pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl

pulumi_vault/ldap/auth_backend.py

@@ -2,6 +2,7 @@
 # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
 
+import builtins
 import copy
 import warnings
 import sys
@@ -19,87 +20,99 @@ __all__ = ['AuthBackendArgs', 'AuthBackend']
 @pulumi.input_type
 class AuthBackendArgs:
     def __init__(__self__, *,
-                 url: pulumi.Input[str],
-                 binddn: Optional[pulumi.Input[str]] = None,
-                 bindpass: Optional[pulumi.Input[str]] = None,
-                 case_sensitive_names: Optional[pulumi.Input[bool]] = None,
-                 certificate: Optional[pulumi.Input[str]] = None,
-                 client_tls_cert: Optional[pulumi.Input[str]] = None,
-                 client_tls_key: Optional[pulumi.Input[str]] = None,
-                 connection_timeout: Optional[pulumi.Input[int]] = None,
-                 deny_null_bind: Optional[pulumi.Input[bool]] = None,
-                 description: Optional[pulumi.Input[str]] = None,
-                 disable_remount: Optional[pulumi.Input[bool]] = None,
-                 discoverdn: Optional[pulumi.Input[bool]] = None,
-                 groupattr: Optional[pulumi.Input[str]] = None,
-                 groupdn: Optional[pulumi.Input[str]] = None,
-                 groupfilter: Optional[pulumi.Input[str]] = None,
-                 insecure_tls: Optional[pulumi.Input[bool]] = None,
-                 local: Optional[pulumi.Input[bool]] = None,
-                 max_page_size: Optional[pulumi.Input[int]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None,
-                 path: Optional[pulumi.Input[str]] = None,
-                 starttls: Optional[pulumi.Input[bool]] = None,
-                 tls_max_version: Optional[pulumi.Input[str]] = None,
-                 tls_min_version: Optional[pulumi.Input[str]] = None,
-                 token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
-                 token_max_ttl: Optional[pulumi.Input[int]] = None,
-                 token_no_default_policy: Optional[pulumi.Input[bool]] = None,
-                 token_num_uses: Optional[pulumi.Input[int]] = None,
-                 token_period: Optional[pulumi.Input[int]] = None,
-                 token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 token_ttl: Optional[pulumi.Input[int]] = None,
-                 token_type: Optional[pulumi.Input[str]] = None,
-                 upndomain: Optional[pulumi.Input[str]] = None,
-                 use_token_groups: Optional[pulumi.Input[bool]] = None,
-                 userattr: Optional[pulumi.Input[str]] = None,
-                 userdn: Optional[pulumi.Input[str]] = None,
-                 userfilter: Optional[pulumi.Input[str]] = None,
-                 username_as_alias: Optional[pulumi.Input[bool]] = None):
+                 url: pulumi.Input[builtins.str],
+                 binddn: Optional[pulumi.Input[builtins.str]] = None,
+                 bindpass: Optional[pulumi.Input[builtins.str]] = None,
+                 case_sensitive_names: Optional[pulumi.Input[builtins.bool]] = None,
+                 certificate: Optional[pulumi.Input[builtins.str]] = None,
+                 client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
+                 client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
+                 connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
+                 deny_null_bind: Optional[pulumi.Input[builtins.bool]] = None,
+                 description: Optional[pulumi.Input[builtins.str]] = None,
+                 disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
+                 disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
+                 discoverdn: Optional[pulumi.Input[builtins.bool]] = None,
+                 groupattr: Optional[pulumi.Input[builtins.str]] = None,
+                 groupdn: Optional[pulumi.Input[builtins.str]] = None,
+                 groupfilter: Optional[pulumi.Input[builtins.str]] = None,
+                 insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
+                 local: Optional[pulumi.Input[builtins.bool]] = None,
+                 max_page_size: Optional[pulumi.Input[builtins.int]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
+                 path: Optional[pulumi.Input[builtins.str]] = None,
+                 rotation_period: Optional[pulumi.Input[builtins.int]] = None,
+                 rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
+                 rotation_window: Optional[pulumi.Input[builtins.int]] = None,
+                 starttls: Optional[pulumi.Input[builtins.bool]] = None,
+                 tls_max_version: Optional[pulumi.Input[builtins.str]] = None,
+                 tls_min_version: Optional[pulumi.Input[builtins.str]] = None,
+                 token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
+                 token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
+                 token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
+                 token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
+                 token_period: Optional[pulumi.Input[builtins.int]] = None,
+                 token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 token_ttl: Optional[pulumi.Input[builtins.int]] = None,
+                 token_type: Optional[pulumi.Input[builtins.str]] = None,
+                 upndomain: Optional[pulumi.Input[builtins.str]] = None,
+                 use_token_groups: Optional[pulumi.Input[builtins.bool]] = None,
+                 userattr: Optional[pulumi.Input[builtins.str]] = None,
+                 userdn: Optional[pulumi.Input[builtins.str]] = None,
+                 userfilter: Optional[pulumi.Input[builtins.str]] = None,
+                 username_as_alias: Optional[pulumi.Input[builtins.bool]] = None):
         """
         The set of arguments for constructing a AuthBackend resource.
-        :param pulumi.Input[str] url: The URL of the LDAP server
-        :param pulumi.Input[str] binddn: DN of object to bind when performing user search
-        :param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
-        :param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
-        :param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
-        :param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
-        :param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
-        :param pulumi.Input[str] description: Description for the LDAP auth backend mount
-        :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
+        :param pulumi.Input[builtins.str] url: The URL of the LDAP server
+        :param pulumi.Input[builtins.str] binddn: DN of object to bind when performing user search
+        :param pulumi.Input[builtins.str] bindpass: Password to use with `binddn` when performing user search
+        :param pulumi.Input[builtins.bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
+        :param pulumi.Input[builtins.str] certificate: Trusted CA to validate TLS certificate
+        :param pulumi.Input[builtins.int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
+        :param pulumi.Input[builtins.bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
+        :param pulumi.Input[builtins.str] description: Description for the LDAP auth backend mount
+        :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
                See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
-        :param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
-        :param pulumi.Input[str] groupattr: LDAP attribute to follow on objects returned by groupfilter
-        :param pulumi.Input[str] groupdn: Base DN under which to perform group search
-        :param pulumi.Input[str] groupfilter: Go template used to construct group membership query
-        :param pulumi.Input[bool] insecure_tls: Control whether or TLS certificates must be validated
-        :param pulumi.Input[bool] local: Specifies if the auth method is local only.
-        :param pulumi.Input[int] max_page_size: Sets the max page size for LDAP lookups, by default it's set to -1.
+        :param pulumi.Input[builtins.bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
+        :param pulumi.Input[builtins.str] groupattr: LDAP attribute to follow on objects returned by groupfilter
+        :param pulumi.Input[builtins.str] groupdn: Base DN under which to perform group search
+        :param pulumi.Input[builtins.str] groupfilter: Go template used to construct group membership query
+        :param pulumi.Input[builtins.bool] insecure_tls: Control whether or TLS certificates must be validated
+        :param pulumi.Input[builtins.bool] local: Specifies if the auth method is local only.
+        :param pulumi.Input[builtins.int] max_page_size: Sets the max page size for LDAP lookups, by default it's set to -1.
                *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[str] path: Path to mount the LDAP auth backend under
-        :param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
-        :param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
-        :param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
-        :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
-        :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
-        :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
-        :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
-        :param pulumi.Input[int] token_period: Generated Token's Period
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
-        :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
-        :param pulumi.Input[str] token_type: The type of token to generate, service or batch
-        :param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
-        :param pulumi.Input[bool] use_token_groups: Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
-        :param pulumi.Input[str] userattr: Attribute on user object matching username passed in
-        :param pulumi.Input[str] userdn: Base DN under which to perform user search
-        :param pulumi.Input[str] userfilter: LDAP user search filter
-        :param pulumi.Input[bool] username_as_alias: Force the auth method to use the username passed by the user as the alias name.
+        :param pulumi.Input[builtins.str] path: Path to mount the LDAP auth backend under
+        :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
+               A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+               defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
+               a rotation when a scheduled token rotation occurs. The default rotation window is
+               unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[builtins.bool] starttls: Control use of TLS when conecting to LDAP
+        :param pulumi.Input[builtins.str] tls_max_version: Maximum acceptable version of TLS
+        :param pulumi.Input[builtins.str] tls_min_version: Minimum acceptable version of TLS
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
+        :param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
+        :param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
+        :param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
+        :param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
+        :param pulumi.Input[builtins.int] token_period: Generated Token's Period
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
+        :param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
+        :param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
+        :param pulumi.Input[builtins.str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
+        :param pulumi.Input[builtins.bool] use_token_groups: Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
+        :param pulumi.Input[builtins.str] userattr: Attribute on user object matching username passed in
+        :param pulumi.Input[builtins.str] userdn: Base DN under which to perform user search
+        :param pulumi.Input[builtins.str] userfilter: LDAP user search filter
+        :param pulumi.Input[builtins.bool] username_as_alias: Force the auth method to use the username passed by the user as the alias name.
         """
         pulumi.set(__self__, "url", url)
         if binddn is not None:
@@ -120,6 +133,8 @@ class AuthBackendArgs:
             pulumi.set(__self__, "deny_null_bind", deny_null_bind)
         if description is not None:
             pulumi.set(__self__, "description", description)
+        if disable_automated_rotation is not None:
+            pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
         if disable_remount is not None:
             pulumi.set(__self__, "disable_remount", disable_remount)
         if discoverdn is not None:
@@ -140,6 +155,12 @@ class AuthBackendArgs:
             pulumi.set(__self__, "namespace", namespace)
         if path is not None:
             pulumi.set(__self__, "path", path)
+        if rotation_period is not None:
+            pulumi.set(__self__, "rotation_period", rotation_period)
+        if rotation_schedule is not None:
+            pulumi.set(__self__, "rotation_schedule", rotation_schedule)
+        if rotation_window is not None:
+            pulumi.set(__self__, "rotation_window", rotation_window)
         if starttls is not None:
             pulumi.set(__self__, "starttls", starttls)
         if tls_max_version is not None:
@@ -179,121 +200,133 @@ class AuthBackendArgs:
 
     @property
     @pulumi.getter
-    def url(self) -> pulumi.Input[str]:
+    def url(self) -> pulumi.Input[builtins.str]:
         """
         The URL of the LDAP server
         """
         return pulumi.get(self, "url")
 
     @url.setter
-    def url(self, value: pulumi.Input[str]):
+    def url(self, value: pulumi.Input[builtins.str]):
         pulumi.set(self, "url", value)
 
     @property
     @pulumi.getter
-    def binddn(self) -> Optional[pulumi.Input[str]]:
+    def binddn(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         DN of object to bind when performing user search
         """
         return pulumi.get(self, "binddn")
 
     @binddn.setter
-    def binddn(self, value: Optional[pulumi.Input[str]]):
+    def binddn(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "binddn", value)
 
