pulumi-vault 6.7.0a1743576047__py3-none-any.whl → 6.7.0a1744267302__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +1 -0
- pulumi_vault/_inputs.py +554 -553
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +253 -252
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +337 -336
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +113 -112
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +183 -182
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +239 -238
- pulumi_vault/azure/backend_role.py +141 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +2525 -2524
- pulumi_vault/database/outputs.py +1529 -1528
- pulumi_vault/database/secret_backend_connection.py +169 -168
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +179 -178
- pulumi_vault/database/secrets_mount.py +267 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +260 -259
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +232 -231
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +8 -7
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +588 -587
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +554 -553
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +56 -55
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +1 -0
- pulumi_vault/pkisecret/_inputs.py +31 -30
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +141 -140
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +323 -322
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +106 -105
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +45 -44
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -27
- pulumi_vault/pkisecret/secret_backend_cert.py +337 -336
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +197 -196
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +421 -420
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +232 -231
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +715 -714
- pulumi_vault/pkisecret/secret_backend_root_cert.py +554 -553
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +526 -525
- pulumi_vault/pkisecret/secret_backend_sign.py +281 -280
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +52 -51
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +93 -92
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +1 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +54 -53
- pulumi_vault/transit/get_verify.py +60 -59
- pulumi_vault/transit/secret_backend_key.py +274 -273
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/METADATA +1 -1
- pulumi_vault-6.7.0a1744267302.dist-info/RECORD +265 -0
- pulumi_vault-6.7.0a1743576047.dist-info/RECORD +0 -265
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/WHEEL +0 -0
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -19,48 +20,48 @@ __all__ = ['SecretBackendKeyArgs', 'SecretBackendKey']
|
|
19
20
|
@pulumi.input_type
|
20
21
|
class SecretBackendKeyArgs:
|
21
22
|
def __init__(__self__, *,
|
22
|
-
backend: pulumi.Input[str],
|
23
|
-
allow_plaintext_backup: Optional[pulumi.Input[bool]] = None,
|
24
|
-
auto_rotate_period: Optional[pulumi.Input[int]] = None,
|
25
|
-
convergent_encryption: Optional[pulumi.Input[bool]] = None,
|
26
|
-
deletion_allowed: Optional[pulumi.Input[bool]] = None,
|
27
|
-
derived: Optional[pulumi.Input[bool]] = None,
|
28
|
-
exportable: Optional[pulumi.Input[bool]] = None,
|
29
|
-
hybrid_key_type_ec: Optional[pulumi.Input[str]] = None,
|
30
|
-
hybrid_key_type_pqc: Optional[pulumi.Input[str]] = None,
|
31
|
-
key_size: Optional[pulumi.Input[int]] = None,
|
32
|
-
min_decryption_version: Optional[pulumi.Input[int]] = None,
|
33
|
-
min_encryption_version: Optional[pulumi.Input[int]] = None,
|
34
|
-
name: Optional[pulumi.Input[str]] = None,
|
35
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
36
|
-
parameter_set: Optional[pulumi.Input[str]] = None,
|
37
|
-
type: Optional[pulumi.Input[str]] = None):
|
23
|
+
backend: pulumi.Input[builtins.str],
|
24
|
+
allow_plaintext_backup: Optional[pulumi.Input[builtins.bool]] = None,
|
25
|
+
auto_rotate_period: Optional[pulumi.Input[builtins.int]] = None,
|
26
|
+
convergent_encryption: Optional[pulumi.Input[builtins.bool]] = None,
|
27
|
+
deletion_allowed: Optional[pulumi.Input[builtins.bool]] = None,
|
28
|
+
derived: Optional[pulumi.Input[builtins.bool]] = None,
|
29
|
+
exportable: Optional[pulumi.Input[builtins.bool]] = None,
|
30
|
+
hybrid_key_type_ec: Optional[pulumi.Input[builtins.str]] = None,
|
31
|
+
hybrid_key_type_pqc: Optional[pulumi.Input[builtins.str]] = None,
|
32
|
+
key_size: Optional[pulumi.Input[builtins.int]] = None,
|
33
|
+
min_decryption_version: Optional[pulumi.Input[builtins.int]] = None,
|
34
|
+
min_encryption_version: Optional[pulumi.Input[builtins.int]] = None,
|
35
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
36
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
37
|
+
parameter_set: Optional[pulumi.Input[builtins.str]] = None,
|
38
|
+
type: Optional[pulumi.Input[builtins.str]] = None):
|
38
39
|
"""
|
39
40
|
The set of arguments for constructing a SecretBackendKey resource.
|
40
|
-
:param pulumi.Input[str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
|
41
|
-
:param pulumi.Input[bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
|
41
|
+
:param pulumi.Input[builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
|
42
|
+
:param pulumi.Input[builtins.bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
|
42
43
|
* Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
|
43
|
-
:param pulumi.Input[int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
|
44
|
+
:param pulumi.Input[builtins.int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
|
44
45
|
A value of 0 disables automatic rotation for the key.
|
45
|
-
:param pulumi.Input[bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
|
46
|
-
:param pulumi.Input[bool] deletion_allowed: Specifies if the key is allowed to be deleted.
|
47
|
-
:param pulumi.Input[bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
|
48
|
-
:param pulumi.Input[bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
|
49
|
-
:param pulumi.Input[str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
|
46
|
+
:param pulumi.Input[builtins.bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
|
47
|
+
:param pulumi.Input[builtins.bool] deletion_allowed: Specifies if the key is allowed to be deleted.
|
48
|
+
:param pulumi.Input[builtins.bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
|
49
|
+
:param pulumi.Input[builtins.bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
|
50
|
+
:param pulumi.Input[builtins.str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
|
50
51
|
Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
|
51
|
-
:param pulumi.Input[str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
|
52
|
+
:param pulumi.Input[builtins.str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
|
52
53
|
Currently, ML-DSA is the only supported key type.
|
53
|
-
:param pulumi.Input[int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
|
54
|
-
:param pulumi.Input[int] min_decryption_version: Minimum key version to use for decryption.
|
55
|
-
:param pulumi.Input[int] min_encryption_version: Minimum key version to use for encryption
|
56
|
-
:param pulumi.Input[str] name: The name to identify this key within the backend. Must be unique within the backend.
|
57
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
54
|
+
:param pulumi.Input[builtins.int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
|
55
|
+
:param pulumi.Input[builtins.int] min_decryption_version: Minimum key version to use for decryption.
|
56
|
+
:param pulumi.Input[builtins.int] min_encryption_version: Minimum key version to use for encryption
|
57
|
+
:param pulumi.Input[builtins.str] name: The name to identify this key within the backend. Must be unique within the backend.
|
58
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
58
59
|
The value should not contain leading or trailing forward slashes.
|
59
60
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
60
61
|
*Available only for Vault Enterprise*.
|
61
|
-
:param pulumi.Input[str] parameter_set: The parameter set to use for ML-DSA. Required for
|
62
|
+
:param pulumi.Input[builtins.str] parameter_set: The parameter set to use for ML-DSA. Required for
|
62
63
|
ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
|
63
|
-
:param pulumi.Input[str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
|
64
|
+
:param pulumi.Input[builtins.str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
|
64
65
|
* Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
|
65
66
|
"""
|
66
67
|
pulumi.set(__self__, "backend", backend)
|
@@ -97,19 +98,19 @@ class SecretBackendKeyArgs:
|
|
97
98
|
|
98
99
|
@property
|
99
100
|
@pulumi.getter
|
100
|
-
def backend(self) -> pulumi.Input[str]:
|
101
|
+
def backend(self) -> pulumi.Input[builtins.str]:
|
101
102
|
"""
|
102
103
|
The path the transit secret backend is mounted at, with no leading or trailing `/`s.
|
103
104
|
"""
|
104
105
|
return pulumi.get(self, "backend")
|
105
106
|
|
106
107
|
@backend.setter
|
107
|
-
def backend(self, value: pulumi.Input[str]):
|
108
|
+
def backend(self, value: pulumi.Input[builtins.str]):
|
108
109
|
pulumi.set(self, "backend", value)
|
109
110
|
|
110
111
|
@property
|
111
112
|
@pulumi.getter(name="allowPlaintextBackup")
|
112
|
-
def allow_plaintext_backup(self) -> Optional[pulumi.Input[bool]]:
|
113
|
+
def allow_plaintext_backup(self) -> Optional[pulumi.Input[builtins.bool]]:
|
113
114
|
"""
|
114
115
|
Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
|
115
116
|
* Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
|
@@ -117,12 +118,12 @@ class SecretBackendKeyArgs:
|
|
117
118
|
return pulumi.get(self, "allow_plaintext_backup")
|
118
119
|
|
119
120
|
@allow_plaintext_backup.setter
|
120
|
-
def allow_plaintext_backup(self, value: Optional[pulumi.Input[bool]]):
|
121
|
+
def allow_plaintext_backup(self, value: Optional[pulumi.Input[builtins.bool]]):
|
121
122
|
pulumi.set(self, "allow_plaintext_backup", value)
|
122
123
|
|
123
124
|
@property
|
124
125
|
@pulumi.getter(name="autoRotatePeriod")
|
125
|
-
def auto_rotate_period(self) -> Optional[pulumi.Input[int]]:
|
126
|
+
def auto_rotate_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
126
127
|
"""
|
127
128
|
Amount of seconds the key should live before being automatically rotated.
|
128
129
|
A value of 0 disables automatic rotation for the key.
