pulumi-vault 7.1.0__py3-none-any.whl → 7.2.0__py3-none-any.whl

pulumi_vault/pkisecret/secret_backend_role.py

@@ -2,8 +2,7 @@
 # *** WARNING: this file was generated by pulumi-language-python. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
 
-import builtins
-import copy
+import builtins as _builtins
 import warnings
 import sys
 import pulumi
@@ -22,123 +21,123 @@ __all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
 @pulumi.input_type
 class SecretBackendRoleArgs:
     def __init__(__self__, *,
-                 backend: pulumi.Input[builtins.str],
-                 allow_any_name: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_bare_domains: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_glob_domains: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_ip_sans: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_localhost: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_subdomains: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_wildcard_certificates: Optional[pulumi.Input[builtins.bool]] = None,
-                 allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 allowed_domains_template: Optional[pulumi.Input[builtins.bool]] = None,
-                 allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 allowed_uri_sans_template: Optional[pulumi.Input[builtins.bool]] = None,
-                 allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 basic_constraints_valid_for_non_ca: Optional[pulumi.Input[builtins.bool]] = None,
-                 client_flag: Optional[pulumi.Input[builtins.bool]] = None,
-                 cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 code_signing_flag: Optional[pulumi.Input[builtins.bool]] = None,
-                 countries: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 email_protection_flag: Optional[pulumi.Input[builtins.bool]] = None,
-                 enforce_hostnames: Optional[pulumi.Input[builtins.bool]] = None,
-                 ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 generate_lease: Optional[pulumi.Input[builtins.bool]] = None,
-                 issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
-                 key_bits: Optional[pulumi.Input[builtins.int]] = None,
-                 key_type: Optional[pulumi.Input[builtins.str]] = None,
-                 key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 localities: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 max_ttl: Optional[pulumi.Input[builtins.str]] = None,
-                 name: Optional[pulumi.Input[builtins.str]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 no_store: Optional[pulumi.Input[builtins.bool]] = None,
-                 no_store_metadata: Optional[pulumi.Input[builtins.bool]] = None,
-                 not_after: Optional[pulumi.Input[builtins.str]] = None,
-                 not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
-                 organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 organizations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 backend: pulumi.Input[_builtins.str],
+                 allow_any_name: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_bare_domains: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_glob_domains: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_ip_sans: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_localhost: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_subdomains: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_wildcard_certificates: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 allowed_domains_template: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 allowed_uri_sans_template: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 basic_constraints_valid_for_non_ca: Optional[pulumi.Input[_builtins.bool]] = None,
+                 client_flag: Optional[pulumi.Input[_builtins.bool]] = None,
+                 cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 code_signing_flag: Optional[pulumi.Input[_builtins.bool]] = None,
+                 countries: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 email_protection_flag: Optional[pulumi.Input[_builtins.bool]] = None,
+                 enforce_hostnames: Optional[pulumi.Input[_builtins.bool]] = None,
+                 ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 generate_lease: Optional[pulumi.Input[_builtins.bool]] = None,
+                 issuer_ref: Optional[pulumi.Input[_builtins.str]] = None,
+                 key_bits: Optional[pulumi.Input[_builtins.int]] = None,
+                 key_type: Optional[pulumi.Input[_builtins.str]] = None,
+                 key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 localities: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 max_ttl: Optional[pulumi.Input[_builtins.str]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 no_store: Optional[pulumi.Input[_builtins.bool]] = None,
+                 no_store_metadata: Optional[pulumi.Input[_builtins.bool]] = None,
+                 not_after: Optional[pulumi.Input[_builtins.str]] = None,
+                 not_before_duration: Optional[pulumi.Input[_builtins.str]] = None,
+                 organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 organizations: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
                  policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]]] = None,
-                 policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 provinces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 require_cn: Optional[pulumi.Input[builtins.bool]] = None,
-                 serial_number_source: Optional[pulumi.Input[builtins.str]] = None,
-                 server_flag: Optional[pulumi.Input[builtins.bool]] = None,
-                 signature_bits: Optional[pulumi.Input[builtins.int]] = None,
-                 street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 ttl: Optional[pulumi.Input[builtins.str]] = None,
-                 use_csr_common_name: Optional[pulumi.Input[builtins.bool]] = None,
-                 use_csr_sans: Optional[pulumi.Input[builtins.bool]] = None,
-                 use_pss: Optional[pulumi.Input[builtins.bool]] = None):
+                 policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 provinces: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 require_cn: Optional[pulumi.Input[_builtins.bool]] = None,
+                 serial_number_source: Optional[pulumi.Input[_builtins.str]] = None,
+                 server_flag: Optional[pulumi.Input[_builtins.bool]] = None,
+                 signature_bits: Optional[pulumi.Input[_builtins.int]] = None,
+                 street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 ttl: Optional[pulumi.Input[_builtins.str]] = None,
+                 use_csr_common_name: Optional[pulumi.Input[_builtins.bool]] = None,
+                 use_csr_sans: Optional[pulumi.Input[_builtins.bool]] = None,
+                 use_pss: Optional[pulumi.Input[_builtins.bool]] = None):
         """
         The set of arguments for constructing a SecretBackendRole resource.
-        :param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
-        :param pulumi.Input[builtins.bool] allow_any_name: Flag to allow any name
-        :param pulumi.Input[builtins.bool] allow_bare_domains: Flag to allow certificates matching the actual domain
-        :param pulumi.Input[builtins.bool] allow_glob_domains: Flag to allow names containing glob patterns.
-        :param pulumi.Input[builtins.bool] allow_ip_sans: Flag to allow IP SANs
-        :param pulumi.Input[builtins.bool] allow_localhost: Flag to allow certificates for localhost
-        :param pulumi.Input[builtins.bool] allow_subdomains: Flag to allow certificates matching subdomains
-        :param pulumi.Input[builtins.bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_domains: List of allowed domains for certificates
-        :param pulumi.Input[builtins.bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_other_sans: Defines allowed custom SANs
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uri_sans: Defines allowed URI SANs
-        :param pulumi.Input[builtins.bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_user_ids: Defines allowed User IDs
-        :param pulumi.Input[builtins.bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
-        :param pulumi.Input[builtins.bool] client_flag: Flag to specify certificates for client use
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
-        :param pulumi.Input[builtins.bool] code_signing_flag: Flag to specify certificates for code signing use
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] countries: The country of generated certificates
-        :param pulumi.Input[builtins.bool] email_protection_flag: Flag to specify certificates for email protection use
-        :param pulumi.Input[builtins.bool] enforce_hostnames: Flag to allow only valid host names
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
-        :param pulumi.Input[builtins.bool] generate_lease: Flag to generate leases with certificates
-        :param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. May
+        :param pulumi.Input[_builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
+        :param pulumi.Input[_builtins.bool] allow_any_name: Flag to allow any name
+        :param pulumi.Input[_builtins.bool] allow_bare_domains: Flag to allow certificates matching the actual domain
+        :param pulumi.Input[_builtins.bool] allow_glob_domains: Flag to allow names containing glob patterns.
+        :param pulumi.Input[_builtins.bool] allow_ip_sans: Flag to allow IP SANs
+        :param pulumi.Input[_builtins.bool] allow_localhost: Flag to allow certificates for localhost
+        :param pulumi.Input[_builtins.bool] allow_subdomains: Flag to allow certificates matching subdomains
+        :param pulumi.Input[_builtins.bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_domains: List of allowed domains for certificates
+        :param pulumi.Input[_builtins.bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_other_sans: Defines allowed custom SANs
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_uri_sans: Defines allowed URI SANs
+        :param pulumi.Input[_builtins.bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_user_ids: Defines allowed User IDs
+        :param pulumi.Input[_builtins.bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
+        :param pulumi.Input[_builtins.bool] client_flag: Flag to specify certificates for client use
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
+        :param pulumi.Input[_builtins.bool] code_signing_flag: Flag to specify certificates for code signing use
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] countries: The country of generated certificates
+        :param pulumi.Input[_builtins.bool] email_protection_flag: Flag to specify certificates for email protection use
+        :param pulumi.Input[_builtins.bool] enforce_hostnames: Flag to allow only valid host names
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
+        :param pulumi.Input[_builtins.bool] generate_lease: Flag to generate leases with certificates
+        :param pulumi.Input[_builtins.str] issuer_ref: Specifies the default issuer of this request. May
                be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
                the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
                overriding the role's `issuer_ref` value.
-        :param pulumi.Input[builtins.int] key_bits: The number of bits of generated keys
-        :param pulumi.Input[builtins.str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
+        :param pulumi.Input[_builtins.int] key_bits: The number of bits of generated keys
+        :param pulumi.Input[_builtins.str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
                Defaults to `rsa`
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] key_usages: Specify the allowed key usage constraint on issued
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] key_usages: Specify the allowed key usage constraint on issued
                certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
                To specify no default key usage constraints, set this to an empty list `[]`.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] localities: The locality of generated certificates
-        :param pulumi.Input[builtins.str] max_ttl: The maximum lease TTL, in seconds, for the role.
-        :param pulumi.Input[builtins.str] name: The name to identify this role within the backend. Must be unique within the backend.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] localities: The locality of generated certificates
+        :param pulumi.Input[_builtins.str] max_ttl: The maximum lease TTL, in seconds, for the role.
+        :param pulumi.Input[_builtins.str] name: The name to identify this role within the backend. Must be unique within the backend.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[builtins.bool] no_store: Flag to not store certificates in the storage backend
-        :param pulumi.Input[builtins.bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
-        :param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
-        :param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organization_unit: The organization unit of generated certificates
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organizations: The organization of generated certificates
+        :param pulumi.Input[_builtins.bool] no_store: Flag to not store certificates in the storage backend
+        :param pulumi.Input[_builtins.bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
+        :param pulumi.Input[_builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
+        :param pulumi.Input[_builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] organization_unit: The organization unit of generated certificates
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] organizations: The organization of generated certificates
         :param pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] postal_codes: The postal code of generated certificates
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] provinces: The province of generated certificates
-        :param pulumi.Input[builtins.bool] require_cn: Flag to force CN usage
-        :param pulumi.Input[builtins.str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] postal_codes: The postal code of generated certificates
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] provinces: The province of generated certificates
+        :param pulumi.Input[_builtins.bool] require_cn: Flag to force CN usage
+        :param pulumi.Input[_builtins.str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
                
