pulumi-vault 7.1.0__py3-none-any.whl → 7.2.0__py3-none-any.whl

pulumi_vault/ldap/secret_backend.py

@@ -2,8 +2,7 @@
 # *** WARNING: this file was generated by pulumi-language-python. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
 
-import builtins
-import copy
+import builtins as _builtins
 import warnings
 import sys
 import pulumi
@@ -20,101 +19,102 @@ __all__ = ['SecretBackendArgs', 'SecretBackend']
 @pulumi.input_type
 class SecretBackendArgs:
     def __init__(__self__, *,
-                 binddn: pulumi.Input[builtins.str],
-                 bindpass: pulumi.Input[builtins.str],
-                 allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 certificate: Optional[pulumi.Input[builtins.str]] = None,
-                 client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
-                 client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
-                 connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
-                 default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
-                 delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 description: Optional[pulumi.Input[builtins.str]] = None,
-                 disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
-                 disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
-                 external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
-                 identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
-                 insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
-                 listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
-                 local: Optional[pulumi.Input[builtins.bool]] = None,
-                 max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
-                 passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 password_policy: Optional[pulumi.Input[builtins.str]] = None,
-                 path: Optional[pulumi.Input[builtins.str]] = None,
-                 plugin_version: Optional[pulumi.Input[builtins.str]] = None,
-                 request_timeout: Optional[pulumi.Input[builtins.int]] = None,
-                 rotation_period: Optional[pulumi.Input[builtins.int]] = None,
-                 rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
-                 rotation_window: Optional[pulumi.Input[builtins.int]] = None,
-                 schema: Optional[pulumi.Input[builtins.str]] = None,
-                 seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
-                 skip_static_role_import_rotation: Optional[pulumi.Input[builtins.bool]] = None,
-                 starttls: Optional[pulumi.Input[builtins.bool]] = None,
-                 upndomain: Optional[pulumi.Input[builtins.str]] = None,
-                 url: Optional[pulumi.Input[builtins.str]] = None,
-                 userattr: Optional[pulumi.Input[builtins.str]] = None,
-                 userdn: Optional[pulumi.Input[builtins.str]] = None):
+                 binddn: pulumi.Input[_builtins.str],
+                 bindpass: pulumi.Input[_builtins.str],
+                 allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 certificate: Optional[pulumi.Input[_builtins.str]] = None,
+                 client_tls_cert: Optional[pulumi.Input[_builtins.str]] = None,
+                 client_tls_key: Optional[pulumi.Input[_builtins.str]] = None,
+                 connection_timeout: Optional[pulumi.Input[_builtins.int]] = None,
+                 default_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
+                 delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 description: Optional[pulumi.Input[_builtins.str]] = None,
+                 disable_automated_rotation: Optional[pulumi.Input[_builtins.bool]] = None,
+                 disable_remount: Optional[pulumi.Input[_builtins.bool]] = None,
+                 external_entropy_access: Optional[pulumi.Input[_builtins.bool]] = None,
+                 force_no_cache: Optional[pulumi.Input[_builtins.bool]] = None,
+                 identity_token_key: Optional[pulumi.Input[_builtins.str]] = None,
+                 insecure_tls: Optional[pulumi.Input[_builtins.bool]] = None,
+                 listing_visibility: Optional[pulumi.Input[_builtins.str]] = None,
+                 local: Optional[pulumi.Input[_builtins.bool]] = None,
+                 max_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 password_policy: Optional[pulumi.Input[_builtins.str]] = None,
+                 path: Optional[pulumi.Input[_builtins.str]] = None,
+                 plugin_version: Optional[pulumi.Input[_builtins.str]] = None,
+                 request_timeout: Optional[pulumi.Input[_builtins.int]] = None,
+                 rotation_period: Optional[pulumi.Input[_builtins.int]] = None,
+                 rotation_schedule: Optional[pulumi.Input[_builtins.str]] = None,
+                 rotation_window: Optional[pulumi.Input[_builtins.int]] = None,
+                 schema: Optional[pulumi.Input[_builtins.str]] = None,
+                 seal_wrap: Optional[pulumi.Input[_builtins.bool]] = None,
+                 skip_static_role_import_rotation: Optional[pulumi.Input[_builtins.bool]] = None,
+                 starttls: Optional[pulumi.Input[_builtins.bool]] = None,
+                 upndomain: Optional[pulumi.Input[_builtins.str]] = None,
+                 url: Optional[pulumi.Input[_builtins.str]] = None,
+                 userattr: Optional[pulumi.Input[_builtins.str]] = None,
+                 userdn: Optional[pulumi.Input[_builtins.str]] = None):
         """
         The set of arguments for constructing a SecretBackend resource.
-        :param pulumi.Input[builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
-        :param pulumi.Input[builtins.str] bindpass: Password to use along with binddn when performing user search.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
-        :param pulumi.Input[builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
+        :param pulumi.Input[_builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
+        :param pulumi.Input[_builtins.str] bindpass: Password to use along with binddn when performing user search.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
+        :param pulumi.Input[_builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
                x509 PEM encoded.
-        :param pulumi.Input[builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
-        :param pulumi.Input[builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
-        :param pulumi.Input[builtins.int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
+        :param pulumi.Input[_builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
+        :param pulumi.Input[_builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
+        :param pulumi.Input[_builtins.int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
                the next URL in the configuration.
-        :param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
-        :param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
-        :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
-        :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
-        :param pulumi.Input[builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
-        :param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
-        :param pulumi.Input[builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
+        :param pulumi.Input[_builtins.int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
+        :param pulumi.Input[_builtins.str] description: Human-friendly description of the mount
+        :param pulumi.Input[_builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[_builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
+        :param pulumi.Input[_builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
+        :param pulumi.Input[_builtins.bool] force_no_cache: If set to true, disables caching.
+        :param pulumi.Input[_builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
+        :param pulumi.Input[_builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
                Defaults to `false`.
-        :param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
-        :param pulumi.Input[builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
-               replication.Tolerance duration to use when checking the last rotation time.
-        :param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
+        :param pulumi.Input[_builtins.bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
+        :param pulumi.Input[_builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
-        :param pulumi.Input[builtins.str] password_policy: Name of the password policy to use to generate passwords.
-        :param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Must
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] options: Specifies mount type specific options that are passed to the backend
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
+        :param pulumi.Input[_builtins.str] password_policy: Name of the password policy to use to generate passwords.
+        :param pulumi.Input[_builtins.str] path: The unique path this backend should be mounted at. Must
                not begin or end with a `/`. Defaults to `ldap`.
-        :param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
-        :param pulumi.Input[builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
+        :param pulumi.Input[_builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
+        :param pulumi.Input[_builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
                before returning back an error.
-        :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
+        :param pulumi.Input[_builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
                A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
-        :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+        :param pulumi.Input[_builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
                defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
-        :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
+        :param pulumi.Input[_builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
                a rotation when a scheduled token rotation occurs. The default rotation window is
                unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
-        :param pulumi.Input[builtins.str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
-        :param pulumi.Input[builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
-        :param pulumi.Input[builtins.bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
+        :param pulumi.Input[_builtins.str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
+        :param pulumi.Input[_builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
+        :param pulumi.Input[_builtins.bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
                Defaults to false. Requires Vault 1.16 or above.
-        :param pulumi.Input[builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
-        :param pulumi.Input[builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
-        :param pulumi.Input[builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
+        :param pulumi.Input[_builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
+        :param pulumi.Input[_builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
+        :param pulumi.Input[_builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
                them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
-        :param pulumi.Input[builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
-        :param pulumi.Input[builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
+        :param pulumi.Input[_builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
+        :param pulumi.Input[_builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
         """
         pulumi.set(__self__, "binddn", binddn)
         pulumi.set(__self__, "bindpass", bindpass)
@@ -146,6 +146,8 @@ class SecretBackendArgs:
             pulumi.set(__self__, "disable_remount", disable_remount)
         if external_entropy_access is not None:
             pulumi.set(__self__, "external_entropy_access", external_entropy_access)
+        if force_no_cache is not None:
+            pulumi.set(__self__, "force_no_cache", force_no_cache)
         if identity_token_key is not None:
             pulumi.set(__self__, "identity_token_key", identity_token_key)
         if insecure_tls is not None:
@@ -193,81 +195,81 @@ class SecretBackendArgs:
         if userdn is not None:
             pulumi.set(__self__, "userdn", userdn)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def binddn(self) -> pulumi.Input[builtins.str]:
+    def binddn(self) -> pulumi.Input[_builtins.str]:
         """
         Distinguished name of object to bind when performing user and group search.
         """
         return pulumi.get(self, "binddn")
 
     @binddn.setter
-    def binddn(self, value: pulumi.Input[builtins.str]):
+    def binddn(self, value: pulumi.Input[_builtins.str]):
         pulumi.set(self, "binddn", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def bindpass(self) -> pulumi.Input[builtins.str]:
+    def bindpass(self) -> pulumi.Input[_builtins.str]:
         """
         Password to use along with binddn when performing user search.
         """
         return pulumi.get(self, "bindpass")
 