|
@@ -130,60 +131,60 @@ class SecretBackendKeyArgs:
|
|
130
131
|
return pulumi.get(self, "auto_rotate_period")
|
131
132
|
|
132
133
|
@auto_rotate_period.setter
|
133
|
-
def auto_rotate_period(self, value: Optional[pulumi.Input[int]]):
|
134
|
+
def auto_rotate_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
134
135
|
pulumi.set(self, "auto_rotate_period", value)
|
135
136
|
|
136
137
|
@property
|
137
138
|
@pulumi.getter(name="convergentEncryption")
|
138
|
-
def convergent_encryption(self) -> Optional[pulumi.Input[bool]]:
|
139
|
+
def convergent_encryption(self) -> Optional[pulumi.Input[builtins.bool]]:
|
139
140
|
"""
|
140
141
|
Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
|
141
142
|
"""
|
142
143
|
return pulumi.get(self, "convergent_encryption")
|
143
144
|
|
144
145
|
@convergent_encryption.setter
|
145
|
-
def convergent_encryption(self, value: Optional[pulumi.Input[bool]]):
|
146
|
+
def convergent_encryption(self, value: Optional[pulumi.Input[builtins.bool]]):
|
146
147
|
pulumi.set(self, "convergent_encryption", value)
|
147
148
|
|
148
149
|
@property
|
149
150
|
@pulumi.getter(name="deletionAllowed")
|
150
|
-
def deletion_allowed(self) -> Optional[pulumi.Input[bool]]:
|
151
|
+
def deletion_allowed(self) -> Optional[pulumi.Input[builtins.bool]]:
|
151
152
|
"""
|
152
153
|
Specifies if the key is allowed to be deleted.
|
153
154
|
"""
|
154
155
|
return pulumi.get(self, "deletion_allowed")
|
155
156
|
|
156
157
|
@deletion_allowed.setter
|
157
|
-
def deletion_allowed(self, value: Optional[pulumi.Input[bool]]):
|
158
|
+
def deletion_allowed(self, value: Optional[pulumi.Input[builtins.bool]]):
|
158
159
|
pulumi.set(self, "deletion_allowed", value)
|
159
160
|
|
160
161
|
@property
|
161
162
|
@pulumi.getter
|
162
|
-
def derived(self) -> Optional[pulumi.Input[bool]]:
|
163
|
+
def derived(self) -> Optional[pulumi.Input[builtins.bool]]:
|
163
164
|
"""
|
164
165
|
Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
|
165
166
|
"""
|
166
167
|
return pulumi.get(self, "derived")
|
167
168
|
|
168
169
|
@derived.setter
|
169
|
-
def derived(self, value: Optional[pulumi.Input[bool]]):
|
170
|
+
def derived(self, value: Optional[pulumi.Input[builtins.bool]]):
|
170
171
|
pulumi.set(self, "derived", value)
|
171
172
|
|
172
173
|
@property
|
173
174
|
@pulumi.getter
|
174
|
-
def exportable(self) -> Optional[pulumi.Input[bool]]:
|
175
|
+
def exportable(self) -> Optional[pulumi.Input[builtins.bool]]:
|
175
176
|
"""
|
176
177
|
Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
|
177
178
|
"""
|
178
179
|
return pulumi.get(self, "exportable")
|
179
180
|
|
180
181
|
@exportable.setter
|
181
|
-
def exportable(self, value: Optional[pulumi.Input[bool]]):
|
182
|
+
def exportable(self, value: Optional[pulumi.Input[builtins.bool]]):
|
182
183
|
pulumi.set(self, "exportable", value)
|
183
184
|
|
184
185
|
@property
|
185
186
|
@pulumi.getter(name="hybridKeyTypeEc")
|
186
|
-
def hybrid_key_type_ec(self) -> Optional[pulumi.Input[str]]:
|
187
|
+
def hybrid_key_type_ec(self) -> Optional[pulumi.Input[builtins.str]]:
|
187
188
|
"""
|
188
189
|
The elliptic curve algorithm to use for hybrid signatures.
|
189
190
|
Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
|
@@ -191,12 +192,12 @@ class SecretBackendKeyArgs:
|
|
191
192
|
return pulumi.get(self, "hybrid_key_type_ec")
|
192
193
|
|
193
194
|
@hybrid_key_type_ec.setter
|
194
|
-
def hybrid_key_type_ec(self, value: Optional[pulumi.Input[str]]):
|
195
|
+
def hybrid_key_type_ec(self, value: Optional[pulumi.Input[builtins.str]]):
|
195
196
|
pulumi.set(self, "hybrid_key_type_ec", value)
|
196
197
|
|
197
198
|
@property
|
198
199
|
@pulumi.getter(name="hybridKeyTypePqc")
|
199
|
-
def hybrid_key_type_pqc(self) -> Optional[pulumi.Input[str]]:
|
200
|
+
def hybrid_key_type_pqc(self) -> Optional[pulumi.Input[builtins.str]]:
|
200
201
|
"""
|
201
202
|
The post-quantum algorithm to use for hybrid signatures.
|
202
203
|
Currently, ML-DSA is the only supported key type.
|
@@ -204,60 +205,60 @@ class SecretBackendKeyArgs:
|
|
204
205
|
return pulumi.get(self, "hybrid_key_type_pqc")
|
205
206
|
|
206
207
|
@hybrid_key_type_pqc.setter
|
207
|
-
def hybrid_key_type_pqc(self, value: Optional[pulumi.Input[str]]):
|
208
|
+
def hybrid_key_type_pqc(self, value: Optional[pulumi.Input[builtins.str]]):
|
208
209
|
pulumi.set(self, "hybrid_key_type_pqc", value)
|
209
210
|
|
210
211
|
@property
|
211
212
|
@pulumi.getter(name="keySize")
|
212
|
-
def key_size(self) -> Optional[pulumi.Input[int]]:
|
213
|
+
def key_size(self) -> Optional[pulumi.Input[builtins.int]]:
|
213
214
|
"""
|
214
215
|
The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
|
215
216
|
"""
|
216
217
|
return pulumi.get(self, "key_size")
|
217
218
|
|
218
219
|
@key_size.setter
|
219
|
-
def key_size(self, value: Optional[pulumi.Input[int]]):
|
220
|
+
def key_size(self, value: Optional[pulumi.Input[builtins.int]]):
|
220
221
|
pulumi.set(self, "key_size", value)
|
221
222
|
|
222
223
|
@property
|
223
224
|
@pulumi.getter(name="minDecryptionVersion")
|
224
|
-
def min_decryption_version(self) -> Optional[pulumi.Input[int]]:
|
225
|
+
def min_decryption_version(self) -> Optional[pulumi.Input[builtins.int]]:
|
225
226
|
"""
|
226
227
|
Minimum key version to use for decryption.
|
227
228
|
"""
|
228
229
|
return pulumi.get(self, "min_decryption_version")
|
229
230
|
|
230
231
|
@min_decryption_version.setter
|
231
|
-
def min_decryption_version(self, value: Optional[pulumi.Input[int]]):
|
232
|
+
def min_decryption_version(self, value: Optional[pulumi.Input[builtins.int]]):
|
232
233
|
pulumi.set(self, "min_decryption_version", value)
|
233
234
|
|
234
235
|
@property
|
235
236
|
@pulumi.getter(name="minEncryptionVersion")
|
236
|
-
def min_encryption_version(self) -> Optional[pulumi.Input[int]]:
|
237
|
+
def min_encryption_version(self) -> Optional[pulumi.Input[builtins.int]]:
|
237
238
|
"""
|
238
239
|
Minimum key version to use for encryption
|
239
240
|
"""
|
240
241
|
return pulumi.get(self, "min_encryption_version")
|
241
242
|
|
242
243
|
@min_encryption_version.setter
|
243
|
-
def min_encryption_version(self, value: Optional[pulumi.Input[int]]):
|
244
|
+
def min_encryption_version(self, value: Optional[pulumi.Input[builtins.int]]):
|
244
245
|
pulumi.set(self, "min_encryption_version", value)
|
245
246
|
|
246
247
|
@property
|
247
248
|
@pulumi.getter
|
248
|
-
def name(self) -> Optional[pulumi.Input[str]]:
|
249
|
+
def name(self) -> Optional[pulumi.Input[builtins.str]]:
|
249
250
|
"""
|
250
251
|
The name to identify this key within the backend. Must be unique within the backend.
|
251
252
|
"""
|
252
253
|
return pulumi.get(self, "name")
|
253
254
|
|
254
255
|
@name.setter
|
255
|
-
def name(self, value: Optional[pulumi.Input[str]]):
|
256
|
+
def name(self, value: Optional[pulumi.Input[builtins.str]]):
|
256
257
|
pulumi.set(self, "name", value)
|
257
258
|
|
258
259
|
@property
|
259
260
|
@pulumi.getter
|
260
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
261
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
261
262
|
"""
|
262
263
|
The namespace to provision the resource in.
|
263
264
|
The value should not contain leading or trailing forward slashes.