                Example usage:
-        :param pulumi.Input[builtins.bool] server_flag: Flag to specify certificates for server use
-        :param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] street_addresses: The street address of generated certificates
-        :param pulumi.Input[builtins.str] ttl: The TTL, in seconds, for any certificate issued against this role.
-        :param pulumi.Input[builtins.bool] use_csr_common_name: Flag to use the CN in the CSR
-        :param pulumi.Input[builtins.bool] use_csr_sans: Flag to use the SANs in the CSR
-        :param pulumi.Input[builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
+        :param pulumi.Input[_builtins.bool] server_flag: Flag to specify certificates for server use
+        :param pulumi.Input[_builtins.int] signature_bits: The number of bits to use in the signature algorithm
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] street_addresses: The street address of generated certificates
+        :param pulumi.Input[_builtins.str] ttl: The TTL, in seconds, for any certificate issued against this role.
+        :param pulumi.Input[_builtins.bool] use_csr_common_name: Flag to use the CN in the CSR
+        :param pulumi.Input[_builtins.bool] use_csr_sans: Flag to use the SANs in the CSR
+        :param pulumi.Input[_builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
         """
         pulumi.set(__self__, "backend", backend)
         if allow_any_name is not None:
@@ -244,309 +243,309 @@ class SecretBackendRoleArgs:
         if use_pss is not None:
             pulumi.set(__self__, "use_pss", use_pss)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def backend(self) -> pulumi.Input[builtins.str]:
+    def backend(self) -> pulumi.Input[_builtins.str]:
         """
         The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
         """
         return pulumi.get(self, "backend")
 
     @backend.setter
-    def backend(self, value: pulumi.Input[builtins.str]):
+    def backend(self, value: pulumi.Input[_builtins.str]):
         pulumi.set(self, "backend", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowAnyName")
-    def allow_any_name(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def allow_any_name(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to allow any name
         """
         return pulumi.get(self, "allow_any_name")
 
     @allow_any_name.setter
-    def allow_any_name(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def allow_any_name(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "allow_any_name", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowBareDomains")
-    def allow_bare_domains(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def allow_bare_domains(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to allow certificates matching the actual domain
         """
         return pulumi.get(self, "allow_bare_domains")
 
     @allow_bare_domains.setter
-    def allow_bare_domains(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def allow_bare_domains(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "allow_bare_domains", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowGlobDomains")
-    def allow_glob_domains(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def allow_glob_domains(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to allow names containing glob patterns.
         """
         return pulumi.get(self, "allow_glob_domains")
 
     @allow_glob_domains.setter
-    def allow_glob_domains(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def allow_glob_domains(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "allow_glob_domains", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowIpSans")
-    def allow_ip_sans(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def allow_ip_sans(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to allow IP SANs
         """
         return pulumi.get(self, "allow_ip_sans")
 
     @allow_ip_sans.setter
-    def allow_ip_sans(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def allow_ip_sans(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "allow_ip_sans", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowLocalhost")
-    def allow_localhost(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def allow_localhost(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to allow certificates for localhost
         """
         return pulumi.get(self, "allow_localhost")
 
     @allow_localhost.setter
-    def allow_localhost(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def allow_localhost(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "allow_localhost", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowSubdomains")
-    def allow_subdomains(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def allow_subdomains(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to allow certificates matching subdomains
         """
         return pulumi.get(self, "allow_subdomains")
 
     @allow_subdomains.setter
-    def allow_subdomains(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def allow_subdomains(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "allow_subdomains", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowWildcardCertificates")
-    def allow_wildcard_certificates(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def allow_wildcard_certificates(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to allow wildcard certificates.
         """
         return pulumi.get(self, "allow_wildcard_certificates")
 
     @allow_wildcard_certificates.setter
-    def allow_wildcard_certificates(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def allow_wildcard_certificates(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "allow_wildcard_certificates", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedDomains")
-    def allowed_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def allowed_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         List of allowed domains for certificates
         """
         return pulumi.get(self, "allowed_domains")
 
     @allowed_domains.setter
-    def allowed_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def allowed_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "allowed_domains", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedDomainsTemplate")
-    def allowed_domains_template(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def allowed_domains_template(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
         """
         return pulumi.get(self, "allowed_domains_template")
 
     @allowed_domains_template.setter
-    def allowed_domains_template(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def allowed_domains_template(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "allowed_domains_template", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedOtherSans")
-    def allowed_other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def allowed_other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Defines allowed custom SANs
         """
         return pulumi.get(self, "allowed_other_sans")
 
     @allowed_other_sans.setter
-    def allowed_other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def allowed_other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "allowed_other_sans", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedSerialNumbers")
-    def allowed_serial_numbers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def allowed_serial_numbers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         An array of allowed serial numbers to put in Subject
         """
         return pulumi.get(self, "allowed_serial_numbers")
 
     @allowed_serial_numbers.setter
-    def allowed_serial_numbers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def allowed_serial_numbers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "allowed_serial_numbers", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedUriSans")
-    def allowed_uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def allowed_uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Defines allowed URI SANs
         """
         return pulumi.get(self, "allowed_uri_sans")
 
     @allowed_uri_sans.setter
-    def allowed_uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def allowed_uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "allowed_uri_sans", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedUriSansTemplate")
-    def allowed_uri_sans_template(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def allowed_uri_sans_template(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
         """
         return pulumi.get(self, "allowed_uri_sans_template")
 
     @allowed_uri_sans_template.setter
-    def allowed_uri_sans_template(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def allowed_uri_sans_template(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "allowed_uri_sans_template", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedUserIds")
-    def allowed_user_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def allowed_user_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Defines allowed User IDs
         """
         return pulumi.get(self, "allowed_user_ids")
 
     @allowed_user_ids.setter
-    def allowed_user_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def allowed_user_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "allowed_user_ids", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="basicConstraintsValidForNonCa")
-    def basic_constraints_valid_for_non_ca(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def basic_constraints_valid_for_non_ca(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to mark basic constraints valid when issuing non-CA certificates
         """
         return pulumi.get(self, "basic_constraints_valid_for_non_ca")
 
     @basic_constraints_valid_for_non_ca.setter
-    def basic_constraints_valid_for_non_ca(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def basic_constraints_valid_for_non_ca(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "basic_constraints_valid_for_non_ca", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="clientFlag")
-    def client_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def client_flag(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to specify certificates for client use
         """
         return pulumi.get(self, "client_flag")
 
     @client_flag.setter
-    def client_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def client_flag(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "client_flag", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="cnValidations")
-    def cn_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def cn_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
         """
         return pulumi.get(self, "cn_validations")
 
     @cn_validations.setter
-    def cn_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def cn_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "cn_validations", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="codeSigningFlag")
-    def code_signing_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def code_signing_flag(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to specify certificates for code signing use
         """
         return pulumi.get(self, "code_signing_flag")
 
     @code_signing_flag.setter
-    def code_signing_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def code_signing_flag(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "code_signing_flag", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def countries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def countries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         The country of generated certificates
         """
         return pulumi.get(self, "countries")
 
     @countries.setter
-    def countries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def countries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "countries", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="emailProtectionFlag")
-    def email_protection_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def email_protection_flag(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to specify certificates for email protection use
         """
         return pulumi.get(self, "email_protection_flag")
 
     @email_protection_flag.setter
-    def email_protection_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def email_protection_flag(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "email_protection_flag", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="enforceHostnames")
-    def enforce_hostnames(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def enforce_hostnames(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to allow only valid host names
         """
         return pulumi.get(self, "enforce_hostnames")
 
     @enforce_hostnames.setter
-    def enforce_hostnames(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def enforce_hostnames(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "enforce_hostnames", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="extKeyUsageOids")
-    def ext_key_usage_oids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def ext_key_usage_oids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Specify the allowed extended key usage OIDs constraint on issued certificates
         """
         return pulumi.get(self, "ext_key_usage_oids")
 
     @ext_key_usage_oids.setter
-    def ext_key_usage_oids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def ext_key_usage_oids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "ext_key_usage_oids", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="extKeyUsages")
-    def ext_key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def ext_key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Specify the allowed extended key usage constraint on issued certificates
         """
         return pulumi.get(self, "ext_key_usages")
 
     @ext_key_usages.setter
-    def ext_key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def ext_key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "ext_key_usages", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="generateLease")
-    def generate_lease(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def generate_lease(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to generate leases with certificates
         """
         return pulumi.get(self, "generate_lease")
 
     @generate_lease.setter
-    def generate_lease(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def generate_lease(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "generate_lease", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="issuerRef")
-    def issuer_ref(self) -> Optional[pulumi.Input[builtins.str]]:
+    def issuer_ref(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Specifies the default issuer of this request. May
         be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
@@ -556,24 +555,24 @@ class SecretBackendRoleArgs:
         return pulumi.get(self, "issuer_ref")
 
     @issuer_ref.setter
-    def issuer_ref(self, value: Optional[pulumi.Input[builtins.str]]):
+    def issuer_ref(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "issuer_ref", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="keyBits")
-    def key_bits(self) -> Optional[pulumi.Input[builtins.int]]:
+    def key_bits(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         The number of bits of generated keys
         """
         return pulumi.get(self, "key_bits")
 
     @key_bits.setter
-    def key_bits(self, value: Optional[pulumi.Input[builtins.int]]):
+    def key_bits(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "key_bits", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="keyType")
-    def key_type(self) -> Optional[pulumi.Input[builtins.str]]:
+    def key_type(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
         Defaults to `rsa`
@@ -581,12 +580,12 @@ class SecretBackendRoleArgs:
         return pulumi.get(self, "key_type")
 
     @key_type.setter
-    def key_type(self, value: Optional[pulumi.Input[builtins.str]]):
+    def key_type(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "key_type", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="keyUsages")
-    def key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Specify the allowed key usage constraint on issued
         certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
@@ -595,48 +594,48 @@ class SecretBackendRoleArgs:
         return pulumi.get(self, "key_usages")
 
     @key_usages.setter
-    def key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "key_usages", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def localities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def localities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         The locality of generated certificates
         """
         return pulumi.get(self, "localities")
 
     @localities.setter
-    def localities(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def localities(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "localities", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="maxTtl")
-    def max_ttl(self) -> Optional[pulumi.Input[builtins.str]]:
+    def max_ttl(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The maximum lease TTL, in seconds, for the role.
         """
         return pulumi.get(self, "max_ttl")
 
     @max_ttl.setter
-    def max_ttl(self, value: Optional[pulumi.Input[builtins.str]]):
+    def max_ttl(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "max_ttl", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def name(self) -> Optional[pulumi.Input[builtins.str]]:
+    def name(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The name to identify this role within the backend. Must be unique within the backend.
         """
         return pulumi.get(self, "name")
 