     @bindpass.setter
-    def bindpass(self, value: pulumi.Input[builtins.str]):
+    def bindpass(self, value: pulumi.Input[_builtins.str]):
         pulumi.set(self, "bindpass", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedManagedKeys")
-    def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         List of managed key registry entry names that the mount in question is allowed to access
         """
         return pulumi.get(self, "allowed_managed_keys")
 
     @allowed_managed_keys.setter
-    def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "allowed_managed_keys", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedResponseHeaders")
-    def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         List of headers to allow and pass from the request to the plugin
         """
         return pulumi.get(self, "allowed_response_headers")
 
     @allowed_response_headers.setter
-    def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "allowed_response_headers", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="auditNonHmacRequestKeys")
-    def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
         """
         return pulumi.get(self, "audit_non_hmac_request_keys")
 
     @audit_non_hmac_request_keys.setter
-    def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "audit_non_hmac_request_keys", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="auditNonHmacResponseKeys")
-    def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
         """
         return pulumi.get(self, "audit_non_hmac_response_keys")
 
     @audit_non_hmac_response_keys.setter
-    def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "audit_non_hmac_response_keys", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def certificate(self) -> Optional[pulumi.Input[builtins.str]]:
+    def certificate(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         CA certificate to use when verifying LDAP server certificate, must be
         x509 PEM encoded.
@@ -275,36 +277,36 @@ class SecretBackendArgs:
         return pulumi.get(self, "certificate")
 
     @certificate.setter
-    def certificate(self, value: Optional[pulumi.Input[builtins.str]]):
+    def certificate(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "certificate", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="clientTlsCert")
-    def client_tls_cert(self) -> Optional[pulumi.Input[builtins.str]]:
+    def client_tls_cert(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Client certificate to provide to the LDAP server, must be x509 PEM encoded.
         """
         return pulumi.get(self, "client_tls_cert")
 
     @client_tls_cert.setter
-    def client_tls_cert(self, value: Optional[pulumi.Input[builtins.str]]):
+    def client_tls_cert(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "client_tls_cert", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="clientTlsKey")
-    def client_tls_key(self) -> Optional[pulumi.Input[builtins.str]]:
+    def client_tls_key(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
         """
         return pulumi.get(self, "client_tls_key")
 
     @client_tls_key.setter
-    def client_tls_key(self, value: Optional[pulumi.Input[builtins.str]]):
+    def client_tls_key(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "client_tls_key", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="connectionTimeout")
-    def connection_timeout(self) -> Optional[pulumi.Input[builtins.int]]:
+    def connection_timeout(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         Timeout, in seconds, when attempting to connect to the LDAP server before trying
         the next URL in the configuration.
@@ -312,96 +314,108 @@ class SecretBackendArgs:
         return pulumi.get(self, "connection_timeout")
 
     @connection_timeout.setter
-    def connection_timeout(self, value: Optional[pulumi.Input[builtins.int]]):
+    def connection_timeout(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "connection_timeout", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="defaultLeaseTtlSeconds")
-    def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
+    def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
-        Default lease duration for secrets in seconds.
+        Default lease duration for tokens and secrets in seconds
         """
         return pulumi.get(self, "default_lease_ttl_seconds")
 
     @default_lease_ttl_seconds.setter
-    def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
+    def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "default_lease_ttl_seconds", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="delegatedAuthAccessors")
-    def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         List of headers to allow and pass from the request to the plugin
         """
         return pulumi.get(self, "delegated_auth_accessors")
 
     @delegated_auth_accessors.setter
-    def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "delegated_auth_accessors", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def description(self) -> Optional[pulumi.Input[builtins.str]]:
+    def description(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
-        Human-friendly description of the mount for the Active Directory backend.
+        Human-friendly description of the mount
         """
         return pulumi.get(self, "description")
 
     @description.setter
-    def description(self, value: Optional[pulumi.Input[builtins.str]]):
+    def description(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "description", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="disableAutomatedRotation")
-    def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def disable_automated_rotation(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
         """
         return pulumi.get(self, "disable_automated_rotation")
 
     @disable_automated_rotation.setter
-    def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def disable_automated_rotation(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "disable_automated_rotation", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="disableRemount")
-    def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def disable_remount(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         If set, opts out of mount migration on path updates.
         """
         return pulumi.get(self, "disable_remount")
 
     @disable_remount.setter
-    def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def disable_remount(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "disable_remount", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="externalEntropyAccess")
-    def external_entropy_access(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def external_entropy_access(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Enable the secrets engine to access Vault's external entropy source
         """
         return pulumi.get(self, "external_entropy_access")
 
     @external_entropy_access.setter
-    def external_entropy_access(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def external_entropy_access(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "external_entropy_access", value)
 
-    @property
+    @_builtins.property
+    @pulumi.getter(name="forceNoCache")
+    def force_no_cache(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        If set to true, disables caching.
+        """
+        return pulumi.get(self, "force_no_cache")
+
+    @force_no_cache.setter
+    def force_no_cache(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "force_no_cache", value)
+
+    @_builtins.property
     @pulumi.getter(name="identityTokenKey")
-    def identity_token_key(self) -> Optional[pulumi.Input[builtins.str]]:
+    def identity_token_key(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The key to use for signing plugin workload identity tokens
         """
         return pulumi.get(self, "identity_token_key")
 
     @identity_token_key.setter
-    def identity_token_key(self, value: Optional[pulumi.Input[builtins.str]]):
+    def identity_token_key(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "identity_token_key", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="insecureTls")
-    def insecure_tls(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def insecure_tls(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Skip LDAP server SSL Certificate verification. This is not recommended for production.
         Defaults to `false`.
@@ -409,49 +423,48 @@ class SecretBackendArgs:
         return pulumi.get(self, "insecure_tls")
 
     @insecure_tls.setter
-    def insecure_tls(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def insecure_tls(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "insecure_tls", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="listingVisibility")
-    def listing_visibility(self) -> Optional[pulumi.Input[builtins.str]]:
+    def listing_visibility(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Specifies whether to show this mount in the UI-specific listing endpoint
         """
         return pulumi.get(self, "listing_visibility")
 
     @listing_visibility.setter
-    def listing_visibility(self, value: Optional[pulumi.Input[builtins.str]]):
+    def listing_visibility(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "listing_visibility", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def local(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def local(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
-        Mark the secrets engine as local-only. Local engines are not replicated or removed by
-        replication.Tolerance duration to use when checking the last rotation time.
+        Local mount flag that can be explicitly set to true to enforce local mount in HA environment
         """
         return pulumi.get(self, "local")
 
     @local.setter
-    def local(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def local(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "local", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="maxLeaseTtlSeconds")
-    def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
+    def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
-        Maximum possible lease duration for secrets in seconds.
+        Maximum possible lease duration for tokens and secrets in seconds
         """
         return pulumi.get(self, "max_lease_ttl_seconds")
 
     @max_lease_ttl_seconds.setter
-    def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
+    def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "max_lease_ttl_seconds", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -461,48 +474,48 @@ class SecretBackendArgs:
         return pulumi.get(self, "namespace")
 
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "namespace", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
+    def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
         """
         Specifies mount type specific options that are passed to the backend
         """
         return pulumi.get(self, "options")
 
     @options.setter
-    def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
+    def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "options", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="passthroughRequestHeaders")
-    def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         List of headers to allow and pass from the request to the plugin
         """
         return pulumi.get(self, "passthrough_request_headers")
 
     @passthrough_request_headers.setter
-    def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "passthrough_request_headers", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="passwordPolicy")
-    def password_policy(self) -> Optional[pulumi.Input[builtins.str]]:
+    def password_policy(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Name of the password policy to use to generate passwords.
         """
         return pulumi.get(self, "password_policy")
 
     @password_policy.setter
-    def password_policy(self, value: Optional[pulumi.Input[builtins.str]]):
+    def password_policy(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "password_policy", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def path(self) -> Optional[pulumi.Input[builtins.str]]:
+    def path(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The unique path this backend should be mounted at. Must
         not begin or end with a `/`. Defaults to `ldap`.
@@ -510,24 +523,24 @@ class SecretBackendArgs:
         return pulumi.get(self, "path")
 
     @path.setter
-    def path(self, value: Optional[pulumi.Input[builtins.str]]):
+    def path(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "path", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="pluginVersion")
-    def plugin_version(self) -> Optional[pulumi.Input[builtins.str]]:
+    def plugin_version(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
         """
         return pulumi.get(self, "plugin_version")
 
     @plugin_version.setter
-    def plugin_version(self, value: Optional[pulumi.Input[builtins.str]]):
+    def plugin_version(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "plugin_version", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="requestTimeout")
-    def request_timeout(self) -> Optional[pulumi.Input[builtins.int]]:
+    def request_timeout(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         Timeout, in seconds, for the connection when making requests against the server
         before returning back an error.
@@ -535,12 +548,12 @@ class SecretBackendArgs:
         return pulumi.get(self, "request_timeout")
 
     @request_timeout.setter
-    def request_timeout(self, value: Optional[pulumi.Input[builtins.int]]):
+    def request_timeout(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "request_timeout", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="rotationPeriod")
-    def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
+    def rotation_period(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         The amount of time in seconds Vault should wait before rotating the root credential.
         A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
@@ -548,12 +561,12 @@ class SecretBackendArgs:
         return pulumi.get(self, "rotation_period")
 
     @rotation_period.setter
-    def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
+    def rotation_period(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "rotation_period", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="rotationSchedule")
-    def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
+    def rotation_schedule(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
         defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
@@ -561,12 +574,12 @@ class SecretBackendArgs:
         return pulumi.get(self, "rotation_schedule")
 