|
@@ -267,12 +268,12 @@ class SecretBackendKeyArgs:
|
|
267
268
|
return pulumi.get(self, "namespace")
|
268
269
|
|
269
270
|
@namespace.setter
|
270
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
271
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
271
272
|
pulumi.set(self, "namespace", value)
|
272
273
|
|
273
274
|
@property
|
274
275
|
@pulumi.getter(name="parameterSet")
|
275
|
-
def parameter_set(self) -> Optional[pulumi.Input[str]]:
|
276
|
+
def parameter_set(self) -> Optional[pulumi.Input[builtins.str]]:
|
276
277
|
"""
|
277
278
|
The parameter set to use for ML-DSA. Required for
|
278
279
|
ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
|
@@ -280,12 +281,12 @@ class SecretBackendKeyArgs:
|
|
280
281
|
return pulumi.get(self, "parameter_set")
|
281
282
|
|
282
283
|
@parameter_set.setter
|
283
|
-
def parameter_set(self, value: Optional[pulumi.Input[str]]):
|
284
|
+
def parameter_set(self, value: Optional[pulumi.Input[builtins.str]]):
|
284
285
|
pulumi.set(self, "parameter_set", value)
|
285
286
|
|
286
287
|
@property
|
287
288
|
@pulumi.getter
|
288
|
-
def type(self) -> Optional[pulumi.Input[str]]:
|
289
|
+
def type(self) -> Optional[pulumi.Input[builtins.str]]:
|
289
290
|
"""
|
290
291
|
Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
|
291
292
|
* Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
|
@@ -293,71 +294,71 @@ class SecretBackendKeyArgs:
|
|
293
294
|
return pulumi.get(self, "type")
|
294
295
|
|
295
296
|
@type.setter
|
296
|
-
def type(self, value: Optional[pulumi.Input[str]]):
|
297
|
+
def type(self, value: Optional[pulumi.Input[builtins.str]]):
|
297
298
|
pulumi.set(self, "type", value)
|
298
299
|
|
299
300
|
|
300
301
|
@pulumi.input_type
|
301
302
|
class _SecretBackendKeyState:
|
302
303
|
def __init__(__self__, *,
|
303
|
-
allow_plaintext_backup: Optional[pulumi.Input[bool]] = None,
|
304
|
-
auto_rotate_period: Optional[pulumi.Input[int]] = None,
|
305
|
-
backend: Optional[pulumi.Input[str]] = None,
|
306
|
-
convergent_encryption: Optional[pulumi.Input[bool]] = None,
|
307
|
-
deletion_allowed: Optional[pulumi.Input[bool]] = None,
|
308
|
-
derived: Optional[pulumi.Input[bool]] = None,
|
309
|
-
exportable: Optional[pulumi.Input[bool]] = None,
|
310
|
-
hybrid_key_type_ec: Optional[pulumi.Input[str]] = None,
|
311
|
-
hybrid_key_type_pqc: Optional[pulumi.Input[str]] = None,
|
312
|
-
key_size: Optional[pulumi.Input[int]] = None,
|
313
|
-
keys: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[str]]]]]] = None,
|
314
|
-
latest_version: Optional[pulumi.Input[int]] = None,
|
315
|
-
min_available_version: Optional[pulumi.Input[int]] = None,
|
316
|
-
min_decryption_version: Optional[pulumi.Input[int]] = None,
|
317
|
-
min_encryption_version: Optional[pulumi.Input[int]] = None,
|
318
|
-
name: Optional[pulumi.Input[str]] = None,
|
319
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
320
|
-
parameter_set: Optional[pulumi.Input[str]] = None,
|
321
|
-
supports_decryption: Optional[pulumi.Input[bool]] = None,
|
322
|
-
supports_derivation: Optional[pulumi.Input[bool]] = None,
|
323
|
-
supports_encryption: Optional[pulumi.Input[bool]] = None,
|
324
|
-
supports_signing: Optional[pulumi.Input[bool]] = None,
|
325
|
-
type: Optional[pulumi.Input[str]] = None):
|
304
|
+
allow_plaintext_backup: Optional[pulumi.Input[builtins.bool]] = None,
|
305
|
+
auto_rotate_period: Optional[pulumi.Input[builtins.int]] = None,
|
306
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
307
|
+
convergent_encryption: Optional[pulumi.Input[builtins.bool]] = None,
|
308
|
+
deletion_allowed: Optional[pulumi.Input[builtins.bool]] = None,
|
309
|
+
derived: Optional[pulumi.Input[builtins.bool]] = None,
|
310
|
+
exportable: Optional[pulumi.Input[builtins.bool]] = None,
|
311
|
+
hybrid_key_type_ec: Optional[pulumi.Input[builtins.str]] = None,
|
312
|
+
hybrid_key_type_pqc: Optional[pulumi.Input[builtins.str]] = None,
|
313
|
+
key_size: Optional[pulumi.Input[builtins.int]] = None,
|
314
|
+
keys: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]]] = None,
|
315
|
+
latest_version: Optional[pulumi.Input[builtins.int]] = None,
|
316
|
+
min_available_version: Optional[pulumi.Input[builtins.int]] = None,
|
317
|
+
min_decryption_version: Optional[pulumi.Input[builtins.int]] = None,
|
318
|
+
min_encryption_version: Optional[pulumi.Input[builtins.int]] = None,
|
319
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
320
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
321
|
+
parameter_set: Optional[pulumi.Input[builtins.str]] = None,
|
322
|
+
supports_decryption: Optional[pulumi.Input[builtins.bool]] = None,
|
323
|
+
supports_derivation: Optional[pulumi.Input[builtins.bool]] = None,
|
324
|
+
supports_encryption: Optional[pulumi.Input[builtins.bool]] = None,
|
325
|
+
supports_signing: Optional[pulumi.Input[builtins.bool]] = None,
|
326
|
+
type: Optional[pulumi.Input[builtins.str]] = None):
|
326
327
|
"""
|
327
328
|
Input properties used for looking up and filtering SecretBackendKey resources.
|
328
|
-
:param pulumi.Input[bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
|
329
|
+
:param pulumi.Input[builtins.bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
|
329
330
|
* Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
|
330
|
-
:param pulumi.Input[int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
|
331
|
+
:param pulumi.Input[builtins.int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
|
331
332
|
A value of 0 disables automatic rotation for the key.
|
332
|
-
:param pulumi.Input[str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
|
333
|
-
:param pulumi.Input[bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
|
334
|
-
:param pulumi.Input[bool] deletion_allowed: Specifies if the key is allowed to be deleted.
|
335
|
-
:param pulumi.Input[bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
|
336
|
-
:param pulumi.Input[bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
|
337
|
-
:param pulumi.Input[str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
|
333
|
+
:param pulumi.Input[builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
|
334
|
+
:param pulumi.Input[builtins.bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
|
335
|
+
:param pulumi.Input[builtins.bool] deletion_allowed: Specifies if the key is allowed to be deleted.
|
336
|
+
:param pulumi.Input[builtins.bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
|
337
|
+
:param pulumi.Input[builtins.bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
|
338
|
+
:param pulumi.Input[builtins.str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
|
338
339
|
Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
|
339
|
-
:param pulumi.Input[str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
|
340
|
+
:param pulumi.Input[builtins.str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
|
340
341
|
Currently, ML-DSA is the only supported key type.
|
341
|
-
:param pulumi.Input[int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
|
342
|
-
:param pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[str]]]]] keys: List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
|
342
|
+
:param pulumi.Input[builtins.int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
|
343
|
+
:param pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]] keys: List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
|
343
344
|
* for key types `aes128-gcm96`, `aes256-gcm96` and `chacha20-poly1305`, each key version will be a map of a single value `id` which is just a hash of the key's metadata.
|
344
345
|
* for key types `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `rsa-2048`, `rsa-3072` and `rsa-4096`, each key version will be a map of the following:
|
345
|
-
:param pulumi.Input[int] latest_version: Latest key version available. This value is 1-indexed, so if `latest_version` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
|
346
|
-
:param pulumi.Input[int] min_available_version: Minimum key version available for use. If keys have been archived by increasing `min_decryption_version`, this attribute will reflect that change.
|
347
|
-
:param pulumi.Input[int] min_decryption_version: Minimum key version to use for decryption.
|
348
|
-
:param pulumi.Input[int] min_encryption_version: Minimum key version to use for encryption
|
349
|
-
:param pulumi.Input[str] name: The name to identify this key within the backend. Must be unique within the backend.
|
350
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
346
|
+
:param pulumi.Input[builtins.int] latest_version: Latest key version available. This value is 1-indexed, so if `latest_version` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
|
347
|
+
:param pulumi.Input[builtins.int] min_available_version: Minimum key version available for use. If keys have been archived by increasing `min_decryption_version`, this attribute will reflect that change.
|
348
|
+
:param pulumi.Input[builtins.int] min_decryption_version: Minimum key version to use for decryption.
|
349
|
+
:param pulumi.Input[builtins.int] min_encryption_version: Minimum key version to use for encryption
|
350
|
+
:param pulumi.Input[builtins.str] name: The name to identify this key within the backend. Must be unique within the backend.
|
351
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
351
352
|
The value should not contain leading or trailing forward slashes.
|
352
353
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
353
354
|
*Available only for Vault Enterprise*.
|
354
|
-
:param pulumi.Input[str] parameter_set: The parameter set to use for ML-DSA. Required for
|
355
|
+
:param pulumi.Input[builtins.str] parameter_set: The parameter set to use for ML-DSA. Required for
|
355
356
|
ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
|
356
|
-
:param pulumi.Input[bool] supports_decryption: Whether or not the key supports decryption, based on key type.
|
357
|
-
:param pulumi.Input[bool] supports_derivation: Whether or not the key supports derivation, based on key type.
|
358
|
-
:param pulumi.Input[bool] supports_encryption: Whether or not the key supports encryption, based on key type.
|
359
|
-
:param pulumi.Input[bool] supports_signing: Whether or not the key supports signing, based on key type.
|
360
|
-
:param pulumi.Input[str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
|
357
|
+
:param pulumi.Input[builtins.bool] supports_decryption: Whether or not the key supports decryption, based on key type.