     @name.setter
-    def name(self, value: Optional[pulumi.Input[builtins.str]]):
+    def name(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "name", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -646,82 +645,82 @@ class SecretBackendRoleArgs:
         return pulumi.get(self, "namespace")
 
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "namespace", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="noStore")
-    def no_store(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def no_store(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to not store certificates in the storage backend
         """
         return pulumi.get(self, "no_store")
 
     @no_store.setter
-    def no_store(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def no_store(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "no_store", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="noStoreMetadata")
-    def no_store_metadata(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def no_store_metadata(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
         """
         return pulumi.get(self, "no_store_metadata")
 
     @no_store_metadata.setter
-    def no_store_metadata(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def no_store_metadata(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "no_store_metadata", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="notAfter")
-    def not_after(self) -> Optional[pulumi.Input[builtins.str]]:
+    def not_after(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
         """
         return pulumi.get(self, "not_after")
 
     @not_after.setter
-    def not_after(self, value: Optional[pulumi.Input[builtins.str]]):
+    def not_after(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "not_after", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="notBeforeDuration")
-    def not_before_duration(self) -> Optional[pulumi.Input[builtins.str]]:
+    def not_before_duration(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Specifies the duration by which to backdate the NotBefore property.
         """
         return pulumi.get(self, "not_before_duration")
 
     @not_before_duration.setter
-    def not_before_duration(self, value: Optional[pulumi.Input[builtins.str]]):
+    def not_before_duration(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "not_before_duration", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="organizationUnit")
-    def organization_unit(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def organization_unit(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         The organization unit of generated certificates
         """
         return pulumi.get(self, "organization_unit")
 
     @organization_unit.setter
-    def organization_unit(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def organization_unit(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "organization_unit", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def organizations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def organizations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         The organization of generated certificates
         """
         return pulumi.get(self, "organizations")
 
     @organizations.setter
-    def organizations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def organizations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "organizations", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="policyIdentifier")
     def policy_identifier(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]]]:
         """
@@ -733,57 +732,57 @@ class SecretBackendRoleArgs:
     def policy_identifier(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]]]):
         pulumi.set(self, "policy_identifier", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="policyIdentifiers")
-    def policy_identifiers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def policy_identifiers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
         """
         return pulumi.get(self, "policy_identifiers")
 
     @policy_identifiers.setter
-    def policy_identifiers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def policy_identifiers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "policy_identifiers", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="postalCodes")
-    def postal_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def postal_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         The postal code of generated certificates
         """
         return pulumi.get(self, "postal_codes")
 
     @postal_codes.setter
-    def postal_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def postal_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "postal_codes", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def provinces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def provinces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         The province of generated certificates
         """
         return pulumi.get(self, "provinces")
 
     @provinces.setter
-    def provinces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def provinces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "provinces", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="requireCn")
-    def require_cn(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def require_cn(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to force CN usage
         """
         return pulumi.get(self, "require_cn")
 
     @require_cn.setter
-    def require_cn(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def require_cn(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "require_cn", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="serialNumberSource")
-    def serial_number_source(self) -> Optional[pulumi.Input[builtins.str]]:
+    def serial_number_source(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
 
@@ -792,214 +791,214 @@ class SecretBackendRoleArgs:
         return pulumi.get(self, "serial_number_source")
 
     @serial_number_source.setter
-    def serial_number_source(self, value: Optional[pulumi.Input[builtins.str]]):
+    def serial_number_source(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "serial_number_source", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="serverFlag")
-    def server_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def server_flag(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to specify certificates for server use
         """
         return pulumi.get(self, "server_flag")
 
     @server_flag.setter
-    def server_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def server_flag(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "server_flag", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="signatureBits")
-    def signature_bits(self) -> Optional[pulumi.Input[builtins.int]]:
+    def signature_bits(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         The number of bits to use in the signature algorithm
         """
         return pulumi.get(self, "signature_bits")
 
     @signature_bits.setter
-    def signature_bits(self, value: Optional[pulumi.Input[builtins.int]]):
+    def signature_bits(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "signature_bits", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="streetAddresses")
-    def street_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def street_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         The street address of generated certificates
         """
         return pulumi.get(self, "street_addresses")
 
     @street_addresses.setter
-    def street_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def street_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "street_addresses", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def ttl(self) -> Optional[pulumi.Input[builtins.str]]:
+    def ttl(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The TTL, in seconds, for any certificate issued against this role.
         """
         return pulumi.get(self, "ttl")
 
     @ttl.setter
-    def ttl(self, value: Optional[pulumi.Input[builtins.str]]):
+    def ttl(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "ttl", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="useCsrCommonName")
-    def use_csr_common_name(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def use_csr_common_name(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to use the CN in the CSR
         """
         return pulumi.get(self, "use_csr_common_name")
 
     @use_csr_common_name.setter
-    def use_csr_common_name(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def use_csr_common_name(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "use_csr_common_name", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="useCsrSans")
-    def use_csr_sans(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def use_csr_sans(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to use the SANs in the CSR
         """
         return pulumi.get(self, "use_csr_sans")
 
     @use_csr_sans.setter
-    def use_csr_sans(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def use_csr_sans(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "use_csr_sans", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="usePss")
-    def use_pss(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def use_pss(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
         """
         return pulumi.get(self, "use_pss")
 
     @use_pss.setter
-    def use_pss(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def use_pss(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "use_pss", value)
 
 
 @pulumi.input_type
 class _SecretBackendRoleState:
     def __init__(__self__, *,
-                 allow_any_name: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_bare_domains: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_glob_domains: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_ip_sans: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_localhost: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_subdomains: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_wildcard_certificates: Optional[pulumi.Input[builtins.bool]] = None,
-                 allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 allowed_domains_template: Optional[pulumi.Input[builtins.bool]] = None,
-                 allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 allowed_uri_sans_template: Optional[pulumi.Input[builtins.bool]] = None,
-                 allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 backend: Optional[pulumi.Input[builtins.str]] = None,
-                 basic_constraints_valid_for_non_ca: Optional[pulumi.Input[builtins.bool]] = None,
-                 client_flag: Optional[pulumi.Input[builtins.bool]] = None,
-                 cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 code_signing_flag: Optional[pulumi.Input[builtins.bool]] = None,
-                 countries: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 email_protection_flag: Optional[pulumi.Input[builtins.bool]] = None,
-                 enforce_hostnames: Optional[pulumi.Input[builtins.bool]] = None,
-                 ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 generate_lease: Optional[pulumi.Input[builtins.bool]] = None,
-                 issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
-                 key_bits: Optional[pulumi.Input[builtins.int]] = None,
-                 key_type: Optional[pulumi.Input[builtins.str]] = None,
-                 key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 localities: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 max_ttl: Optional[pulumi.Input[builtins.str]] = None,
-                 name: Optional[pulumi.Input[builtins.str]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 no_store: Optional[pulumi.Input[builtins.bool]] = None,
-                 no_store_metadata: Optional[pulumi.Input[builtins.bool]] = None,
-                 not_after: Optional[pulumi.Input[builtins.str]] = None,
-                 not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
-                 organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 organizations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 allow_any_name: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_bare_domains: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_glob_domains: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_ip_sans: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_localhost: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_subdomains: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_wildcard_certificates: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 allowed_domains_template: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 allowed_uri_sans_template: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 basic_constraints_valid_for_non_ca: Optional[pulumi.Input[_builtins.bool]] = None,
+                 client_flag: Optional[pulumi.Input[_builtins.bool]] = None,
+                 cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 code_signing_flag: Optional[pulumi.Input[_builtins.bool]] = None,
+                 countries: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 email_protection_flag: Optional[pulumi.Input[_builtins.bool]] = None,
+                 enforce_hostnames: Optional[pulumi.Input[_builtins.bool]] = None,
+                 ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 generate_lease: Optional[pulumi.Input[_builtins.bool]] = None,
+                 issuer_ref: Optional[pulumi.Input[_builtins.str]] = None,
+                 key_bits: Optional[pulumi.Input[_builtins.int]] = None,
+                 key_type: Optional[pulumi.Input[_builtins.str]] = None,
+                 key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 localities: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 max_ttl: Optional[pulumi.Input[_builtins.str]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 no_store: Optional[pulumi.Input[_builtins.bool]] = None,
+                 no_store_metadata: Optional[pulumi.Input[_builtins.bool]] = None,
+                 not_after: Optional[pulumi.Input[_builtins.str]] = None,
+                 not_before_duration: Optional[pulumi.Input[_builtins.str]] = None,
+                 organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 organizations: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
                  policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]]] = None,
-                 policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 provinces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 require_cn: Optional[pulumi.Input[builtins.bool]] = None,
-                 serial_number_source: Optional[pulumi.Input[builtins.str]] = None,
-                 server_flag: Optional[pulumi.Input[builtins.bool]] = None,
-                 signature_bits: Optional[pulumi.Input[builtins.int]] = None,
-                 street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 ttl: Optional[pulumi.Input[builtins.str]] = None,
-                 use_csr_common_name: Optional[pulumi.Input[builtins.bool]] = None,
-                 use_csr_sans: Optional[pulumi.Input[builtins.bool]] = None,
-                 use_pss: Optional[pulumi.Input[builtins.bool]] = None):
+                 policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 provinces: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 require_cn: Optional[pulumi.Input[_builtins.bool]] = None,
+                 serial_number_source: Optional[pulumi.Input[_builtins.str]] = None,
+                 server_flag: Optional[pulumi.Input[_builtins.bool]] = None,
+                 signature_bits: Optional[pulumi.Input[_builtins.int]] = None,
+                 street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 ttl: Optional[pulumi.Input[_builtins.str]] = None,
+                 use_csr_common_name: Optional[pulumi.Input[_builtins.bool]] = None,
+                 use_csr_sans: Optional[pulumi.Input[_builtins.bool]] = None,
+                 use_pss: Optional[pulumi.Input[_builtins.bool]] = None):
         """
         Input properties used for looking up and filtering SecretBackendRole resources.
-        :param pulumi.Input[builtins.bool] allow_any_name: Flag to allow any name
-        :param pulumi.Input[builtins.bool] allow_bare_domains: Flag to allow certificates matching the actual domain
-        :param pulumi.Input[builtins.bool] allow_glob_domains: Flag to allow names containing glob patterns.
-        :param pulumi.Input[builtins.bool] allow_ip_sans: Flag to allow IP SANs
-        :param pulumi.Input[builtins.bool] allow_localhost: Flag to allow certificates for localhost
-        :param pulumi.Input[builtins.bool] allow_subdomains: Flag to allow certificates matching subdomains
-        :param pulumi.Input[builtins.bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_domains: List of allowed domains for certificates
-        :param pulumi.Input[builtins.bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_other_sans: Defines allowed custom SANs
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uri_sans: Defines allowed URI SANs
-        :param pulumi.Input[builtins.bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_user_ids: Defines allowed User IDs
-        :param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
-        :param pulumi.Input[builtins.bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
-        :param pulumi.Input[builtins.bool] client_flag: Flag to specify certificates for client use
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
-        :param pulumi.Input[builtins.bool] code_signing_flag: Flag to specify certificates for code signing use
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] countries: The country of generated certificates
-        :param pulumi.Input[builtins.bool] email_protection_flag: Flag to specify certificates for email protection use
-        :param pulumi.Input[builtins.bool] enforce_hostnames: Flag to allow only valid host names
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
-        :param pulumi.Input[builtins.bool] generate_lease: Flag to generate leases with certificates
-        :param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. May
+        :param pulumi.Input[_builtins.bool] allow_any_name: Flag to allow any name
+        :param pulumi.Input[_builtins.bool] allow_bare_domains: Flag to allow certificates matching the actual domain
+        :param pulumi.Input[_builtins.bool] allow_glob_domains: Flag to allow names containing glob patterns.
+        :param pulumi.Input[_builtins.bool] allow_ip_sans: Flag to allow IP SANs
+        :param pulumi.Input[_builtins.bool] allow_localhost: Flag to allow certificates for localhost
+        :param pulumi.Input[_builtins.bool] allow_subdomains: Flag to allow certificates matching subdomains
+        :param pulumi.Input[_builtins.bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_domains: List of allowed domains for certificates
+        :param pulumi.Input[_builtins.bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_other_sans: Defines allowed custom SANs
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_uri_sans: Defines allowed URI SANs
+        :param pulumi.Input[_builtins.bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_user_ids: Defines allowed User IDs
+        :param pulumi.Input[_builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
+        :param pulumi.Input[_builtins.bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
+        :param pulumi.Input[_builtins.bool] client_flag: Flag to specify certificates for client use
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
+        :param pulumi.Input[_builtins.bool] code_signing_flag: Flag to specify certificates for code signing use
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] countries: The country of generated certificates
+        :param pulumi.Input[_builtins.bool] email_protection_flag: Flag to specify certificates for email protection use
+        :param pulumi.Input[_builtins.bool] enforce_hostnames: Flag to allow only valid host names
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
+        :param pulumi.Input[_builtins.bool] generate_lease: Flag to generate leases with certificates
+        :param pulumi.Input[_builtins.str] issuer_ref: Specifies the default issuer of this request. May
                be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
                the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
                overriding the role's `issuer_ref` value.
-        :param pulumi.Input[builtins.int] key_bits: The number of bits of generated keys
-        :param pulumi.Input[builtins.str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
+        :param pulumi.Input[_builtins.int] key_bits: The number of bits of generated keys
+        :param pulumi.Input[_builtins.str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
                Defaults to `rsa`
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] key_usages: Specify the allowed key usage constraint on issued
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] key_usages: Specify the allowed key usage constraint on issued
                certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
                To specify no default key usage constraints, set this to an empty list `[]`.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] localities: The locality of generated certificates
-        :param pulumi.Input[builtins.str] max_ttl: The maximum lease TTL, in seconds, for the role.
-        :param pulumi.Input[builtins.str] name: The name to identify this role within the backend. Must be unique within the backend.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] localities: The locality of generated certificates
+        :param pulumi.Input[_builtins.str] max_ttl: The maximum lease TTL, in seconds, for the role.
+        :param pulumi.Input[_builtins.str] name: The name to identify this role within the backend. Must be unique within the backend.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[builtins.bool] no_store: Flag to not store certificates in the storage backend
-        :param pulumi.Input[builtins.bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
-        :param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
-        :param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organization_unit: The organization unit of generated certificates
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organizations: The organization of generated certificates
+        :param pulumi.Input[_builtins.bool] no_store: Flag to not store certificates in the storage backend
+        :param pulumi.Input[_builtins.bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
+        :param pulumi.Input[_builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
+        :param pulumi.Input[_builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] organization_unit: The organization unit of generated certificates
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] organizations: The organization of generated certificates
         :param pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] postal_codes: The postal code of generated certificates
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] provinces: The province of generated certificates
-        :param pulumi.Input[builtins.bool] require_cn: Flag to force CN usage
-        :param pulumi.Input[builtins.str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] postal_codes: The postal code of generated certificates
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] provinces: The province of generated certificates
+        :param pulumi.Input[_builtins.bool] require_cn: Flag to force CN usage
+        :param pulumi.Input[_builtins.str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
                
