
The value should not contain leading or trailing forward slashes.
|
70
71
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
71
72
|
*Available only for Vault Enterprise*.
|
72
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
73
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
74
|
-
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
75
|
-
:param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
76
|
-
:param pulumi.Input[str] service_account_jwt: The JSON web token of the service account used by the
|
73
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
|
74
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
75
|
+
:param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
76
|
+
:param pulumi.Input[builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
77
|
+
:param pulumi.Input[builtins.str] service_account_jwt: The JSON web token of the service account used by the
|
77
78
|
secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
|
78
79
|
is running in Kubernetes.
|
79
80
|
"""
|
@@ -123,103 +124,103 @@ class SecretBackendArgs:
|
|
123
124
|
|
124
125
|
@property
|
125
126
|
@pulumi.getter
|
126
|
-
def path(self) -> pulumi.Input[str]:
|
127
|
+
def path(self) -> pulumi.Input[builtins.str]:
|
127
128
|
"""
|
128
129
|
Where the secret backend will be mounted
|
129
130
|
"""
|
130
131
|
return pulumi.get(self, "path")
|
131
132
|
|
132
133
|
@path.setter
|
133
|
-
def path(self, value: pulumi.Input[str]):
|
134
|
+
def path(self, value: pulumi.Input[builtins.str]):
|
134
135
|
pulumi.set(self, "path", value)
|
135
136
|
|
136
137
|
@property
|
137
138
|
@pulumi.getter(name="allowedManagedKeys")
|
138
|
-
def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
139
|
+
def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
139
140
|
"""
|
140
141
|
List of managed key registry entry names that the mount in question is allowed to access
|
141
142
|
"""
|
142
143
|
return pulumi.get(self, "allowed_managed_keys")
|
143
144
|
|
144
145
|
@allowed_managed_keys.setter
|
145
|
-
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
146
|
+
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
146
147
|
pulumi.set(self, "allowed_managed_keys", value)
|
147
148
|
|
148
149
|
@property
|
149
150
|
@pulumi.getter(name="allowedResponseHeaders")
|
150
|
-
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
151
|
+
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
151
152
|
"""
|
152
153
|
List of headers to allow and pass from the request to the plugin
|
153
154
|
"""
|
154
155
|
return pulumi.get(self, "allowed_response_headers")
|
155
156
|
|
156
157
|
@allowed_response_headers.setter
|
157
|
-
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
158
|
+
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
158
159
|
pulumi.set(self, "allowed_response_headers", value)
|
159
160
|
|
160
161
|
@property
|
161
162
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
162
|
-
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
163
|
+
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
163
164
|
"""
|
164
165
|
Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
165
166
|
"""
|
166
167
|
return pulumi.get(self, "audit_non_hmac_request_keys")
|
167
168
|
|
168
169
|
@audit_non_hmac_request_keys.setter
|
169
|
-
def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
170
|
+
def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
170
171
|
pulumi.set(self, "audit_non_hmac_request_keys", value)
|
171
172
|
|
172
173
|
@property
|
173
174
|
@pulumi.getter(name="auditNonHmacResponseKeys")
|
174
|
-
def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
175
|
+
def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
175
176
|
"""
|
176
177
|
Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
177
178
|
"""
|
178
179
|
return pulumi.get(self, "audit_non_hmac_response_keys")
|
179
180
|
|
180
181
|
@audit_non_hmac_response_keys.setter
|
181
|
-
def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
182
|
+
def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
182
183
|
pulumi.set(self, "audit_non_hmac_response_keys", value)
|
183
184
|
|
184
185
|
@property
|
185
186
|
@pulumi.getter(name="defaultLeaseTtlSeconds")
|
186
|
-
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
|
187
|
+
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
|
187
188
|
"""
|
188
189
|
Default lease duration for tokens and secrets in seconds
|
189
190
|
"""
|
190
191
|
return pulumi.get(self, "default_lease_ttl_seconds")
|
191
192
|
|
192
193
|
@default_lease_ttl_seconds.setter
|
193
|
-
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
194
|
+
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
|
194
195
|
pulumi.set(self, "default_lease_ttl_seconds", value)
|
195
196
|
|
196
197
|
@property
|
197
198
|
@pulumi.getter(name="delegatedAuthAccessors")
|
198
|
-
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
199
|
+
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
199
200
|
"""
|
200
201
|
List of headers to allow and pass from the request to the plugin
|
201
202
|
"""
|
202
203
|
return pulumi.get(self, "delegated_auth_accessors")
|
203
204
|
|
204
205
|
@delegated_auth_accessors.setter
|
205
|
-
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
206
|
+
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
206
207
|
pulumi.set(self, "delegated_auth_accessors", value)
|
207
208
|
|
208
209
|
@property
|
209
210
|
@pulumi.getter
|
210
|
-
def description(self) -> Optional[pulumi.Input[str]]:
|
211
|
+
def description(self) -> Optional[pulumi.Input[builtins.str]]:
|
211
212
|
"""
|
212
213
|
Human-friendly description of the mount
|
213
214
|
"""
|
214
215
|
return pulumi.get(self, "description")
|
215
216
|
|
216
217
|
@description.setter
|
217
|
-
def description(self, value: Optional[pulumi.Input[str]]):
|
218
|
+
def description(self, value: Optional[pulumi.Input[builtins.str]]):
|
218
219
|
pulumi.set(self, "description", value)
|
219
220
|
|
220
221
|
@property
|
221
222
|
@pulumi.getter(name="disableLocalCaJwt")
|
222
|
-
def disable_local_ca_jwt(self) -> Optional[pulumi.Input[bool]]:
|
223
|
+
def disable_local_ca_jwt(self) -> Optional[pulumi.Input[builtins.bool]]:
|
223
224
|
"""
|
224
225
|
Disable defaulting to the local CA certificate and
|
225
226
|
service account JWT when Vault is running in a Kubernetes pod.