|
358
|
+
:param pulumi.Input[builtins.bool] supports_derivation: Whether or not the key supports derivation, based on key type.
|
359
|
+
:param pulumi.Input[builtins.bool] supports_encryption: Whether or not the key supports encryption, based on key type.
|
360
|
+
:param pulumi.Input[builtins.bool] supports_signing: Whether or not the key supports signing, based on key type.
|
361
|
+
:param pulumi.Input[builtins.str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
|
361
362
|
* Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
|
362
363
|
"""
|
363
364
|
if allow_plaintext_backup is not None:
|
@@ -409,7 +410,7 @@ class _SecretBackendKeyState:
|
|
409
410
|
|
410
411
|
@property
|
411
412
|
@pulumi.getter(name="allowPlaintextBackup")
|
412
|
-
def allow_plaintext_backup(self) -> Optional[pulumi.Input[bool]]:
|
413
|
+
def allow_plaintext_backup(self) -> Optional[pulumi.Input[builtins.bool]]:
|
413
414
|
"""
|
414
415
|
Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
|
415
416
|
* Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
|
@@ -417,12 +418,12 @@ class _SecretBackendKeyState:
|
|
417
418
|
return pulumi.get(self, "allow_plaintext_backup")
|
418
419
|
|
419
420
|
@allow_plaintext_backup.setter
|
420
|
-
def allow_plaintext_backup(self, value: Optional[pulumi.Input[bool]]):
|
421
|
+
def allow_plaintext_backup(self, value: Optional[pulumi.Input[builtins.bool]]):
|
421
422
|
pulumi.set(self, "allow_plaintext_backup", value)
|
422
423
|
|
423
424
|
@property
|
424
425
|
@pulumi.getter(name="autoRotatePeriod")
|
425
|
-
def auto_rotate_period(self) -> Optional[pulumi.Input[int]]:
|
426
|
+
def auto_rotate_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
426
427
|
"""
|
427
428
|
Amount of seconds the key should live before being automatically rotated.
|
428
429
|
A value of 0 disables automatic rotation for the key.
|
@@ -430,72 +431,72 @@ class _SecretBackendKeyState:
|
|
430
431
|
return pulumi.get(self, "auto_rotate_period")
|
431
432
|
|
432
433
|
@auto_rotate_period.setter
|
433
|
-
def auto_rotate_period(self, value: Optional[pulumi.Input[int]]):
|
434
|
+
def auto_rotate_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
434
435
|
pulumi.set(self, "auto_rotate_period", value)
|
435
436
|
|
436
437
|
@property
|
437
438
|
@pulumi.getter
|
438
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
439
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
439
440
|
"""
|
440
441
|
The path the transit secret backend is mounted at, with no leading or trailing `/`s.
|
441
442
|
"""
|
442
443
|
return pulumi.get(self, "backend")
|
443
444
|
|
444
445
|
@backend.setter
|
445
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
446
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
446
447
|
pulumi.set(self, "backend", value)
|
447
448
|
|
448
449
|
@property
|
449
450
|
@pulumi.getter(name="convergentEncryption")
|
450
|
-
def convergent_encryption(self) -> Optional[pulumi.Input[bool]]:
|
451
|
+
def convergent_encryption(self) -> Optional[pulumi.Input[builtins.bool]]:
|
451
452
|
"""
|
452
453
|
Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
|
453
454
|
"""
|
454
455
|
return pulumi.get(self, "convergent_encryption")
|
455
456
|
|
456
457
|
@convergent_encryption.setter
|
457
|
-
def convergent_encryption(self, value: Optional[pulumi.Input[bool]]):
|
458
|
+
def convergent_encryption(self, value: Optional[pulumi.Input[builtins.bool]]):
|
458
459
|
pulumi.set(self, "convergent_encryption", value)
|
459
460
|
|
460
461
|
@property
|
461
462
|
@pulumi.getter(name="deletionAllowed")
|
462
|
-
def deletion_allowed(self) -> Optional[pulumi.Input[bool]]:
|
463
|
+
def deletion_allowed(self) -> Optional[pulumi.Input[builtins.bool]]:
|
463
464
|
"""
|
464
465
|
Specifies if the key is allowed to be deleted.
|
465
466
|
"""
|
466
467
|
return pulumi.get(self, "deletion_allowed")
|
467
468
|
|
468
469
|
@deletion_allowed.setter
|
469
|
-
def deletion_allowed(self, value: Optional[pulumi.Input[bool]]):
|
470
|
+
def deletion_allowed(self, value: Optional[pulumi.Input[builtins.bool]]):
|
470
471
|
pulumi.set(self, "deletion_allowed", value)
|
471
472
|
|
472
473
|
@property
|
473
474
|
@pulumi.getter
|
474
|
-
def derived(self) -> Optional[pulumi.Input[bool]]:
|
475
|
+
def derived(self) -> Optional[pulumi.Input[builtins.bool]]:
|
475
476
|
"""
|
476
477
|
Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
|
477
478
|
"""
|
478
479
|
return pulumi.get(self, "derived")
|
479
480
|
|
480
481
|
@derived.setter
|
481
|
-
def derived(self, value: Optional[pulumi.Input[bool]]):
|
482
|
+
def derived(self, value: Optional[pulumi.Input[builtins.bool]]):
|
482
483
|
pulumi.set(self, "derived", value)
|
483
484
|
|
484
485
|
@property
|
485
486
|
@pulumi.getter
|
486
|
-
def exportable(self) -> Optional[pulumi.Input[bool]]:
|
487
|
+
def exportable(self) -> Optional[pulumi.Input[builtins.bool]]:
|
487
488
|
"""
|
488
489
|
Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
|
489
490
|
"""
|
490
491
|
return pulumi.get(self, "exportable")
|
491
492
|
|
492
493
|
@exportable.setter
|
493
|
-
def exportable(self, value: Optional[pulumi.Input[bool]]):
|
494
|
+
def exportable(self, value: Optional[pulumi.Input[builtins.bool]]):
|
494
495
|
pulumi.set(self, "exportable", value)
|
495
496
|
|
496
497
|
@property
|
497
498
|
@pulumi.getter(name="hybridKeyTypeEc")
|
498
|
-
def hybrid_key_type_ec(self) -> Optional[pulumi.Input[str]]:
|
499
|
+
def hybrid_key_type_ec(self) -> Optional[pulumi.Input[builtins.str]]:
|
499
500
|
"""
|
500
501
|
The elliptic curve algorithm to use for hybrid signatures.
|
501
502
|
Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
|
@@ -503,12 +504,12 @@ class _SecretBackendKeyState:
|
|
503
504
|
return pulumi.get(self, "hybrid_key_type_ec")
|
504
505
|
|
505
506
|
@hybrid_key_type_ec.setter
|
506
|
-
def hybrid_key_type_ec(self, value: Optional[pulumi.Input[str]]):
|
507
|
+
def hybrid_key_type_ec(self, value: Optional[pulumi.Input[builtins.str]]):
|
507
508
|
pulumi.set(self, "hybrid_key_type_ec", value)
|
508
509
|
|
509
510
|
@property
|
510
511
|
@pulumi.getter(name="hybridKeyTypePqc")
|
511
|
-
def hybrid_key_type_pqc(self) -> Optional[pulumi.Input[str]]:
|
512
|
+
def hybrid_key_type_pqc(self) -> Optional[pulumi.Input[builtins.str]]:
|
512
513
|
"""
|
513
514
|
The post-quantum algorithm to use for hybrid signatures.
|
514
515
|
Currently, ML-DSA is the only supported key type.
|
@@ -516,24 +517,24 @@ class _SecretBackendKeyState:
|
|
516
517
|
return pulumi.get(self, "hybrid_key_type_pqc")
|
517
518
|
|
518
519
|
@hybrid_key_type_pqc.setter
|
519
|
-
def hybrid_key_type_pqc(self, value: Optional[pulumi.Input[str]]):
|
520
|
+
def hybrid_key_type_pqc(self, value: Optional[pulumi.Input[builtins.str]]):
|
520
521
|
pulumi.set(self, "hybrid_key_type_pqc", value)
|
521
522
|
|
522
523
|
@property
|
523
524
|
@pulumi.getter(name="keySize")
|
524
|
-
def key_size(self) -> Optional[pulumi.Input[int]]:
|
525
|
+
def key_size(self) -> Optional[pulumi.Input[builtins.int]]:
|
525
526
|
"""
|
526
527
|
The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
|
527
528
|
"""
|
528
529
|
return pulumi.get(self, "key_size")
|
529
530
|
|
530
531
|
@key_size.setter
|
531
|
-
def key_size(self, value: Optional[pulumi.Input[int]]):
|
532
|
+
def key_size(self, value: Optional[pulumi.Input[builtins.int]]):
|
532
533
|
pulumi.set(self, "key_size", value)
|
533
534
|
|
534
535
|
@property
|
535
536
|
@pulumi.getter
|
536
|
-
def keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[str]]]]]]:
|
537
|
+
def keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]]]:
|
537
538
|
"""
|
538
539
|
List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
|
539
540
|
* for key types `aes128-gcm96`, `aes256-gcm96` and `chacha20-poly1305`, each key version will be a map of a single value `id` which is just a hash of the key's metadata.