                Example usage:
-        :param pulumi.Input[builtins.bool] server_flag: Flag to specify certificates for server use
-        :param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] street_addresses: The street address of generated certificates
-        :param pulumi.Input[builtins.str] ttl: The TTL, in seconds, for any certificate issued against this role.
-        :param pulumi.Input[builtins.bool] use_csr_common_name: Flag to use the CN in the CSR
-        :param pulumi.Input[builtins.bool] use_csr_sans: Flag to use the SANs in the CSR
-        :param pulumi.Input[builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
+        :param pulumi.Input[_builtins.bool] server_flag: Flag to specify certificates for server use
+        :param pulumi.Input[_builtins.int] signature_bits: The number of bits to use in the signature algorithm
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] street_addresses: The street address of generated certificates
+        :param pulumi.Input[_builtins.str] ttl: The TTL, in seconds, for any certificate issued against this role.
+        :param pulumi.Input[_builtins.bool] use_csr_common_name: Flag to use the CN in the CSR
+        :param pulumi.Input[_builtins.bool] use_csr_sans: Flag to use the SANs in the CSR
+        :param pulumi.Input[_builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
         """
         if allow_any_name is not None:
             pulumi.set(__self__, "allow_any_name", allow_any_name)
@@ -1106,309 +1105,309 @@ class _SecretBackendRoleState:
         if use_pss is not None:
             pulumi.set(__self__, "use_pss", use_pss)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowAnyName")
-    def allow_any_name(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def allow_any_name(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to allow any name
         """
         return pulumi.get(self, "allow_any_name")
 
     @allow_any_name.setter
-    def allow_any_name(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def allow_any_name(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "allow_any_name", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowBareDomains")
-    def allow_bare_domains(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def allow_bare_domains(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to allow certificates matching the actual domain
         """
         return pulumi.get(self, "allow_bare_domains")
 
     @allow_bare_domains.setter
-    def allow_bare_domains(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def allow_bare_domains(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "allow_bare_domains", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowGlobDomains")
-    def allow_glob_domains(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def allow_glob_domains(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to allow names containing glob patterns.
         """
         return pulumi.get(self, "allow_glob_domains")
 
     @allow_glob_domains.setter
-    def allow_glob_domains(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def allow_glob_domains(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "allow_glob_domains", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowIpSans")
-    def allow_ip_sans(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def allow_ip_sans(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to allow IP SANs
         """
         return pulumi.get(self, "allow_ip_sans")
 
     @allow_ip_sans.setter
-    def allow_ip_sans(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def allow_ip_sans(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "allow_ip_sans", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowLocalhost")
-    def allow_localhost(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def allow_localhost(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to allow certificates for localhost
         """
         return pulumi.get(self, "allow_localhost")
 
     @allow_localhost.setter
-    def allow_localhost(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def allow_localhost(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "allow_localhost", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowSubdomains")
-    def allow_subdomains(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def allow_subdomains(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to allow certificates matching subdomains
         """
         return pulumi.get(self, "allow_subdomains")
 
     @allow_subdomains.setter
-    def allow_subdomains(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def allow_subdomains(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "allow_subdomains", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowWildcardCertificates")
-    def allow_wildcard_certificates(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def allow_wildcard_certificates(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to allow wildcard certificates.
         """
         return pulumi.get(self, "allow_wildcard_certificates")
 
     @allow_wildcard_certificates.setter
-    def allow_wildcard_certificates(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def allow_wildcard_certificates(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "allow_wildcard_certificates", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedDomains")
-    def allowed_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def allowed_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         List of allowed domains for certificates
         """
         return pulumi.get(self, "allowed_domains")
 
     @allowed_domains.setter
-    def allowed_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def allowed_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "allowed_domains", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedDomainsTemplate")
-    def allowed_domains_template(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def allowed_domains_template(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
         """
         return pulumi.get(self, "allowed_domains_template")
 
     @allowed_domains_template.setter
-    def allowed_domains_template(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def allowed_domains_template(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "allowed_domains_template", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedOtherSans")
-    def allowed_other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def allowed_other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Defines allowed custom SANs
         """
         return pulumi.get(self, "allowed_other_sans")
 
     @allowed_other_sans.setter
-    def allowed_other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def allowed_other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "allowed_other_sans", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedSerialNumbers")
-    def allowed_serial_numbers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def allowed_serial_numbers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         An array of allowed serial numbers to put in Subject
         """
         return pulumi.get(self, "allowed_serial_numbers")
 
     @allowed_serial_numbers.setter
-    def allowed_serial_numbers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def allowed_serial_numbers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "allowed_serial_numbers", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedUriSans")
-    def allowed_uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def allowed_uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Defines allowed URI SANs
         """
         return pulumi.get(self, "allowed_uri_sans")
 
     @allowed_uri_sans.setter
-    def allowed_uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def allowed_uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "allowed_uri_sans", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedUriSansTemplate")
-    def allowed_uri_sans_template(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def allowed_uri_sans_template(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
         """
         return pulumi.get(self, "allowed_uri_sans_template")
 
     @allowed_uri_sans_template.setter
-    def allowed_uri_sans_template(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def allowed_uri_sans_template(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "allowed_uri_sans_template", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedUserIds")
-    def allowed_user_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def allowed_user_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Defines allowed User IDs
         """
         return pulumi.get(self, "allowed_user_ids")
 
     @allowed_user_ids.setter
-    def allowed_user_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def allowed_user_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "allowed_user_ids", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def backend(self) -> Optional[pulumi.Input[builtins.str]]:
+    def backend(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
         """
         return pulumi.get(self, "backend")
 
     @backend.setter
-    def backend(self, value: Optional[pulumi.Input[builtins.str]]):
+    def backend(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "backend", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="basicConstraintsValidForNonCa")
-    def basic_constraints_valid_for_non_ca(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def basic_constraints_valid_for_non_ca(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to mark basic constraints valid when issuing non-CA certificates
         """
         return pulumi.get(self, "basic_constraints_valid_for_non_ca")
 