     @property
     @pulumi.getter
-    def bindpass(self) -> Optional[pulumi.Input[str]]:
+    def bindpass(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Password to use with `binddn` when performing user search
         """
         return pulumi.get(self, "bindpass")
 
     @bindpass.setter
-    def bindpass(self, value: Optional[pulumi.Input[str]]):
+    def bindpass(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "bindpass", value)
 
     @property
     @pulumi.getter(name="caseSensitiveNames")
-    def case_sensitive_names(self) -> Optional[pulumi.Input[bool]]:
+    def case_sensitive_names(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
         """
         return pulumi.get(self, "case_sensitive_names")
 
     @case_sensitive_names.setter
-    def case_sensitive_names(self, value: Optional[pulumi.Input[bool]]):
+    def case_sensitive_names(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "case_sensitive_names", value)
 
     @property
     @pulumi.getter
-    def certificate(self) -> Optional[pulumi.Input[str]]:
+    def certificate(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Trusted CA to validate TLS certificate
         """
         return pulumi.get(self, "certificate")
 
     @certificate.setter
-    def certificate(self, value: Optional[pulumi.Input[str]]):
+    def certificate(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "certificate", value)
 
     @property
     @pulumi.getter(name="clientTlsCert")
-    def client_tls_cert(self) -> Optional[pulumi.Input[str]]:
+    def client_tls_cert(self) -> Optional[pulumi.Input[builtins.str]]:
         return pulumi.get(self, "client_tls_cert")
 
     @client_tls_cert.setter
-    def client_tls_cert(self, value: Optional[pulumi.Input[str]]):
+    def client_tls_cert(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "client_tls_cert", value)
 
     @property
     @pulumi.getter(name="clientTlsKey")
-    def client_tls_key(self) -> Optional[pulumi.Input[str]]:
+    def client_tls_key(self) -> Optional[pulumi.Input[builtins.str]]:
         return pulumi.get(self, "client_tls_key")
 
     @client_tls_key.setter
-    def client_tls_key(self, value: Optional[pulumi.Input[str]]):
+    def client_tls_key(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "client_tls_key", value)
 
     @property
     @pulumi.getter(name="connectionTimeout")
-    def connection_timeout(self) -> Optional[pulumi.Input[int]]:
+    def connection_timeout(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
         """
         return pulumi.get(self, "connection_timeout")
 
     @connection_timeout.setter
-    def connection_timeout(self, value: Optional[pulumi.Input[int]]):
+    def connection_timeout(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "connection_timeout", value)
 
     @property
     @pulumi.getter(name="denyNullBind")
-    def deny_null_bind(self) -> Optional[pulumi.Input[bool]]:
+    def deny_null_bind(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Prevents users from bypassing authentication when providing an empty password.
         """
         return pulumi.get(self, "deny_null_bind")
 
     @deny_null_bind.setter
-    def deny_null_bind(self, value: Optional[pulumi.Input[bool]]):
+    def deny_null_bind(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "deny_null_bind", value)
 
     @property
     @pulumi.getter
-    def description(self) -> Optional[pulumi.Input[str]]:
+    def description(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Description for the LDAP auth backend mount
         """
         return pulumi.get(self, "description")
 
     @description.setter
-    def description(self, value: Optional[pulumi.Input[str]]):
+    def description(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "description", value)
 
+    @property
+    @pulumi.getter(name="disableAutomatedRotation")
+    def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
+        """
+        Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "disable_automated_rotation")
+
+    @disable_automated_rotation.setter
+    def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
+        pulumi.set(self, "disable_automated_rotation", value)
+
     @property
     @pulumi.getter(name="disableRemount")
-    def disable_remount(self) -> Optional[pulumi.Input[bool]]:
+    def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         If set, opts out of mount migration on path updates.
         See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
@@ -301,84 +334,84 @@ class AuthBackendArgs:
         return pulumi.get(self, "disable_remount")
 
     @disable_remount.setter
-    def disable_remount(self, value: Optional[pulumi.Input[bool]]):
+    def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "disable_remount", value)
 
     @property
     @pulumi.getter
-    def discoverdn(self) -> Optional[pulumi.Input[bool]]:
+    def discoverdn(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Use anonymous bind to discover the bind DN of a user.
         """
         return pulumi.get(self, "discoverdn")
 
     @discoverdn.setter
-    def discoverdn(self, value: Optional[pulumi.Input[bool]]):
+    def discoverdn(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "discoverdn", value)
 
     @property
     @pulumi.getter
-    def groupattr(self) -> Optional[pulumi.Input[str]]:
+    def groupattr(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         LDAP attribute to follow on objects returned by groupfilter
         """
         return pulumi.get(self, "groupattr")
 
     @groupattr.setter
-    def groupattr(self, value: Optional[pulumi.Input[str]]):
+    def groupattr(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "groupattr", value)
 
     @property
     @pulumi.getter
-    def groupdn(self) -> Optional[pulumi.Input[str]]:
+    def groupdn(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Base DN under which to perform group search
         """
         return pulumi.get(self, "groupdn")
 
     @groupdn.setter
-    def groupdn(self, value: Optional[pulumi.Input[str]]):
+    def groupdn(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "groupdn", value)
 
     @property
     @pulumi.getter
-    def groupfilter(self) -> Optional[pulumi.Input[str]]:
+    def groupfilter(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Go template used to construct group membership query
         """
         return pulumi.get(self, "groupfilter")
 
     @groupfilter.setter
-    def groupfilter(self, value: Optional[pulumi.Input[str]]):
+    def groupfilter(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "groupfilter", value)
 
     @property
     @pulumi.getter(name="insecureTls")
-    def insecure_tls(self) -> Optional[pulumi.Input[bool]]:
+    def insecure_tls(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Control whether or TLS certificates must be validated
         """
         return pulumi.get(self, "insecure_tls")
 
     @insecure_tls.setter
-    def insecure_tls(self, value: Optional[pulumi.Input[bool]]):
+    def insecure_tls(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "insecure_tls", value)
 
     @property
     @pulumi.getter
-    def local(self) -> Optional[pulumi.Input[bool]]:
+    def local(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Specifies if the auth method is local only.
         """
         return pulumi.get(self, "local")
 
     @local.setter
-    def local(self, value: Optional[pulumi.Input[bool]]):
+    def local(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "local", value)
 
     @property
     @pulumi.getter(name="maxPageSize")
-    def max_page_size(self) -> Optional[pulumi.Input[int]]:
+    def max_page_size(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         Sets the max page size for LDAP lookups, by default it's set to -1.
         *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
@@ -386,12 +419,12 @@ class AuthBackendArgs:
         return pulumi.get(self, "max_page_size")
 
     @max_page_size.setter
-    def max_page_size(self, value: Optional[pulumi.Input[int]]):
+    def max_page_size(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "max_page_size", value)
 
     @property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[str]]:
+    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -401,324 +434,376 @@ class AuthBackendArgs:
         return pulumi.get(self, "namespace")
 
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[str]]):
+    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "namespace", value)
 
     @property
     @pulumi.getter
-    def path(self) -> Optional[pulumi.Input[str]]:
+    def path(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Path to mount the LDAP auth backend under
         """
         return pulumi.get(self, "path")
 
     @path.setter
-    def path(self, value: Optional[pulumi.Input[str]]):
+    def path(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "path", value)
 
+    @property
+    @pulumi.getter(name="rotationPeriod")
+    def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
+        """
+        The amount of time in seconds Vault should wait before rotating the root credential.
+        A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_period")
+
+    @rotation_period.setter
+    def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
+        pulumi.set(self, "rotation_period", value)
+
+    @property
+    @pulumi.getter(name="rotationSchedule")
+    def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
+        """
+        The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+        defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_schedule")
+
+    @rotation_schedule.setter
+    def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
+        pulumi.set(self, "rotation_schedule", value)
+
+    @property
+    @pulumi.getter(name="rotationWindow")
+    def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
+        """
+        The maximum amount of time in seconds allowed to complete
+        a rotation when a scheduled token rotation occurs. The default rotation window is
+        unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_window")
+
+    @rotation_window.setter
+    def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
+        pulumi.set(self, "rotation_window", value)
+
     @property
     @pulumi.getter
-    def starttls(self) -> Optional[pulumi.Input[bool]]:
+    def starttls(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Control use of TLS when conecting to LDAP
         """
         return pulumi.get(self, "starttls")
 
     @starttls.setter
-    def starttls(self, value: Optional[pulumi.Input[bool]]):
+    def starttls(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "starttls", value)
 
     @property
     @pulumi.getter(name="tlsMaxVersion")
-    def tls_max_version(self) -> Optional[pulumi.Input[str]]:
+    def tls_max_version(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Maximum acceptable version of TLS
         """
         return pulumi.get(self, "tls_max_version")
 
     @tls_max_version.setter
-    def tls_max_version(self, value: Optional[pulumi.Input[str]]):
+    def tls_max_version(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "tls_max_version", value)
 
     @property
     @pulumi.getter(name="tlsMinVersion")
-    def tls_min_version(self) -> Optional[pulumi.Input[str]]:
+    def tls_min_version(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Minimum acceptable version of TLS
         """
         return pulumi.get(self, "tls_min_version")
 
     @tls_min_version.setter
-    def tls_min_version(self, value: Optional[pulumi.Input[str]]):
+    def tls_min_version(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "tls_min_version", value)
 
     @property
     @pulumi.getter(name="tokenBoundCidrs")
-    def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
         """
         Specifies the blocks of IP addresses which are allowed to use the generated token
         """
         return pulumi.get(self, "token_bound_cidrs")
 
     @token_bound_cidrs.setter
-    def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
         pulumi.set(self, "token_bound_cidrs", value)
 
     @property
     @pulumi.getter(name="tokenExplicitMaxTtl")
-    def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
+    def token_explicit_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         Generated Token's Explicit Maximum TTL in seconds
         """
         return pulumi.get(self, "token_explicit_max_ttl")
 
     @token_explicit_max_ttl.setter
-    def token_explicit_max_ttl(self, value: Optional[pulumi.Input[int]]):
+    def token_explicit_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "token_explicit_max_ttl", value)
 
     @property
     @pulumi.getter(name="tokenMaxTtl")
-    def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
+    def token_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         The maximum lifetime of the generated token
         """
         return pulumi.get(self, "token_max_ttl")
 
     @token_max_ttl.setter
-    def token_max_ttl(self, value: Optional[pulumi.Input[int]]):
+    def token_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "token_max_ttl", value)
 
     @property
     @pulumi.getter(name="tokenNoDefaultPolicy")
-    def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
+    def token_no_default_policy(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         If true, the 'default' policy will not automatically be added to generated tokens
         """
         return pulumi.get(self, "token_no_default_policy")
 
     @token_no_default_policy.setter
-    def token_no_default_policy(self, value: Optional[pulumi.Input[bool]]):
+    def token_no_default_policy(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "token_no_default_policy", value)
 