|
@@ -542,72 +543,72 @@ class _SecretBackendKeyState:
|
|
542
543
|
return pulumi.get(self, "keys")
|
543
544
|
|
544
545
|
@keys.setter
|
545
|
-
def keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[str]]]]]]):
|
546
|
+
def keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]]]):
|
546
547
|
pulumi.set(self, "keys", value)
|
547
548
|
|
548
549
|
@property
|
549
550
|
@pulumi.getter(name="latestVersion")
|
550
|
-
def latest_version(self) -> Optional[pulumi.Input[int]]:
|
551
|
+
def latest_version(self) -> Optional[pulumi.Input[builtins.int]]:
|
551
552
|
"""
|
552
553
|
Latest key version available. This value is 1-indexed, so if `latest_version` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
|
553
554
|
"""
|
554
555
|
return pulumi.get(self, "latest_version")
|
555
556
|
|
556
557
|
@latest_version.setter
|
557
|
-
def latest_version(self, value: Optional[pulumi.Input[int]]):
|
558
|
+
def latest_version(self, value: Optional[pulumi.Input[builtins.int]]):
|
558
559
|
pulumi.set(self, "latest_version", value)
|
559
560
|
|
560
561
|
@property
|
561
562
|
@pulumi.getter(name="minAvailableVersion")
|
562
|
-
def min_available_version(self) -> Optional[pulumi.Input[int]]:
|
563
|
+
def min_available_version(self) -> Optional[pulumi.Input[builtins.int]]:
|
563
564
|
"""
|
564
565
|
Minimum key version available for use. If keys have been archived by increasing `min_decryption_version`, this attribute will reflect that change.
|
565
566
|
"""
|
566
567
|
return pulumi.get(self, "min_available_version")
|
567
568
|
|
568
569
|
@min_available_version.setter
|
569
|
-
def min_available_version(self, value: Optional[pulumi.Input[int]]):
|
570
|
+
def min_available_version(self, value: Optional[pulumi.Input[builtins.int]]):
|
570
571
|
pulumi.set(self, "min_available_version", value)
|
571
572
|
|
572
573
|
@property
|
573
574
|
@pulumi.getter(name="minDecryptionVersion")
|
574
|
-
def min_decryption_version(self) -> Optional[pulumi.Input[int]]:
|
575
|
+
def min_decryption_version(self) -> Optional[pulumi.Input[builtins.int]]:
|
575
576
|
"""
|
576
577
|
Minimum key version to use for decryption.
|
577
578
|
"""
|
578
579
|
return pulumi.get(self, "min_decryption_version")
|
579
580
|
|
580
581
|
@min_decryption_version.setter
|
581
|
-
def min_decryption_version(self, value: Optional[pulumi.Input[int]]):
|
582
|
+
def min_decryption_version(self, value: Optional[pulumi.Input[builtins.int]]):
|
582
583
|
pulumi.set(self, "min_decryption_version", value)
|
583
584
|
|
584
585
|
@property
|
585
586
|
@pulumi.getter(name="minEncryptionVersion")
|
586
|
-
def min_encryption_version(self) -> Optional[pulumi.Input[int]]:
|
587
|
+
def min_encryption_version(self) -> Optional[pulumi.Input[builtins.int]]:
|
587
588
|
"""
|
588
589
|
Minimum key version to use for encryption
|
589
590
|
"""
|
590
591
|
return pulumi.get(self, "min_encryption_version")
|
591
592
|
|
592
593
|
@min_encryption_version.setter
|
593
|
-
def min_encryption_version(self, value: Optional[pulumi.Input[int]]):
|
594
|
+
def min_encryption_version(self, value: Optional[pulumi.Input[builtins.int]]):
|
594
595
|
pulumi.set(self, "min_encryption_version", value)
|
595
596
|
|
596
597
|
@property
|
597
598
|
@pulumi.getter
|
598
|
-
def name(self) -> Optional[pulumi.Input[str]]:
|
599
|
+
def name(self) -> Optional[pulumi.Input[builtins.str]]:
|
599
600
|
"""
|
600
601
|
The name to identify this key within the backend. Must be unique within the backend.
|
601
602
|
"""
|
602
603
|
return pulumi.get(self, "name")
|
603
604
|
|
604
605
|
@name.setter
|
605
|
-
def name(self, value: Optional[pulumi.Input[str]]):
|
606
|
+
def name(self, value: Optional[pulumi.Input[builtins.str]]):
|
606
607
|
pulumi.set(self, "name", value)
|
607
608
|
|
608
609
|
@property
|
609
610
|
@pulumi.getter
|
610
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
611
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
611
612
|
"""
|
612
613
|
The namespace to provision the resource in.
|
613
614
|
The value should not contain leading or trailing forward slashes.
|
@@ -617,12 +618,12 @@ class _SecretBackendKeyState:
|
|
617
618
|
return pulumi.get(self, "namespace")
|
618
619
|
|
619
620
|
@namespace.setter
|
620
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
621
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
621
622
|
pulumi.set(self, "namespace", value)
|
622
623
|
|
623
624
|
@property
|
624
625
|
@pulumi.getter(name="parameterSet")
|
625
|
-
def parameter_set(self) -> Optional[pulumi.Input[str]]:
|
626
|
+
def parameter_set(self) -> Optional[pulumi.Input[builtins.str]]:
|
626
627
|
"""
|
627
628
|
The parameter set to use for ML-DSA. Required for
|
628
629
|
ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
|
@@ -630,60 +631,60 @@ class _SecretBackendKeyState:
|
|
630
631
|
return pulumi.get(self, "parameter_set")
|
631
632
|
|
632
633
|
@parameter_set.setter
|
633
|
-
def parameter_set(self, value: Optional[pulumi.Input[str]]):
|
634
|
+
def parameter_set(self, value: Optional[pulumi.Input[builtins.str]]):
|
634
635
|
pulumi.set(self, "parameter_set", value)
|
635
636
|
|
636
637
|
@property
|
637
638
|
@pulumi.getter(name="supportsDecryption")
|
638
|
-
def supports_decryption(self) -> Optional[pulumi.Input[bool]]:
|
639
|
+
def supports_decryption(self) -> Optional[pulumi.Input[builtins.bool]]:
|
639
640
|
"""
|
640
641
|
Whether or not the key supports decryption, based on key type.
|
641
642
|
"""
|
642
643
|
return pulumi.get(self, "supports_decryption")
|
643
644
|
|
644
645
|
@supports_decryption.setter
|
645
|
-
def supports_decryption(self, value: Optional[pulumi.Input[bool]]):
|
646
|
+
def supports_decryption(self, value: Optional[pulumi.Input[builtins.bool]]):
|
646
647
|
pulumi.set(self, "supports_decryption", value)
|
647
648
|
|
648
649
|
@property
|
649
650
|
@pulumi.getter(name="supportsDerivation")
|
650
|
-
def supports_derivation(self) -> Optional[pulumi.Input[bool]]:
|
651
|
+
def supports_derivation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
651
652
|
"""
|
652
653
|
Whether or not the key supports derivation, based on key type.
|
653
654
|
"""
|
654
655
|
return pulumi.get(self, "supports_derivation")
|
655
656
|
|
656
657
|
@supports_derivation.setter
|
657
|
-
def supports_derivation(self, value: Optional[pulumi.Input[bool]]):
|
658
|
+
def supports_derivation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
658
659
|
pulumi.set(self, "supports_derivation", value)
|
659
660
|
|
660
661
|
@property
|
661
662
|
@pulumi.getter(name="supportsEncryption")
|
662
|
-
def supports_encryption(self) -> Optional[pulumi.Input[bool]]:
|
663
|
+
def supports_encryption(self) -> Optional[pulumi.Input[builtins.bool]]:
|
663
664
|
"""
|
664
665
|
Whether or not the key supports encryption, based on key type.
|
665
666
|
"""
|
666
667
|
return pulumi.get(self, "supports_encryption")
|
667
668
|
|
668
669
|
@supports_encryption.setter
|
669
|
-
def supports_encryption(self, value: Optional[pulumi.Input[bool]]):
|
670
|
+
def supports_encryption(self, value: Optional[pulumi.Input[builtins.bool]]):
|
670
671
|
pulumi.set(self, "supports_encryption", value)
|
671
672
|
|
672
673
|
@property
|
673
674
|
@pulumi.getter(name="supportsSigning")
|
674
|
-
def supports_signing(self) -> Optional[pulumi.Input[bool]]:
|
675
|
+
def supports_signing(self) -> Optional[pulumi.Input[builtins.bool]]:
|
675
676
|
"""
|
676
677
|
Whether or not the key supports signing, based on key type.