     @basic_constraints_valid_for_non_ca.setter
-    def basic_constraints_valid_for_non_ca(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def basic_constraints_valid_for_non_ca(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "basic_constraints_valid_for_non_ca", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="clientFlag")
-    def client_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def client_flag(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to specify certificates for client use
         """
         return pulumi.get(self, "client_flag")
 
     @client_flag.setter
-    def client_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def client_flag(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "client_flag", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="cnValidations")
-    def cn_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def cn_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
         """
         return pulumi.get(self, "cn_validations")
 
     @cn_validations.setter
-    def cn_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def cn_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "cn_validations", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="codeSigningFlag")
-    def code_signing_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def code_signing_flag(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to specify certificates for code signing use
         """
         return pulumi.get(self, "code_signing_flag")
 
     @code_signing_flag.setter
-    def code_signing_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def code_signing_flag(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "code_signing_flag", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def countries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def countries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         The country of generated certificates
         """
         return pulumi.get(self, "countries")
 
     @countries.setter
-    def countries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def countries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "countries", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="emailProtectionFlag")
-    def email_protection_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def email_protection_flag(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to specify certificates for email protection use
         """
         return pulumi.get(self, "email_protection_flag")
 
     @email_protection_flag.setter
-    def email_protection_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def email_protection_flag(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "email_protection_flag", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="enforceHostnames")
-    def enforce_hostnames(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def enforce_hostnames(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to allow only valid host names
         """
         return pulumi.get(self, "enforce_hostnames")
 
     @enforce_hostnames.setter
-    def enforce_hostnames(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def enforce_hostnames(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "enforce_hostnames", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="extKeyUsageOids")
-    def ext_key_usage_oids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def ext_key_usage_oids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Specify the allowed extended key usage OIDs constraint on issued certificates
         """
         return pulumi.get(self, "ext_key_usage_oids")
 
     @ext_key_usage_oids.setter
-    def ext_key_usage_oids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def ext_key_usage_oids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "ext_key_usage_oids", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="extKeyUsages")
-    def ext_key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def ext_key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Specify the allowed extended key usage constraint on issued certificates
         """
         return pulumi.get(self, "ext_key_usages")
 
     @ext_key_usages.setter
-    def ext_key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def ext_key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "ext_key_usages", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="generateLease")
-    def generate_lease(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def generate_lease(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to generate leases with certificates
         """
         return pulumi.get(self, "generate_lease")
 
     @generate_lease.setter
-    def generate_lease(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def generate_lease(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "generate_lease", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="issuerRef")
-    def issuer_ref(self) -> Optional[pulumi.Input[builtins.str]]:
+    def issuer_ref(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Specifies the default issuer of this request. May
         be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
@@ -1418,24 +1417,24 @@ class _SecretBackendRoleState:
         return pulumi.get(self, "issuer_ref")
 
     @issuer_ref.setter
-    def issuer_ref(self, value: Optional[pulumi.Input[builtins.str]]):
+    def issuer_ref(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "issuer_ref", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="keyBits")
-    def key_bits(self) -> Optional[pulumi.Input[builtins.int]]:
+    def key_bits(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         The number of bits of generated keys
         """
         return pulumi.get(self, "key_bits")
 
     @key_bits.setter
-    def key_bits(self, value: Optional[pulumi.Input[builtins.int]]):
+    def key_bits(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "key_bits", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="keyType")
-    def key_type(self) -> Optional[pulumi.Input[builtins.str]]:
+    def key_type(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
         Defaults to `rsa`
@@ -1443,12 +1442,12 @@ class _SecretBackendRoleState:
         return pulumi.get(self, "key_type")
 
     @key_type.setter
-    def key_type(self, value: Optional[pulumi.Input[builtins.str]]):
+    def key_type(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "key_type", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="keyUsages")
-    def key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Specify the allowed key usage constraint on issued
         certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
@@ -1457,48 +1456,48 @@ class _SecretBackendRoleState:
         return pulumi.get(self, "key_usages")
 
     @key_usages.setter
-    def key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "key_usages", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def localities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def localities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         The locality of generated certificates
         """
         return pulumi.get(self, "localities")
 
     @localities.setter
-    def localities(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def localities(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "localities", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="maxTtl")
-    def max_ttl(self) -> Optional[pulumi.Input[builtins.str]]:
+    def max_ttl(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The maximum lease TTL, in seconds, for the role.
         """
         return pulumi.get(self, "max_ttl")
 
     @max_ttl.setter
-    def max_ttl(self, value: Optional[pulumi.Input[builtins.str]]):
+    def max_ttl(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "max_ttl", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def name(self) -> Optional[pulumi.Input[builtins.str]]:
+    def name(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The name to identify this role within the backend. Must be unique within the backend.
         """
         return pulumi.get(self, "name")
 
     @name.setter
-    def name(self, value: Optional[pulumi.Input[builtins.str]]):
+    def name(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "name", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -1508,82 +1507,82 @@ class _SecretBackendRoleState:
         return pulumi.get(self, "namespace")
 
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "namespace", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="noStore")
-    def no_store(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def no_store(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to not store certificates in the storage backend
         """
         return pulumi.get(self, "no_store")
 
     @no_store.setter
-    def no_store(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def no_store(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "no_store", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="noStoreMetadata")
-    def no_store_metadata(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def no_store_metadata(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
         """
         return pulumi.get(self, "no_store_metadata")
 
     @no_store_metadata.setter
-    def no_store_metadata(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def no_store_metadata(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "no_store_metadata", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="notAfter")
-    def not_after(self) -> Optional[pulumi.Input[builtins.str]]:
+    def not_after(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
         """
         return pulumi.get(self, "not_after")
 
     @not_after.setter
-    def not_after(self, value: Optional[pulumi.Input[builtins.str]]):
+    def not_after(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "not_after", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="notBeforeDuration")
-    def not_before_duration(self) -> Optional[pulumi.Input[builtins.str]]:
+    def not_before_duration(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Specifies the duration by which to backdate the NotBefore property.
         """
         return pulumi.get(self, "not_before_duration")
 
     @not_before_duration.setter
-    def not_before_duration(self, value: Optional[pulumi.Input[builtins.str]]):
+    def not_before_duration(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "not_before_duration", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="organizationUnit")
-    def organization_unit(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def organization_unit(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         The organization unit of generated certificates
         """
         return pulumi.get(self, "organization_unit")
 
     @organization_unit.setter
-    def organization_unit(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def organization_unit(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "organization_unit", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def organizations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def organizations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         The organization of generated certificates
         """
         return pulumi.get(self, "organizations")
 
     @organizations.setter
-    def organizations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def organizations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "organizations", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="policyIdentifier")
     def policy_identifier(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]]]:
         """
@@ -1595,57 +1594,57 @@ class _SecretBackendRoleState:
     def policy_identifier(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]]]):
         pulumi.set(self, "policy_identifier", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="policyIdentifiers")
-    def policy_identifiers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def policy_identifiers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
         """
         return pulumi.get(self, "policy_identifiers")
 
     @policy_identifiers.setter
-    def policy_identifiers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def policy_identifiers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "policy_identifiers", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="postalCodes")
-    def postal_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def postal_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         The postal code of generated certificates
         """
         return pulumi.get(self, "postal_codes")
 
     @postal_codes.setter
-    def postal_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def postal_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "postal_codes", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def provinces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def provinces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         The province of generated certificates
         """
         return pulumi.get(self, "provinces")
 
     @provinces.setter
-    def provinces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def provinces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "provinces", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="requireCn")
-    def require_cn(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def require_cn(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to force CN usage
         """
         return pulumi.get(self, "require_cn")
 
     @require_cn.setter
-    def require_cn(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def require_cn(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "require_cn", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="serialNumberSource")
-    def serial_number_source(self) -> Optional[pulumi.Input[builtins.str]]:
+    def serial_number_source(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
 
@@ -1654,91 +1653,91 @@ class _SecretBackendRoleState:
         return pulumi.get(self, "serial_number_source")
 
     @serial_number_source.setter
-    def serial_number_source(self, value: Optional[pulumi.Input[builtins.str]]):
+    def serial_number_source(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "serial_number_source", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="serverFlag")
-    def server_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def server_flag(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to specify certificates for server use
         """
         return pulumi.get(self, "server_flag")
 
     @server_flag.setter
-    def server_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def server_flag(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "server_flag", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="signatureBits")
-    def signature_bits(self) -> Optional[pulumi.Input[builtins.int]]:
+    def signature_bits(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         The number of bits to use in the signature algorithm
         """
         return pulumi.get(self, "signature_bits")
 
     @signature_bits.setter
-    def signature_bits(self, value: Optional[pulumi.Input[builtins.int]]):
+    def signature_bits(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "signature_bits", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="streetAddresses")
-    def street_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def street_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         The street address of generated certificates
         """
         return pulumi.get(self, "street_addresses")
 
     @street_addresses.setter
-    def street_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def street_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "street_addresses", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def ttl(self) -> Optional[pulumi.Input[builtins.str]]:
+    def ttl(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The TTL, in seconds, for any certificate issued against this role.
         """
         return pulumi.get(self, "ttl")
 
     @ttl.setter
-    def ttl(self, value: Optional[pulumi.Input[builtins.str]]):
+    def ttl(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "ttl", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="useCsrCommonName")
-    def use_csr_common_name(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def use_csr_common_name(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to use the CN in the CSR
         """
         return pulumi.get(self, "use_csr_common_name")
 
     @use_csr_common_name.setter
-    def use_csr_common_name(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def use_csr_common_name(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "use_csr_common_name", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="useCsrSans")
-    def use_csr_sans(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def use_csr_sans(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Flag to use the SANs in the CSR
         """
         return pulumi.get(self, "use_csr_sans")
 
     @use_csr_sans.setter
-    def use_csr_sans(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def use_csr_sans(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "use_csr_sans", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="usePss")
-    def use_pss(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def use_pss(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
         """
         return pulumi.get(self, "use_pss")
 
     @use_pss.setter
-    def use_pss(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def use_pss(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "use_pss", value)
 