|
@@ -227,36 +228,36 @@ class SecretBackendArgs:
|
|
227
228
|
return pulumi.get(self, "disable_local_ca_jwt")
|
228
229
|
|
229
230
|
@disable_local_ca_jwt.setter
|
230
|
-
def disable_local_ca_jwt(self, value: Optional[pulumi.Input[bool]]):
|
231
|
+
def disable_local_ca_jwt(self, value: Optional[pulumi.Input[builtins.bool]]):
|
231
232
|
pulumi.set(self, "disable_local_ca_jwt", value)
|
232
233
|
|
233
234
|
@property
|
234
235
|
@pulumi.getter(name="externalEntropyAccess")
|
235
|
-
def external_entropy_access(self) -> Optional[pulumi.Input[bool]]:
|
236
|
+
def external_entropy_access(self) -> Optional[pulumi.Input[builtins.bool]]:
|
236
237
|
"""
|
237
238
|
Enable the secrets engine to access Vault's external entropy source
|
238
239
|
"""
|
239
240
|
return pulumi.get(self, "external_entropy_access")
|
240
241
|
|
241
242
|
@external_entropy_access.setter
|
242
|
-
def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
|
243
|
+
def external_entropy_access(self, value: Optional[pulumi.Input[builtins.bool]]):
|
243
244
|
pulumi.set(self, "external_entropy_access", value)
|
244
245
|
|
245
246
|
@property
|
246
247
|
@pulumi.getter(name="identityTokenKey")
|
247
|
-
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
248
|
+
def identity_token_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
248
249
|
"""
|
249
250
|
The key to use for signing plugin workload identity tokens
|
250
251
|
"""
|
251
252
|
return pulumi.get(self, "identity_token_key")
|
252
253
|
|
253
254
|
@identity_token_key.setter
|
254
|
-
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
255
|
+
def identity_token_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
255
256
|
pulumi.set(self, "identity_token_key", value)
|
256
257
|
|
257
258
|
@property
|
258
259
|
@pulumi.getter(name="kubernetesCaCert")
|
259
|
-
def kubernetes_ca_cert(self) -> Optional[pulumi.Input[str]]:
|
260
|
+
def kubernetes_ca_cert(self) -> Optional[pulumi.Input[builtins.str]]:
|
260
261
|
"""
|
261
262
|
A PEM-encoded CA certificate used by the
|
262
263
|
secrets engine to verify the Kubernetes API server certificate. Defaults to the local
|
@@ -266,12 +267,12 @@ class SecretBackendArgs:
|
|
266
267
|
return pulumi.get(self, "kubernetes_ca_cert")
|
267
268
|
|
268
269
|
@kubernetes_ca_cert.setter
|
269
|
-
def kubernetes_ca_cert(self, value: Optional[pulumi.Input[str]]):
|
270
|
+
def kubernetes_ca_cert(self, value: Optional[pulumi.Input[builtins.str]]):
|
270
271
|
pulumi.set(self, "kubernetes_ca_cert", value)
|
271
272
|
|
272
273
|
@property
|
273
274
|
@pulumi.getter(name="kubernetesHost")
|
274
|
-
def kubernetes_host(self) -> Optional[pulumi.Input[str]]:
|
275
|
+
def kubernetes_host(self) -> Optional[pulumi.Input[builtins.str]]:
|
275
276
|
"""
|
276
277
|
The Kubernetes API URL to connect to. Required if the
|
277
278
|
standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
|
@@ -280,48 +281,48 @@ class SecretBackendArgs:
|
|
280
281
|
return pulumi.get(self, "kubernetes_host")
|
281
282
|
|
282
283
|
@kubernetes_host.setter
|
283
|
-
def kubernetes_host(self, value: Optional[pulumi.Input[str]]):
|
284
|
+
def kubernetes_host(self, value: Optional[pulumi.Input[builtins.str]]):
|
284
285
|
pulumi.set(self, "kubernetes_host", value)
|
285
286
|
|
286
287
|
@property
|
287
288
|
@pulumi.getter(name="listingVisibility")
|
288
|
-
def listing_visibility(self) -> Optional[pulumi.Input[str]]:
|
289
|
+
def listing_visibility(self) -> Optional[pulumi.Input[builtins.str]]:
|
289
290
|
"""
|
290
291
|
Specifies whether to show this mount in the UI-specific listing endpoint
|
291
292
|
"""
|
292
293
|
return pulumi.get(self, "listing_visibility")
|
293
294
|
|
294
295
|
@listing_visibility.setter
|
295
|
-
def listing_visibility(self, value: Optional[pulumi.Input[str]]):
|
296
|
+
def listing_visibility(self, value: Optional[pulumi.Input[builtins.str]]):
|
296
297
|
pulumi.set(self, "listing_visibility", value)
|
297
298
|
|
298
299
|
@property
|
299
300
|
@pulumi.getter
|
300
|
-
def local(self) -> Optional[pulumi.Input[bool]]:
|
301
|
+
def local(self) -> Optional[pulumi.Input[builtins.bool]]:
|
301
302
|
"""
|
302
303
|
Local mount flag that can be explicitly set to true to enforce local mount in HA environment
|
303
304
|
"""
|
304
305
|
return pulumi.get(self, "local")
|
305
306
|
|
306
307
|
@local.setter
|
307
|
-
def local(self, value: Optional[pulumi.Input[bool]]):
|
308
|
+
def local(self, value: Optional[pulumi.Input[builtins.bool]]):
|
308
309
|
pulumi.set(self, "local", value)
|
309
310
|
|
310
311
|
@property
|
311
312
|
@pulumi.getter(name="maxLeaseTtlSeconds")
|
312
|
-
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
|
313
|
+
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
|
313
314
|
"""
|
314
315
|
Maximum possible lease duration for tokens and secrets in seconds
|
315
316
|
"""
|
316
317
|
return pulumi.get(self, "max_lease_ttl_seconds")
|
317
318
|
|
318
319
|
@max_lease_ttl_seconds.setter
|
319
|
-
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
320
|
+
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
|
320
321
|
pulumi.set(self, "max_lease_ttl_seconds", value)
|
321
322
|
|
322
323
|
@property
|
323
324
|
@pulumi.getter
|
324
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
325
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
325
326
|
"""
|
326
327
|
The namespace to provision the resource in.
|
327
328
|
The value should not contain leading or trailing forward slashes.
|
@@ -331,60 +332,60 @@ class SecretBackendArgs:
|
|
331
332
|
return pulumi.get(self, "namespace")
|
332
333
|
|
333
334
|
@namespace.setter
|
334
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
335
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
335
336
|
pulumi.set(self, "namespace", value)
|
336
337
|
|
337
338
|
@property
|
338
339
|
@pulumi.getter
|
339
|
-
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
340
|
+
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
|
340
341
|
"""
|
341
342
|
Specifies mount type specific options that are passed to the backend
|
342
343
|
"""
|
343
344
|
return pulumi.get(self, "options")
|
344
345
|
|
345
346
|
@options.setter
|
346
|
-
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
347
|
+
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
|
347
348
|
pulumi.set(self, "options", value)
|
348
349
|
|
349
350
|
@property
|
350
351
|
@pulumi.getter(name="passthroughRequestHeaders")
|
351
|
-
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
352
|
+
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
352
353
|
"""
|
353
354
|
List of headers to allow and pass from the request to the plugin
|
354
355
|
"""
|
355
356
|
return pulumi.get(self, "passthrough_request_headers")
|
356
357
|
|
357
358
|
@passthrough_request_headers.setter
|
358
|
-
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
359
|
+
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
359
360
|
pulumi.set(self, "passthrough_request_headers", value)
|
360
361
|
|
361
362
|
@property
|
362
363
|
@pulumi.getter(name="pluginVersion")
|
363
|
-
def plugin_version(self) -> Optional[pulumi.Input[str]]:
|
364
|
+
def plugin_version(self) -> Optional[pulumi.Input[builtins.str]]:
|
364
365
|
"""
|
365
366
|
Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
366
367
|
"""
|
367
368
|
return pulumi.get(self, "plugin_version")
|
368
369
|
|
369
370
|
@plugin_version.setter
|
370
|
-
def plugin_version(self, value: Optional[pulumi.Input[str]]):
|
371
|
+
def plugin_version(self, value: Optional[pulumi.Input[builtins.str]]):
|
371
372
|
pulumi.set(self, "plugin_version", value)
|
372
373
|
|
373
374
|
@property
|
374
375
|
@pulumi.getter(name="sealWrap")
|
375
|
-
def seal_wrap(self) -> Optional[pulumi.Input[bool]]:
|
376
|
+
def seal_wrap(self) -> Optional[pulumi.Input[builtins.bool]]:
|
376
377
|
"""
|
377
378
|
Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
378
379
|
"""
|
379
380
|
return pulumi.get(self, "seal_wrap")
|
380
381
|
|
381
382
|
@seal_wrap.setter
|
382
|
-