     @property
     @pulumi.getter(name="tokenNumUses")
-    def token_num_uses(self) -> Optional[pulumi.Input[int]]:
+    def token_num_uses(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         The maximum number of times a token may be used, a value of zero means unlimited
         """
         return pulumi.get(self, "token_num_uses")
 
     @token_num_uses.setter
-    def token_num_uses(self, value: Optional[pulumi.Input[int]]):
+    def token_num_uses(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "token_num_uses", value)
 
     @property
     @pulumi.getter(name="tokenPeriod")
-    def token_period(self) -> Optional[pulumi.Input[int]]:
+    def token_period(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         Generated Token's Period
         """
         return pulumi.get(self, "token_period")
 
     @token_period.setter
-    def token_period(self, value: Optional[pulumi.Input[int]]):
+    def token_period(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "token_period", value)
 
     @property
     @pulumi.getter(name="tokenPolicies")
-    def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
         """
         Generated Token's Policies
         """
         return pulumi.get(self, "token_policies")
 
     @token_policies.setter
-    def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
         pulumi.set(self, "token_policies", value)
 
     @property
     @pulumi.getter(name="tokenTtl")
-    def token_ttl(self) -> Optional[pulumi.Input[int]]:
+    def token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         The initial ttl of the token to generate in seconds
         """
         return pulumi.get(self, "token_ttl")
 
     @token_ttl.setter
-    def token_ttl(self, value: Optional[pulumi.Input[int]]):
+    def token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "token_ttl", value)
 
     @property
     @pulumi.getter(name="tokenType")
-    def token_type(self) -> Optional[pulumi.Input[str]]:
+    def token_type(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The type of token to generate, service or batch
         """
         return pulumi.get(self, "token_type")
 
     @token_type.setter
-    def token_type(self, value: Optional[pulumi.Input[str]]):
+    def token_type(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "token_type", value)
 
     @property
     @pulumi.getter
-    def upndomain(self) -> Optional[pulumi.Input[str]]:
+    def upndomain(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
         """
         return pulumi.get(self, "upndomain")
 
     @upndomain.setter
-    def upndomain(self, value: Optional[pulumi.Input[str]]):
+    def upndomain(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "upndomain", value)
 
     @property
     @pulumi.getter(name="useTokenGroups")
-    def use_token_groups(self) -> Optional[pulumi.Input[bool]]:
+    def use_token_groups(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
         """
         return pulumi.get(self, "use_token_groups")
 
     @use_token_groups.setter
-    def use_token_groups(self, value: Optional[pulumi.Input[bool]]):
+    def use_token_groups(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "use_token_groups", value)
 
     @property
     @pulumi.getter
-    def userattr(self) -> Optional[pulumi.Input[str]]:
+    def userattr(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Attribute on user object matching username passed in
         """
         return pulumi.get(self, "userattr")
 
     @userattr.setter
-    def userattr(self, value: Optional[pulumi.Input[str]]):
+    def userattr(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "userattr", value)
 
     @property
     @pulumi.getter
-    def userdn(self) -> Optional[pulumi.Input[str]]:
+    def userdn(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Base DN under which to perform user search
         """
         return pulumi.get(self, "userdn")
 
     @userdn.setter
-    def userdn(self, value: Optional[pulumi.Input[str]]):
+    def userdn(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "userdn", value)
 
     @property
     @pulumi.getter
-    def userfilter(self) -> Optional[pulumi.Input[str]]:
+    def userfilter(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         LDAP user search filter
         """
         return pulumi.get(self, "userfilter")
 
     @userfilter.setter
-    def userfilter(self, value: Optional[pulumi.Input[str]]):
+    def userfilter(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "userfilter", value)
 
     @property
     @pulumi.getter(name="usernameAsAlias")
-    def username_as_alias(self) -> Optional[pulumi.Input[bool]]:
+    def username_as_alias(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Force the auth method to use the username passed by the user as the alias name.
         """
         return pulumi.get(self, "username_as_alias")
 
     @username_as_alias.setter
-    def username_as_alias(self, value: Optional[pulumi.Input[bool]]):
+    def username_as_alias(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "username_as_alias", value)
 
 
 @pulumi.input_type
 class _AuthBackendState:
     def __init__(__self__, *,
-                 accessor: Optional[pulumi.Input[str]] = None,
-                 binddn: Optional[pulumi.Input[str]] = None,
-                 bindpass: Optional[pulumi.Input[str]] = None,
-                 case_sensitive_names: Optional[pulumi.Input[bool]] = None,
-                 certificate: Optional[pulumi.Input[str]] = None,
-                 client_tls_cert: Optional[pulumi.Input[str]] = None,
-                 client_tls_key: Optional[pulumi.Input[str]] = None,
-                 connection_timeout: Optional[pulumi.Input[int]] = None,
-                 deny_null_bind: Optional[pulumi.Input[bool]] = None,
-                 description: Optional[pulumi.Input[str]] = None,
-                 disable_remount: Optional[pulumi.Input[bool]] = None,
-                 discoverdn: Optional[pulumi.Input[bool]] = None,
-                 groupattr: Optional[pulumi.Input[str]] = None,
-                 groupdn: Optional[pulumi.Input[str]] = None,
-                 groupfilter: Optional[pulumi.Input[str]] = None,
-                 insecure_tls: Optional[pulumi.Input[bool]] = None,
-                 local: Optional[pulumi.Input[bool]] = None,
-                 max_page_size: Optional[pulumi.Input[int]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None,
-                 path: Optional[pulumi.Input[str]] = None,
-                 starttls: Optional[pulumi.Input[bool]] = None,
-                 tls_max_version: Optional[pulumi.Input[str]] = None,
-                 tls_min_version: Optional[pulumi.Input[str]] = None,
-                 token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
-                 token_max_ttl: Optional[pulumi.Input[int]] = None,
-                 token_no_default_policy: Optional[pulumi.Input[bool]] = None,
-                 token_num_uses: Optional[pulumi.Input[int]] = None,
-                 token_period: Optional[pulumi.Input[int]] = None,
-                 token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 token_ttl: Optional[pulumi.Input[int]] = None,
-                 token_type: Optional[pulumi.Input[str]] = None,
-                 upndomain: Optional[pulumi.Input[str]] = None,
-                 url: Optional[pulumi.Input[str]] = None,
-                 use_token_groups: Optional[pulumi.Input[bool]] = None,
-                 userattr: Optional[pulumi.Input[str]] = None,
-                 userdn: Optional[pulumi.Input[str]] = None,
-                 userfilter: Optional[pulumi.Input[str]] = None,
-                 username_as_alias: Optional[pulumi.Input[bool]] = None):
+                 accessor: Optional[pulumi.Input[builtins.str]] = None,
+                 binddn: Optional[pulumi.Input[builtins.str]] = None,
+                 bindpass: Optional[pulumi.Input[builtins.str]] = None,
+                 case_sensitive_names: Optional[pulumi.Input[builtins.bool]] = None,
+                 certificate: Optional[pulumi.Input[builtins.str]] = None,
+                 client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
+                 client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
+                 connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
+                 deny_null_bind: Optional[pulumi.Input[builtins.bool]] = None,
+                 description: Optional[pulumi.Input[builtins.str]] = None,
+                 disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
+                 disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
+                 discoverdn: Optional[pulumi.Input[builtins.bool]] = None,
+                 groupattr: Optional[pulumi.Input[builtins.str]] = None,
+                 groupdn: Optional[pulumi.Input[builtins.str]] = None,
+                 groupfilter: Optional[pulumi.Input[builtins.str]] = None,
+                 insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
+                 local: Optional[pulumi.Input[builtins.bool]] = None,
+                 max_page_size: Optional[pulumi.Input[builtins.int]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
+                 path: Optional[pulumi.Input[builtins.str]] = None,
+                 rotation_period: Optional[pulumi.Input[builtins.int]] = None,
+                 rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
+                 rotation_window: Optional[pulumi.Input[builtins.int]] = None,
+                 starttls: Optional[pulumi.Input[builtins.bool]] = None,
+                 tls_max_version: Optional[pulumi.Input[builtins.str]] = None,
+                 tls_min_version: Optional[pulumi.Input[builtins.str]] = None,
+                 token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
+                 token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
+                 token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
+                 token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
+                 token_period: Optional[pulumi.Input[builtins.int]] = None,
+                 token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 token_ttl: Optional[pulumi.Input[builtins.int]] = None,
+                 token_type: Optional[pulumi.Input[builtins.str]] = None,
+                 upndomain: Optional[pulumi.Input[builtins.str]] = None,
+                 url: Optional[pulumi.Input[builtins.str]] = None,
+                 use_token_groups: Optional[pulumi.Input[builtins.bool]] = None,
+                 userattr: Optional[pulumi.Input[builtins.str]] = None,
+                 userdn: Optional[pulumi.Input[builtins.str]] = None,
+                 userfilter: Optional[pulumi.Input[builtins.str]] = None,
+                 username_as_alias: Optional[pulumi.Input[builtins.bool]] = None):
         """
         Input properties used for looking up and filtering AuthBackend resources.
-        :param pulumi.Input[str] accessor: The accessor for this auth mount.
-        :param pulumi.Input[str] binddn: DN of object to bind when performing user search
-        :param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
-        :param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
-        :param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
-        :param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
-        :param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
-        :param pulumi.Input[str] description: Description for the LDAP auth backend mount
-        :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
+        :param pulumi.Input[builtins.str] accessor: The accessor for this auth mount.
+        :param pulumi.Input[builtins.str] binddn: DN of object to bind when performing user search
+        :param pulumi.Input[builtins.str] bindpass: Password to use with `binddn` when performing user search
+        :param pulumi.Input[builtins.bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
+        :param pulumi.Input[builtins.str] certificate: Trusted CA to validate TLS certificate
+        :param pulumi.Input[builtins.int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
+        :param pulumi.Input[builtins.bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
+        :param pulumi.Input[builtins.str] description: Description for the LDAP auth backend mount
+        :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
                See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
-        :param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
-        :param pulumi.Input[str] groupattr: LDAP attribute to follow on objects returned by groupfilter
-        :param pulumi.Input[str] groupdn: Base DN under which to perform group search
-        :param pulumi.Input[str] groupfilter: Go template used to construct group membership query
-        :param pulumi.Input[bool] insecure_tls: Control whether or TLS certificates must be validated
-        :param pulumi.Input[bool] local: Specifies if the auth method is local only.
-        :param pulumi.Input[int] max_page_size: Sets the max page size for LDAP lookups, by default it's set to -1.
+        :param pulumi.Input[builtins.bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
+        :param pulumi.Input[builtins.str] groupattr: LDAP attribute to follow on objects returned by groupfilter
+        :param pulumi.Input[builtins.str] groupdn: Base DN under which to perform group search
+        :param pulumi.Input[builtins.str] groupfilter: Go template used to construct group membership query
+        :param pulumi.Input[builtins.bool] insecure_tls: Control whether or TLS certificates must be validated
+        :param pulumi.Input[builtins.bool] local: Specifies if the auth method is local only.
+        :param pulumi.Input[builtins.int] max_page_size: Sets the max page size for LDAP lookups, by default it's set to -1.
                *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[str] path: Path to mount the LDAP auth backend under
-        :param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
-        :param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
-        :param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
-        :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
-        :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
-        :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
-        :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
-        :param pulumi.Input[int] token_period: Generated Token's Period
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
-        :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
-        :param pulumi.Input[str] token_type: The type of token to generate, service or batch
-        :param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
-        :param pulumi.Input[str] url: The URL of the LDAP server
-        :param pulumi.Input[bool] use_token_groups: Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
-        :param pulumi.Input[str] userattr: Attribute on user object matching username passed in
-        :param pulumi.Input[str] userdn: Base DN under which to perform user search
-        :param pulumi.Input[str] userfilter: LDAP user search filter
-        :param pulumi.Input[bool] username_as_alias: Force the auth method to use the username passed by the user as the alias name.
+        :param pulumi.Input[builtins.str] path: Path to mount the LDAP auth backend under
+        :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
+               A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+               defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
+               a rotation when a scheduled token rotation occurs. The default rotation window is
+               unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[builtins.bool] starttls: Control use of TLS when conecting to LDAP
+        :param pulumi.Input[builtins.str] tls_max_version: Maximum acceptable version of TLS
+        :param pulumi.Input[builtins.str] tls_min_version: Minimum acceptable version of TLS
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
+        :param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
+        :param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
+        :param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
+        :param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
+        :param pulumi.Input[builtins.int] token_period: Generated Token's Period
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
+        :param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
+        :param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
+        :param pulumi.Input[builtins.str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
+        :param pulumi.Input[builtins.str] url: The URL of the LDAP server
+        :param pulumi.Input[builtins.bool] use_token_groups: Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
+        :param pulumi.Input[builtins.str] userattr: Attribute on user object matching username passed in
+        :param pulumi.Input[builtins.str] userdn: Base DN under which to perform user search
+        :param pulumi.Input[builtins.str] userfilter: LDAP user search filter
+        :param pulumi.Input[builtins.bool] username_as_alias: Force the auth method to use the username passed by the user as the alias name.
         """
         if accessor is not None:
             pulumi.set(__self__, "accessor", accessor)
@@ -740,6 +825,8 @@ class _AuthBackendState:
             pulumi.set(__self__, "deny_null_bind", deny_null_bind)
         if description is not None:
             pulumi.set(__self__, "description", description)
+        if disable_automated_rotation is not None:
+            pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
         if disable_remount is not None:
             pulumi.set(__self__, "disable_remount", disable_remount)
         if discoverdn is not None:
@@ -760,6 +847,12 @@ class _AuthBackendState:
             pulumi.set(__self__, "namespace", namespace)
         if path is not None:
             pulumi.set(__self__, "path", path)
+        if rotation_period is not None:
+            pulumi.set(__self__, "rotation_period", rotation_period)
+        if rotation_schedule is not None:
+            pulumi.set(__self__, "rotation_schedule", rotation_schedule)
+        if rotation_window is not None:
+            pulumi.set(__self__, "rotation_window", rotation_window)
         if starttls is not None:
             pulumi.set(__self__, "starttls", starttls)
         if tls_max_version is not None:
@@ -801,121 +894,133 @@ class _AuthBackendState:
 