|
677
678
|
"""
|
678
679
|
return pulumi.get(self, "supports_signing")
|
679
680
|
|
680
681
|
@supports_signing.setter
|
681
|
-
def supports_signing(self, value: Optional[pulumi.Input[bool]]):
|
682
|
+
def supports_signing(self, value: Optional[pulumi.Input[builtins.bool]]):
|
682
683
|
pulumi.set(self, "supports_signing", value)
|
683
684
|
|
684
685
|
@property
|
685
686
|
@pulumi.getter
|
686
|
-
def type(self) -> Optional[pulumi.Input[str]]:
|
687
|
+
def type(self) -> Optional[pulumi.Input[builtins.str]]:
|
687
688
|
"""
|
688
689
|
Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
|
689
690
|
* Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
|
@@ -691,7 +692,7 @@ class _SecretBackendKeyState:
|
|
691
692
|
return pulumi.get(self, "type")
|
692
693
|
|
693
694
|
@type.setter
|
694
|
-
def type(self, value: Optional[pulumi.Input[str]]):
|
695
|
+
def type(self, value: Optional[pulumi.Input[builtins.str]]):
|
695
696
|
pulumi.set(self, "type", value)
|
696
697
|
|
697
698
|
|
@@ -700,22 +701,22 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
700
701
|
def __init__(__self__,
|
701
702
|
resource_name: str,
|
702
703
|
opts: Optional[pulumi.ResourceOptions] = None,
|
703
|
-
allow_plaintext_backup: Optional[pulumi.Input[bool]] = None,
|
704
|
-
auto_rotate_period: Optional[pulumi.Input[int]] = None,
|
705
|
-
backend: Optional[pulumi.Input[str]] = None,
|
706
|
-
convergent_encryption: Optional[pulumi.Input[bool]] = None,
|
707
|
-
deletion_allowed: Optional[pulumi.Input[bool]] = None,
|
708
|
-
derived: Optional[pulumi.Input[bool]] = None,
|
709
|
-
exportable: Optional[pulumi.Input[bool]] = None,
|
710
|
-
hybrid_key_type_ec: Optional[pulumi.Input[str]] = None,
|
711
|
-
hybrid_key_type_pqc: Optional[pulumi.Input[str]] = None,
|
712
|
-
key_size: Optional[pulumi.Input[int]] = None,
|
713
|
-
min_decryption_version: Optional[pulumi.Input[int]] = None,
|
714
|
-
min_encryption_version: Optional[pulumi.Input[int]] = None,
|
715
|
-
name: Optional[pulumi.Input[str]] = None,
|
716
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
717
|
-
parameter_set: Optional[pulumi.Input[str]] = None,
|
718
|
-
type: Optional[pulumi.Input[str]] = None,
|
704
|
+
allow_plaintext_backup: Optional[pulumi.Input[builtins.bool]] = None,
|
705
|
+
auto_rotate_period: Optional[pulumi.Input[builtins.int]] = None,
|
706
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
707
|
+
convergent_encryption: Optional[pulumi.Input[builtins.bool]] = None,
|
708
|
+
deletion_allowed: Optional[pulumi.Input[builtins.bool]] = None,
|
709
|
+
derived: Optional[pulumi.Input[builtins.bool]] = None,
|
710
|
+
exportable: Optional[pulumi.Input[builtins.bool]] = None,
|
711
|
+
hybrid_key_type_ec: Optional[pulumi.Input[builtins.str]] = None,
|
712
|
+
hybrid_key_type_pqc: Optional[pulumi.Input[builtins.str]] = None,
|
713
|
+
key_size: Optional[pulumi.Input[builtins.int]] = None,
|
714
|
+
min_decryption_version: Optional[pulumi.Input[builtins.int]] = None,
|
715
|
+
min_encryption_version: Optional[pulumi.Input[builtins.int]] = None,
|
716
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
717
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
718
|
+
parameter_set: Optional[pulumi.Input[builtins.str]] = None,
|
719
|
+
type: Optional[pulumi.Input[builtins.str]] = None,
|
719
720
|
__props__=None):
|
720
721
|
"""
|
721
722
|
Creates an Encryption Keyring on a Transit Secret Backend for Vault.
|
@@ -747,30 +748,30 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
747
748
|
|
748
749
|
:param str resource_name: The name of the resource.
|
749
750
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
750
|
-
:param pulumi.Input[bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
|
751
|
+
:param pulumi.Input[builtins.bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
|
751
752
|
* Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
|
752
|
-
:param pulumi.Input[int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
|
753
|
+
:param pulumi.Input[builtins.int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
|
753
754
|
A value of 0 disables automatic rotation for the key.
|
754
|
-
:param pulumi.Input[str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
|
755
|
-
:param pulumi.Input[bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
|
756
|
-
:param pulumi.Input[bool] deletion_allowed: Specifies if the key is allowed to be deleted.
|
757
|
-
:param pulumi.Input[bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
|
758
|
-
:param pulumi.Input[bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
|
759
|
-
:param pulumi.Input[str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
|
755
|
+
:param pulumi.Input[builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
|
756
|
+
:param pulumi.Input[builtins.bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
|
757
|
+
:param pulumi.Input[builtins.bool] deletion_allowed: Specifies if the key is allowed to be deleted.
|
758
|
+
:param pulumi.Input[builtins.bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
|
759
|
+
:param pulumi.Input[builtins.bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
|
760
|
+
:param pulumi.Input[builtins.str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
|
760
761
|
Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
|
761
|
-
:param pulumi.Input[str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
|
762
|
+
:param pulumi.Input[builtins.str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
|
762
763
|
Currently, ML-DSA is the only supported key type.
|
763
|
-
:param pulumi.Input[int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
|
764
|
-
:param pulumi.Input[int] min_decryption_version: Minimum key version to use for decryption.
|
765
|
-
:param pulumi.Input[int] min_encryption_version: Minimum key version to use for encryption
|
766
|
-
:param pulumi.Input[str] name: The name to identify this key within the backend. Must be unique within the backend.
|
767
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
764
|
+
:param pulumi.Input[builtins.int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
|
765
|
+
:param pulumi.Input[builtins.int] min_decryption_version: Minimum key version to use for decryption.
|
766
|
+
:param pulumi.Input[builtins.int] min_encryption_version: Minimum key version to use for encryption
|
767
|
+
:param pulumi.Input[builtins.str] name: The name to identify this key within the backend. Must be unique within the backend.
|
768
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
768
769
|
The value should not contain leading or trailing forward slashes.
|
769
770
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
770
771
|
*Available only for Vault Enterprise*.
|
771
|
-
:param pulumi.Input[str] parameter_set: The parameter set to use for ML-DSA. Required for
|
772
|
+
:param pulumi.Input[builtins.str] parameter_set: The parameter set to use for ML-DSA. Required for
|
772
773
|
ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
|
773
|
-
:param pulumi.Input[str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
|
774
|
+
:param pulumi.Input[builtins.str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
|
774
775
|
* Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
|
775
776
|
"""
|
776
777
|
...
|
@@ -822,22 +823,22 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
822
823
|
def _internal_init(__self__,
|
823
824
|
resource_name: str,
|
824
825
|
opts: Optional[pulumi.ResourceOptions] = None,
|
825
|
-
allow_plaintext_backup: Optional[pulumi.Input[bool]] = None,
|
826
|
-
auto_rotate_period: Optional[pulumi.Input[int]] = None,
|
827
|
-
backend: Optional[pulumi.Input[str]] = None,
|
828
|
-
convergent_encryption: Optional[pulumi.Input[bool]] = None,
|
829
|
-
deletion_allowed: Optional[pulumi.Input[bool]] = None,
|
830
|
-
derived: Optional[pulumi.Input[bool]] = None,
|
831
|
-
exportable: Optional[pulumi.Input[bool]] = None,
|
832
|
-
hybrid_key_type_ec: Optional[pulumi.Input[str]] = None,
|
833
|
-
hybrid_key_type_pqc: Optional[pulumi.Input[str]] = None,
|
834
|
-
key_size: Optional[pulumi.Input[int]] = None,
|
835
|
-
min_decryption_version: Optional[pulumi.Input[int]] = None,
|
836
|
-
min_encryption_version: Optional[pulumi.Input[int]] = None,
|
837
|
-
name: Optional[pulumi.Input[str]] = None,
|
838
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
839
|
-
parameter_set: Optional[pulumi.Input[str]] = None,
|
840
|
-
type: Optional[pulumi.Input[str]] = None,
|
826
|
+
allow_plaintext_backup: Optional[pulumi.Input[builtins.bool]] = None,
|
827
|
+
auto_rotate_period: Optional[pulumi.Input[builtins.int]] = None,
|
828
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
829
|
+
convergent_encryption: Optional[pulumi.Input[builtins.bool]] = None,
|
830
|
+
deletion_allowed: Optional[pulumi.Input[builtins.bool]] = None,
|
831
|
+
derived: Optional[pulumi.Input[builtins.bool]] = None,
|
832
|
+
exportable: Optional[pulumi.Input[builtins.bool]] = None,
|
833
|
+
hybrid_key_type_ec: Optional[pulumi.Input[builtins.str]] = None,
|
834
|
+
hybrid_key_type_pqc: Optional[pulumi.Input[builtins.str]] = None,
|
835
|
+
key_size: Optional[pulumi.Input[builtins.int]] = None,
|
836
|
+
min_decryption_version: Optional[pulumi.Input[builtins.int]] = None,
|
837
|
+
min_encryption_version: Optional[pulumi.Input[builtins.int]] = None,
|
838
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
839
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
840
|
+
parameter_set: Optional[pulumi.Input[builtins.str]] = None,
|
841
|
+
type: Optional[pulumi.Input[builtins.str]] = None,
|
841
842
|
__props__=None):
|
842
843
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
843
844
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -882,29 +883,29 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
882
883
|
def get(resource_name: str,
|
883
884
|
id: pulumi.Input[str],
|
884
885
|
opts: Optional[pulumi.ResourceOptions] = None,
|
885
|
-
allow_plaintext_backup: Optional[pulumi.Input[bool]] = None,
|
886
|
-
auto_rotate_period: Optional[pulumi.Input[int]] = None,
|
887
|
-
backend: Optional[pulumi.Input[str]] = None,
|
888
|
-
convergent_encryption: Optional[pulumi.Input[bool]] = None,
|
889
|
-
deletion_allowed: Optional[pulumi.Input[bool]] = None,
|
890
|
-
derived: Optional[pulumi.Input[bool]] = None,
|
891
|
-
exportable: Optional[pulumi.Input[bool]] = None,
|
892
|
-
hybrid_key_type_ec: Optional[pulumi.Input[str]] = None,
|
893
|
-