def seal_wrap(self, value: Optional[pulumi.Input[bool]]):
|
383
|
+
def seal_wrap(self, value: Optional[pulumi.Input[builtins.bool]]):
|
383
384
|
pulumi.set(self, "seal_wrap", value)
|
384
385
|
|
385
386
|
@property
|
386
387
|
@pulumi.getter(name="serviceAccountJwt")
|
387
|
-
def service_account_jwt(self) -> Optional[pulumi.Input[str]]:
|
388
|
+
def service_account_jwt(self) -> Optional[pulumi.Input[builtins.str]]:
|
388
389
|
"""
|
389
390
|
The JSON web token of the service account used by the
|
390
391
|
secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
|
@@ -393,70 +394,70 @@ class SecretBackendArgs:
|
|
393
394
|
return pulumi.get(self, "service_account_jwt")
|
394
395
|
|
395
396
|
@service_account_jwt.setter
|
396
|
-
def service_account_jwt(self, value: Optional[pulumi.Input[str]]):
|
397
|
+
def service_account_jwt(self, value: Optional[pulumi.Input[builtins.str]]):
|
397
398
|
pulumi.set(self, "service_account_jwt", value)
|
398
399
|
|
399
400
|
|
400
401
|
@pulumi.input_type
|
401
402
|
class _SecretBackendState:
|
402
403
|
def __init__(__self__, *,
|
403
|
-
accessor: Optional[pulumi.Input[str]] = None,
|
404
|
-
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
405
|
-
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
406
|
-
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
407
|
-
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
408
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
409
|
-
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
410
|
-
description: Optional[pulumi.Input[str]] = None,
|
411
|
-
disable_local_ca_jwt: Optional[pulumi.Input[bool]] = None,
|
412
|
-
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
413
|
-
identity_token_key: Optional[pulumi.Input[str]] = None,
|
414
|
-
kubernetes_ca_cert: Optional[pulumi.Input[str]] = None,
|
415
|
-
kubernetes_host: Optional[pulumi.Input[str]] = None,
|
416
|
-
listing_visibility: Optional[pulumi.Input[str]] = None,
|
417
|
-
local: Optional[pulumi.Input[bool]] = None,
|
418
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
419
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
420
|
-
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
421
|
-
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
422
|
-
path: Optional[pulumi.Input[str]] = None,
|
423
|
-
plugin_version: Optional[pulumi.Input[str]] = None,
|
424
|
-
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
425
|
-
service_account_jwt: Optional[pulumi.Input[str]] = None):
|
404
|
+
accessor: Optional[pulumi.Input[builtins.str]] = None,
|
405
|
+
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
406
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
407
|
+
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
408
|
+
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
409
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
410
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
411
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
412
|
+
disable_local_ca_jwt: Optional[pulumi.Input[builtins.bool]] = None,
|
413
|
+
external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
|
414
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
415
|
+
kubernetes_ca_cert: Optional[pulumi.Input[builtins.str]] = None,
|
416
|
+
kubernetes_host: Optional[pulumi.Input[builtins.str]] = None,
|
417
|
+
listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
|
418
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
419
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
420
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
421
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
422
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
423
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
424
|
+
plugin_version: Optional[pulumi.Input[builtins.str]] = None,
|
425
|
+
seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
|
426
|
+
service_account_jwt: Optional[pulumi.Input[builtins.str]] = None):
|
426
427
|
"""
|
427
428
|
Input properties used for looking up and filtering SecretBackend resources.
|
428
|
-
:param pulumi.Input[str] accessor: Accessor of the mount
|
429
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
430
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
431
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
432
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
433
|
-
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
434
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
435
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount
|
436
|
-
:param pulumi.Input[bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and
|
429
|
+
:param pulumi.Input[builtins.str] accessor: Accessor of the mount
|
430
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
431
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
432
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
433
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
434
|
+
:param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
435
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
436
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount
|
437
|
+
:param pulumi.Input[builtins.bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and
|
437
438
|
service account JWT when Vault is running in a Kubernetes pod.
|
438
|
-
:param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
439
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
440
|
-
:param pulumi.Input[str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the
|
439
|
+
:param pulumi.Input[builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
440
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
|
441
|
+
:param pulumi.Input[builtins.str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the
|
441
442
|
secrets engine to verify the Kubernetes API server certificate. Defaults to the local
|
442
443
|
pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where
|
443
444
|
Vault is running.
|
444
|
-
:param pulumi.Input[str] kubernetes_host: The Kubernetes API URL to connect to. Required if the
|
445
|
+
:param pulumi.Input[builtins.str] kubernetes_host: The Kubernetes API URL to connect to. Required if the
|
445
446
|
standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
|
446
447
|
are not set on the host that Vault is running on.
|
447
|
-
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
448
|
-
:param pulumi.Input[bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
|
449
|
-
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
450
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
448
|
+
:param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
449
|
+
:param pulumi.Input[builtins.bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
|
450
|
+
:param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
451
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
451
452
|
The value should not contain leading or trailing forward slashes.
|
452
453
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
453
454
|
*Available only for Vault Enterprise*.
|
454
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
455
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
456
|
-
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
457
|
-
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
458
|
-
:param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
459
|
-
:param pulumi.Input[str] service_account_jwt: The JSON web token of the service account used by the
|
455
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
|
456
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
457
|
+
:param pulumi.Input[builtins.str] path: Where the secret backend will be mounted
|
458
|
+
:param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
459
|
+
:param pulumi.Input[builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
460
|
+
:param pulumi.Input[builtins.str] service_account_jwt: The JSON web token of the service account used by the
|
460
461
|
secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
|
461
462
|
is running in Kubernetes.