     @rotation_schedule.setter
-    def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
+    def rotation_schedule(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "rotation_schedule", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="rotationWindow")
-    def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
+    def rotation_window(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         The maximum amount of time in seconds allowed to complete
         a rotation when a scheduled token rotation occurs. The default rotation window is
@@ -575,36 +588,36 @@ class SecretBackendArgs:
         return pulumi.get(self, "rotation_window")
 
     @rotation_window.setter
-    def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
+    def rotation_window(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "rotation_window", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def schema(self) -> Optional[pulumi.Input[builtins.str]]:
+    def schema(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
         """
         return pulumi.get(self, "schema")
 
     @schema.setter
-    def schema(self, value: Optional[pulumi.Input[builtins.str]]):
+    def schema(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "schema", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="sealWrap")
-    def seal_wrap(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def seal_wrap(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
         """
         return pulumi.get(self, "seal_wrap")
 
     @seal_wrap.setter
-    def seal_wrap(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def seal_wrap(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "seal_wrap", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="skipStaticRoleImportRotation")
-    def skip_static_role_import_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def skip_static_role_import_rotation(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         If set to true, static roles will not be rotated during import.
         Defaults to false. Requires Vault 1.16 or above.
@@ -612,36 +625,36 @@ class SecretBackendArgs:
         return pulumi.get(self, "skip_static_role_import_rotation")
 
     @skip_static_role_import_rotation.setter
-    def skip_static_role_import_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def skip_static_role_import_rotation(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "skip_static_role_import_rotation", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def starttls(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def starttls(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Issue a StartTLS command after establishing unencrypted connection.
         """
         return pulumi.get(self, "starttls")
 
     @starttls.setter
-    def starttls(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def starttls(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "starttls", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def upndomain(self) -> Optional[pulumi.Input[builtins.str]]:
+    def upndomain(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Enables userPrincipalDomain login with [username]@UPNDomain.
         """
         return pulumi.get(self, "upndomain")
 
     @upndomain.setter
-    def upndomain(self, value: Optional[pulumi.Input[builtins.str]]):
+    def upndomain(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "upndomain", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def url(self) -> Optional[pulumi.Input[builtins.str]]:
+    def url(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         LDAP URL to connect to. Multiple URLs can be specified by concatenating
         them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
@@ -649,134 +662,135 @@ class SecretBackendArgs:
         return pulumi.get(self, "url")
 
     @url.setter
-    def url(self, value: Optional[pulumi.Input[builtins.str]]):
+    def url(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "url", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def userattr(self) -> Optional[pulumi.Input[builtins.str]]:
+    def userattr(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Attribute used when searching users. Defaults to `cn`.
         """
         return pulumi.get(self, "userattr")
 
     @userattr.setter
-    def userattr(self, value: Optional[pulumi.Input[builtins.str]]):
+    def userattr(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "userattr", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def userdn(self) -> Optional[pulumi.Input[builtins.str]]:
+    def userdn(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
         """
         return pulumi.get(self, "userdn")
 
     @userdn.setter
-    def userdn(self, value: Optional[pulumi.Input[builtins.str]]):
+    def userdn(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "userdn", value)
 
 
 @pulumi.input_type
 class _SecretBackendState:
     def __init__(__self__, *,
-                 accessor: Optional[pulumi.Input[builtins.str]] = None,
-                 allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 binddn: Optional[pulumi.Input[builtins.str]] = None,
-                 bindpass: Optional[pulumi.Input[builtins.str]] = None,
-                 certificate: Optional[pulumi.Input[builtins.str]] = None,
-                 client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
-                 client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
-                 connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
-                 default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
-                 delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 description: Optional[pulumi.Input[builtins.str]] = None,
-                 disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
-                 disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
-                 external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
-                 identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
-                 insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
-                 listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
-                 local: Optional[pulumi.Input[builtins.bool]] = None,
-                 max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
-                 passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 password_policy: Optional[pulumi.Input[builtins.str]] = None,
-                 path: Optional[pulumi.Input[builtins.str]] = None,
-                 plugin_version: Optional[pulumi.Input[builtins.str]] = None,
-                 request_timeout: Optional[pulumi.Input[builtins.int]] = None,
-                 rotation_period: Optional[pulumi.Input[builtins.int]] = None,
-                 rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
-                 rotation_window: Optional[pulumi.Input[builtins.int]] = None,
-                 schema: Optional[pulumi.Input[builtins.str]] = None,
-                 seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
-                 skip_static_role_import_rotation: Optional[pulumi.Input[builtins.bool]] = None,
-                 starttls: Optional[pulumi.Input[builtins.bool]] = None,
-                 upndomain: Optional[pulumi.Input[builtins.str]] = None,
-                 url: Optional[pulumi.Input[builtins.str]] = None,
-                 userattr: Optional[pulumi.Input[builtins.str]] = None,
-                 userdn: Optional[pulumi.Input[builtins.str]] = None):
+                 accessor: Optional[pulumi.Input[_builtins.str]] = None,
+                 allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 binddn: Optional[pulumi.Input[_builtins.str]] = None,
+                 bindpass: Optional[pulumi.Input[_builtins.str]] = None,
+                 certificate: Optional[pulumi.Input[_builtins.str]] = None,
+                 client_tls_cert: Optional[pulumi.Input[_builtins.str]] = None,
+                 client_tls_key: Optional[pulumi.Input[_builtins.str]] = None,
+                 connection_timeout: Optional[pulumi.Input[_builtins.int]] = None,
+                 default_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
+                 delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 description: Optional[pulumi.Input[_builtins.str]] = None,
+                 disable_automated_rotation: Optional[pulumi.Input[_builtins.bool]] = None,
+                 disable_remount: Optional[pulumi.Input[_builtins.bool]] = None,
+                 external_entropy_access: Optional[pulumi.Input[_builtins.bool]] = None,
+                 force_no_cache: Optional[pulumi.Input[_builtins.bool]] = None,
+                 identity_token_key: Optional[pulumi.Input[_builtins.str]] = None,
+                 insecure_tls: Optional[pulumi.Input[_builtins.bool]] = None,
+                 listing_visibility: Optional[pulumi.Input[_builtins.str]] = None,
+                 local: Optional[pulumi.Input[_builtins.bool]] = None,
+                 max_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 password_policy: Optional[pulumi.Input[_builtins.str]] = None,
+                 path: Optional[pulumi.Input[_builtins.str]] = None,
+                 plugin_version: Optional[pulumi.Input[_builtins.str]] = None,
+                 request_timeout: Optional[pulumi.Input[_builtins.int]] = None,
+                 rotation_period: Optional[pulumi.Input[_builtins.int]] = None,
+                 rotation_schedule: Optional[pulumi.Input[_builtins.str]] = None,
+                 rotation_window: Optional[pulumi.Input[_builtins.int]] = None,
+                 schema: Optional[pulumi.Input[_builtins.str]] = None,
+                 seal_wrap: Optional[pulumi.Input[_builtins.bool]] = None,
+                 skip_static_role_import_rotation: Optional[pulumi.Input[_builtins.bool]] = None,
+                 starttls: Optional[pulumi.Input[_builtins.bool]] = None,
+                 upndomain: Optional[pulumi.Input[_builtins.str]] = None,
+                 url: Optional[pulumi.Input[_builtins.str]] = None,
+                 userattr: Optional[pulumi.Input[_builtins.str]] = None,
+                 userdn: Optional[pulumi.Input[_builtins.str]] = None):
         """
         Input properties used for looking up and filtering SecretBackend resources.
-        :param pulumi.Input[builtins.str] accessor: Accessor of the mount
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
-        :param pulumi.Input[builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
-        :param pulumi.Input[builtins.str] bindpass: Password to use along with binddn when performing user search.
-        :param pulumi.Input[builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
+        :param pulumi.Input[_builtins.str] accessor: Accessor of the mount
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
+        :param pulumi.Input[_builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
+        :param pulumi.Input[_builtins.str] bindpass: Password to use along with binddn when performing user search.
+        :param pulumi.Input[_builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
                x509 PEM encoded.
-        :param pulumi.Input[builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
-        :param pulumi.Input[builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
-        :param pulumi.Input[builtins.int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
+        :param pulumi.Input[_builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
+        :param pulumi.Input[_builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
+        :param pulumi.Input[_builtins.int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
                the next URL in the configuration.
-        :param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
-        :param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
-        :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
-        :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
-        :param pulumi.Input[builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
-        :param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
-        :param pulumi.Input[builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
+        :param pulumi.Input[_builtins.int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
+        :param pulumi.Input[_builtins.str] description: Human-friendly description of the mount
+        :param pulumi.Input[_builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[_builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
+        :param pulumi.Input[_builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
+        :param pulumi.Input[_builtins.bool] force_no_cache: If set to true, disables caching.
+        :param pulumi.Input[_builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
+        :param pulumi.Input[_builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
                Defaults to `false`.
-        :param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
-        :param pulumi.Input[builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
-               replication.Tolerance duration to use when checking the last rotation time.
-        :param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
+        :param pulumi.Input[_builtins.bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
+        :param pulumi.Input[_builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
-        :param pulumi.Input[builtins.str] password_policy: Name of the password policy to use to generate passwords.
-        :param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Must
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] options: Specifies mount type specific options that are passed to the backend
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
+        :param pulumi.Input[_builtins.str] password_policy: Name of the password policy to use to generate passwords.
+        :param pulumi.Input[_builtins.str] path: The unique path this backend should be mounted at. Must
                not begin or end with a `/`. Defaults to `ldap`.
-        :param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
-        :param pulumi.Input[builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
+        :param pulumi.Input[_builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
+        :param pulumi.Input[_builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
                before returning back an error.
-        :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
+        :param pulumi.Input[_builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
                A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
-        :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+        :param pulumi.Input[_builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
                defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
-        :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
+        :param pulumi.Input[_builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
                a rotation when a scheduled token rotation occurs. The default rotation window is
                unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
-        :param pulumi.Input[builtins.str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
-        :param pulumi.Input[builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
-        :param pulumi.Input[builtins.bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
+        :param pulumi.Input[_builtins.str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
+        :param pulumi.Input[_builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
+        :param pulumi.Input[_builtins.bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
                Defaults to false. Requires Vault 1.16 or above.
-        :param pulumi.Input[builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
-        :param pulumi.Input[builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
-        :param pulumi.Input[builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
+        :param pulumi.Input[_builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
+        :param pulumi.Input[_builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
+        :param pulumi.Input[_builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
                them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
-        :param pulumi.Input[builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
-        :param pulumi.Input[builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
+        :param pulumi.Input[_builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
+        :param pulumi.Input[_builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
         """
         if accessor is not None:
             pulumi.set(__self__, "accessor", accessor)
@@ -812,6 +826,8 @@ class _SecretBackendState:
             pulumi.set(__self__, "disable_remount", disable_remount)
         if external_entropy_access is not None:
             pulumi.set(__self__, "external_entropy_access", external_entropy_access)
+        if force_no_cache is not None:
+            pulumi.set(__self__, "force_no_cache", force_no_cache)
         if identity_token_key is not None:
             pulumi.set(__self__, "identity_token_key", identity_token_key)
         if insecure_tls is not None:
@@ -859,93 +875,93 @@ class _SecretBackendState:
         if userdn is not None:
             pulumi.set(__self__, "userdn", userdn)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def accessor(self) -> Optional[pulumi.Input[builtins.str]]:
+    def accessor(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Accessor of the mount
         """
         return pulumi.get(self, "accessor")
 