     @property
     @pulumi.getter
-    def accessor(self) -> Optional[pulumi.Input[str]]:
+    def accessor(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The accessor for this auth mount.
         """
         return pulumi.get(self, "accessor")
 
     @accessor.setter
-    def accessor(self, value: Optional[pulumi.Input[str]]):
+    def accessor(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "accessor", value)
 
     @property
     @pulumi.getter
-    def binddn(self) -> Optional[pulumi.Input[str]]:
+    def binddn(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         DN of object to bind when performing user search
         """
         return pulumi.get(self, "binddn")
 
     @binddn.setter
-    def binddn(self, value: Optional[pulumi.Input[str]]):
+    def binddn(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "binddn", value)
 
     @property
     @pulumi.getter
-    def bindpass(self) -> Optional[pulumi.Input[str]]:
+    def bindpass(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Password to use with `binddn` when performing user search
         """
         return pulumi.get(self, "bindpass")
 
     @bindpass.setter
-    def bindpass(self, value: Optional[pulumi.Input[str]]):
+    def bindpass(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "bindpass", value)
 
     @property
     @pulumi.getter(name="caseSensitiveNames")
-    def case_sensitive_names(self) -> Optional[pulumi.Input[bool]]:
+    def case_sensitive_names(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
         """
         return pulumi.get(self, "case_sensitive_names")
 
     @case_sensitive_names.setter
-    def case_sensitive_names(self, value: Optional[pulumi.Input[bool]]):
+    def case_sensitive_names(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "case_sensitive_names", value)
 
     @property
     @pulumi.getter
-    def certificate(self) -> Optional[pulumi.Input[str]]:
+    def certificate(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Trusted CA to validate TLS certificate
         """
         return pulumi.get(self, "certificate")
 
     @certificate.setter
-    def certificate(self, value: Optional[pulumi.Input[str]]):
+    def certificate(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "certificate", value)
 
     @property
     @pulumi.getter(name="clientTlsCert")
-    def client_tls_cert(self) -> Optional[pulumi.Input[str]]:
+    def client_tls_cert(self) -> Optional[pulumi.Input[builtins.str]]:
         return pulumi.get(self, "client_tls_cert")
 
     @client_tls_cert.setter
-    def client_tls_cert(self, value: Optional[pulumi.Input[str]]):
+    def client_tls_cert(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "client_tls_cert", value)
 
     @property
     @pulumi.getter(name="clientTlsKey")
-    def client_tls_key(self) -> Optional[pulumi.Input[str]]:
+    def client_tls_key(self) -> Optional[pulumi.Input[builtins.str]]:
         return pulumi.get(self, "client_tls_key")
 
     @client_tls_key.setter
-    def client_tls_key(self, value: Optional[pulumi.Input[str]]):
+    def client_tls_key(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "client_tls_key", value)
 
     @property
     @pulumi.getter(name="connectionTimeout")
-    def connection_timeout(self) -> Optional[pulumi.Input[int]]:
+    def connection_timeout(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
         """
         return pulumi.get(self, "connection_timeout")
 
     @connection_timeout.setter
-    def connection_timeout(self, value: Optional[pulumi.Input[int]]):
+    def connection_timeout(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "connection_timeout", value)
 
     @property
     @pulumi.getter(name="denyNullBind")
-    def deny_null_bind(self) -> Optional[pulumi.Input[bool]]:
+    def deny_null_bind(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Prevents users from bypassing authentication when providing an empty password.
         """
         return pulumi.get(self, "deny_null_bind")
 
     @deny_null_bind.setter
-    def deny_null_bind(self, value: Optional[pulumi.Input[bool]]):
+    def deny_null_bind(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "deny_null_bind", value)
 
     @property
     @pulumi.getter
-    def description(self) -> Optional[pulumi.Input[str]]:
+    def description(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Description for the LDAP auth backend mount
         """
         return pulumi.get(self, "description")
 
     @description.setter
-    def description(self, value: Optional[pulumi.Input[str]]):
+    def description(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "description", value)
 
+    @property
+    @pulumi.getter(name="disableAutomatedRotation")
+    def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
+        """
+        Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "disable_automated_rotation")
+
+    @disable_automated_rotation.setter
+    def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
+        pulumi.set(self, "disable_automated_rotation", value)
+
     @property
     @pulumi.getter(name="disableRemount")
-    def disable_remount(self) -> Optional[pulumi.Input[bool]]:
+    def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         If set, opts out of mount migration on path updates.
         See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
@@ -923,84 +1028,84 @@ class _AuthBackendState:
         return pulumi.get(self, "disable_remount")
 
     @disable_remount.setter
-    def disable_remount(self, value: Optional[pulumi.Input[bool]]):
+    def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "disable_remount", value)
 
     @property
     @pulumi.getter
-    def discoverdn(self) -> Optional[pulumi.Input[bool]]:
+    def discoverdn(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Use anonymous bind to discover the bind DN of a user.
         """
         return pulumi.get(self, "discoverdn")
 
     @discoverdn.setter
-    def discoverdn(self, value: Optional[pulumi.Input[bool]]):
+    def discoverdn(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "discoverdn", value)
 
     @property
     @pulumi.getter
-    def groupattr(self) -> Optional[pulumi.Input[str]]:
+    def groupattr(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         LDAP attribute to follow on objects returned by groupfilter
         """
         return pulumi.get(self, "groupattr")
 
     @groupattr.setter
-    def groupattr(self, value: Optional[pulumi.Input[str]]):
+    def groupattr(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "groupattr", value)
 
     @property
     @pulumi.getter
-    def groupdn(self) -> Optional[pulumi.Input[str]]:
+    def groupdn(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Base DN under which to perform group search
         """
         return pulumi.get(self, "groupdn")
 
     @groupdn.setter
-    def groupdn(self, value: Optional[pulumi.Input[str]]):
+    def groupdn(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "groupdn", value)
 
     @property
     @pulumi.getter
-    def groupfilter(self) -> Optional[pulumi.Input[str]]:
+    def groupfilter(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Go template used to construct group membership query
         """
         return pulumi.get(self, "groupfilter")
 
     @groupfilter.setter
-    def groupfilter(self, value: Optional[pulumi.Input[str]]):
+    def groupfilter(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "groupfilter", value)
 
     @property
     @pulumi.getter(name="insecureTls")
-    def insecure_tls(self) -> Optional[pulumi.Input[bool]]:
+    def insecure_tls(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Control whether or TLS certificates must be validated
         """
         return pulumi.get(self, "insecure_tls")
 
     @insecure_tls.setter
-    def insecure_tls(self, value: Optional[pulumi.Input[bool]]):
+    def insecure_tls(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "insecure_tls", value)
 
     @property
     @pulumi.getter
-    def local(self) -> Optional[pulumi.Input[bool]]:
+    def local(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Specifies if the auth method is local only.
         """
         return pulumi.get(self, "local")
 
     @local.setter
-    def local(self, value: Optional[pulumi.Input[bool]]):
+    def local(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "local", value)
 
     @property
     @pulumi.getter(name="maxPageSize")
-    def max_page_size(self) -> Optional[pulumi.Input[int]]:
+    def max_page_size(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         Sets the max page size for LDAP lookups, by default it's set to -1.
         *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
@@ -1008,12 +1113,12 @@ class _AuthBackendState:
         return pulumi.get(self, "max_page_size")
 
     @max_page_size.setter
-    def max_page_size(self, value: Optional[pulumi.Input[int]]):
+    def max_page_size(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "max_page_size", value)
 
     @property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[str]]:
+    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -1023,247 +1128,287 @@ class _AuthBackendState:
         return pulumi.get(self, "namespace")
 
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[str]]):
+    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "namespace", value)
 