|
462
463
|
"""
|
@@ -509,103 +510,103 @@ class _SecretBackendState:
|
|
509
510
|
|
510
511
|
@property
|
511
512
|
@pulumi.getter
|
512
|
-
def accessor(self) -> Optional[pulumi.Input[str]]:
|
513
|
+
def accessor(self) -> Optional[pulumi.Input[builtins.str]]:
|
513
514
|
"""
|
514
515
|
Accessor of the mount
|
515
516
|
"""
|
516
517
|
return pulumi.get(self, "accessor")
|
517
518
|
|
518
519
|
@accessor.setter
|
519
|
-
def accessor(self, value: Optional[pulumi.Input[str]]):
|
520
|
+
def accessor(self, value: Optional[pulumi.Input[builtins.str]]):
|
520
521
|
pulumi.set(self, "accessor", value)
|
521
522
|
|
522
523
|
@property
|
523
524
|
@pulumi.getter(name="allowedManagedKeys")
|
524
|
-
def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
525
|
+
def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
525
526
|
"""
|
526
527
|
List of managed key registry entry names that the mount in question is allowed to access
|
527
528
|
"""
|
528
529
|
return pulumi.get(self, "allowed_managed_keys")
|
529
530
|
|
530
531
|
@allowed_managed_keys.setter
|
531
|
-
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
532
|
+
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
532
533
|
pulumi.set(self, "allowed_managed_keys", value)
|
533
534
|
|
534
535
|
@property
|
535
536
|
@pulumi.getter(name="allowedResponseHeaders")
|
536
|
-
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
537
|
+
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
537
538
|
"""
|
538
539
|
List of headers to allow and pass from the request to the plugin
|
539
540
|
"""
|
540
541
|
return pulumi.get(self, "allowed_response_headers")
|
541
542
|
|
542
543
|
@allowed_response_headers.setter
|
543
|
-
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
544
|
+
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
544
545
|
pulumi.set(self, "allowed_response_headers", value)
|
545
546
|
|
546
547
|
@property
|
547
548
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
548
|
-
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
549
|
+
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
549
550
|
"""
|
550
551
|
Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
551
552
|
"""
|
552
553
|
return pulumi.get(self, "audit_non_hmac_request_keys")
|
553
554
|
|
554
555
|
@audit_non_hmac_request_keys.setter
|
555
|
-
def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
556
|
+
def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
556
557
|
pulumi.set(self, "audit_non_hmac_request_keys", value)
|
557
558
|
|
558
559
|
@property
|
559
560
|
@pulumi.getter(name="auditNonHmacResponseKeys")
|
560
|
-
def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
561
|
+
def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
561
562
|
"""
|
562
563
|
Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
563
564
|
"""
|
564
565
|
return pulumi.get(self, "audit_non_hmac_response_keys")
|
565
566
|
|
566
567
|
@audit_non_hmac_response_keys.setter
|
567
|
-
def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
568
|
+
def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
568
569
|
pulumi.set(self, "audit_non_hmac_response_keys", value)
|
569
570
|
|
570
571
|
@property
|
571
572
|
@pulumi.getter(name="defaultLeaseTtlSeconds")
|
572
|
-
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
|
573
|
+
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
|
573
574
|
"""
|
574
575
|
Default lease duration for tokens and secrets in seconds
|
575
576
|
"""
|
576
577
|
return pulumi.get(self, "default_lease_ttl_seconds")
|
577
578
|
|
578
579
|
@default_lease_ttl_seconds.setter
|
579
|
-
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
580
|
+
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
|
580
581
|
pulumi.set(self, "default_lease_ttl_seconds", value)
|
581
582
|
|
582
583
|
@property
|
583
584
|
@pulumi.getter(name="delegatedAuthAccessors")
|
584
|
-
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
585
|
+
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
585
586
|
"""
|
586
587
|
List of headers to allow and pass from the request to the plugin
|
587
588
|
"""
|
588
589
|
return pulumi.get(self, "delegated_auth_accessors")
|
589
590
|
|
590
591
|
@delegated_auth_accessors.setter
|
591
|
-
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
592
|
+
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
592
593
|
pulumi.set(self, "delegated_auth_accessors", value)
|
593
594
|
|
594
595
|
@property
|
595
596
|
@pulumi.getter
|
596
|
-
def description(self) -> Optional[pulumi.Input[str]]:
|
597
|
+
def description(self) -> Optional[pulumi.Input[builtins.str]]:
|
597
598
|
"""
|
598
599
|
Human-friendly description of the mount
|
599
600
|
"""
|
600
601
|
return pulumi.get(self, "description")
|
601
602
|
|
602
603
|
@description.setter
|
603
|
-
def description(self, value: Optional[pulumi.Input[str]]):
|
604
|
+
def description(self, value: Optional[pulumi.Input[builtins.str]]):
|
604
605
|
pulumi.set(self, "description", value)
|
605
606
|
|
606
607
|
@property
|
607
608
|
@pulumi.getter(name="disableLocalCaJwt")
|
608
|
-
def disable_local_ca_jwt(self) -> Optional[pulumi.Input[bool]]:
|
609
|
+
def disable_local_ca_jwt(self) -> Optional[pulumi.Input[builtins.bool]]:
|
609
610
|
"""
|
610
611
|
Disable defaulting to the local CA certificate and
|
611
612
|
service account JWT when Vault is running in a Kubernetes pod.
|
@@ -613,36 +614,36 @@ class _SecretBackendState:
|
|
613
614
|
return pulumi.get(self, "disable_local_ca_jwt")
|
614
615
|
|
615
616
|
@disable_local_ca_jwt.setter
|
616
|
-
def disable_local_ca_jwt(self, value: Optional[pulumi.Input[bool]]):
|
617
|
+
def disable_local_ca_jwt(self, value: Optional[pulumi.Input[builtins.bool]]):
|
617
618
|
pulumi.set(self, "disable_local_ca_jwt", value)
|
618
619
|
|
619
620
|
@property
|
620
621
|
@pulumi.getter(name="externalEntropyAccess")
|
621
|
-
def external_entropy_access(self) -> Optional[pulumi.Input[bool]]:
|
622
|
+
def external_entropy_access(self) -> Optional[pulumi.Input[builtins.bool]]:
|
622
623
|
"""
|
623
624
|
Enable the secrets engine to access Vault's external entropy source
|
624
625
|
"""
|
625
626
|
return pulumi.get(self, "external_entropy_access")
|
626
627
|
|
627
628
|
@external_entropy_access.setter
|
628
|
-
def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
|
629
|
+
def external_entropy_access(self, value: Optional[pulumi.Input[builtins.bool]]):
|
629
630
|
pulumi.set(self, "external_entropy_access", value)
|
630
631
|
|
631
632
|
@property
|
632
633
|
@pulumi.getter(name="identityTokenKey")
|
633
|
-
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
634
|
+
def identity_token_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
634
635
|
"""
|
635
636
|
The key to use for signing plugin workload identity tokens
|
636
637
|
"""
|
637
638
|
return pulumi.get(self, "identity_token_key")
|
638
639
|
|
639
640
|
@identity_token_key.setter
|
640
|
-
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
641
|
+
def identity_token_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
641
642
|
pulumi.set(self, "identity_token_key", value)
|
642
643
|
|
643
644
|
@property
|
644
645
|
@pulumi.getter(name="kubernetesCaCert")
|
645
|
-
def kubernetes_ca_cert(self) -> Optional[pulumi.Input[str]]:
|
646
|
+
def kubernetes_ca_cert(self) -> Optional[pulumi.Input[builtins.str]]:
|
646
647
|
"""
|
647
648
|
A PEM-encoded CA certificate used by the
|
648
649
|
secrets engine to verify the Kubernetes API server certificate. Defaults to the local
|
@@ -652,12 +653,12 @@ class _SecretBackendState:
|
|
652
653
|
return pulumi.get(self, "kubernetes_ca_cert")
|
653
654
|
|
654
655
|
@kubernetes_ca_cert.setter
|
655
|
-
def kubernetes_ca_cert(self, value: Optional[pulumi.Input[str]]):
|
656
|
+
def kubernetes_ca_cert(self, value: Optional[pulumi.Input[builtins.str]]):
|
656
657
|
pulumi.set(self, "kubernetes_ca_cert", value)
|
657
658
|
|
658
659
|
@property
|
659
660
|
@pulumi.getter(name="kubernetesHost")
|
660
|
-
def kubernetes_host(self) -> Optional[pulumi.Input[str]]:
|
661
|
+
def kubernetes_host(self) -> Optional[pulumi.Input[builtins.str]]:
|
661
662
|
"""
|
662
663
|
The Kubernetes API URL to connect to. Required if the
|
663
664
|
standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
|
@@ -666,48 +667,48 @@ class _SecretBackendState:
|
|
666
667
|
return pulumi.get(self, "kubernetes_host")
|
667
668
|
|
668
669
|
@kubernetes_host.setter
|
669
|
-
def kubernetes_host(self, value: Optional[pulumi.Input[str]]):
|
670
|
+
def kubernetes_host(self, value: Optional[pulumi.Input[builtins.str]]):
|
670
671
|
pulumi.set(self, "kubernetes_host", value)
|
671
672
|
|
672
673
|
@property
|
673
674
|
@pulumi.getter(name="listingVisibility")
|
674
|
-
def listing_visibility(self) -> Optional[pulumi.Input[str]]:
|
675
|
+
def listing_visibility(self) -> Optional[pulumi.Input[builtins.str]]:
|
675
676
|
"""
|
676
677
|
Specifies whether to show this mount in the UI-specific listing endpoint
|
677
678
|
"""
|
678
679
|