hybrid_key_type_pqc: Optional[pulumi.Input[str]] = None,
|
894
|
-
key_size: Optional[pulumi.Input[int]] = None,
|
895
|
-
keys: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[str]]]]]] = None,
|
896
|
-
latest_version: Optional[pulumi.Input[int]] = None,
|
897
|
-
min_available_version: Optional[pulumi.Input[int]] = None,
|
898
|
-
min_decryption_version: Optional[pulumi.Input[int]] = None,
|
899
|
-
min_encryption_version: Optional[pulumi.Input[int]] = None,
|
900
|
-
name: Optional[pulumi.Input[str]] = None,
|
901
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
902
|
-
parameter_set: Optional[pulumi.Input[str]] = None,
|
903
|
-
supports_decryption: Optional[pulumi.Input[bool]] = None,
|
904
|
-
supports_derivation: Optional[pulumi.Input[bool]] = None,
|
905
|
-
supports_encryption: Optional[pulumi.Input[bool]] = None,
|
906
|
-
supports_signing: Optional[pulumi.Input[bool]] = None,
|
907
|
-
type: Optional[pulumi.Input[str]] = None) -> 'SecretBackendKey':
|
886
|
+
allow_plaintext_backup: Optional[pulumi.Input[builtins.bool]] = None,
|
887
|
+
auto_rotate_period: Optional[pulumi.Input[builtins.int]] = None,
|
888
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
889
|
+
convergent_encryption: Optional[pulumi.Input[builtins.bool]] = None,
|
890
|
+
deletion_allowed: Optional[pulumi.Input[builtins.bool]] = None,
|
891
|
+
derived: Optional[pulumi.Input[builtins.bool]] = None,
|
892
|
+
exportable: Optional[pulumi.Input[builtins.bool]] = None,
|
893
|
+
hybrid_key_type_ec: Optional[pulumi.Input[builtins.str]] = None,
|
894
|
+
hybrid_key_type_pqc: Optional[pulumi.Input[builtins.str]] = None,
|
895
|
+
key_size: Optional[pulumi.Input[builtins.int]] = None,
|
896
|
+
keys: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]]] = None,
|
897
|
+
latest_version: Optional[pulumi.Input[builtins.int]] = None,
|
898
|
+
min_available_version: Optional[pulumi.Input[builtins.int]] = None,
|
899
|
+
min_decryption_version: Optional[pulumi.Input[builtins.int]] = None,
|
900
|
+
min_encryption_version: Optional[pulumi.Input[builtins.int]] = None,
|
901
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
902
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
903
|
+
parameter_set: Optional[pulumi.Input[builtins.str]] = None,
|
904
|
+
supports_decryption: Optional[pulumi.Input[builtins.bool]] = None,
|
905
|
+
supports_derivation: Optional[pulumi.Input[builtins.bool]] = None,
|
906
|
+
supports_encryption: Optional[pulumi.Input[builtins.bool]] = None,
|
907
|
+
supports_signing: Optional[pulumi.Input[builtins.bool]] = None,
|
908
|
+
type: Optional[pulumi.Input[builtins.str]] = None) -> 'SecretBackendKey':
|
908
909
|
"""
|
909
910
|
Get an existing SecretBackendKey resource's state with the given name, id, and optional extra
|
910
911
|
properties used to qualify the lookup.
|
@@ -912,39 +913,39 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
912
913
|
:param str resource_name: The unique name of the resulting resource.
|
913
914
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
914
915
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
915
|
-
:param pulumi.Input[bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
|
916
|
+
:param pulumi.Input[builtins.bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
|
916
917
|
* Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
|
917
|
-
:param pulumi.Input[int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
|
918
|
+
:param pulumi.Input[builtins.int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
|
918
919
|
A value of 0 disables automatic rotation for the key.
|
919
|
-
:param pulumi.Input[str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
|
920
|
-
:param pulumi.Input[bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
|
921
|
-
:param pulumi.Input[bool] deletion_allowed: Specifies if the key is allowed to be deleted.
|
922
|
-
:param pulumi.Input[bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
|
923
|
-
:param pulumi.Input[bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
|
924
|
-
:param pulumi.Input[str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
|
920
|
+
:param pulumi.Input[builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
|
921
|
+
:param pulumi.Input[builtins.bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
|
922
|
+
:param pulumi.Input[builtins.bool] deletion_allowed: Specifies if the key is allowed to be deleted.
|
923
|
+
:param pulumi.Input[builtins.bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
|
924
|
+
:param pulumi.Input[builtins.bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
|
925
|
+
:param pulumi.Input[builtins.str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
|
925
926
|
Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
|
926
|
-
:param pulumi.Input[str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
|
927
|
+
:param pulumi.Input[builtins.str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
|
927
928
|
Currently, ML-DSA is the only supported key type.
|
928
|
-
:param pulumi.Input[int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
|
929
|
-
:param pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[str]]]]] keys: List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
|
929
|
+
:param pulumi.Input[builtins.int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
|
930
|
+
:param pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]] keys: List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
|
930
931
|
* for key types `aes128-gcm96`, `aes256-gcm96` and `chacha20-poly1305`, each key version will be a map of a single value `id` which is just a hash of the key's metadata.
|
931
932
|
* for key types `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `rsa-2048`, `rsa-3072` and `rsa-4096`, each key version will be a map of the following:
|
932
|
-
:param pulumi.Input[int] latest_version: Latest key version available. This value is 1-indexed, so if `latest_version` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
|
933
|
-
:param pulumi.Input[int] min_available_version: Minimum key version available for use. If keys have been archived by increasing `min_decryption_version`, this attribute will reflect that change.
|
934
|
-
:param pulumi.Input[int] min_decryption_version: Minimum key version to use for decryption.
|
935
|
-
:param pulumi.Input[int] min_encryption_version: Minimum key version to use for encryption
|
936
|
-
:param pulumi.Input[str] name: The name to identify this key within the backend. Must be unique within the backend.
|
937
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
933
|
+
:param pulumi.Input[builtins.int] latest_version: Latest key version available. This value is 1-indexed, so if `latest_version` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
|
934
|
+
:param pulumi.Input[builtins.int] min_available_version: Minimum key version available for use. If keys have been archived by increasing `min_decryption_version`, this attribute will reflect that change.
|
935
|
+
:param pulumi.Input[builtins.int] min_decryption_version: Minimum key version to use for decryption.
|
936
|
+
:param pulumi.Input[builtins.int] min_encryption_version: Minimum key version to use for encryption
|
937
|
+
:param pulumi.Input[builtins.str] name: The name to identify this key within the backend. Must be unique within the backend.
|
938
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
938
939
|
The value should not contain leading or trailing forward slashes.
|
939
940
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
940
941
|
*Available only for Vault Enterprise*.
|
941
|
-
:param pulumi.Input[str] parameter_set: The parameter set to use for ML-DSA. Required for
|
942
|
+
:param pulumi.Input[builtins.str] parameter_set: The parameter set to use for ML-DSA. Required for
|
942
943
|
ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
|
943
|
-
:param pulumi.Input[bool] supports_decryption: Whether or not the key supports decryption, based on key type.
|
944
|
-
:param pulumi.Input[bool] supports_derivation: Whether or not the key supports derivation, based on key type.
|
945
|
-
:param pulumi.Input[bool] supports_encryption: Whether or not the key supports encryption, based on key type.
|
946
|
-
:param pulumi.Input[bool] supports_signing: Whether or not the key supports signing, based on key type.
|
947
|
-
:param pulumi.Input[str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
|
944
|
+
:param pulumi.Input[builtins.bool] supports_decryption: Whether or not the key supports decryption, based on key type.
|
945
|
+
:param pulumi.Input[builtins.bool] supports_derivation: Whether or not the key supports derivation, based on key type.
|
946
|
+
:param pulumi.Input[builtins.bool] supports_encryption: Whether or not the key supports encryption, based on key type.
|
947
|
+
:param pulumi.Input[builtins.bool] supports_signing: Whether or not the key supports signing, based on key type.
|
948
|
+
:param pulumi.Input[builtins.str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
|
948
949
|
* Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
|
949
950
|
"""
|
950
951
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
@@ -978,7 +979,7 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
978
979
|
|
979
980
|
@property
|
980
981
|
@pulumi.getter(name="allowPlaintextBackup")
|
981
|
-
def allow_plaintext_backup(self) -> pulumi.Output[Optional[bool]]:
|
982
|
+
def allow_plaintext_backup(self) -> pulumi.Output[Optional[builtins.bool]]:
|
982
983
|
"""
|
983
984
|
Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
|
984
985
|
* Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
|
@@ -987,7 +988,7 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
987
988
|
|
988
989
|
@property
|
989
990
|
@pulumi.getter(name="autoRotatePeriod")
|
990
|
-
def auto_rotate_period(self) -> pulumi.Output[int]:
|
991
|
+
def auto_rotate_period(self) -> pulumi.Output[builtins.int]:
|
991
992
|
"""
|
992
993
|
Amount of seconds the key should live before being automatically rotated.
|
993
994
|
A value of 0 disables automatic rotation for the key.
|
@@ -996,7 +997,7 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
996
997
|
|
997
998
|
@property
|
998
999
|
@pulumi.getter
|
999
|
-
def backend(self) -> pulumi.Output[str]:
|
1000
|
+
def backend(self) -> pulumi.Output[builtins.str]:
|
1000
1001
|
"""
|
1001
1002
|
The path the transit secret backend is mounted at, with no leading or trailing `/`s.