     @accessor.setter
-    def accessor(self, value: Optional[pulumi.Input[builtins.str]]):
+    def accessor(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "accessor", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedManagedKeys")
-    def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         List of managed key registry entry names that the mount in question is allowed to access
         """
         return pulumi.get(self, "allowed_managed_keys")
 
     @allowed_managed_keys.setter
-    def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "allowed_managed_keys", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedResponseHeaders")
-    def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         List of headers to allow and pass from the request to the plugin
         """
         return pulumi.get(self, "allowed_response_headers")
 
     @allowed_response_headers.setter
-    def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "allowed_response_headers", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="auditNonHmacRequestKeys")
-    def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
         """
         return pulumi.get(self, "audit_non_hmac_request_keys")
 
     @audit_non_hmac_request_keys.setter
-    def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "audit_non_hmac_request_keys", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="auditNonHmacResponseKeys")
-    def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
         """
         return pulumi.get(self, "audit_non_hmac_response_keys")
 
     @audit_non_hmac_response_keys.setter
-    def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "audit_non_hmac_response_keys", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def binddn(self) -> Optional[pulumi.Input[builtins.str]]:
+    def binddn(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Distinguished name of object to bind when performing user and group search.
         """
         return pulumi.get(self, "binddn")
 
     @binddn.setter
-    def binddn(self, value: Optional[pulumi.Input[builtins.str]]):
+    def binddn(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "binddn", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def bindpass(self) -> Optional[pulumi.Input[builtins.str]]:
+    def bindpass(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Password to use along with binddn when performing user search.
         """
         return pulumi.get(self, "bindpass")
 
     @bindpass.setter
-    def bindpass(self, value: Optional[pulumi.Input[builtins.str]]):
+    def bindpass(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "bindpass", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def certificate(self) -> Optional[pulumi.Input[builtins.str]]:
+    def certificate(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         CA certificate to use when verifying LDAP server certificate, must be
         x509 PEM encoded.
@@ -953,36 +969,36 @@ class _SecretBackendState:
         return pulumi.get(self, "certificate")
 
     @certificate.setter
-    def certificate(self, value: Optional[pulumi.Input[builtins.str]]):
+    def certificate(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "certificate", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="clientTlsCert")
-    def client_tls_cert(self) -> Optional[pulumi.Input[builtins.str]]:
+    def client_tls_cert(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Client certificate to provide to the LDAP server, must be x509 PEM encoded.
         """
         return pulumi.get(self, "client_tls_cert")
 
     @client_tls_cert.setter
-    def client_tls_cert(self, value: Optional[pulumi.Input[builtins.str]]):
+    def client_tls_cert(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "client_tls_cert", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="clientTlsKey")
-    def client_tls_key(self) -> Optional[pulumi.Input[builtins.str]]:
+    def client_tls_key(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
         """
         return pulumi.get(self, "client_tls_key")
 
     @client_tls_key.setter
-    def client_tls_key(self, value: Optional[pulumi.Input[builtins.str]]):
+    def client_tls_key(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "client_tls_key", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="connectionTimeout")
-    def connection_timeout(self) -> Optional[pulumi.Input[builtins.int]]:
+    def connection_timeout(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         Timeout, in seconds, when attempting to connect to the LDAP server before trying
         the next URL in the configuration.
@@ -990,96 +1006,108 @@ class _SecretBackendState:
         return pulumi.get(self, "connection_timeout")
 
     @connection_timeout.setter
-    def connection_timeout(self, value: Optional[pulumi.Input[builtins.int]]):
+    def connection_timeout(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "connection_timeout", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="defaultLeaseTtlSeconds")
-    def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
+    def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
-        Default lease duration for secrets in seconds.
+        Default lease duration for tokens and secrets in seconds
         """
         return pulumi.get(self, "default_lease_ttl_seconds")
 
     @default_lease_ttl_seconds.setter
-    def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
+    def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "default_lease_ttl_seconds", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="delegatedAuthAccessors")
-    def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         List of headers to allow and pass from the request to the plugin
         """
         return pulumi.get(self, "delegated_auth_accessors")
 
     @delegated_auth_accessors.setter
-    def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "delegated_auth_accessors", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def description(self) -> Optional[pulumi.Input[builtins.str]]:
+    def description(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
-        Human-friendly description of the mount for the Active Directory backend.
+        Human-friendly description of the mount
         """
         return pulumi.get(self, "description")
 
     @description.setter
-    def description(self, value: Optional[pulumi.Input[builtins.str]]):
+    def description(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "description", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="disableAutomatedRotation")
-    def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def disable_automated_rotation(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
         """
         return pulumi.get(self, "disable_automated_rotation")
 
     @disable_automated_rotation.setter
-    def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def disable_automated_rotation(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "disable_automated_rotation", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="disableRemount")
-    def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def disable_remount(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         If set, opts out of mount migration on path updates.
         """
         return pulumi.get(self, "disable_remount")
 
     @disable_remount.setter
-    def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def disable_remount(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "disable_remount", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="externalEntropyAccess")
-    def external_entropy_access(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def external_entropy_access(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Enable the secrets engine to access Vault's external entropy source
         """
         return pulumi.get(self, "external_entropy_access")
 
     @external_entropy_access.setter
-    def external_entropy_access(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def external_entropy_access(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "external_entropy_access", value)
 
-    @property
+    @_builtins.property
+    @pulumi.getter(name="forceNoCache")
+    def force_no_cache(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        If set to true, disables caching.
+        """
+        return pulumi.get(self, "force_no_cache")
+
+    @force_no_cache.setter
+    def force_no_cache(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "force_no_cache", value)
+
+    @_builtins.property
     @pulumi.getter(name="identityTokenKey")
-    def identity_token_key(self) -> Optional[pulumi.Input[builtins.str]]:
+    def identity_token_key(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The key to use for signing plugin workload identity tokens
         """
         return pulumi.get(self, "identity_token_key")
 
     @identity_token_key.setter
-    def identity_token_key(self, value: Optional[pulumi.Input[builtins.str]]):
+    def identity_token_key(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "identity_token_key", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="insecureTls")
-    def insecure_tls(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def insecure_tls(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Skip LDAP server SSL Certificate verification. This is not recommended for production.
         Defaults to `false`.
@@ -1087,49 +1115,48 @@ class _SecretBackendState:
         return pulumi.get(self, "insecure_tls")
 
     @insecure_tls.setter
-    def insecure_tls(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def insecure_tls(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "insecure_tls", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="listingVisibility")
-    def listing_visibility(self) -> Optional[pulumi.Input[builtins.str]]:
+    def listing_visibility(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Specifies whether to show this mount in the UI-specific listing endpoint
         """
         return pulumi.get(self, "listing_visibility")
 
     @listing_visibility.setter
-    def listing_visibility(self, value: Optional[pulumi.Input[builtins.str]]):
+    def listing_visibility(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "listing_visibility", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def local(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def local(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
-        Mark the secrets engine as local-only. Local engines are not replicated or removed by
-        replication.Tolerance duration to use when checking the last rotation time.
+        Local mount flag that can be explicitly set to true to enforce local mount in HA environment
         """
         return pulumi.get(self, "local")
 