return pulumi.get(self, "listing_visibility")
|
679
680
|
|
680
681
|
@listing_visibility.setter
|
681
|
-
def listing_visibility(self, value: Optional[pulumi.Input[str]]):
|
682
|
+
def listing_visibility(self, value: Optional[pulumi.Input[builtins.str]]):
|
682
683
|
pulumi.set(self, "listing_visibility", value)
|
683
684
|
|
684
685
|
@property
|
685
686
|
@pulumi.getter
|
686
|
-
def local(self) -> Optional[pulumi.Input[bool]]:
|
687
|
+
def local(self) -> Optional[pulumi.Input[builtins.bool]]:
|
687
688
|
"""
|
688
689
|
Local mount flag that can be explicitly set to true to enforce local mount in HA environment
|
689
690
|
"""
|
690
691
|
return pulumi.get(self, "local")
|
691
692
|
|
692
693
|
@local.setter
|
693
|
-
def local(self, value: Optional[pulumi.Input[bool]]):
|
694
|
+
def local(self, value: Optional[pulumi.Input[builtins.bool]]):
|
694
695
|
pulumi.set(self, "local", value)
|
695
696
|
|
696
697
|
@property
|
697
698
|
@pulumi.getter(name="maxLeaseTtlSeconds")
|
698
|
-
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
|
699
|
+
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
|
699
700
|
"""
|
700
701
|
Maximum possible lease duration for tokens and secrets in seconds
|
701
702
|
"""
|
702
703
|
return pulumi.get(self, "max_lease_ttl_seconds")
|
703
704
|
|
704
705
|
@max_lease_ttl_seconds.setter
|
705
|
-
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
706
|
+
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
|
706
707
|
pulumi.set(self, "max_lease_ttl_seconds", value)
|
707
708
|
|
708
709
|
@property
|
709
710
|
@pulumi.getter
|
710
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
711
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
711
712
|
"""
|
712
713
|
The namespace to provision the resource in.
|
713
714
|
The value should not contain leading or trailing forward slashes.
|
@@ -717,72 +718,72 @@ class _SecretBackendState:
|
|
717
718
|
return pulumi.get(self, "namespace")
|
718
719
|
|
719
720
|
@namespace.setter
|
720
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
721
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
721
722
|
pulumi.set(self, "namespace", value)
|
722
723
|
|
723
724
|
@property
|
724
725
|
@pulumi.getter
|
725
|
-
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
726
|
+
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
|
726
727
|
"""
|
727
728
|
Specifies mount type specific options that are passed to the backend
|
728
729
|
"""
|
729
730
|
return pulumi.get(self, "options")
|
730
731
|
|
731
732
|
@options.setter
|
732
|
-
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
733
|
+
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
|
733
734
|
pulumi.set(self, "options", value)
|
734
735
|
|
735
736
|
@property
|
736
737
|
@pulumi.getter(name="passthroughRequestHeaders")
|
737
|
-
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
738
|
+
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
738
739
|
"""
|
739
740
|
List of headers to allow and pass from the request to the plugin
|
740
741
|
"""
|
741
742
|
return pulumi.get(self, "passthrough_request_headers")
|
742
743
|
|
743
744
|
@passthrough_request_headers.setter
|
744
|
-
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
745
|
+
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
745
746
|
pulumi.set(self, "passthrough_request_headers", value)
|
746
747
|
|
747
748
|
@property
|
748
749
|
@pulumi.getter
|
749
|
-
def path(self) -> Optional[pulumi.Input[str]]:
|
750
|
+
def path(self) -> Optional[pulumi.Input[builtins.str]]:
|
750
751
|
"""
|
751
752
|
Where the secret backend will be mounted
|
752
753
|
"""
|
753
754
|
return pulumi.get(self, "path")
|
754
755
|
|
755
756
|
@path.setter
|
756
|
-
def path(self, value: Optional[pulumi.Input[str]]):
|
757
|
+
def path(self, value: Optional[pulumi.Input[builtins.str]]):
|
757
758
|
pulumi.set(self, "path", value)
|
758
759
|
|
759
760
|
@property
|
760
761
|
@pulumi.getter(name="pluginVersion")
|
761
|
-
def plugin_version(self) -> Optional[pulumi.Input[str]]:
|
762
|
+
def plugin_version(self) -> Optional[pulumi.Input[builtins.str]]:
|
762
763
|
"""
|
763
764
|
Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
764
765
|
"""
|
765
766
|
return pulumi.get(self, "plugin_version")
|
766
767
|
|
767
768
|
@plugin_version.setter
|
768
|
-
def plugin_version(self, value: Optional[pulumi.Input[str]]):
|
769
|
+
def plugin_version(self, value: Optional[pulumi.Input[builtins.str]]):
|
769
770
|
pulumi.set(self, "plugin_version", value)
|
770
771
|
|
771
772
|
@property
|
772
773
|
@pulumi.getter(name="sealWrap")
|
773
|
-
def seal_wrap(self) -> Optional[pulumi.Input[bool]]:
|
774
|
+
def seal_wrap(self) -> Optional[pulumi.Input[builtins.bool]]:
|
774
775
|
"""
|
775
776
|
Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
776
777
|
"""
|
777
778
|
return pulumi.get(self, "seal_wrap")
|
778
779
|
|
779
780
|
@seal_wrap.setter
|
780
|
-
def seal_wrap(self, value: Optional[pulumi.Input[bool]]):
|
781
|
+
def seal_wrap(self, value: Optional[pulumi.Input[builtins.bool]]):
|
781
782
|
pulumi.set(self, "seal_wrap", value)
|
782
783
|
|
783
784
|
@property
|
784
785
|
@pulumi.getter(name="serviceAccountJwt")
|
785
|
-
def service_account_jwt(self) -> Optional[pulumi.Input[str]]:
|
786
|
+
def service_account_jwt(self) -> Optional[pulumi.Input[builtins.str]]:
|
786
787
|
"""
|
787
788
|
The JSON web token of the service account used by the
|
788
789
|
secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
|
@@ -791,7 +792,7 @@ class _SecretBackendState:
|
|
791
792
|
return pulumi.get(self, "service_account_jwt")
|
792
793
|
|
793
794
|
@service_account_jwt.setter
|
794
|
-
def service_account_jwt(self, value: Optional[pulumi.Input[str]]):
|
795
|
+
def service_account_jwt(self, value: Optional[pulumi.Input[builtins.str]]):
|
795
796
|
pulumi.set(self, "service_account_jwt", value)
|
796
797
|
|
797
798
|
|
@@ -800,28 +801,28 @@ class SecretBackend(pulumi.CustomResource):
|
|
800
801
|
def __init__(__self__,
|
801
802
|
resource_name: str,
|
802
803
|
opts: Optional[pulumi.ResourceOptions] = None,
|
803
|
-
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
804
|
-
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
805
|
-
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
806
|
-
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
807
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
808
|
-
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
809
|
-
description: Optional[pulumi.Input[str]] = None,
|
810
|
-
disable_local_ca_jwt: Optional[pulumi.Input[bool]] = None,
|
811
|
-
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
812
|
-
identity_token_key: Optional[pulumi.Input[str]] = None,
|
813
|
-
kubernetes_ca_cert: Optional[pulumi.Input[str]] = None,
|
814
|
-
kubernetes_host: Optional[pulumi.Input[str]] = None,
|
815
|
-
listing_visibility: Optional[pulumi.Input[str]] = None,
|
816
|
-
local: Optional[pulumi.Input[bool]] = None,
|
817
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
818
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
819
|
-
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
820
|
-
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
821
|
-
path: Optional[pulumi.Input[str]] = None,
|
822
|
-
plugin_version: Optional[pulumi.Input[str]] = None,
|
823
|
-
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
824
|
-
service_account_jwt: Optional[pulumi.Input[str]] = None,
|
804
|
+
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
805
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
806
|
+
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
807
|
+
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
808
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
809
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
810
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
811
|
+
disable_local_ca_jwt: Optional[pulumi.Input[builtins.bool]] = None,
|
812
|
+
external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
|
813
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
814
|
+
kubernetes_ca_cert: Optional[pulumi.Input[builtins.str]] = None,
|
815
|
+
kubernetes_host: Optional[pulumi.Input[builtins.str]] = None,
|
816
|
+
listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
|
817
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
818
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
819
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
820
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
821
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
822
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
823
|
+
plugin_version: Optional[pulumi.Input[builtins.str]] = None,
|
824
|
+
seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
|
825
|
+
service_account_jwt: Optional[pulumi.Input[builtins.str]] = None,
|
825
826
|
__props__=None):
|
826
827
|
"""
|
827
828
|
## Example Usage
|
@@ -852,37 +853,37 @@ class SecretBackend(pulumi.CustomResource):
|
|
852
853
|
|
853
854
|
:param str resource_name: The name of the resource.