     @property
     @pulumi.getter
-    def path(self) -> Optional[pulumi.Input[str]]:
+    def path(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Path to mount the LDAP auth backend under
         """
         return pulumi.get(self, "path")
 
     @path.setter
-    def path(self, value: Optional[pulumi.Input[str]]):
+    def path(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "path", value)
 
+    @property
+    @pulumi.getter(name="rotationPeriod")
+    def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
+        """
+        The amount of time in seconds Vault should wait before rotating the root credential.
+        A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_period")
+
+    @rotation_period.setter
+    def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
+        pulumi.set(self, "rotation_period", value)
+
+    @property
+    @pulumi.getter(name="rotationSchedule")
+    def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
+        """
+        The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+        defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_schedule")
+
+    @rotation_schedule.setter
+    def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
+        pulumi.set(self, "rotation_schedule", value)
+
+    @property
+    @pulumi.getter(name="rotationWindow")
+    def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
+        """
+        The maximum amount of time in seconds allowed to complete
+        a rotation when a scheduled token rotation occurs. The default rotation window is
+        unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_window")
+
+    @rotation_window.setter
+    def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
+        pulumi.set(self, "rotation_window", value)
+
     @property
     @pulumi.getter
-    def starttls(self) -> Optional[pulumi.Input[bool]]:
+    def starttls(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Control use of TLS when conecting to LDAP
         """
         return pulumi.get(self, "starttls")
 
     @starttls.setter
-    def starttls(self, value: Optional[pulumi.Input[bool]]):
+    def starttls(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "starttls", value)
 
     @property
     @pulumi.getter(name="tlsMaxVersion")
-    def tls_max_version(self) -> Optional[pulumi.Input[str]]:
+    def tls_max_version(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Maximum acceptable version of TLS
         """
         return pulumi.get(self, "tls_max_version")
 
     @tls_max_version.setter
-    def tls_max_version(self, value: Optional[pulumi.Input[str]]):
+    def tls_max_version(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "tls_max_version", value)
 
     @property
     @pulumi.getter(name="tlsMinVersion")
-    def tls_min_version(self) -> Optional[pulumi.Input[str]]:
+    def tls_min_version(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Minimum acceptable version of TLS
         """
         return pulumi.get(self, "tls_min_version")
 
     @tls_min_version.setter
-    def tls_min_version(self, value: Optional[pulumi.Input[str]]):
+    def tls_min_version(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "tls_min_version", value)
 
     @property
     @pulumi.getter(name="tokenBoundCidrs")
-    def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
         """
         Specifies the blocks of IP addresses which are allowed to use the generated token
         """
         return pulumi.get(self, "token_bound_cidrs")
 
     @token_bound_cidrs.setter
-    def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
         pulumi.set(self, "token_bound_cidrs", value)
 
     @property
     @pulumi.getter(name="tokenExplicitMaxTtl")
-    def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
+    def token_explicit_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         Generated Token's Explicit Maximum TTL in seconds
         """
         return pulumi.get(self, "token_explicit_max_ttl")
 
     @token_explicit_max_ttl.setter
-    def token_explicit_max_ttl(self, value: Optional[pulumi.Input[int]]):
+    def token_explicit_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "token_explicit_max_ttl", value)
 
     @property
     @pulumi.getter(name="tokenMaxTtl")
-    def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
+    def token_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         The maximum lifetime of the generated token
         """
         return pulumi.get(self, "token_max_ttl")
 
     @token_max_ttl.setter
-    def token_max_ttl(self, value: Optional[pulumi.Input[int]]):
+    def token_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "token_max_ttl", value)
 
     @property
     @pulumi.getter(name="tokenNoDefaultPolicy")
-    def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
+    def token_no_default_policy(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         If true, the 'default' policy will not automatically be added to generated tokens
         """
         return pulumi.get(self, "token_no_default_policy")
 
     @token_no_default_policy.setter
-    def token_no_default_policy(self, value: Optional[pulumi.Input[bool]]):
+    def token_no_default_policy(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "token_no_default_policy", value)
 
     @property
     @pulumi.getter(name="tokenNumUses")
-    def token_num_uses(self) -> Optional[pulumi.Input[int]]:
+    def token_num_uses(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         The maximum number of times a token may be used, a value of zero means unlimited
         """
         return pulumi.get(self, "token_num_uses")
 
     @token_num_uses.setter
-    def token_num_uses(self, value: Optional[pulumi.Input[int]]):
+    def token_num_uses(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "token_num_uses", value)
 
     @property
     @pulumi.getter(name="tokenPeriod")
-    def token_period(self) -> Optional[pulumi.Input[int]]:
+    def token_period(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         Generated Token's Period
         """
         return pulumi.get(self, "token_period")
 
     @token_period.setter
-    def token_period(self, value: Optional[pulumi.Input[int]]):
+    def token_period(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "token_period", value)
 
     @property
     @pulumi.getter(name="tokenPolicies")
-    def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
         """
         Generated Token's Policies
         """
         return pulumi.get(self, "token_policies")
 
     @token_policies.setter
-    def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
         pulumi.set(self, "token_policies", value)
 
     @property
     @pulumi.getter(name="tokenTtl")
-    def token_ttl(self) -> Optional[pulumi.Input[int]]:
+    def token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         The initial ttl of the token to generate in seconds
         """
         return pulumi.get(self, "token_ttl")
 
     @token_ttl.setter
-    def token_ttl(self, value: Optional[pulumi.Input[int]]):
+    def token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "token_ttl", value)
 
     @property
     @pulumi.getter(name="tokenType")
-    def token_type(self) -> Optional[pulumi.Input[str]]:
+    def token_type(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The type of token to generate, service or batch
         """
         return pulumi.get(self, "token_type")
 
     @token_type.setter
-    def token_type(self, value: Optional[pulumi.Input[str]]):
+    def token_type(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "token_type", value)
 
     @property
     @pulumi.getter
-    def upndomain(self) -> Optional[pulumi.Input[str]]:
+    def upndomain(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
         """
         return pulumi.get(self, "upndomain")
 
     @upndomain.setter
-    def upndomain(self, value: Optional[pulumi.Input[str]]):
+    def upndomain(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "upndomain", value)
 
     @property
     @pulumi.getter
-    def url(self) -> Optional[pulumi.Input[str]]:
+    def url(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The URL of the LDAP server
         """
         return pulumi.get(self, "url")
 
     @url.setter
-    def url(self, value: Optional[pulumi.Input[str]]):
+    def url(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "url", value)
 
     @property
     @pulumi.getter(name="useTokenGroups")
-    def use_token_groups(self) -> Optional[pulumi.Input[bool]]:
+    def use_token_groups(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
         """
         return pulumi.get(self, "use_token_groups")
 
     @use_token_groups.setter
-    def use_token_groups(self, value: Optional[pulumi.Input[bool]]):
+    def use_token_groups(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "use_token_groups", value)
 
     @property
     @pulumi.getter
-    def userattr(self) -> Optional[pulumi.Input[str]]:
+    def userattr(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Attribute on user object matching username passed in
         """
         return pulumi.get(self, "userattr")
 
     @userattr.setter
-    def userattr(self, value: Optional[pulumi.Input[str]]):
+    def userattr(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "userattr", value)
 
     @property
     @pulumi.getter
-    def userdn(self) -> Optional[pulumi.Input[str]]:
+    def userdn(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Base DN under which to perform user search
         """
         return pulumi.get(self, "userdn")
 
     @userdn.setter
-    def userdn(self, value: Optional[pulumi.Input[str]]):
+    def userdn(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "userdn", value)
 
     @property
     @pulumi.getter
-    def userfilter(self) -> Optional[pulumi.Input[str]]:
+    def userfilter(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         LDAP user search filter
         """
         return pulumi.get(self, "userfilter")
 
     @userfilter.setter
-    def userfilter(self, value: Optional[pulumi.Input[str]]):
+    def userfilter(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "userfilter", value)
 
     @property
     @pulumi.getter(name="usernameAsAlias")
-    def username_as_alias(self) -> Optional[pulumi.Input[bool]]:
+    def username_as_alias(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Force the auth method to use the username passed by the user as the alias name.
         """
         return pulumi.get(self, "username_as_alias")
 
     @username_as_alias.setter
-    def username_as_alias(self, value: Optional[pulumi.Input[bool]]):
+    def username_as_alias(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "username_as_alias", value)
 
 
@@ -1272,44 +1417,48 @@ class AuthBackend(pulumi.CustomResource):
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 binddn: Optional[pulumi.Input[str]] = None,
-                 bindpass: Optional[pulumi.Input[str]] = None,
-                 case_sensitive_names: Optional[pulumi.Input[bool]] = None,
-                 certificate: Optional[pulumi.Input[str]] = None,
-                 client_tls_cert: Optional[pulumi.Input[str]] = None,
-                 client_tls_key: Optional[pulumi.Input[str]] = None,
-                 connection_timeout: Optional[pulumi.Input[int]] = None,
-                 deny_null_bind: Optional[pulumi.Input[bool]] = None,
-                 description: Optional[pulumi.Input[str]] = None,
-                 disable_remount: Optional[pulumi.Input[bool]] = None,
-                 discoverdn: Optional[pulumi.Input[bool]] = None,
-                 groupattr: Optional[pulumi.Input[str]] = None,
-                 groupdn: Optional[pulumi.Input[str]] = None,
-                 groupfilter: Optional[pulumi.Input[str]] = None,
-                 insecure_tls: Optional[pulumi.Input[bool]] = None,
-                 local: Optional[pulumi.Input[bool]] = None,
-                 max_page_size: Optional[pulumi.Input[int]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None,
-                 path: Optional[pulumi.Input[str]] = None,
-                 starttls: Optional[pulumi.Input[bool]] = None,
-                 tls_max_version: Optional[pulumi.Input[str]] = None,
-                 tls_min_version: Optional[pulumi.Input[str]] = None,
-                 token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
-                 token_max_ttl: Optional[pulumi.Input[int]] = None,
-                 token_no_default_policy: Optional[pulumi.Input[bool]] = None,
-                 token_num_uses: Optional[pulumi.Input[int]] = None,
-                 token_period: Optional[pulumi.Input[int]] = None,
-                 token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 token_ttl: Optional[pulumi.Input[int]] = None,
-                 token_type: Optional[pulumi.Input[str]] = None,
-                 upndomain: Optional[pulumi.Input[str]] = None,
-                 url: Optional[pulumi.Input[str]] = None,
-                 use_token_groups: Optional[pulumi.Input[bool]] = None,
-                 userattr: Optional[pulumi.Input[str]] = None,
-                 userdn: Optional[pulumi.Input[str]] = None,
-                 userfilter: Optional[pulumi.Input[str]] = None,
-                 username_as_alias: Optional[pulumi.Input[bool]] = None,
+                 binddn: Optional[pulumi.Input[builtins.str]] = None,
+                 bindpass: Optional[pulumi.Input[builtins.str]] = None,
+                 case_sensitive_names: Optional[pulumi.Input[builtins.bool]] = None,
+                 certificate: Optional[pulumi.Input[builtins.str]] = None,
+                 client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
+                 client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
+                 connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
+                 deny_null_bind: Optional[pulumi.Input[builtins.bool]] = None,
+                 description: Optional[pulumi.Input[builtins.str]] = None,
+                 disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
+                 disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
+                 discoverdn: Optional[pulumi.Input[builtins.bool]] = None,
+                 groupattr: Optional[pulumi.Input[builtins.str]] = None,
+                 groupdn: Optional[pulumi.Input[builtins.str]] = None,
+                 groupfilter: Optional[pulumi.Input[builtins.str]] = None,
+                 insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
+                 local: Optional[pulumi.Input[builtins.bool]] = None,
+                 max_page_size: Optional[pulumi.Input[builtins.int]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
+                 path: Optional[pulumi.Input[builtins.str]] = None,
+                 rotation_period: Optional[pulumi.Input[builtins.int]] = None,
+                 rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
+                 rotation_window: Optional[pulumi.Input[builtins.int]] = None,
+                 starttls: Optional[pulumi.Input[builtins.bool]] = None,
+                 tls_max_version: Optional[pulumi.Input[builtins.str]] = None,
+                 tls_min_version: Optional[pulumi.Input[builtins.str]] = None,
+                 token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
+                 token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
+                 token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
+                 token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
+                 token_period: Optional[pulumi.Input[builtins.int]] = None,
+                 token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 token_ttl: Optional[pulumi.Input[builtins.int]] = None,
+                 token_type: Optional[pulumi.Input[builtins.str]] = None,
+                 upndomain: Optional[pulumi.Input[builtins.str]] = None,
+                 url: Optional[pulumi.Input[builtins.str]] = None,
+                 use_token_groups: Optional[pulumi.Input[builtins.bool]] = None,
+                 userattr: Optional[pulumi.Input[builtins.str]] = None,
+                 userdn: Optional[pulumi.Input[builtins.str]] = None,
+                 userfilter: Optional[pulumi.Input[builtins.str]] = None,
+                 username_as_alias: Optional[pulumi.Input[builtins.bool]] = None,
                  __props__=None):
         """
         Provides a resource for managing an [LDAP auth backend within Vault](https://www.vaultproject.io/docs/auth/ldap.html).
@@ -1328,7 +1477,9 @@ class AuthBackend(pulumi.CustomResource):
             upndomain="EXAMPLE.ORG",
             discoverdn=False,
             groupdn="OU=Groups,DC=example,DC=org",
-            groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))")
+            groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
+            rotation_schedule="0 * * * SAT",
+            rotation_window=3600)
         ```
 