     @local.setter
-    def local(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def local(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "local", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="maxLeaseTtlSeconds")
-    def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
+    def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
-        Maximum possible lease duration for secrets in seconds.
+        Maximum possible lease duration for tokens and secrets in seconds
         """
         return pulumi.get(self, "max_lease_ttl_seconds")
 
     @max_lease_ttl_seconds.setter
-    def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
+    def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "max_lease_ttl_seconds", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -1139,48 +1166,48 @@ class _SecretBackendState:
         return pulumi.get(self, "namespace")
 
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "namespace", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
+    def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
         """
         Specifies mount type specific options that are passed to the backend
         """
         return pulumi.get(self, "options")
 
     @options.setter
-    def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
+    def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "options", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="passthroughRequestHeaders")
-    def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         List of headers to allow and pass from the request to the plugin
         """
         return pulumi.get(self, "passthrough_request_headers")
 
     @passthrough_request_headers.setter
-    def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "passthrough_request_headers", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="passwordPolicy")
-    def password_policy(self) -> Optional[pulumi.Input[builtins.str]]:
+    def password_policy(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Name of the password policy to use to generate passwords.
         """
         return pulumi.get(self, "password_policy")
 
     @password_policy.setter
-    def password_policy(self, value: Optional[pulumi.Input[builtins.str]]):
+    def password_policy(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "password_policy", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def path(self) -> Optional[pulumi.Input[builtins.str]]:
+    def path(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The unique path this backend should be mounted at. Must
         not begin or end with a `/`. Defaults to `ldap`.
@@ -1188,24 +1215,24 @@ class _SecretBackendState:
         return pulumi.get(self, "path")
 
     @path.setter
-    def path(self, value: Optional[pulumi.Input[builtins.str]]):
+    def path(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "path", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="pluginVersion")
-    def plugin_version(self) -> Optional[pulumi.Input[builtins.str]]:
+    def plugin_version(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
         """
         return pulumi.get(self, "plugin_version")
 
     @plugin_version.setter
-    def plugin_version(self, value: Optional[pulumi.Input[builtins.str]]):
+    def plugin_version(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "plugin_version", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="requestTimeout")
-    def request_timeout(self) -> Optional[pulumi.Input[builtins.int]]:
+    def request_timeout(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         Timeout, in seconds, for the connection when making requests against the server
         before returning back an error.
@@ -1213,12 +1240,12 @@ class _SecretBackendState:
         return pulumi.get(self, "request_timeout")
 
     @request_timeout.setter
-    def request_timeout(self, value: Optional[pulumi.Input[builtins.int]]):
+    def request_timeout(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "request_timeout", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="rotationPeriod")
-    def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
+    def rotation_period(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         The amount of time in seconds Vault should wait before rotating the root credential.
         A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
@@ -1226,12 +1253,12 @@ class _SecretBackendState:
         return pulumi.get(self, "rotation_period")
 
     @rotation_period.setter
-    def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
+    def rotation_period(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "rotation_period", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="rotationSchedule")
-    def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
+    def rotation_schedule(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
         defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
@@ -1239,12 +1266,12 @@ class _SecretBackendState:
         return pulumi.get(self, "rotation_schedule")
 
     @rotation_schedule.setter
-    def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
+    def rotation_schedule(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "rotation_schedule", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="rotationWindow")
-    def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
+    def rotation_window(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         The maximum amount of time in seconds allowed to complete
         a rotation when a scheduled token rotation occurs. The default rotation window is
@@ -1253,36 +1280,36 @@ class _SecretBackendState:
         return pulumi.get(self, "rotation_window")
 
     @rotation_window.setter
-    def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
+    def rotation_window(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "rotation_window", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def schema(self) -> Optional[pulumi.Input[builtins.str]]:
+    def schema(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
         """
         return pulumi.get(self, "schema")
 
     @schema.setter
-    def schema(self, value: Optional[pulumi.Input[builtins.str]]):
+    def schema(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "schema", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="sealWrap")
-    def seal_wrap(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def seal_wrap(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
         """
         return pulumi.get(self, "seal_wrap")
 
     @seal_wrap.setter
-    def seal_wrap(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def seal_wrap(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "seal_wrap", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="skipStaticRoleImportRotation")
-    def skip_static_role_import_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def skip_static_role_import_rotation(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         If set to true, static roles will not be rotated during import.
         Defaults to false. Requires Vault 1.16 or above.
@@ -1290,36 +1317,36 @@ class _SecretBackendState:
         return pulumi.get(self, "skip_static_role_import_rotation")
 
     @skip_static_role_import_rotation.setter
-    def skip_static_role_import_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def skip_static_role_import_rotation(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "skip_static_role_import_rotation", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def starttls(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def starttls(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Issue a StartTLS command after establishing unencrypted connection.
         """
         return pulumi.get(self, "starttls")
 
     @starttls.setter
-    def starttls(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def starttls(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "starttls", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def upndomain(self) -> Optional[pulumi.Input[builtins.str]]:
+    def upndomain(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Enables userPrincipalDomain login with [username]@UPNDomain.
         """
         return pulumi.get(self, "upndomain")
 
     @upndomain.setter
-    def upndomain(self, value: Optional[pulumi.Input[builtins.str]]):
+    def upndomain(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "upndomain", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def url(self) -> Optional[pulumi.Input[builtins.str]]:
+    def url(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         LDAP URL to connect to. Multiple URLs can be specified by concatenating
         them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
@@ -1327,31 +1354,31 @@ class _SecretBackendState:
         return pulumi.get(self, "url")
 
     @url.setter
-    def url(self, value: Optional[pulumi.Input[builtins.str]]):
+    def url(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "url", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def userattr(self) -> Optional[pulumi.Input[builtins.str]]:
+    def userattr(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Attribute used when searching users. Defaults to `cn`.
         """
         return pulumi.get(self, "userattr")
 
     @userattr.setter
-    def userattr(self, value: Optional[pulumi.Input[builtins.str]]):
+    def userattr(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "userattr", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def userdn(self) -> Optional[pulumi.Input[builtins.str]]:
+    def userdn(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
         """
         return pulumi.get(self, "userdn")
 
     @userdn.setter
-    def userdn(self, value: Optional[pulumi.Input[builtins.str]]):
+    def userdn(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "userdn", value)
 