|
854
855
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
855
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
856
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
857
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
858
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
859
|
-
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
860
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
861
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount
|
862
|
-
:param pulumi.Input[bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and
|
856
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
857
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
858
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
859
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
860
|
+
:param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
861
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
862
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount
|
863
|
+
:param pulumi.Input[builtins.bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and
|
863
864
|
service account JWT when Vault is running in a Kubernetes pod.
|
864
|
-
:param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
865
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
866
|
-
:param pulumi.Input[str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the
|
865
|
+
:param pulumi.Input[builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
866
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
|
867
|
+
:param pulumi.Input[builtins.str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the
|
867
868
|
secrets engine to verify the Kubernetes API server certificate. Defaults to the local
|
868
869
|
pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where
|
869
870
|
Vault is running.
|
870
|
-
:param pulumi.Input[str] kubernetes_host: The Kubernetes API URL to connect to. Required if the
|
871
|
+
:param pulumi.Input[builtins.str] kubernetes_host: The Kubernetes API URL to connect to. Required if the
|
871
872
|
standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
|
872
873
|
are not set on the host that Vault is running on.
|
873
|
-
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
874
|
-
:param pulumi.Input[bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
|
875
|
-
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
876
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
874
|
+
:param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
875
|
+
:param pulumi.Input[builtins.bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
|
876
|
+
:param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
877
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
877
878
|
The value should not contain leading or trailing forward slashes.
|
878
879
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
879
880
|
*Available only for Vault Enterprise*.
|
880
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
881
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
882
|
-
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
883
|
-
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
884
|
-
:param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
885
|
-
:param pulumi.Input[str] service_account_jwt: The JSON web token of the service account used by the
|
881
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
|
882
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
883
|
+
:param pulumi.Input[builtins.str] path: Where the secret backend will be mounted
|
884
|
+
:param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
885
|
+
:param pulumi.Input[builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
886
|
+
:param pulumi.Input[builtins.str] service_account_jwt: The JSON web token of the service account used by the
|
886
887
|
secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
|
887
888
|
is running in Kubernetes.
|
888
889
|
"""
|
@@ -934,28 +935,28 @@ class SecretBackend(pulumi.CustomResource):
|
|
934
935
|
def _internal_init(__self__,
|
935
936
|
resource_name: str,
|
936
937
|
opts: Optional[pulumi.ResourceOptions] = None,
|
937
|
-
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
938
|
-
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
939
|
-
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
940
|
-
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
941
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
942
|
-
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
943
|
-
description: Optional[pulumi.Input[str]] = None,
|
944
|
-
disable_local_ca_jwt: Optional[pulumi.Input[bool]] = None,
|
945
|
-
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
946
|
-
identity_token_key: Optional[pulumi.Input[str]] = None,
|
947
|
-
kubernetes_ca_cert: Optional[pulumi.Input[str]] = None,
|
948
|
-
kubernetes_host: Optional[pulumi.Input[str]] = None,
|
949
|
-
listing_visibility: Optional[pulumi.Input[str]] = None,
|
950
|
-
local: Optional[pulumi.Input[bool]] = None,
|
951
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
952
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
953
|
-
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
954
|
-
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
955
|
-
path: Optional[pulumi.Input[str]] = None,
|
956
|
-
plugin_version: Optional[pulumi.Input[str]] = None,
|
957
|
-
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
958
|
-
service_account_jwt: Optional[pulumi.Input[str]] = None,
|
938
|
+
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
939
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
940
|
+
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
941
|
+
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
942
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
943
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
944
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
945
|
+
disable_local_ca_jwt: Optional[pulumi.Input[builtins.bool]] = None,
|
946
|
+
external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
|
947
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
948
|
+
kubernetes_ca_cert: Optional[pulumi.Input[builtins.str]] = None,
|
949
|
+
kubernetes_host: Optional[pulumi.Input[builtins.str]] = None,
|
950
|
+
listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
|
951
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
952
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
953
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
954
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
955
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
956
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
957
|
+
plugin_version: Optional[pulumi.Input[builtins.str]] = None,
|
958
|
+
seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
|
959
|
+
service_account_jwt: Optional[pulumi.Input[builtins.str]] = None,
|
959
960
|
__props__=None):
|
960
961
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
961
962
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -1002,29 +1003,29 @@ class SecretBackend(pulumi.CustomResource):
|
|
1002
1003
|
def get(resource_name: str,
|
1003
1004
|
id: pulumi.Input[str],
|
1004
1005
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1005
|
-
accessor: Optional[pulumi.Input[str]] = None,
|
1006
|
-
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1007
|
-
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1008
|
-
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1009
|
-
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1010
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1011
|
-
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1012
|
-
description: Optional[pulumi.Input[str]] = None,
|
1013
|
-
disable_local_ca_jwt: Optional[pulumi.Input[bool]] = None,
|
1014
|
-
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
1015
|
-
identity_token_key: Optional[pulumi.Input[str]] = None,
|
1016
|
-
kubernetes_ca_cert: Optional[pulumi.Input[str]] = None,
|
1017
|
-
kubernetes_host: Optional[pulumi.Input[str]] = None,
|
1018
|
-
listing_visibility: Optional[pulumi.Input[str]] = None,
|
1019
|
-
local: Optional[pulumi.Input[bool]] = None,
|
1020
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1021
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
1022
|
-
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
1023
|
-
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1024
|
-
path: Optional[pulumi.Input[str]] = None,
|
1025
|
-
plugin_version: Optional[pulumi.Input[str]] = None,
|
1026
|
-
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
1027
|
-
service_account_jwt: Optional[pulumi.Input[str]] = None) -> 'SecretBackend':
|
1006
|
+
accessor: Optional[pulumi.Input[builtins.str]] = None,
|
1007
|
+
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1008
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1009
|
+
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1010
|
+
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1011
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
1012
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1013
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
1014
|
+
disable_local_ca_jwt: Optional[pulumi.Input[builtins.bool]] = None,
|
1015
|
+
external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
|
1016
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
1017
|
+
kubernetes_ca_cert: Optional[pulumi.Input[builtins.str]] = None,
|
1018
|
+
kubernetes_host: Optional[pulumi.Input[builtins.str]] = None,
|
1019
|
+
listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
|
1020
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
1021
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
1022
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1023
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
1024
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1025
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
1026
|
+
plugin_version: Optional[pulumi.Input[builtins.str]] = None,
|
1027
|
+
seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
|
1028
|
+
service_account_jwt: Optional[pulumi.Input[builtins.str]] = None) -> 'SecretBackend':
|
1028
1029
|
"""
|
1029
1030
|
Get an existing SecretBackend resource's state with the given name, id, and optional extra
|
1030
1031
|
properties used to qualify the lookup.