 
@@ -1748,58 +1747,58 @@ class SecretBackendRole(pulumi.CustomResource):
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 allow_any_name: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_bare_domains: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_glob_domains: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_ip_sans: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_localhost: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_subdomains: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_wildcard_certificates: Optional[pulumi.Input[builtins.bool]] = None,
-                 allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 allowed_domains_template: Optional[pulumi.Input[builtins.bool]] = None,
-                 allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 allowed_uri_sans_template: Optional[pulumi.Input[builtins.bool]] = None,
-                 allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 backend: Optional[pulumi.Input[builtins.str]] = None,
-                 basic_constraints_valid_for_non_ca: Optional[pulumi.Input[builtins.bool]] = None,
-                 client_flag: Optional[pulumi.Input[builtins.bool]] = None,
-                 cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 code_signing_flag: Optional[pulumi.Input[builtins.bool]] = None,
-                 countries: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 email_protection_flag: Optional[pulumi.Input[builtins.bool]] = None,
-                 enforce_hostnames: Optional[pulumi.Input[builtins.bool]] = None,
-                 ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 generate_lease: Optional[pulumi.Input[builtins.bool]] = None,
-                 issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
-                 key_bits: Optional[pulumi.Input[builtins.int]] = None,
-                 key_type: Optional[pulumi.Input[builtins.str]] = None,
-                 key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 localities: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 max_ttl: Optional[pulumi.Input[builtins.str]] = None,
-                 name: Optional[pulumi.Input[builtins.str]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 no_store: Optional[pulumi.Input[builtins.bool]] = None,
-                 no_store_metadata: Optional[pulumi.Input[builtins.bool]] = None,
-                 not_after: Optional[pulumi.Input[builtins.str]] = None,
-                 not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
-                 organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 organizations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 allow_any_name: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_bare_domains: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_glob_domains: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_ip_sans: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_localhost: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_subdomains: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_wildcard_certificates: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 allowed_domains_template: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 allowed_uri_sans_template: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 basic_constraints_valid_for_non_ca: Optional[pulumi.Input[_builtins.bool]] = None,
+                 client_flag: Optional[pulumi.Input[_builtins.bool]] = None,
+                 cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 code_signing_flag: Optional[pulumi.Input[_builtins.bool]] = None,
+                 countries: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 email_protection_flag: Optional[pulumi.Input[_builtins.bool]] = None,
+                 enforce_hostnames: Optional[pulumi.Input[_builtins.bool]] = None,
+                 ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 generate_lease: Optional[pulumi.Input[_builtins.bool]] = None,
+                 issuer_ref: Optional[pulumi.Input[_builtins.str]] = None,
+                 key_bits: Optional[pulumi.Input[_builtins.int]] = None,
+                 key_type: Optional[pulumi.Input[_builtins.str]] = None,
+                 key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 localities: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 max_ttl: Optional[pulumi.Input[_builtins.str]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 no_store: Optional[pulumi.Input[_builtins.bool]] = None,
+                 no_store_metadata: Optional[pulumi.Input[_builtins.bool]] = None,
+                 not_after: Optional[pulumi.Input[_builtins.str]] = None,
+                 not_before_duration: Optional[pulumi.Input[_builtins.str]] = None,
+                 organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 organizations: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
                  policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]]] = None,
-                 policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 provinces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 require_cn: Optional[pulumi.Input[builtins.bool]] = None,
-                 serial_number_source: Optional[pulumi.Input[builtins.str]] = None,
-                 server_flag: Optional[pulumi.Input[builtins.bool]] = None,
-                 signature_bits: Optional[pulumi.Input[builtins.int]] = None,
-                 street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 ttl: Optional[pulumi.Input[builtins.str]] = None,
-                 use_csr_common_name: Optional[pulumi.Input[builtins.bool]] = None,
-                 use_csr_sans: Optional[pulumi.Input[builtins.bool]] = None,
-                 use_pss: Optional[pulumi.Input[builtins.bool]] = None,
+                 policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 provinces: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 require_cn: Optional[pulumi.Input[_builtins.bool]] = None,
+                 serial_number_source: Optional[pulumi.Input[_builtins.str]] = None,
+                 server_flag: Optional[pulumi.Input[_builtins.bool]] = None,
+                 signature_bits: Optional[pulumi.Input[_builtins.int]] = None,
+                 street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 ttl: Optional[pulumi.Input[_builtins.str]] = None,
+                 use_csr_common_name: Optional[pulumi.Input[_builtins.bool]] = None,
+                 use_csr_sans: Optional[pulumi.Input[_builtins.bool]] = None,
+                 use_pss: Optional[pulumi.Input[_builtins.bool]] = None,
                  __props__=None):
         """
         Creates a role on an PKI Secret Backend for Vault.
@@ -1815,7 +1814,7 @@ class SecretBackendRole(pulumi.CustomResource):
             type="pki",
             default_lease_ttl_seconds=3600,
             max_lease_ttl_seconds=86400)
-        role = vault.pki_secret.SecretBackendRole("role",
+        role = vault.pkisecret.SecretBackendRole("role",
             backend=pki.path,
             name="my_role",
             ttl="3600",
@@ -1839,69 +1838,69 @@ class SecretBackendRole(pulumi.CustomResource):
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[builtins.bool] allow_any_name: Flag to allow any name
-        :param pulumi.Input[builtins.bool] allow_bare_domains: Flag to allow certificates matching the actual domain
-        :param pulumi.Input[builtins.bool] allow_glob_domains: Flag to allow names containing glob patterns.
-        :param pulumi.Input[builtins.bool] allow_ip_sans: Flag to allow IP SANs
-        :param pulumi.Input[builtins.bool] allow_localhost: Flag to allow certificates for localhost
-        :param pulumi.Input[builtins.bool] allow_subdomains: Flag to allow certificates matching subdomains
-        :param pulumi.Input[builtins.bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_domains: List of allowed domains for certificates
-        :param pulumi.Input[builtins.bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_other_sans: Defines allowed custom SANs
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uri_sans: Defines allowed URI SANs
-        :param pulumi.Input[builtins.bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_user_ids: Defines allowed User IDs
-        :param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
-        :param pulumi.Input[builtins.bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
-        :param pulumi.Input[builtins.bool] client_flag: Flag to specify certificates for client use
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
-        :param pulumi.Input[builtins.bool] code_signing_flag: Flag to specify certificates for code signing use
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] countries: The country of generated certificates
-        :param pulumi.Input[builtins.bool] email_protection_flag: Flag to specify certificates for email protection use
-        :param pulumi.Input[builtins.bool] enforce_hostnames: Flag to allow only valid host names
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
-        :param pulumi.Input[builtins.bool] generate_lease: Flag to generate leases with certificates
-        :param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. May
+        :param pulumi.Input[_builtins.bool] allow_any_name: Flag to allow any name
+        :param pulumi.Input[_builtins.bool] allow_bare_domains: Flag to allow certificates matching the actual domain
+        :param pulumi.Input[_builtins.bool] allow_glob_domains: Flag to allow names containing glob patterns.
+        :param pulumi.Input[_builtins.bool] allow_ip_sans: Flag to allow IP SANs
+        :param pulumi.Input[_builtins.bool] allow_localhost: Flag to allow certificates for localhost
+        :param pulumi.Input[_builtins.bool] allow_subdomains: Flag to allow certificates matching subdomains
+        :param pulumi.Input[_builtins.bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_domains: List of allowed domains for certificates
+        :param pulumi.Input[_builtins.bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_other_sans: Defines allowed custom SANs
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_uri_sans: Defines allowed URI SANs
+        :param pulumi.Input[_builtins.bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_user_ids: Defines allowed User IDs
+        :param pulumi.Input[_builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
+        :param pulumi.Input[_builtins.bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
+        :param pulumi.Input[_builtins.bool] client_flag: Flag to specify certificates for client use
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
+        :param pulumi.Input[_builtins.bool] code_signing_flag: Flag to specify certificates for code signing use
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] countries: The country of generated certificates
+        :param pulumi.Input[_builtins.bool] email_protection_flag: Flag to specify certificates for email protection use
+        :param pulumi.Input[_builtins.bool] enforce_hostnames: Flag to allow only valid host names
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
+        :param pulumi.Input[_builtins.bool] generate_lease: Flag to generate leases with certificates
+        :param pulumi.Input[_builtins.str] issuer_ref: Specifies the default issuer of this request. May
                be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
                the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
                overriding the role's `issuer_ref` value.
-        :param pulumi.Input[builtins.int] key_bits: The number of bits of generated keys
-        :param pulumi.Input[builtins.str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
+        :param pulumi.Input[_builtins.int] key_bits: The number of bits of generated keys
+        :param pulumi.Input[_builtins.str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
                Defaults to `rsa`
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] key_usages: Specify the allowed key usage constraint on issued
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] key_usages: Specify the allowed key usage constraint on issued
                certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
                To specify no default key usage constraints, set this to an empty list `[]`.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] localities: The locality of generated certificates
-        :param pulumi.Input[builtins.str] max_ttl: The maximum lease TTL, in seconds, for the role.
-        :param pulumi.Input[builtins.str] name: The name to identify this role within the backend. Must be unique within the backend.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] localities: The locality of generated certificates
+        :param pulumi.Input[_builtins.str] max_ttl: The maximum lease TTL, in seconds, for the role.
+        :param pulumi.Input[_builtins.str] name: The name to identify this role within the backend. Must be unique within the backend.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[builtins.bool] no_store: Flag to not store certificates in the storage backend
-        :param pulumi.Input[builtins.bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
-        :param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
-        :param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organization_unit: The organization unit of generated certificates
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organizations: The organization of generated certificates
+        :param pulumi.Input[_builtins.bool] no_store: Flag to not store certificates in the storage backend
+        :param pulumi.Input[_builtins.bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
+        :param pulumi.Input[_builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
+        :param pulumi.Input[_builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] organization_unit: The organization unit of generated certificates
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] organizations: The organization of generated certificates
         :param pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] postal_codes: The postal code of generated certificates
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] provinces: The province of generated certificates
-        :param pulumi.Input[builtins.bool] require_cn: Flag to force CN usage
-        :param pulumi.Input[builtins.str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] postal_codes: The postal code of generated certificates
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] provinces: The province of generated certificates
+        :param pulumi.Input[_builtins.bool] require_cn: Flag to force CN usage
+        :param pulumi.Input[_builtins.str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
                