         ## Import
@@ -1341,47 +1492,55 @@ class AuthBackend(pulumi.CustomResource):
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[str] binddn: DN of object to bind when performing user search
-        :param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
-        :param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
-        :param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
-        :param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
-        :param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
-        :param pulumi.Input[str] description: Description for the LDAP auth backend mount
-        :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
+        :param pulumi.Input[builtins.str] binddn: DN of object to bind when performing user search
+        :param pulumi.Input[builtins.str] bindpass: Password to use with `binddn` when performing user search
+        :param pulumi.Input[builtins.bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
+        :param pulumi.Input[builtins.str] certificate: Trusted CA to validate TLS certificate
+        :param pulumi.Input[builtins.int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
+        :param pulumi.Input[builtins.bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
+        :param pulumi.Input[builtins.str] description: Description for the LDAP auth backend mount
+        :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
                See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
-        :param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
-        :param pulumi.Input[str] groupattr: LDAP attribute to follow on objects returned by groupfilter
-        :param pulumi.Input[str] groupdn: Base DN under which to perform group search
-        :param pulumi.Input[str] groupfilter: Go template used to construct group membership query
-        :param pulumi.Input[bool] insecure_tls: Control whether or TLS certificates must be validated
-        :param pulumi.Input[bool] local: Specifies if the auth method is local only.
-        :param pulumi.Input[int] max_page_size: Sets the max page size for LDAP lookups, by default it's set to -1.
+        :param pulumi.Input[builtins.bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
+        :param pulumi.Input[builtins.str] groupattr: LDAP attribute to follow on objects returned by groupfilter
+        :param pulumi.Input[builtins.str] groupdn: Base DN under which to perform group search
+        :param pulumi.Input[builtins.str] groupfilter: Go template used to construct group membership query
+        :param pulumi.Input[builtins.bool] insecure_tls: Control whether or TLS certificates must be validated
+        :param pulumi.Input[builtins.bool] local: Specifies if the auth method is local only.
+        :param pulumi.Input[builtins.int] max_page_size: Sets the max page size for LDAP lookups, by default it's set to -1.
                *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[str] path: Path to mount the LDAP auth backend under
-        :param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
-        :param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
-        :param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
-        :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
-        :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
-        :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
-        :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
-        :param pulumi.Input[int] token_period: Generated Token's Period
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
-        :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
-        :param pulumi.Input[str] token_type: The type of token to generate, service or batch
-        :param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
-        :param pulumi.Input[str] url: The URL of the LDAP server
-        :param pulumi.Input[bool] use_token_groups: Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
-        :param pulumi.Input[str] userattr: Attribute on user object matching username passed in
-        :param pulumi.Input[str] userdn: Base DN under which to perform user search
-        :param pulumi.Input[str] userfilter: LDAP user search filter
-        :param pulumi.Input[bool] username_as_alias: Force the auth method to use the username passed by the user as the alias name.
+        :param pulumi.Input[builtins.str] path: Path to mount the LDAP auth backend under
+        :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
+               A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+               defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
+               a rotation when a scheduled token rotation occurs. The default rotation window is
+               unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[builtins.bool] starttls: Control use of TLS when conecting to LDAP
+        :param pulumi.Input[builtins.str] tls_max_version: Maximum acceptable version of TLS
+        :param pulumi.Input[builtins.str] tls_min_version: Minimum acceptable version of TLS
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
+        :param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
+        :param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
+        :param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
+        :param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
+        :param pulumi.Input[builtins.int] token_period: Generated Token's Period
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
+        :param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
+        :param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
+        :param pulumi.Input[builtins.str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
+        :param pulumi.Input[builtins.str] url: The URL of the LDAP server
+        :param pulumi.Input[builtins.bool] use_token_groups: Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
+        :param pulumi.Input[builtins.str] userattr: Attribute on user object matching username passed in
+        :param pulumi.Input[builtins.str] userdn: Base DN under which to perform user search
+        :param pulumi.Input[builtins.str] userfilter: LDAP user search filter
+        :param pulumi.Input[builtins.bool] username_as_alias: Force the auth method to use the username passed by the user as the alias name.
         """
         ...
     @overload
@@ -1406,7 +1565,9 @@ class AuthBackend(pulumi.CustomResource):
             upndomain="EXAMPLE.ORG",
             discoverdn=False,
             groupdn="OU=Groups,DC=example,DC=org",
-            groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))")
+            groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
+            rotation_schedule="0 * * * SAT",
+            rotation_window=3600)
         ```
 