 
@@ -1361,45 +1388,46 @@ class SecretBackend(pulumi.CustomResource):
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 binddn: Optional[pulumi.Input[builtins.str]] = None,
-                 bindpass: Optional[pulumi.Input[builtins.str]] = None,
-                 certificate: Optional[pulumi.Input[builtins.str]] = None,
-                 client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
-                 client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
-                 connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
-                 default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
-                 delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 description: Optional[pulumi.Input[builtins.str]] = None,
-                 disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
-                 disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
-                 external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
-                 identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
-                 insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
-                 listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
-                 local: Optional[pulumi.Input[builtins.bool]] = None,
-                 max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
-                 passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 password_policy: Optional[pulumi.Input[builtins.str]] = None,
-                 path: Optional[pulumi.Input[builtins.str]] = None,
-                 plugin_version: Optional[pulumi.Input[builtins.str]] = None,
-                 request_timeout: Optional[pulumi.Input[builtins.int]] = None,
-                 rotation_period: Optional[pulumi.Input[builtins.int]] = None,
-                 rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
-                 rotation_window: Optional[pulumi.Input[builtins.int]] = None,
-                 schema: Optional[pulumi.Input[builtins.str]] = None,
-                 seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
-                 skip_static_role_import_rotation: Optional[pulumi.Input[builtins.bool]] = None,
-                 starttls: Optional[pulumi.Input[builtins.bool]] = None,
-                 upndomain: Optional[pulumi.Input[builtins.str]] = None,
-                 url: Optional[pulumi.Input[builtins.str]] = None,
-                 userattr: Optional[pulumi.Input[builtins.str]] = None,
-                 userdn: Optional[pulumi.Input[builtins.str]] = None,
+                 allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 binddn: Optional[pulumi.Input[_builtins.str]] = None,
+                 bindpass: Optional[pulumi.Input[_builtins.str]] = None,
+                 certificate: Optional[pulumi.Input[_builtins.str]] = None,
+                 client_tls_cert: Optional[pulumi.Input[_builtins.str]] = None,
+                 client_tls_key: Optional[pulumi.Input[_builtins.str]] = None,
+                 connection_timeout: Optional[pulumi.Input[_builtins.int]] = None,
+                 default_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
+                 delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 description: Optional[pulumi.Input[_builtins.str]] = None,
+                 disable_automated_rotation: Optional[pulumi.Input[_builtins.bool]] = None,
+                 disable_remount: Optional[pulumi.Input[_builtins.bool]] = None,
+                 external_entropy_access: Optional[pulumi.Input[_builtins.bool]] = None,
+                 force_no_cache: Optional[pulumi.Input[_builtins.bool]] = None,
+                 identity_token_key: Optional[pulumi.Input[_builtins.str]] = None,
+                 insecure_tls: Optional[pulumi.Input[_builtins.bool]] = None,
+                 listing_visibility: Optional[pulumi.Input[_builtins.str]] = None,
+                 local: Optional[pulumi.Input[_builtins.bool]] = None,
+                 max_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 password_policy: Optional[pulumi.Input[_builtins.str]] = None,
+                 path: Optional[pulumi.Input[_builtins.str]] = None,
+                 plugin_version: Optional[pulumi.Input[_builtins.str]] = None,
+                 request_timeout: Optional[pulumi.Input[_builtins.int]] = None,
+                 rotation_period: Optional[pulumi.Input[_builtins.int]] = None,
+                 rotation_schedule: Optional[pulumi.Input[_builtins.str]] = None,
+                 rotation_window: Optional[pulumi.Input[_builtins.int]] = None,
+                 schema: Optional[pulumi.Input[_builtins.str]] = None,
+                 seal_wrap: Optional[pulumi.Input[_builtins.bool]] = None,
+                 skip_static_role_import_rotation: Optional[pulumi.Input[_builtins.bool]] = None,
+                 starttls: Optional[pulumi.Input[_builtins.bool]] = None,
+                 upndomain: Optional[pulumi.Input[_builtins.str]] = None,
+                 url: Optional[pulumi.Input[_builtins.str]] = None,
+                 userattr: Optional[pulumi.Input[_builtins.str]] = None,
+                 userdn: Optional[pulumi.Input[_builtins.str]] = None,
                  __props__=None):
         """
         ## Example Usage
@@ -1429,60 +1457,60 @@ class SecretBackend(pulumi.CustomResource):
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
-        :param pulumi.Input[builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
-        :param pulumi.Input[builtins.str] bindpass: Password to use along with binddn when performing user search.
-        :param pulumi.Input[builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
+        :param pulumi.Input[_builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
+        :param pulumi.Input[_builtins.str] bindpass: Password to use along with binddn when performing user search.
+        :param pulumi.Input[_builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
                x509 PEM encoded.
-        :param pulumi.Input[builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
-        :param pulumi.Input[builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
-        :param pulumi.Input[builtins.int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
+        :param pulumi.Input[_builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
+        :param pulumi.Input[_builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
+        :param pulumi.Input[_builtins.int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
                the next URL in the configuration.
-        :param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
-        :param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
-        :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
-        :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
-        :param pulumi.Input[builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
-        :param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
-        :param pulumi.Input[builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
+        :param pulumi.Input[_builtins.int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
+        :param pulumi.Input[_builtins.str] description: Human-friendly description of the mount
+        :param pulumi.Input[_builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[_builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
+        :param pulumi.Input[_builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
+        :param pulumi.Input[_builtins.bool] force_no_cache: If set to true, disables caching.
+        :param pulumi.Input[_builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
+        :param pulumi.Input[_builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
                Defaults to `false`.
-        :param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
-        :param pulumi.Input[builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
-               replication.Tolerance duration to use when checking the last rotation time.
-        :param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
+        :param pulumi.Input[_builtins.bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
+        :param pulumi.Input[_builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
-        :param pulumi.Input[builtins.str] password_policy: Name of the password policy to use to generate passwords.
-        :param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Must
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] options: Specifies mount type specific options that are passed to the backend
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
+        :param pulumi.Input[_builtins.str] password_policy: Name of the password policy to use to generate passwords.
+        :param pulumi.Input[_builtins.str] path: The unique path this backend should be mounted at. Must
                not begin or end with a `/`. Defaults to `ldap`.
-        :param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
-        :param pulumi.Input[builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
+        :param pulumi.Input[_builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
+        :param pulumi.Input[_builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
                before returning back an error.
-        :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
+        :param pulumi.Input[_builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
                A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
-        :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+        :param pulumi.Input[_builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
                defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
-        :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
+        :param pulumi.Input[_builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
                a rotation when a scheduled token rotation occurs. The default rotation window is
                unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
-        :param pulumi.Input[builtins.str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
-        :param pulumi.Input[builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
-        :param pulumi.Input[builtins.bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
+        :param pulumi.Input[_builtins.str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
+        :param pulumi.Input[_builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
+        :param pulumi.Input[_builtins.bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
                Defaults to false. Requires Vault 1.16 or above.
-        :param pulumi.Input[builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
-        :param pulumi.Input[builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
-        :param pulumi.Input[builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
+        :param pulumi.Input[_builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
+        :param pulumi.Input[_builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
+        :param pulumi.Input[_builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
                them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
-        :param pulumi.Input[builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
-        :param pulumi.Input[builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
+        :param pulumi.Input[_builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
+        :param pulumi.Input[_builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
         """
         ...
     @overload
@@ -1531,45 +1559,46 @@ class SecretBackend(pulumi.CustomResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 binddn: Optional[pulumi.Input[builtins.str]] = None,
-                 bindpass: Optional[pulumi.Input[builtins.str]] = None,
-                 certificate: Optional[pulumi.Input[builtins.str]] = None,
-                 client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
-                 client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
-                 connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
-                 default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
-                 delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 description: Optional[pulumi.Input[builtins.str]] = None,
-                 disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
-                 disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
-                 external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
-                 identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
-                 insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
-                 listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
-                 local: Optional[pulumi.Input[builtins.bool]] = None,
-                 max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
-                 passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 password_policy: Optional[pulumi.Input[builtins.str]] = None,
-                 path: Optional[pulumi.Input[builtins.str]] = None,
-                 plugin_version: Optional[pulumi.Input[builtins.str]] = None,
-                 request_timeout: Optional[pulumi.Input[builtins.int]] = None,
-                 rotation_period: Optional[pulumi.Input[builtins.int]] = None,
-                 rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
-                 rotation_window: Optional[pulumi.Input[builtins.int]] = None,
-                 schema: Optional[pulumi.Input[builtins.str]] = None,
-                 seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
-                 skip_static_role_import_rotation: Optional[pulumi.Input[builtins.bool]] = None,
-                 starttls: Optional[pulumi.Input[builtins.bool]] = None,
-                 upndomain: Optional[pulumi.Input[builtins.str]] = None,
-                 url: Optional[pulumi.Input[builtins.str]] = None,
-                 userattr: Optional[pulumi.Input[builtins.str]] = None,
-                 userdn: Optional[pulumi.Input[builtins.str]] = None,
+                 allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 binddn: Optional[pulumi.Input[_builtins.str]] = None,
+                 bindpass: Optional[pulumi.Input[_builtins.str]] = None,
+                 certificate: Optional[pulumi.Input[_builtins.str]] = None,
+                 client_tls_cert: Optional[pulumi.Input[_builtins.str]] = None,
+                 client_tls_key: Optional[pulumi.Input[_builtins.str]] = None,
+                 connection_timeout: Optional[pulumi.Input[_builtins.int]] = None,
+                 default_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
+                 delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 description: Optional[pulumi.Input[_builtins.str]] = None,
+                 disable_automated_rotation: Optional[pulumi.Input[_builtins.bool]] = None,
+                 disable_remount: Optional[pulumi.Input[_builtins.bool]] = None,
+                 external_entropy_access: Optional[pulumi.Input[_builtins.bool]] = None,
+                 force_no_cache: Optional[pulumi.Input[_builtins.bool]] = None,
+                 identity_token_key: Optional[pulumi.Input[_builtins.str]] = None,
+                 insecure_tls: Optional[pulumi.Input[_builtins.bool]] = None,
+                 listing_visibility: Optional[pulumi.Input[_builtins.str]] = None,
+                 local: Optional[pulumi.Input[_builtins.bool]] = None,
+                 max_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 password_policy: Optional[pulumi.Input[_builtins.str]] = None,
+                 path: Optional[pulumi.Input[_builtins.str]] = None,
+                 plugin_version: Optional[pulumi.Input[_builtins.str]] = None,
+                 request_timeout: Optional[pulumi.Input[_builtins.int]] = None,
+                 rotation_period: Optional[pulumi.Input[_builtins.int]] = None,
+                 rotation_schedule: Optional[pulumi.Input[_builtins.str]] = None,
+                 rotation_window: Optional[pulumi.Input[_builtins.int]] = None,
+                 schema: Optional[pulumi.Input[_builtins.str]] = None,
+                 seal_wrap: Optional[pulumi.Input[_builtins.bool]] = None,
+                 skip_static_role_import_rotation: Optional[pulumi.Input[_builtins.bool]] = None,
+                 starttls: Optional[pulumi.Input[_builtins.bool]] = None,
+                 upndomain: Optional[pulumi.Input[_builtins.str]] = None,
+                 url: Optional[pulumi.Input[_builtins.str]] = None,
+                 userattr: Optional[pulumi.Input[_builtins.str]] = None,
+                 userdn: Optional[pulumi.Input[_builtins.str]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -1599,6 +1628,7 @@ class SecretBackend(pulumi.CustomResource):
             __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
             __props__.__dict__["disable_remount"] = disable_remount
             __props__.__dict__["external_entropy_access"] = external_entropy_access
+            __props__.__dict__["force_no_cache"] = force_no_cache
             __props__.__dict__["identity_token_key"] = identity_token_key
             __props__.__dict__["insecure_tls"] = insecure_tls
             __props__.__dict__["listing_visibility"] = listing_visibility
@@ -1635,46 +1665,47 @@ class SecretBackend(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
-            accessor: Optional[pulumi.Input[builtins.str]] = None,
-            allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            binddn: Optional[pulumi.Input[builtins.str]] = None,
-            bindpass: Optional[pulumi.Input[builtins.str]] = None,
-            certificate: Optional[pulumi.Input[builtins.str]] = None,
-            client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
-            client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
-            connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
-            default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
-            delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            description: Optional[pulumi.Input[builtins.str]] = None,
-            disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
-            disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
-            external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
-            identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
-            insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
-            listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
-            local: Optional[pulumi.Input[builtins.bool]] = None,
-            max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
-            namespace: Optional[pulumi.Input[builtins.str]] = None,
-            options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
-            passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            password_policy: Optional[pulumi.Input[builtins.str]] = None,
-            path: Optional[pulumi.Input[builtins.str]] = None,
-            plugin_version: Optional[pulumi.Input[builtins.str]] = None,
-            request_timeout: Optional[pulumi.Input[builtins.int]] = None,
-            rotation_period: Optional[pulumi.Input[builtins.int]] = None,
-            rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
-            rotation_window: Optional[pulumi.Input[builtins.int]] = None,
-            schema: Optional[pulumi.Input[builtins.str]] = None,
-            seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
-            skip_static_role_import_rotation: Optional[pulumi.Input[builtins.bool]] = None,
-            starttls: Optional[pulumi.Input[builtins.bool]] = None,
-            upndomain: Optional[pulumi.Input[builtins.str]] = None,
-            url: Optional[pulumi.Input[builtins.str]] = None,
-            userattr: Optional[pulumi.Input[builtins.str]] = None,
-            userdn: Optional[pulumi.Input[builtins.str]] = None) -> 'SecretBackend':
+            accessor: Optional[pulumi.Input[_builtins.str]] = None,
+            allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            binddn: Optional[pulumi.Input[_builtins.str]] = None,
+            bindpass: Optional[pulumi.Input[_builtins.str]] = None,
+            certificate: Optional[pulumi.Input[_builtins.str]] = None,
+            client_tls_cert: Optional[pulumi.Input[_builtins.str]] = None,
+            client_tls_key: Optional[pulumi.Input[_builtins.str]] = None,
+            connection_timeout: Optional[pulumi.Input[_builtins.int]] = None,
+            default_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
+            delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            description: Optional[pulumi.Input[_builtins.str]] = None,
+            disable_automated_rotation: Optional[pulumi.Input[_builtins.bool]] = None,
+            disable_remount: Optional[pulumi.Input[_builtins.bool]] = None,
+            external_entropy_access: Optional[pulumi.Input[_builtins.bool]] = None,
+            force_no_cache: Optional[pulumi.Input[_builtins.bool]] = None,
+            identity_token_key: Optional[pulumi.Input[_builtins.str]] = None,
+            insecure_tls: Optional[pulumi.Input[_builtins.bool]] = None,
+            listing_visibility: Optional[pulumi.Input[_builtins.str]] = None,
+            local: Optional[pulumi.Input[_builtins.bool]] = None,
+            max_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
+            namespace: Optional[pulumi.Input[_builtins.str]] = None,
+            options: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+            passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            password_policy: Optional[pulumi.Input[_builtins.str]] = None,
+            path: Optional[pulumi.Input[_builtins.str]] = None,
+            plugin_version: Optional[pulumi.Input[_builtins.str]] = None,
+            request_timeout: Optional[pulumi.Input[_builtins.int]] = None,
+            rotation_period: Optional[pulumi.Input[_builtins.int]] = None,
+            rotation_schedule: Optional[pulumi.Input[_builtins.str]] = None,
+            rotation_window: Optional[pulumi.Input[_builtins.int]] = None,
+            schema: Optional[pulumi.Input[_builtins.str]] = None,
+            seal_wrap: Optional[pulumi.Input[_builtins.bool]] = None,
+            skip_static_role_import_rotation: Optional[pulumi.Input[_builtins.bool]] = None,
+            starttls: Optional[pulumi.Input[_builtins.bool]] = None,
+            upndomain: Optional[pulumi.Input[_builtins.str]] = None,
+            url: Optional[pulumi.Input[_builtins.str]] = None,
+            userattr: Optional[pulumi.Input[_builtins.str]] = None,
+            userdn: Optional[pulumi.Input[_builtins.str]] = None) -> 'SecretBackend':
         """
         Get an existing SecretBackend resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -1682,61 +1713,61 @@ class SecretBackend(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[builtins.str] accessor: Accessor of the mount
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
-        :param pulumi.Input[builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
-        :param pulumi.Input[builtins.str] bindpass: Password to use along with binddn when performing user search.
-        :param pulumi.Input[builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
+        :param pulumi.Input[_builtins.str] accessor: Accessor of the mount
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
+        :param pulumi.Input[_builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
+        :param pulumi.Input[_builtins.str] bindpass: Password to use along with binddn when performing user search.
+        :param pulumi.Input[_builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
                x509 PEM encoded.
-        :param pulumi.Input[builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
-        :param pulumi.Input[builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
-        :param pulumi.Input[builtins.int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
+        :param pulumi.Input[_builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
+        :param pulumi.Input[_builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
+        :param pulumi.Input[_builtins.int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
                the next URL in the configuration.
-        :param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
-        :param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
-        :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
-        :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
-        :param pulumi.Input[builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
-        :param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
-        :param pulumi.Input[builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
+        :param pulumi.Input[_builtins.int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
+        :param pulumi.Input[_builtins.str] description: Human-friendly description of the mount
+        :param pulumi.Input[_builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[_builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
+        :param pulumi.Input[_builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
+        :param pulumi.Input[_builtins.bool] force_no_cache: If set to true, disables caching.
+        :param pulumi.Input[_builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
+        :param pulumi.Input[_builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
                Defaults to `false`.
-        :param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
-        :param pulumi.Input[builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
-               replication.Tolerance duration to use when checking the last rotation time.
-        :param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
+        :param pulumi.Input[_builtins.bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
+        :param pulumi.Input[_builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
-        :param pulumi.Input[builtins.str] password_policy: Name of the password policy to use to generate passwords.
-        :param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Must
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] options: Specifies mount type specific options that are passed to the backend
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
+        :param pulumi.Input[_builtins.str] password_policy: Name of the password policy to use to generate passwords.
+        :param pulumi.Input[_builtins.str] path: The unique path this backend should be mounted at. Must
                not begin or end with a `/`. Defaults to `ldap`.
-        :param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
-        :param pulumi.Input[builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
+        :param pulumi.Input[_builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
+        :param pulumi.Input[_builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
                before returning back an error.
-        :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
+        :param pulumi.Input[_builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
                A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
-        :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+        :param pulumi.Input[_builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
                defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
-        :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
+        :param pulumi.Input[_builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
                a rotation when a scheduled token rotation occurs. The default rotation window is
                unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
-        :param pulumi.Input[builtins.str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
-        :param pulumi.Input[builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
-        :param pulumi.Input[builtins.bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
+        :param pulumi.Input[_builtins.str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
+        :param pulumi.Input[_builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
+        :param pulumi.Input[_builtins.bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
                Defaults to false. Requires Vault 1.16 or above.
-        :param pulumi.Input[builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
-        :param pulumi.Input[builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
-        :param pulumi.Input[builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
+        :param pulumi.Input[_builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
+        :param pulumi.Input[_builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
+        :param pulumi.Input[_builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
                them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
-        :param pulumi.Input[builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
-        :param pulumi.Input[builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
+        :param pulumi.Input[_builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
+        :param pulumi.Input[_builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
 