                Example usage:
-        :param pulumi.Input[builtins.bool] server_flag: Flag to specify certificates for server use
-        :param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] street_addresses: The street address of generated certificates
-        :param pulumi.Input[builtins.str] ttl: The TTL, in seconds, for any certificate issued against this role.
-        :param pulumi.Input[builtins.bool] use_csr_common_name: Flag to use the CN in the CSR
-        :param pulumi.Input[builtins.bool] use_csr_sans: Flag to use the SANs in the CSR
-        :param pulumi.Input[builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
+        :param pulumi.Input[_builtins.bool] server_flag: Flag to specify certificates for server use
+        :param pulumi.Input[_builtins.int] signature_bits: The number of bits to use in the signature algorithm
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] street_addresses: The street address of generated certificates
+        :param pulumi.Input[_builtins.str] ttl: The TTL, in seconds, for any certificate issued against this role.
+        :param pulumi.Input[_builtins.bool] use_csr_common_name: Flag to use the CN in the CSR
+        :param pulumi.Input[_builtins.bool] use_csr_sans: Flag to use the SANs in the CSR
+        :param pulumi.Input[_builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
         """
         ...
     @overload
@@ -1923,7 +1922,7 @@ class SecretBackendRole(pulumi.CustomResource):
             type="pki",
             default_lease_ttl_seconds=3600,
             max_lease_ttl_seconds=86400)
-        role = vault.pki_secret.SecretBackendRole("role",
+        role = vault.pkisecret.SecretBackendRole("role",
             backend=pki.path,
             name="my_role",
             ttl="3600",
@@ -1960,58 +1959,58 @@ class SecretBackendRole(pulumi.CustomResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 allow_any_name: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_bare_domains: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_glob_domains: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_ip_sans: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_localhost: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_subdomains: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_wildcard_certificates: Optional[pulumi.Input[builtins.bool]] = None,
-                 allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 allowed_domains_template: Optional[pulumi.Input[builtins.bool]] = None,
-                 allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 allowed_uri_sans_template: Optional[pulumi.Input[builtins.bool]] = None,
-                 allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 backend: Optional[pulumi.Input[builtins.str]] = None,
-                 basic_constraints_valid_for_non_ca: Optional[pulumi.Input[builtins.bool]] = None,
-                 client_flag: Optional[pulumi.Input[builtins.bool]] = None,
-                 cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 code_signing_flag: Optional[pulumi.Input[builtins.bool]] = None,
-                 countries: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 email_protection_flag: Optional[pulumi.Input[builtins.bool]] = None,
-                 enforce_hostnames: Optional[pulumi.Input[builtins.bool]] = None,
-                 ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 generate_lease: Optional[pulumi.Input[builtins.bool]] = None,
-                 issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
-                 key_bits: Optional[pulumi.Input[builtins.int]] = None,
-                 key_type: Optional[pulumi.Input[builtins.str]] = None,
-                 key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 localities: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 max_ttl: Optional[pulumi.Input[builtins.str]] = None,
-                 name: Optional[pulumi.Input[builtins.str]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 no_store: Optional[pulumi.Input[builtins.bool]] = None,
-                 no_store_metadata: Optional[pulumi.Input[builtins.bool]] = None,
-                 not_after: Optional[pulumi.Input[builtins.str]] = None,
-                 not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
-                 organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 organizations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 allow_any_name: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_bare_domains: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_glob_domains: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_ip_sans: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_localhost: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_subdomains: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_wildcard_certificates: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 allowed_domains_template: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 allowed_uri_sans_template: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 basic_constraints_valid_for_non_ca: Optional[pulumi.Input[_builtins.bool]] = None,
+                 client_flag: Optional[pulumi.Input[_builtins.bool]] = None,
+                 cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 code_signing_flag: Optional[pulumi.Input[_builtins.bool]] = None,
+                 countries: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 email_protection_flag: Optional[pulumi.Input[_builtins.bool]] = None,
+                 enforce_hostnames: Optional[pulumi.Input[_builtins.bool]] = None,
+                 ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 generate_lease: Optional[pulumi.Input[_builtins.bool]] = None,
+                 issuer_ref: Optional[pulumi.Input[_builtins.str]] = None,
+                 key_bits: Optional[pulumi.Input[_builtins.int]] = None,
+                 key_type: Optional[pulumi.Input[_builtins.str]] = None,
+                 key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 localities: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 max_ttl: Optional[pulumi.Input[_builtins.str]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 no_store: Optional[pulumi.Input[_builtins.bool]] = None,
+                 no_store_metadata: Optional[pulumi.Input[_builtins.bool]] = None,
+                 not_after: Optional[pulumi.Input[_builtins.str]] = None,
+                 not_before_duration: Optional[pulumi.Input[_builtins.str]] = None,
+                 organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 organizations: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
                  policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]]] = None,
-                 policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 provinces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 require_cn: Optional[pulumi.Input[builtins.bool]] = None,
-                 serial_number_source: Optional[pulumi.Input[builtins.str]] = None,
-                 server_flag: Optional[pulumi.Input[builtins.bool]] = None,
-                 signature_bits: Optional[pulumi.Input[builtins.int]] = None,
-                 street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 ttl: Optional[pulumi.Input[builtins.str]] = None,
-                 use_csr_common_name: Optional[pulumi.Input[builtins.bool]] = None,
-                 use_csr_sans: Optional[pulumi.Input[builtins.bool]] = None,
-                 use_pss: Optional[pulumi.Input[builtins.bool]] = None,
+                 policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 provinces: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 require_cn: Optional[pulumi.Input[_builtins.bool]] = None,
+                 serial_number_source: Optional[pulumi.Input[_builtins.str]] = None,
+                 server_flag: Optional[pulumi.Input[_builtins.bool]] = None,
+                 signature_bits: Optional[pulumi.Input[_builtins.int]] = None,
+                 street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 ttl: Optional[pulumi.Input[_builtins.str]] = None,
+                 use_csr_common_name: Optional[pulumi.Input[_builtins.bool]] = None,
+                 use_csr_sans: Optional[pulumi.Input[_builtins.bool]] = None,
+                 use_pss: Optional[pulumi.Input[_builtins.bool]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -2085,58 +2084,58 @@ class SecretBackendRole(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
-            allow_any_name: Optional[pulumi.Input[builtins.bool]] = None,
-            allow_bare_domains: Optional[pulumi.Input[builtins.bool]] = None,
-            allow_glob_domains: Optional[pulumi.Input[builtins.bool]] = None,
-            allow_ip_sans: Optional[pulumi.Input[builtins.bool]] = None,
-            allow_localhost: Optional[pulumi.Input[builtins.bool]] = None,
-            allow_subdomains: Optional[pulumi.Input[builtins.bool]] = None,
-            allow_wildcard_certificates: Optional[pulumi.Input[builtins.bool]] = None,
-            allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            allowed_domains_template: Optional[pulumi.Input[builtins.bool]] = None,
-            allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            allowed_uri_sans_template: Optional[pulumi.Input[builtins.bool]] = None,
-            allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            backend: Optional[pulumi.Input[builtins.str]] = None,
-            basic_constraints_valid_for_non_ca: Optional[pulumi.Input[builtins.bool]] = None,
-            client_flag: Optional[pulumi.Input[builtins.bool]] = None,
-            cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            code_signing_flag: Optional[pulumi.Input[builtins.bool]] = None,
-            countries: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            email_protection_flag: Optional[pulumi.Input[builtins.bool]] = None,
-            enforce_hostnames: Optional[pulumi.Input[builtins.bool]] = None,
-            ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            generate_lease: Optional[pulumi.Input[builtins.bool]] = None,
-            issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
-            key_bits: Optional[pulumi.Input[builtins.int]] = None,
-            key_type: Optional[pulumi.Input[builtins.str]] = None,
-            key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            localities: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            max_ttl: Optional[pulumi.Input[builtins.str]] = None,
-            name: Optional[pulumi.Input[builtins.str]] = None,
-            namespace: Optional[pulumi.Input[builtins.str]] = None,
-            no_store: Optional[pulumi.Input[builtins.bool]] = None,
-            no_store_metadata: Optional[pulumi.Input[builtins.bool]] = None,
-            not_after: Optional[pulumi.Input[builtins.str]] = None,
-            not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
-            organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            organizations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+            allow_any_name: Optional[pulumi.Input[_builtins.bool]] = None,
+            allow_bare_domains: Optional[pulumi.Input[_builtins.bool]] = None,
+            allow_glob_domains: Optional[pulumi.Input[_builtins.bool]] = None,
+            allow_ip_sans: Optional[pulumi.Input[_builtins.bool]] = None,
+            allow_localhost: Optional[pulumi.Input[_builtins.bool]] = None,
+            allow_subdomains: Optional[pulumi.Input[_builtins.bool]] = None,
+            allow_wildcard_certificates: Optional[pulumi.Input[_builtins.bool]] = None,
+            allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            allowed_domains_template: Optional[pulumi.Input[_builtins.bool]] = None,
+            allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            allowed_uri_sans_template: Optional[pulumi.Input[_builtins.bool]] = None,
+            allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            backend: Optional[pulumi.Input[_builtins.str]] = None,
+            basic_constraints_valid_for_non_ca: Optional[pulumi.Input[_builtins.bool]] = None,
+            client_flag: Optional[pulumi.Input[_builtins.bool]] = None,
+            cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            code_signing_flag: Optional[pulumi.Input[_builtins.bool]] = None,
+            countries: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            email_protection_flag: Optional[pulumi.Input[_builtins.bool]] = None,
+            enforce_hostnames: Optional[pulumi.Input[_builtins.bool]] = None,
+            ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            generate_lease: Optional[pulumi.Input[_builtins.bool]] = None,
+            issuer_ref: Optional[pulumi.Input[_builtins.str]] = None,
+            key_bits: Optional[pulumi.Input[_builtins.int]] = None,
+            key_type: Optional[pulumi.Input[_builtins.str]] = None,
+            key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            localities: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            max_ttl: Optional[pulumi.Input[_builtins.str]] = None,
+            name: Optional[pulumi.Input[_builtins.str]] = None,
+            namespace: Optional[pulumi.Input[_builtins.str]] = None,
+            no_store: Optional[pulumi.Input[_builtins.bool]] = None,
+            no_store_metadata: Optional[pulumi.Input[_builtins.bool]] = None,
+            not_after: Optional[pulumi.Input[_builtins.str]] = None,
+            not_before_duration: Optional[pulumi.Input[_builtins.str]] = None,
+            organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            organizations: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
             policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]]] = None,
-            policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            provinces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            require_cn: Optional[pulumi.Input[builtins.bool]] = None,
-            serial_number_source: Optional[pulumi.Input[builtins.str]] = None,
-            server_flag: Optional[pulumi.Input[builtins.bool]] = None,
-            signature_bits: Optional[pulumi.Input[builtins.int]] = None,
-            street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            ttl: Optional[pulumi.Input[builtins.str]] = None,
-            use_csr_common_name: Optional[pulumi.Input[builtins.bool]] = None,
-            use_csr_sans: Optional[pulumi.Input[builtins.bool]] = None,
-            use_pss: Optional[pulumi.Input[builtins.bool]] = None) -> 'SecretBackendRole':
+            policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            provinces: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            require_cn: Optional[pulumi.Input[_builtins.bool]] = None,
+            serial_number_source: Optional[pulumi.Input[_builtins.str]] = None,
+            server_flag: Optional[pulumi.Input[_builtins.bool]] = None,
+            signature_bits: Optional[pulumi.Input[_builtins.int]] = None,
+            street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            ttl: Optional[pulumi.Input[_builtins.str]] = None,
+            use_csr_common_name: Optional[pulumi.Input[_builtins.bool]] = None,
+            use_csr_sans: Optional[pulumi.Input[_builtins.bool]] = None,
+            use_pss: Optional[pulumi.Input[_builtins.bool]] = None) -> 'SecretBackendRole':
         """
         Get an existing SecretBackendRole resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -2144,69 +2143,69 @@ class SecretBackendRole(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[builtins.bool] allow_any_name: Flag to allow any name
-        :param pulumi.Input[builtins.bool] allow_bare_domains: Flag to allow certificates matching the actual domain
-        :param pulumi.Input[builtins.bool] allow_glob_domains: Flag to allow names containing glob patterns.
-        :param pulumi.Input[builtins.bool] allow_ip_sans: Flag to allow IP SANs
-        :param pulumi.Input[builtins.bool] allow_localhost: Flag to allow certificates for localhost
-        :param pulumi.Input[builtins.bool] allow_subdomains: Flag to allow certificates matching subdomains
-        :param pulumi.Input[builtins.bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_domains: List of allowed domains for certificates
-        :param pulumi.Input[builtins.bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_other_sans: Defines allowed custom SANs
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uri_sans: Defines allowed URI SANs
-        :param pulumi.Input[builtins.bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_user_ids: Defines allowed User IDs
-        :param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
-        :param pulumi.Input[builtins.bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
-        :param pulumi.Input[builtins.bool] client_flag: Flag to specify certificates for client use
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
-        :param pulumi.Input[builtins.bool] code_signing_flag: Flag to specify certificates for code signing use
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] countries: The country of generated certificates
-        :param pulumi.Input[builtins.bool] email_protection_flag: Flag to specify certificates for email protection use
-        :param pulumi.Input[builtins.bool] enforce_hostnames: Flag to allow only valid host names
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
-        :param pulumi.Input[builtins.bool] generate_lease: Flag to generate leases with certificates
-        :param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. May
+        :param pulumi.Input[_builtins.bool] allow_any_name: Flag to allow any name
+        :param pulumi.Input[_builtins.bool] allow_bare_domains: Flag to allow certificates matching the actual domain
+        :param pulumi.Input[_builtins.bool] allow_glob_domains: Flag to allow names containing glob patterns.
+        :param pulumi.Input[_builtins.bool] allow_ip_sans: Flag to allow IP SANs
+        :param pulumi.Input[_builtins.bool] allow_localhost: Flag to allow certificates for localhost
+        :param pulumi.Input[_builtins.bool] allow_subdomains: Flag to allow certificates matching subdomains
+        :param pulumi.Input[_builtins.bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_domains: List of allowed domains for certificates
+        :param pulumi.Input[_builtins.bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_other_sans: Defines allowed custom SANs
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_uri_sans: Defines allowed URI SANs
+        :param pulumi.Input[_builtins.bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_user_ids: Defines allowed User IDs
+        :param pulumi.Input[_builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
+        :param pulumi.Input[_builtins.bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
+        :param pulumi.Input[_builtins.bool] client_flag: Flag to specify certificates for client use
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
+        :param pulumi.Input[_builtins.bool] code_signing_flag: Flag to specify certificates for code signing use
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] countries: The country of generated certificates
+        :param pulumi.Input[_builtins.bool] email_protection_flag: Flag to specify certificates for email protection use
+        :param pulumi.Input[_builtins.bool] enforce_hostnames: Flag to allow only valid host names
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
+        :param pulumi.Input[_builtins.bool] generate_lease: Flag to generate leases with certificates
+        :param pulumi.Input[_builtins.str] issuer_ref: Specifies the default issuer of this request. May
                be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
                the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
                overriding the role's `issuer_ref` value.
-        :param pulumi.Input[builtins.int] key_bits: The number of bits of generated keys
-        :param pulumi.Input[builtins.str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
+        :param pulumi.Input[_builtins.int] key_bits: The number of bits of generated keys
+        :param pulumi.Input[_builtins.str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
                Defaults to `rsa`
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] key_usages: Specify the allowed key usage constraint on issued
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] key_usages: Specify the allowed key usage constraint on issued
                certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
                To specify no default key usage constraints, set this to an empty list `[]`.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] localities: The locality of generated certificates
-        :param pulumi.Input[builtins.str] max_ttl: The maximum lease TTL, in seconds, for the role.
-        :param pulumi.Input[builtins.str] name: The name to identify this role within the backend. Must be unique within the backend.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] localities: The locality of generated certificates
+        :param pulumi.Input[_builtins.str] max_ttl: The maximum lease TTL, in seconds, for the role.
+        :param pulumi.Input[_builtins.str] name: The name to identify this role within the backend. Must be unique within the backend.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[builtins.bool] no_store: Flag to not store certificates in the storage backend
-        :param pulumi.Input[builtins.bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
-        :param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
-        :param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organization_unit: The organization unit of generated certificates
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organizations: The organization of generated certificates
+        :param pulumi.Input[_builtins.bool] no_store: Flag to not store certificates in the storage backend
+        :param pulumi.Input[_builtins.bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
+        :param pulumi.Input[_builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
+        :param pulumi.Input[_builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] organization_unit: The organization unit of generated certificates
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] organizations: The organization of generated certificates
         :param pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] postal_codes: The postal code of generated certificates
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] provinces: The province of generated certificates
-        :param pulumi.Input[builtins.bool] require_cn: Flag to force CN usage
-        :param pulumi.Input[builtins.str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] postal_codes: The postal code of generated certificates
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] provinces: The province of generated certificates
+        :param pulumi.Input[_builtins.bool] require_cn: Flag to force CN usage
+        :param pulumi.Input[_builtins.str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
                