|
@@ -1032,38 +1033,38 @@ class SecretBackend(pulumi.CustomResource):
|
|
1032
1033
|
:param str resource_name: The unique name of the resulting resource.
|
1033
1034
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
1034
1035
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
1035
|
-
:param pulumi.Input[str] accessor: Accessor of the mount
|
1036
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
1037
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
1038
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
1039
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
1040
|
-
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
1041
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
1042
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount
|
1043
|
-
:param pulumi.Input[bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and
|
1036
|
+
:param pulumi.Input[builtins.str] accessor: Accessor of the mount
|
1037
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
1038
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
1039
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
1040
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
1041
|
+
:param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
1042
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
1043
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount
|
1044
|
+
:param pulumi.Input[builtins.bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and
|
1044
1045
|
service account JWT when Vault is running in a Kubernetes pod.
|
1045
|
-
:param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
1046
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
1047
|
-
:param pulumi.Input[str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the
|
1046
|
+
:param pulumi.Input[builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
1047
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
|
1048
|
+
:param pulumi.Input[builtins.str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the
|
1048
1049
|
secrets engine to verify the Kubernetes API server certificate. Defaults to the local
|
1049
1050
|
pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where
|
1050
1051
|
Vault is running.
|
1051
|
-
:param pulumi.Input[str] kubernetes_host: The Kubernetes API URL to connect to. Required if the
|
1052
|
+
:param pulumi.Input[builtins.str] kubernetes_host: The Kubernetes API URL to connect to. Required if the
|
1052
1053
|
standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
|
1053
1054
|
are not set on the host that Vault is running on.
|
1054
|
-
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
1055
|
-
:param pulumi.Input[bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
|
1056
|
-
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
1057
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1055
|
+
:param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
1056
|
+
:param pulumi.Input[builtins.bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
|
1057
|
+
:param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
1058
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
1058
1059
|
The value should not contain leading or trailing forward slashes.
|
1059
1060
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1060
1061
|
*Available only for Vault Enterprise*.
|
1061
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
1062
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
1063
|
-
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
1064
|
-
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
1065
|
-
:param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
1066
|
-
:param pulumi.Input[str] service_account_jwt: The JSON web token of the service account used by the
|
1062
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
|
1063
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
1064
|
+
:param pulumi.Input[builtins.str] path: Where the secret backend will be mounted
|
1065
|
+
:param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
1066
|
+
:param pulumi.Input[builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
1067
|
+
:param pulumi.Input[builtins.str] service_account_jwt: The JSON web token of the service account used by the
|
1067
1068
|
secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
|
1068
1069
|
is running in Kubernetes.
|
1069
1070
|
"""
|
@@ -1098,7 +1099,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1098
1099
|
|
1099
1100
|
@property
|
1100
1101
|
@pulumi.getter
|
1101
|
-
def accessor(self) -> pulumi.Output[str]:
|
1102
|
+
def accessor(self) -> pulumi.Output[builtins.str]:
|
1102
1103
|
"""
|
1103
1104
|
Accessor of the mount
|
1104
1105
|
"""
|
@@ -1106,7 +1107,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1106
1107
|
|
1107
1108
|
@property
|
1108
1109
|
@pulumi.getter(name="allowedManagedKeys")
|
1109
|
-
def allowed_managed_keys(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1110
|
+
def allowed_managed_keys(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1110
1111
|
"""
|
1111
1112
|
List of managed key registry entry names that the mount in question is allowed to access
|
1112
1113
|
"""
|
@@ -1114,7 +1115,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1114
1115
|
|
1115
1116
|
@property
|
1116
1117
|
@pulumi.getter(name="allowedResponseHeaders")
|
1117
|
-
def allowed_response_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1118
|
+
def allowed_response_headers(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1118
1119
|
"""
|
1119
1120
|
List of headers to allow and pass from the request to the plugin
|
1120
1121
|
"""
|
@@ -1122,7 +1123,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1122
1123
|
|
1123
1124
|
@property
|
1124
1125
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
1125
|
-
def audit_non_hmac_request_keys(self) -> pulumi.Output[Sequence[str]]:
|
1126
|
+
def audit_non_hmac_request_keys(self) -> pulumi.Output[Sequence[builtins.str]]:
|
1126
1127
|
"""
|
1127
1128
|
Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
1128
1129
|
"""
|
@@ -1130,7 +1131,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1130
1131
|
|
1131
1132
|
@property
|
1132
1133
|
@pulumi.getter(name="auditNonHmacResponseKeys")
|
1133
|
-
def audit_non_hmac_response_keys(self) -> pulumi.Output[Sequence[str]]:
|
1134
|
+
def audit_non_hmac_response_keys(self) -> pulumi.Output[Sequence[builtins.str]]:
|
1134
1135
|
"""
|
1135
1136
|
Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
1136
1137
|
"""
|
@@ -1138,7 +1139,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1138
1139
|
|
1139
1140
|
@property
|
1140
1141
|
@pulumi.getter(name="defaultLeaseTtlSeconds")
|
1141
|
-
def default_lease_ttl_seconds(self) -> pulumi.Output[int]:
|
1142
|
+
def default_lease_ttl_seconds(self) -> pulumi.Output[builtins.int]:
|
1142
1143
|
"""
|
1143
1144
|
Default lease duration for tokens and secrets in seconds
|
1144
1145
|
"""
|
@@ -1146,7 +1147,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1146
1147
|
|
1147
1148
|
@property
|
1148
1149
|
@pulumi.getter(name="delegatedAuthAccessors")
|
1149
|
-
def delegated_auth_accessors(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1150
|
+
def delegated_auth_accessors(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1150
1151
|
"""
|
1151
1152
|
List of headers to allow and pass from the request to the plugin
|
1152
1153
|
"""
|
@@ -1154,7 +1155,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1154
1155
|
|
1155
1156
|
@property
|
1156
1157
|
@pulumi.getter
|
1157
|
-
def description(self) -> pulumi.Output[Optional[str]]:
|
1158
|
+
def description(self) -> pulumi.Output[Optional[builtins.str]]:
|
1158
1159
|
"""
|
1159
1160
|
Human-friendly description of the mount
|
1160
1161
|
"""
|
@@ -1162,7 +1163,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1162
1163
|
|
1163
1164
|
@property
|
1164
1165
|
@pulumi.getter(name="disableLocalCaJwt")
|
1165
|
-
def disable_local_ca_jwt(self) -> pulumi.Output[Optional[bool]]:
|
1166
|
+
def disable_local_ca_jwt(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1166
1167
|
"""
|
1167
1168
|
Disable defaulting to the local CA certificate and
|
1168
1169
|
service account JWT when Vault is running in a Kubernetes pod.