@@ -1759,6 +1790,7 @@ class SecretBackend(pulumi.CustomResource):
         __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
         __props__.__dict__["disable_remount"] = disable_remount
         __props__.__dict__["external_entropy_access"] = external_entropy_access
+        __props__.__dict__["force_no_cache"] = force_no_cache
         __props__.__dict__["identity_token_key"] = identity_token_key
         __props__.__dict__["insecure_tls"] = insecure_tls
         __props__.__dict__["listing_visibility"] = listing_visibility
@@ -1784,189 +1816,196 @@ class SecretBackend(pulumi.CustomResource):
         __props__.__dict__["userdn"] = userdn
         return SecretBackend(resource_name, opts=opts, __props__=__props__)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def accessor(self) -> pulumi.Output[builtins.str]:
+    def accessor(self) -> pulumi.Output[_builtins.str]:
         """
         Accessor of the mount
         """
         return pulumi.get(self, "accessor")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedManagedKeys")
-    def allowed_managed_keys(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def allowed_managed_keys(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         List of managed key registry entry names that the mount in question is allowed to access
         """
         return pulumi.get(self, "allowed_managed_keys")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedResponseHeaders")
-    def allowed_response_headers(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def allowed_response_headers(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         List of headers to allow and pass from the request to the plugin
         """
         return pulumi.get(self, "allowed_response_headers")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="auditNonHmacRequestKeys")
-    def audit_non_hmac_request_keys(self) -> pulumi.Output[Sequence[builtins.str]]:
+    def audit_non_hmac_request_keys(self) -> pulumi.Output[Sequence[_builtins.str]]:
         """
         Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
         """
         return pulumi.get(self, "audit_non_hmac_request_keys")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="auditNonHmacResponseKeys")
-    def audit_non_hmac_response_keys(self) -> pulumi.Output[Sequence[builtins.str]]:
+    def audit_non_hmac_response_keys(self) -> pulumi.Output[Sequence[_builtins.str]]:
         """
         Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
         """
         return pulumi.get(self, "audit_non_hmac_response_keys")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def binddn(self) -> pulumi.Output[builtins.str]:
+    def binddn(self) -> pulumi.Output[_builtins.str]:
         """
         Distinguished name of object to bind when performing user and group search.
         """
         return pulumi.get(self, "binddn")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def bindpass(self) -> pulumi.Output[builtins.str]:
+    def bindpass(self) -> pulumi.Output[_builtins.str]:
         """
         Password to use along with binddn when performing user search.
         """
         return pulumi.get(self, "bindpass")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def certificate(self) -> pulumi.Output[Optional[builtins.str]]:
+    def certificate(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         CA certificate to use when verifying LDAP server certificate, must be
         x509 PEM encoded.
         """
         return pulumi.get(self, "certificate")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="clientTlsCert")
-    def client_tls_cert(self) -> pulumi.Output[Optional[builtins.str]]:
+    def client_tls_cert(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         Client certificate to provide to the LDAP server, must be x509 PEM encoded.
         """
         return pulumi.get(self, "client_tls_cert")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="clientTlsKey")
-    def client_tls_key(self) -> pulumi.Output[Optional[builtins.str]]:
+    def client_tls_key(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
         """
         return pulumi.get(self, "client_tls_key")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="connectionTimeout")
-    def connection_timeout(self) -> pulumi.Output[Optional[builtins.int]]:
+    def connection_timeout(self) -> pulumi.Output[Optional[_builtins.int]]:
         """
         Timeout, in seconds, when attempting to connect to the LDAP server before trying
         the next URL in the configuration.
         """
         return pulumi.get(self, "connection_timeout")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="defaultLeaseTtlSeconds")
-    def default_lease_ttl_seconds(self) -> pulumi.Output[builtins.int]:
+    def default_lease_ttl_seconds(self) -> pulumi.Output[_builtins.int]:
         """
-        Default lease duration for secrets in seconds.
+        Default lease duration for tokens and secrets in seconds
         """
         return pulumi.get(self, "default_lease_ttl_seconds")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="delegatedAuthAccessors")
-    def delegated_auth_accessors(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def delegated_auth_accessors(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         List of headers to allow and pass from the request to the plugin
         """
         return pulumi.get(self, "delegated_auth_accessors")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def description(self) -> pulumi.Output[Optional[builtins.str]]:
+    def description(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
-        Human-friendly description of the mount for the Active Directory backend.
+        Human-friendly description of the mount
         """
         return pulumi.get(self, "description")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="disableAutomatedRotation")
-    def disable_automated_rotation(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def disable_automated_rotation(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
         """
         return pulumi.get(self, "disable_automated_rotation")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="disableRemount")
-    def disable_remount(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def disable_remount(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         If set, opts out of mount migration on path updates.
         """
         return pulumi.get(self, "disable_remount")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="externalEntropyAccess")
-    def external_entropy_access(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def external_entropy_access(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Enable the secrets engine to access Vault's external entropy source
         """
         return pulumi.get(self, "external_entropy_access")
 