         ## Import
@@ -1432,44 +1593,48 @@ class AuthBackend(pulumi.CustomResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 binddn: Optional[pulumi.Input[str]] = None,
-                 bindpass: Optional[pulumi.Input[str]] = None,
-                 case_sensitive_names: Optional[pulumi.Input[bool]] = None,
-                 certificate: Optional[pulumi.Input[str]] = None,
-                 client_tls_cert: Optional[pulumi.Input[str]] = None,
-                 client_tls_key: Optional[pulumi.Input[str]] = None,
-                 connection_timeout: Optional[pulumi.Input[int]] = None,
-                 deny_null_bind: Optional[pulumi.Input[bool]] = None,
-                 description: Optional[pulumi.Input[str]] = None,
-                 disable_remount: Optional[pulumi.Input[bool]] = None,
-                 discoverdn: Optional[pulumi.Input[bool]] = None,
-                 groupattr: Optional[pulumi.Input[str]] = None,
-                 groupdn: Optional[pulumi.Input[str]] = None,
-                 groupfilter: Optional[pulumi.Input[str]] = None,
-                 insecure_tls: Optional[pulumi.Input[bool]] = None,
-                 local: Optional[pulumi.Input[bool]] = None,
-                 max_page_size: Optional[pulumi.Input[int]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None,
-                 path: Optional[pulumi.Input[str]] = None,
-                 starttls: Optional[pulumi.Input[bool]] = None,
-                 tls_max_version: Optional[pulumi.Input[str]] = None,
-                 tls_min_version: Optional[pulumi.Input[str]] = None,
-                 token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
-                 token_max_ttl: Optional[pulumi.Input[int]] = None,
-                 token_no_default_policy: Optional[pulumi.Input[bool]] = None,
-                 token_num_uses: Optional[pulumi.Input[int]] = None,
-                 token_period: Optional[pulumi.Input[int]] = None,
-                 token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 token_ttl: Optional[pulumi.Input[int]] = None,
-                 token_type: Optional[pulumi.Input[str]] = None,
-                 upndomain: Optional[pulumi.Input[str]] = None,
-                 url: Optional[pulumi.Input[str]] = None,
-                 use_token_groups: Optional[pulumi.Input[bool]] = None,
-                 userattr: Optional[pulumi.Input[str]] = None,
-                 userdn: Optional[pulumi.Input[str]] = None,
-                 userfilter: Optional[pulumi.Input[str]] = None,
-                 username_as_alias: Optional[pulumi.Input[bool]] = None,
+                 binddn: Optional[pulumi.Input[builtins.str]] = None,
+                 bindpass: Optional[pulumi.Input[builtins.str]] = None,
+                 case_sensitive_names: Optional[pulumi.Input[builtins.bool]] = None,
+                 certificate: Optional[pulumi.Input[builtins.str]] = None,
+                 client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
+                 client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
+                 connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
+                 deny_null_bind: Optional[pulumi.Input[builtins.bool]] = None,
+                 description: Optional[pulumi.Input[builtins.str]] = None,
+                 disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
+                 disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
+                 discoverdn: Optional[pulumi.Input[builtins.bool]] = None,
+                 groupattr: Optional[pulumi.Input[builtins.str]] = None,
+                 groupdn: Optional[pulumi.Input[builtins.str]] = None,
+                 groupfilter: Optional[pulumi.Input[builtins.str]] = None,
+                 insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
+                 local: Optional[pulumi.Input[builtins.bool]] = None,
+                 max_page_size: Optional[pulumi.Input[builtins.int]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
+                 path: Optional[pulumi.Input[builtins.str]] = None,
+                 rotation_period: Optional[pulumi.Input[builtins.int]] = None,
+                 rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
+                 rotation_window: Optional[pulumi.Input[builtins.int]] = None,
+                 starttls: Optional[pulumi.Input[builtins.bool]] = None,
+                 tls_max_version: Optional[pulumi.Input[builtins.str]] = None,
+                 tls_min_version: Optional[pulumi.Input[builtins.str]] = None,
+                 token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
+                 token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
+                 token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
+                 token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
+                 token_period: Optional[pulumi.Input[builtins.int]] = None,
+                 token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 token_ttl: Optional[pulumi.Input[builtins.int]] = None,
+                 token_type: Optional[pulumi.Input[builtins.str]] = None,
+                 upndomain: Optional[pulumi.Input[builtins.str]] = None,
+                 url: Optional[pulumi.Input[builtins.str]] = None,
+                 use_token_groups: Optional[pulumi.Input[builtins.bool]] = None,
+                 userattr: Optional[pulumi.Input[builtins.str]] = None,
+                 userdn: Optional[pulumi.Input[builtins.str]] = None,
+                 userfilter: Optional[pulumi.Input[builtins.str]] = None,
+                 username_as_alias: Optional[pulumi.Input[builtins.bool]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -1488,6 +1653,7 @@ class AuthBackend(pulumi.CustomResource):
             __props__.__dict__["connection_timeout"] = connection_timeout
             __props__.__dict__["deny_null_bind"] = deny_null_bind
             __props__.__dict__["description"] = description
+            __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
             __props__.__dict__["disable_remount"] = disable_remount
             __props__.__dict__["discoverdn"] = discoverdn
             __props__.__dict__["groupattr"] = groupattr
@@ -1498,6 +1664,9 @@ class AuthBackend(pulumi.CustomResource):
             __props__.__dict__["max_page_size"] = max_page_size
             __props__.__dict__["namespace"] = namespace
             __props__.__dict__["path"] = path
+            __props__.__dict__["rotation_period"] = rotation_period
+            __props__.__dict__["rotation_schedule"] = rotation_schedule
+            __props__.__dict__["rotation_window"] = rotation_window
             __props__.__dict__["starttls"] = starttls
             __props__.__dict__["tls_max_version"] = tls_max_version
             __props__.__dict__["tls_min_version"] = tls_min_version
@@ -1532,45 +1701,49 @@ class AuthBackend(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
-            accessor: Optional[pulumi.Input[str]] = None,
-            binddn: Optional[pulumi.Input[str]] = None,
-            bindpass: Optional[pulumi.Input[str]] = None,
-            case_sensitive_names: Optional[pulumi.Input[bool]] = None,
-            certificate: Optional[pulumi.Input[str]] = None,
-            client_tls_cert: Optional[pulumi.Input[str]] = None,
-            client_tls_key: Optional[pulumi.Input[str]] = None,
-            connection_timeout: Optional[pulumi.Input[int]] = None,
-            deny_null_bind: Optional[pulumi.Input[bool]] = None,
-            description: Optional[pulumi.Input[str]] = None,
-            disable_remount: Optional[pulumi.Input[bool]] = None,
-            discoverdn: Optional[pulumi.Input[bool]] = None,
-            groupattr: Optional[pulumi.Input[str]] = None,
-            groupdn: Optional[pulumi.Input[str]] = None,
-            groupfilter: Optional[pulumi.Input[str]] = None,
-            insecure_tls: Optional[pulumi.Input[bool]] = None,
-            local: Optional[pulumi.Input[bool]] = None,
-            max_page_size: Optional[pulumi.Input[int]] = None,
-            namespace: Optional[pulumi.Input[str]] = None,
-            path: Optional[pulumi.Input[str]] = None,
-            starttls: Optional[pulumi.Input[bool]] = None,
-            tls_max_version: Optional[pulumi.Input[str]] = None,
-            tls_min_version: Optional[pulumi.Input[str]] = None,
-            token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-            token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
-            token_max_ttl: Optional[pulumi.Input[int]] = None,
-            token_no_default_policy: Optional[pulumi.Input[bool]] = None,
-            token_num_uses: Optional[pulumi.Input[int]] = None,
-            token_period: Optional[pulumi.Input[int]] = None,
-            token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-            token_ttl: Optional[pulumi.Input[int]] = None,
-            token_type: Optional[pulumi.Input[str]] = None,
-            upndomain: Optional[pulumi.Input[str]] = None,
-            url: Optional[pulumi.Input[str]] = None,
-            use_token_groups: Optional[pulumi.Input[bool]] = None,
-            userattr: Optional[pulumi.Input[str]] = None,
-            userdn: Optional[pulumi.Input[str]] = None,
-            userfilter: Optional[pulumi.Input[str]] = None,
-            username_as_alias: Optional[pulumi.Input[bool]] = None) -> 'AuthBackend':
+            accessor: Optional[pulumi.Input[builtins.str]] = None,
+            binddn: Optional[pulumi.Input[builtins.str]] = None,
+            bindpass: Optional[pulumi.Input[builtins.str]] = None,
+            case_sensitive_names: Optional[pulumi.Input[builtins.bool]] = None,
+            certificate: Optional[pulumi.Input[builtins.str]] = None,
+            client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
+            client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
+            connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
+            deny_null_bind: Optional[pulumi.Input[builtins.bool]] = None,
+            description: Optional[pulumi.Input[builtins.str]] = None,
+            disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
+            disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
+            discoverdn: Optional[pulumi.Input[builtins.bool]] = None,
+            groupattr: Optional[pulumi.Input[builtins.str]] = None,
+            groupdn: Optional[pulumi.Input[builtins.str]] = None,
+            groupfilter: Optional[pulumi.Input[builtins.str]] = None,
+            insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
+            local: Optional[pulumi.Input[builtins.bool]] = None,
+            max_page_size: Optional[pulumi.Input[builtins.int]] = None,
+            namespace: Optional[pulumi.Input[builtins.str]] = None,
+            path: Optional[pulumi.Input[builtins.str]] = None,
+            rotation_period: Optional[pulumi.Input[builtins.int]] = None,
+            rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
+            rotation_window: Optional[pulumi.Input[builtins.int]] = None,
+            starttls: Optional[pulumi.Input[builtins.bool]] = None,
+            tls_max_version: Optional[pulumi.Input[builtins.str]] = None,
+            tls_min_version: Optional[pulumi.Input[builtins.str]] = None,
+            token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+            token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
+            token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
+            token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
+            token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
+            token_period: Optional[pulumi.Input[builtins.int]] = None,
+            token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+            token_ttl: Optional[pulumi.Input[builtins.int]] = None,
+            token_type: Optional[pulumi.Input[builtins.str]] = None,
+            upndomain: Optional[pulumi.Input[builtins.str]] = None,
+            url: Optional[pulumi.Input[builtins.str]] = None,
+            use_token_groups: Optional[pulumi.Input[builtins.bool]] = None,
+            userattr: Optional[pulumi.Input[builtins.str]] = None,
+            userdn: Optional[pulumi.Input[builtins.str]] = None,
+            userfilter: Optional[pulumi.Input[builtins.str]] = None,
+            username_as_alias: Optional[pulumi.Input[builtins.bool]] = None) -> 'AuthBackend':
         """
         Get an existing AuthBackend resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -1578,48 +1751,56 @@ class AuthBackend(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[str] accessor: The accessor for this auth mount.
-        :param pulumi.Input[str] binddn: DN of object to bind when performing user search
-        :param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
-        :param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
-        :param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
-        :param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
-        :param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
-        :param pulumi.Input[str] description: Description for the LDAP auth backend mount
-        :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
+        :param pulumi.Input[builtins.str] accessor: The accessor for this auth mount.
+        :param pulumi.Input[builtins.str] binddn: DN of object to bind when performing user search
+        :param pulumi.Input[builtins.str] bindpass: Password to use with `binddn` when performing user search
+        :param pulumi.Input[builtins.bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
+        :param pulumi.Input[builtins.str] certificate: Trusted CA to validate TLS certificate
+        :param pulumi.Input[builtins.int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
+        :param pulumi.Input[builtins.bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
+        :param pulumi.Input[builtins.str] description: Description for the LDAP auth backend mount
+        :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
                See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
-        :param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
-        :param pulumi.Input[str] groupattr: LDAP attribute to follow on objects returned by groupfilter
-        :param pulumi.Input[str] groupdn: Base DN under which to perform group search
-        :param pulumi.Input[str] groupfilter: Go template used to construct group membership query
-        :param pulumi.Input[bool] insecure_tls: Control whether or TLS certificates must be validated
-        :param pulumi.Input[bool] local: Specifies if the auth method is local only.
-        :param pulumi.Input[int] max_page_size: Sets the max page size for LDAP lookups, by default it's set to -1.
+        :param pulumi.Input[builtins.bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
+        :param pulumi.Input[builtins.str] groupattr: LDAP attribute to follow on objects returned by groupfilter
+        :param pulumi.Input[builtins.str] groupdn: Base DN under which to perform group search
+        :param pulumi.Input[builtins.str] groupfilter: Go template used to construct group membership query
+        :param pulumi.Input[builtins.bool] insecure_tls: Control whether or TLS certificates must be validated
+        :param pulumi.Input[builtins.bool] local: Specifies if the auth method is local only.
+        :param pulumi.Input[builtins.int] max_page_size: Sets the max page size for LDAP lookups, by default it's set to -1.
                *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[str] path: Path to mount the LDAP auth backend under
-        :param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
-        :param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
-        :param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
-        :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
-        :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
-        :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
-        :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
-        :param pulumi.Input[int] token_period: Generated Token's Period
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
-        :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
-        :param pulumi.Input[str] token_type: The type of token to generate, service or batch
-        :param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
-        :param pulumi.Input[str] url: The URL of the LDAP server
-        :param pulumi.Input[bool] use_token_groups: Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
-        :param pulumi.Input[str] userattr: Attribute on user object matching username passed in
-        :param pulumi.Input[str] userdn: Base DN under which to perform user search
-        :param pulumi.Input[str] userfilter: LDAP user search filter
-        :param pulumi.Input[bool] username_as_alias: Force the auth method to use the username passed by the user as the alias name.
+        :param pulumi.Input[builtins.str] path: Path to mount the LDAP auth backend under
+        :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
+               A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+               defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
+               a rotation when a scheduled token rotation occurs. The default rotation window is
+               unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[builtins.bool] starttls: Control use of TLS when conecting to LDAP
+        :param pulumi.Input[builtins.str] tls_max_version: Maximum acceptable version of TLS
+        :param pulumi.Input[builtins.str] tls_min_version: Minimum acceptable version of TLS
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
+        :param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
+        :param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
+        :param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
+        :param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
+        :param pulumi.Input[builtins.int] token_period: Generated Token's Period
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
+        :param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
+        :param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
+        :param pulumi.Input[builtins.str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
+        :param pulumi.Input[builtins.str] url: The URL of the LDAP server
+        :param pulumi.Input[builtins.bool] use_token_groups: Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
+        :param pulumi.Input[builtins.str] userattr: Attribute on user object matching username passed in
+        :param pulumi.Input[builtins.str] userdn: Base DN under which to perform user search
+        :param pulumi.Input[builtins.str] userfilter: LDAP user search filter
+        :param pulumi.Input[builtins.bool] username_as_alias: Force the auth method to use the username passed by the user as the alias name.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
 