|
@@ -1171,7 +1172,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1171
1172
|
|
1172
1173
|
@property
|
1173
1174
|
@pulumi.getter(name="externalEntropyAccess")
|
1174
|
-
def external_entropy_access(self) -> pulumi.Output[Optional[bool]]:
|
1175
|
+
def external_entropy_access(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1175
1176
|
"""
|
1176
1177
|
Enable the secrets engine to access Vault's external entropy source
|
1177
1178
|
"""
|
@@ -1179,7 +1180,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1179
1180
|
|
1180
1181
|
@property
|
1181
1182
|
@pulumi.getter(name="identityTokenKey")
|
1182
|
-
def identity_token_key(self) -> pulumi.Output[Optional[str]]:
|
1183
|
+
def identity_token_key(self) -> pulumi.Output[Optional[builtins.str]]:
|
1183
1184
|
"""
|
1184
1185
|
The key to use for signing plugin workload identity tokens
|
1185
1186
|
"""
|
@@ -1187,7 +1188,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1187
1188
|
|
1188
1189
|
@property
|
1189
1190
|
@pulumi.getter(name="kubernetesCaCert")
|
1190
|
-
def kubernetes_ca_cert(self) -> pulumi.Output[Optional[str]]:
|
1191
|
+
def kubernetes_ca_cert(self) -> pulumi.Output[Optional[builtins.str]]:
|
1191
1192
|
"""
|
1192
1193
|
A PEM-encoded CA certificate used by the
|
1193
1194
|
secrets engine to verify the Kubernetes API server certificate. Defaults to the local
|
@@ -1198,7 +1199,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1198
1199
|
|
1199
1200
|
@property
|
1200
1201
|
@pulumi.getter(name="kubernetesHost")
|
1201
|
-
def kubernetes_host(self) -> pulumi.Output[Optional[str]]:
|
1202
|
+
def kubernetes_host(self) -> pulumi.Output[Optional[builtins.str]]:
|
1202
1203
|
"""
|
1203
1204
|
The Kubernetes API URL to connect to. Required if the
|
1204
1205
|
standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
|
@@ -1208,7 +1209,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1208
1209
|
|
1209
1210
|
@property
|
1210
1211
|
@pulumi.getter(name="listingVisibility")
|
1211
|
-
def listing_visibility(self) -> pulumi.Output[Optional[str]]:
|
1212
|
+
def listing_visibility(self) -> pulumi.Output[Optional[builtins.str]]:
|
1212
1213
|
"""
|
1213
1214
|
Specifies whether to show this mount in the UI-specific listing endpoint
|
1214
1215
|
"""
|
@@ -1216,7 +1217,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1216
1217
|
|
1217
1218
|
@property
|
1218
1219
|
@pulumi.getter
|
1219
|
-
def local(self) -> pulumi.Output[Optional[bool]]:
|
1220
|
+
def local(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1220
1221
|
"""
|
1221
1222
|
Local mount flag that can be explicitly set to true to enforce local mount in HA environment
|
1222
1223
|
"""
|
@@ -1224,7 +1225,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1224
1225
|
|
1225
1226
|
@property
|
1226
1227
|
@pulumi.getter(name="maxLeaseTtlSeconds")
|
1227
|
-
def max_lease_ttl_seconds(self) -> pulumi.Output[int]:
|
1228
|
+
def max_lease_ttl_seconds(self) -> pulumi.Output[builtins.int]:
|
1228
1229
|
"""
|
1229
1230
|
Maximum possible lease duration for tokens and secrets in seconds
|
1230
1231
|
"""
|
@@ -1232,7 +1233,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1232
1233
|
|
1233
1234
|
@property
|
1234
1235
|
@pulumi.getter
|
1235
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
1236
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
1236
1237
|
"""
|
1237
1238
|
The namespace to provision the resource in.
|
1238
1239
|
The value should not contain leading or trailing forward slashes.
|
@@ -1243,7 +1244,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1243
1244
|
|
1244
1245
|
@property
|
1245
1246
|
@pulumi.getter
|
1246
|
-
def options(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
1247
|
+
def options(self) -> pulumi.Output[Optional[Mapping[str, builtins.str]]]:
|
1247
1248
|
"""
|
1248
1249
|
Specifies mount type specific options that are passed to the backend
|
1249
1250
|
"""
|
@@ -1251,7 +1252,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1251
1252
|
|
1252
1253
|
@property
|
1253
1254
|
@pulumi.getter(name="passthroughRequestHeaders")
|
1254
|
-
def passthrough_request_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1255
|
+
def passthrough_request_headers(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1255
1256
|
"""
|
1256
1257
|
List of headers to allow and pass from the request to the plugin
|
1257
1258
|
"""
|
@@ -1259,7 +1260,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1259
1260
|
|
1260
1261
|
@property
|
1261
1262
|
@pulumi.getter
|
1262
|
-
def path(self) -> pulumi.Output[str]:
|
1263
|
+
def path(self) -> pulumi.Output[builtins.str]:
|
1263
1264
|
"""
|
1264
1265
|
Where the secret backend will be mounted
|
1265
1266
|
"""
|
@@ -1267,7 +1268,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1267
1268
|
|
1268
1269
|
@property
|
1269
1270
|
@pulumi.getter(name="pluginVersion")
|
1270
|
-
def plugin_version(self) -> pulumi.Output[Optional[str]]:
|
1271
|
+
def plugin_version(self) -> pulumi.Output[Optional[builtins.str]]:
|
1271
1272
|
"""
|
1272
1273
|
Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
1273
1274
|
"""
|
@@ -1275,7 +1276,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1275
1276
|
|
1276
1277
|
@property
|
1277
1278
|
@pulumi.getter(name="sealWrap")
|
1278
|
-
def seal_wrap(self) -> pulumi.Output[bool]:
|
1279
|
+
def seal_wrap(self) -> pulumi.Output[builtins.bool]:
|
1279
1280
|
"""
|
1280
1281
|
Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
1281
1282
|
"""
|
@@ -1283,7 +1284,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1283
1284
|
|
1284
1285
|
@property
|
1285
1286
|
@pulumi.getter(name="serviceAccountJwt")
|
1286
|
-
def service_account_jwt(self) -> pulumi.Output[Optional[str]]:
|
1287
|
+
def service_account_jwt(self) -> pulumi.Output[Optional[builtins.str]]:
|
1287
1288
|
"""
|
1288
1289
|
The JSON web token of the service account used by the
|
1289
1290
|
secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
|