-    @property
+    @_builtins.property
+    @pulumi.getter(name="forceNoCache")
+    def force_no_cache(self) -> pulumi.Output[_builtins.bool]:
+        """
+        If set to true, disables caching.
+        """
+        return pulumi.get(self, "force_no_cache")
+
+    @_builtins.property
     @pulumi.getter(name="identityTokenKey")
-    def identity_token_key(self) -> pulumi.Output[Optional[builtins.str]]:
+    def identity_token_key(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The key to use for signing plugin workload identity tokens
         """
         return pulumi.get(self, "identity_token_key")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="insecureTls")
-    def insecure_tls(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def insecure_tls(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Skip LDAP server SSL Certificate verification. This is not recommended for production.
         Defaults to `false`.
         """
         return pulumi.get(self, "insecure_tls")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="listingVisibility")
-    def listing_visibility(self) -> pulumi.Output[Optional[builtins.str]]:
+    def listing_visibility(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         Specifies whether to show this mount in the UI-specific listing endpoint
         """
         return pulumi.get(self, "listing_visibility")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def local(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def local(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
-        Mark the secrets engine as local-only. Local engines are not replicated or removed by
-        replication.Tolerance duration to use when checking the last rotation time.
+        Local mount flag that can be explicitly set to true to enforce local mount in HA environment
         """
         return pulumi.get(self, "local")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="maxLeaseTtlSeconds")
-    def max_lease_ttl_seconds(self) -> pulumi.Output[builtins.int]:
+    def max_lease_ttl_seconds(self) -> pulumi.Output[_builtins.int]:
         """
-        Maximum possible lease duration for secrets in seconds.
+        Maximum possible lease duration for tokens and secrets in seconds
         """
         return pulumi.get(self, "max_lease_ttl_seconds")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
+    def namespace(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -1975,77 +2014,77 @@ class SecretBackend(pulumi.CustomResource):
         """
         return pulumi.get(self, "namespace")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def options(self) -> pulumi.Output[Optional[Mapping[str, builtins.str]]]:
+    def options(self) -> pulumi.Output[Optional[Mapping[str, _builtins.str]]]:
         """
         Specifies mount type specific options that are passed to the backend
         """
         return pulumi.get(self, "options")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="passthroughRequestHeaders")
-    def passthrough_request_headers(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def passthrough_request_headers(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         List of headers to allow and pass from the request to the plugin
         """
         return pulumi.get(self, "passthrough_request_headers")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="passwordPolicy")
-    def password_policy(self) -> pulumi.Output[Optional[builtins.str]]:
+    def password_policy(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         Name of the password policy to use to generate passwords.
         """
         return pulumi.get(self, "password_policy")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def path(self) -> pulumi.Output[Optional[builtins.str]]:
+    def path(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The unique path this backend should be mounted at. Must
         not begin or end with a `/`. Defaults to `ldap`.
         """
         return pulumi.get(self, "path")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="pluginVersion")
-    def plugin_version(self) -> pulumi.Output[Optional[builtins.str]]:
+    def plugin_version(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
         """
         return pulumi.get(self, "plugin_version")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="requestTimeout")
-    def request_timeout(self) -> pulumi.Output[builtins.int]:
+    def request_timeout(self) -> pulumi.Output[_builtins.int]:
         """
         Timeout, in seconds, for the connection when making requests against the server
         before returning back an error.
         """
         return pulumi.get(self, "request_timeout")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="rotationPeriod")
-    def rotation_period(self) -> pulumi.Output[Optional[builtins.int]]:
+    def rotation_period(self) -> pulumi.Output[Optional[_builtins.int]]:
         """
         The amount of time in seconds Vault should wait before rotating the root credential.
         A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
         """
         return pulumi.get(self, "rotation_period")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="rotationSchedule")
-    def rotation_schedule(self) -> pulumi.Output[Optional[builtins.str]]:
+    def rotation_schedule(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
         defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
         """
         return pulumi.get(self, "rotation_schedule")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="rotationWindow")
-    def rotation_window(self) -> pulumi.Output[Optional[builtins.int]]:
+    def rotation_window(self) -> pulumi.Output[Optional[_builtins.int]]:
         """
         The maximum amount of time in seconds allowed to complete
         a rotation when a scheduled token rotation occurs. The default rotation window is
@@ -2053,67 +2092,67 @@ class SecretBackend(pulumi.CustomResource):
         """
         return pulumi.get(self, "rotation_window")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def schema(self) -> pulumi.Output[builtins.str]:
+    def schema(self) -> pulumi.Output[_builtins.str]:
         """
         The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
         """
         return pulumi.get(self, "schema")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="sealWrap")
-    def seal_wrap(self) -> pulumi.Output[builtins.bool]:
+    def seal_wrap(self) -> pulumi.Output[_builtins.bool]:
         """
         Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
         """
         return pulumi.get(self, "seal_wrap")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="skipStaticRoleImportRotation")
-    def skip_static_role_import_rotation(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def skip_static_role_import_rotation(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         If set to true, static roles will not be rotated during import.
         Defaults to false. Requires Vault 1.16 or above.
         """
         return pulumi.get(self, "skip_static_role_import_rotation")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def starttls(self) -> pulumi.Output[builtins.bool]:
+    def starttls(self) -> pulumi.Output[_builtins.bool]:
         """
         Issue a StartTLS command after establishing unencrypted connection.
         """
         return pulumi.get(self, "starttls")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def upndomain(self) -> pulumi.Output[builtins.str]:
+    def upndomain(self) -> pulumi.Output[_builtins.str]:
         """
         Enables userPrincipalDomain login with [username]@UPNDomain.
         """
         return pulumi.get(self, "upndomain")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def url(self) -> pulumi.Output[builtins.str]:
+    def url(self) -> pulumi.Output[_builtins.str]:
         """
         LDAP URL to connect to. Multiple URLs can be specified by concatenating
         them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
         """
         return pulumi.get(self, "url")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def userattr(self) -> pulumi.Output[builtins.str]:
+    def userattr(self) -> pulumi.Output[_builtins.str]:
         """
         Attribute used when searching users. Defaults to `cn`.
         """
         return pulumi.get(self, "userattr")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def userdn(self) -> pulumi.Output[Optional[builtins.str]]:
+    def userdn(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
         """