@@ -1635,6 +1816,7 @@ class AuthBackend(pulumi.CustomResource):
         __props__.__dict__["connection_timeout"] = connection_timeout
         __props__.__dict__["deny_null_bind"] = deny_null_bind
         __props__.__dict__["description"] = description
+        __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
         __props__.__dict__["disable_remount"] = disable_remount
         __props__.__dict__["discoverdn"] = discoverdn
         __props__.__dict__["groupattr"] = groupattr
@@ -1645,6 +1827,9 @@ class AuthBackend(pulumi.CustomResource):
         __props__.__dict__["max_page_size"] = max_page_size
         __props__.__dict__["namespace"] = namespace
         __props__.__dict__["path"] = path
+        __props__.__dict__["rotation_period"] = rotation_period
+        __props__.__dict__["rotation_schedule"] = rotation_schedule
+        __props__.__dict__["rotation_window"] = rotation_window
         __props__.__dict__["starttls"] = starttls
         __props__.__dict__["tls_max_version"] = tls_max_version
         __props__.__dict__["tls_min_version"] = tls_min_version
@@ -1668,7 +1853,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def accessor(self) -> pulumi.Output[str]:
+    def accessor(self) -> pulumi.Output[builtins.str]:
         """
         The accessor for this auth mount.
         """
@@ -1676,7 +1861,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def binddn(self) -> pulumi.Output[str]:
+    def binddn(self) -> pulumi.Output[builtins.str]:
         """
         DN of object to bind when performing user search
         """
@@ -1684,7 +1869,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def bindpass(self) -> pulumi.Output[str]:
+    def bindpass(self) -> pulumi.Output[builtins.str]:
         """
         Password to use with `binddn` when performing user search
         """
@@ -1692,7 +1877,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="caseSensitiveNames")
-    def case_sensitive_names(self) -> pulumi.Output[bool]:
+    def case_sensitive_names(self) -> pulumi.Output[builtins.bool]:
         """
         Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
         """
@@ -1700,7 +1885,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def certificate(self) -> pulumi.Output[str]:
+    def certificate(self) -> pulumi.Output[builtins.str]:
         """
         Trusted CA to validate TLS certificate
         """
@@ -1708,17 +1893,17 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="clientTlsCert")
-    def client_tls_cert(self) -> pulumi.Output[str]:
+    def client_tls_cert(self) -> pulumi.Output[builtins.str]:
         return pulumi.get(self, "client_tls_cert")
 
     @property
     @pulumi.getter(name="clientTlsKey")
-    def client_tls_key(self) -> pulumi.Output[str]:
+    def client_tls_key(self) -> pulumi.Output[builtins.str]:
         return pulumi.get(self, "client_tls_key")
 
     @property
     @pulumi.getter(name="connectionTimeout")
-    def connection_timeout(self) -> pulumi.Output[int]:
+    def connection_timeout(self) -> pulumi.Output[builtins.int]:
         """
         Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
         """
@@ -1726,7 +1911,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="denyNullBind")
-    def deny_null_bind(self) -> pulumi.Output[bool]:
+    def deny_null_bind(self) -> pulumi.Output[builtins.bool]:
         """
         Prevents users from bypassing authentication when providing an empty password.
         """
@@ -1734,15 +1919,23 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def description(self) -> pulumi.Output[str]:
+    def description(self) -> pulumi.Output[builtins.str]:
         """
         Description for the LDAP auth backend mount
         """
         return pulumi.get(self, "description")
 
+    @property
+    @pulumi.getter(name="disableAutomatedRotation")
+    def disable_automated_rotation(self) -> pulumi.Output[Optional[builtins.bool]]:
+        """
+        Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "disable_automated_rotation")
+
     @property
     @pulumi.getter(name="disableRemount")
-    def disable_remount(self) -> pulumi.Output[Optional[bool]]:
+    def disable_remount(self) -> pulumi.Output[Optional[builtins.bool]]:
         """
         If set, opts out of mount migration on path updates.
         See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
@@ -1751,7 +1944,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def discoverdn(self) -> pulumi.Output[bool]:
+    def discoverdn(self) -> pulumi.Output[builtins.bool]:
         """
         Use anonymous bind to discover the bind DN of a user.
         """
@@ -1759,7 +1952,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def groupattr(self) -> pulumi.Output[str]:
+    def groupattr(self) -> pulumi.Output[builtins.str]:
         """
         LDAP attribute to follow on objects returned by groupfilter
         """
@@ -1767,7 +1960,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def groupdn(self) -> pulumi.Output[str]:
+    def groupdn(self) -> pulumi.Output[builtins.str]:
         """
         Base DN under which to perform group search
         """
@@ -1775,7 +1968,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def groupfilter(self) -> pulumi.Output[str]:
+    def groupfilter(self) -> pulumi.Output[builtins.str]:
         """
         Go template used to construct group membership query
         """
@@ -1783,7 +1976,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="insecureTls")
-    def insecure_tls(self) -> pulumi.Output[bool]:
+    def insecure_tls(self) -> pulumi.Output[builtins.bool]:
         """
         Control whether or TLS certificates must be validated
         """
@@ -1791,7 +1984,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def local(self) -> pulumi.Output[Optional[bool]]:
+    def local(self) -> pulumi.Output[Optional[builtins.bool]]:
         """
         Specifies if the auth method is local only.
         """
@@ -1799,7 +1992,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="maxPageSize")
-    def max_page_size(self) -> pulumi.Output[Optional[int]]:
+    def max_page_size(self) -> pulumi.Output[Optional[builtins.int]]:
         """
         Sets the max page size for LDAP lookups, by default it's set to -1.
         *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
@@ -1808,7 +2001,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def namespace(self) -> pulumi.Output[Optional[str]]:
+    def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -1819,15 +2012,43 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def path(self) -> pulumi.Output[Optional[str]]:
+    def path(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         Path to mount the LDAP auth backend under
         """
         return pulumi.get(self, "path")
 
+    @property
+    @pulumi.getter(name="rotationPeriod")
+    def rotation_period(self) -> pulumi.Output[Optional[builtins.int]]:
+        """
+        The amount of time in seconds Vault should wait before rotating the root credential.
+        A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_period")
+
+    @property
+    @pulumi.getter(name="rotationSchedule")
+    def rotation_schedule(self) -> pulumi.Output[Optional[builtins.str]]:
+        """
+        The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+        defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_schedule")
+
+    @property
+    @pulumi.getter(name="rotationWindow")
+    def rotation_window(self) -> pulumi.Output[Optional[builtins.int]]:
+        """
+        The maximum amount of time in seconds allowed to complete
+        a rotation when a scheduled token rotation occurs. The default rotation window is
+        unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_window")
+
     @property
     @pulumi.getter
-    def starttls(self) -> pulumi.Output[bool]:
+    def starttls(self) -> pulumi.Output[builtins.bool]:
         """
         Control use of TLS when conecting to LDAP
         """
@@ -1835,7 +2056,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="tlsMaxVersion")
-    def tls_max_version(self) -> pulumi.Output[str]:
+    def tls_max_version(self) -> pulumi.Output[builtins.str]:
         """
         Maximum acceptable version of TLS
         """
@@ -1843,7 +2064,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="tlsMinVersion")
-    def tls_min_version(self) -> pulumi.Output[str]:
+    def tls_min_version(self) -> pulumi.Output[builtins.str]:
         """
         Minimum acceptable version of TLS
         """
@@ -1851,7 +2072,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="tokenBoundCidrs")
-    def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
+    def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
         """
         Specifies the blocks of IP addresses which are allowed to use the generated token
         """
@@ -1859,7 +2080,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="tokenExplicitMaxTtl")
-    def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
+    def token_explicit_max_ttl(self) -> pulumi.Output[Optional[builtins.int]]:
         """
         Generated Token's Explicit Maximum TTL in seconds
         """
@@ -1867,7 +2088,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="tokenMaxTtl")
-    def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
+    def token_max_ttl(self) -> pulumi.Output[Optional[builtins.int]]:
         """
         The maximum lifetime of the generated token
         """
@@ -1875,7 +2096,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="tokenNoDefaultPolicy")
-    def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
+    def token_no_default_policy(self) -> pulumi.Output[Optional[builtins.bool]]:
         """
         If true, the 'default' policy will not automatically be added to generated tokens
         """
@@ -1883,7 +2104,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="tokenNumUses")
-    def token_num_uses(self) -> pulumi.Output[Optional[int]]:
+    def token_num_uses(self) -> pulumi.Output[Optional[builtins.int]]:
         """
         The maximum number of times a token may be used, a value of zero means unlimited
         """
@@ -1891,7 +2112,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="tokenPeriod")
-    def token_period(self) -> pulumi.Output[Optional[int]]:
+    def token_period(self) -> pulumi.Output[Optional[builtins.int]]:
         """
         Generated Token's Period
         """
@@ -1899,7 +2120,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="tokenPolicies")
-    def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
+    def token_policies(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
         """
         Generated Token's Policies
         """
@@ -1907,7 +2128,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="tokenTtl")
-    def token_ttl(self) -> pulumi.Output[Optional[int]]:
+    def token_ttl(self) -> pulumi.Output[Optional[builtins.int]]:
         """
         The initial ttl of the token to generate in seconds
         """
@@ -1915,7 +2136,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="tokenType")
-    def token_type(self) -> pulumi.Output[Optional[str]]:
+    def token_type(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         The type of token to generate, service or batch
         """
@@ -1923,7 +2144,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def upndomain(self) -> pulumi.Output[str]:
+    def upndomain(self) -> pulumi.Output[builtins.str]:
         """
         The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
         """
@@ -1931,7 +2152,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def url(self) -> pulumi.Output[str]:
+    def url(self) -> pulumi.Output[builtins.str]:
         """
         The URL of the LDAP server
         """
@@ -1939,7 +2160,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="useTokenGroups")
-    def use_token_groups(self) -> pulumi.Output[bool]:
+    def use_token_groups(self) -> pulumi.Output[builtins.bool]:
         """
         Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
         """
@@ -1947,7 +2168,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def userattr(self) -> pulumi.Output[str]:
+    def userattr(self) -> pulumi.Output[builtins.str]:
         """
         Attribute on user object matching username passed in
         """
@@ -1955,7 +2176,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def userdn(self) -> pulumi.Output[str]:
+    def userdn(self) -> pulumi.Output[builtins.str]:
         """
         Base DN under which to perform user search
         """
@@ -1963,7 +2184,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def userfilter(self) -> pulumi.Output[str]:
+    def userfilter(self) -> pulumi.Output[builtins.str]:
         """
         LDAP user search filter
         """
@@ -1971,7 +2192,7 @@ class AuthBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="usernameAsAlias")
-    def username_as_alias(self) -> pulumi.Output[bool]:
+    def username_as_alias(self) -> pulumi.Output[builtins.bool]:
         """
         Force the auth method to use the username passed by the user as the alias name.
         """