|
1002
1003
|
"""
|
@@ -1004,7 +1005,7 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
1004
1005
|
|
1005
1006
|
@property
|
1006
1007
|
@pulumi.getter(name="convergentEncryption")
|
1007
|
-
def convergent_encryption(self) -> pulumi.Output[Optional[bool]]:
|
1008
|
+
def convergent_encryption(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1008
1009
|
"""
|
1009
1010
|
Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
|
1010
1011
|
"""
|
@@ -1012,7 +1013,7 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
1012
1013
|
|
1013
1014
|
@property
|
1014
1015
|
@pulumi.getter(name="deletionAllowed")
|
1015
|
-
def deletion_allowed(self) -> pulumi.Output[Optional[bool]]:
|
1016
|
+
def deletion_allowed(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1016
1017
|
"""
|
1017
1018
|
Specifies if the key is allowed to be deleted.
|
1018
1019
|
"""
|
@@ -1020,7 +1021,7 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
1020
1021
|
|
1021
1022
|
@property
|
1022
1023
|
@pulumi.getter
|
1023
|
-
def derived(self) -> pulumi.Output[Optional[bool]]:
|
1024
|
+
def derived(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1024
1025
|
"""
|
1025
1026
|
Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
|
1026
1027
|
"""
|
@@ -1028,7 +1029,7 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
1028
1029
|
|
1029
1030
|
@property
|
1030
1031
|
@pulumi.getter
|
1031
|
-
def exportable(self) -> pulumi.Output[Optional[bool]]:
|
1032
|
+
def exportable(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1032
1033
|
"""
|
1033
1034
|
Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
|
1034
1035
|
"""
|
@@ -1036,7 +1037,7 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
1036
1037
|
|
1037
1038
|
@property
|
1038
1039
|
@pulumi.getter(name="hybridKeyTypeEc")
|
1039
|
-
def hybrid_key_type_ec(self) -> pulumi.Output[Optional[str]]:
|
1040
|
+
def hybrid_key_type_ec(self) -> pulumi.Output[Optional[builtins.str]]:
|
1040
1041
|
"""
|
1041
1042
|
The elliptic curve algorithm to use for hybrid signatures.
|
1042
1043
|
Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
|
@@ -1045,7 +1046,7 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
1045
1046
|
|
1046
1047
|
@property
|
1047
1048
|
@pulumi.getter(name="hybridKeyTypePqc")
|
1048
|
-
def hybrid_key_type_pqc(self) -> pulumi.Output[Optional[str]]:
|
1049
|
+
def hybrid_key_type_pqc(self) -> pulumi.Output[Optional[builtins.str]]:
|
1049
1050
|
"""
|
1050
1051
|
The post-quantum algorithm to use for hybrid signatures.
|
1051
1052
|
Currently, ML-DSA is the only supported key type.
|
@@ -1054,7 +1055,7 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
1054
1055
|
|
1055
1056
|
@property
|
1056
1057
|
@pulumi.getter(name="keySize")
|
1057
|
-
def key_size(self) -> pulumi.Output[Optional[int]]:
|
1058
|
+
def key_size(self) -> pulumi.Output[Optional[builtins.int]]:
|
1058
1059
|
"""
|
1059
1060
|
The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
|
1060
1061
|
"""
|
@@ -1062,7 +1063,7 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
1062
1063
|
|
1063
1064
|
@property
|
1064
1065
|
@pulumi.getter
|
1065
|
-
def keys(self) -> pulumi.Output[Sequence[Mapping[str, str]]]:
|
1066
|
+
def keys(self) -> pulumi.Output[Sequence[Mapping[str, builtins.str]]]:
|
1066
1067
|
"""
|
1067
1068
|
List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
|
1068
1069
|
* for key types `aes128-gcm96`, `aes256-gcm96` and `chacha20-poly1305`, each key version will be a map of a single value `id` which is just a hash of the key's metadata.
|
@@ -1072,7 +1073,7 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
1072
1073
|
|
1073
1074
|
@property
|
1074
1075
|
@pulumi.getter(name="latestVersion")
|
1075
|
-
def latest_version(self) -> pulumi.Output[int]:
|
1076
|
+
def latest_version(self) -> pulumi.Output[builtins.int]:
|
1076
1077
|
"""
|
1077
1078
|
Latest key version available. This value is 1-indexed, so if `latest_version` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
|
1078
1079
|
"""
|
@@ -1080,7 +1081,7 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
1080
1081
|
|
1081
1082
|
@property
|
1082
1083
|
@pulumi.getter(name="minAvailableVersion")
|
1083
|
-
def min_available_version(self) -> pulumi.Output[int]:
|
1084
|
+
def min_available_version(self) -> pulumi.Output[builtins.int]:
|
1084
1085
|
"""
|
1085
1086
|
Minimum key version available for use. If keys have been archived by increasing `min_decryption_version`, this attribute will reflect that change.
|
1086
1087
|
"""
|
@@ -1088,7 +1089,7 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
1088
1089
|
|
1089
1090
|
@property
|
1090
1091
|
@pulumi.getter(name="minDecryptionVersion")
|
1091
|
-
def min_decryption_version(self) -> pulumi.Output[Optional[int]]:
|
1092
|
+
def min_decryption_version(self) -> pulumi.Output[Optional[builtins.int]]:
|
1092
1093
|
"""
|
1093
1094
|
Minimum key version to use for decryption.
|
1094
1095
|
"""
|
@@ -1096,7 +1097,7 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
1096
1097
|
|
1097
1098
|
@property
|
1098
1099
|
@pulumi.getter(name="minEncryptionVersion")
|
1099
|
-
def min_encryption_version(self) -> pulumi.Output[Optional[int]]:
|
1100
|
+
def min_encryption_version(self) -> pulumi.Output[Optional[builtins.int]]:
|
1100
1101
|
"""
|
1101
1102
|
Minimum key version to use for encryption
|
1102
1103
|
"""
|
@@ -1104,7 +1105,7 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
1104
1105
|
|
1105
1106
|
@property
|
1106
1107
|
@pulumi.getter
|
1107
|
-
def name(self) -> pulumi.Output[str]:
|
1108
|
+
def name(self) -> pulumi.Output[builtins.str]:
|
1108
1109
|
"""
|
1109
1110
|
The name to identify this key within the backend. Must be unique within the backend.
|
1110
1111
|
"""
|
@@ -1112,7 +1113,7 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
1112
1113
|
|
1113
1114
|
@property
|
1114
1115
|
@pulumi.getter
|
1115
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
1116
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
1116
1117
|
"""
|
1117
1118
|
The namespace to provision the resource in.
|
1118
1119
|
The value should not contain leading or trailing forward slashes.
|
@@ -1123,7 +1124,7 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
1123
1124
|
|
1124
1125
|
@property
|
1125
1126
|
@pulumi.getter(name="parameterSet")
|
1126
|
-
def parameter_set(self) -> pulumi.Output[Optional[str]]:
|
1127
|
+
def parameter_set(self) -> pulumi.Output[Optional[builtins.str]]:
|
1127
1128
|
"""
|
1128
1129
|
The parameter set to use for ML-DSA. Required for
|
1129
1130
|
ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
|
@@ -1132,7 +1133,7 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
1132
1133
|
|
1133
1134
|
@property
|
1134
1135
|
@pulumi.getter(name="supportsDecryption")
|
1135
|
-
def supports_decryption(self) -> pulumi.Output[bool]:
|
1136
|
+
def supports_decryption(self) -> pulumi.Output[builtins.bool]:
|
1136
1137
|
"""
|
1137
1138
|
Whether or not the key supports decryption, based on key type.
|
1138
1139
|
"""
|
@@ -1140,7 +1141,7 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
1140
1141
|
|
1141
1142
|
@property
|
1142
1143
|
@pulumi.getter(name="supportsDerivation")
|
1143
|
-
def supports_derivation(self) -> pulumi.Output[bool]:
|
1144
|
+
def supports_derivation(self) -> pulumi.Output[builtins.bool]:
|
1144
1145
|
"""
|
1145
1146
|
Whether or not the key supports derivation, based on key type.
|
1146
1147
|
"""
|
@@ -1148,7 +1149,7 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
1148
1149
|
|
1149
1150
|
@property
|
1150
1151
|
@pulumi.getter(name="supportsEncryption")
|
1151
|
-
def supports_encryption(self) -> pulumi.Output[bool]:
|
1152
|
+
def supports_encryption(self) -> pulumi.Output[builtins.bool]:
|
1152
1153
|
"""
|
1153
1154
|
Whether or not the key supports encryption, based on key type.
|
1154
1155
|
"""
|
@@ -1156,7 +1157,7 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
1156
1157
|
|
1157
1158
|
@property
|
1158
1159
|
@pulumi.getter(name="supportsSigning")
|
1159
|
-
def supports_signing(self) -> pulumi.Output[bool]:
|
1160
|
+
def supports_signing(self) -> pulumi.Output[builtins.bool]:
|
1160
1161
|
"""
|
1161
1162
|
Whether or not the key supports signing, based on key type.
|
1162
1163
|
"""
|
@@ -1164,7 +1165,7 @@ class SecretBackendKey(pulumi.CustomResource):
|
|
1164
1165
|
|
1165
1166
|
@property
|
1166
1167
|
@pulumi.getter
|
1167
|
-
def type(self) -> pulumi.Output[Optional[str]]:
|
1168
|
+
def type(self) -> pulumi.Output[Optional[builtins.str]]:
|
1168
1169
|
"""
|
1169
1170
|
Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
|
1170
1171
|
* Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
|