                Example usage:
-        :param pulumi.Input[builtins.bool] server_flag: Flag to specify certificates for server use
-        :param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] street_addresses: The street address of generated certificates
-        :param pulumi.Input[builtins.str] ttl: The TTL, in seconds, for any certificate issued against this role.
-        :param pulumi.Input[builtins.bool] use_csr_common_name: Flag to use the CN in the CSR
-        :param pulumi.Input[builtins.bool] use_csr_sans: Flag to use the SANs in the CSR
-        :param pulumi.Input[builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
+        :param pulumi.Input[_builtins.bool] server_flag: Flag to specify certificates for server use
+        :param pulumi.Input[_builtins.int] signature_bits: The number of bits to use in the signature algorithm
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] street_addresses: The street address of generated certificates
+        :param pulumi.Input[_builtins.str] ttl: The TTL, in seconds, for any certificate issued against this role.
+        :param pulumi.Input[_builtins.bool] use_csr_common_name: Flag to use the CN in the CSR
+        :param pulumi.Input[_builtins.bool] use_csr_sans: Flag to use the SANs in the CSR
+        :param pulumi.Input[_builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
 
@@ -2266,209 +2265,209 @@ class SecretBackendRole(pulumi.CustomResource):
         __props__.__dict__["use_pss"] = use_pss
         return SecretBackendRole(resource_name, opts=opts, __props__=__props__)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowAnyName")
-    def allow_any_name(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def allow_any_name(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Flag to allow any name
         """
         return pulumi.get(self, "allow_any_name")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowBareDomains")
-    def allow_bare_domains(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def allow_bare_domains(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Flag to allow certificates matching the actual domain
         """
         return pulumi.get(self, "allow_bare_domains")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowGlobDomains")
-    def allow_glob_domains(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def allow_glob_domains(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Flag to allow names containing glob patterns.
         """
         return pulumi.get(self, "allow_glob_domains")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowIpSans")
-    def allow_ip_sans(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def allow_ip_sans(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Flag to allow IP SANs
         """
         return pulumi.get(self, "allow_ip_sans")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowLocalhost")
-    def allow_localhost(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def allow_localhost(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Flag to allow certificates for localhost
         """
         return pulumi.get(self, "allow_localhost")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowSubdomains")
-    def allow_subdomains(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def allow_subdomains(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Flag to allow certificates matching subdomains
         """
         return pulumi.get(self, "allow_subdomains")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowWildcardCertificates")
-    def allow_wildcard_certificates(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def allow_wildcard_certificates(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Flag to allow wildcard certificates.
         """
         return pulumi.get(self, "allow_wildcard_certificates")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedDomains")
-    def allowed_domains(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def allowed_domains(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         List of allowed domains for certificates
         """
         return pulumi.get(self, "allowed_domains")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedDomainsTemplate")
-    def allowed_domains_template(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def allowed_domains_template(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
         """
         return pulumi.get(self, "allowed_domains_template")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedOtherSans")
-    def allowed_other_sans(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def allowed_other_sans(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         Defines allowed custom SANs
         """
         return pulumi.get(self, "allowed_other_sans")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedSerialNumbers")
-    def allowed_serial_numbers(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def allowed_serial_numbers(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         An array of allowed serial numbers to put in Subject
         """
         return pulumi.get(self, "allowed_serial_numbers")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedUriSans")
-    def allowed_uri_sans(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def allowed_uri_sans(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         Defines allowed URI SANs
         """
         return pulumi.get(self, "allowed_uri_sans")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedUriSansTemplate")
-    def allowed_uri_sans_template(self) -> pulumi.Output[builtins.bool]:
+    def allowed_uri_sans_template(self) -> pulumi.Output[_builtins.bool]:
         """
         Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
         """
         return pulumi.get(self, "allowed_uri_sans_template")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedUserIds")
-    def allowed_user_ids(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def allowed_user_ids(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         Defines allowed User IDs
         """
         return pulumi.get(self, "allowed_user_ids")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def backend(self) -> pulumi.Output[builtins.str]:
+    def backend(self) -> pulumi.Output[_builtins.str]:
         """
         The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
         """
         return pulumi.get(self, "backend")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="basicConstraintsValidForNonCa")
-    def basic_constraints_valid_for_non_ca(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def basic_constraints_valid_for_non_ca(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Flag to mark basic constraints valid when issuing non-CA certificates
         """
         return pulumi.get(self, "basic_constraints_valid_for_non_ca")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="clientFlag")
-    def client_flag(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def client_flag(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Flag to specify certificates for client use
         """
         return pulumi.get(self, "client_flag")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="cnValidations")
-    def cn_validations(self) -> pulumi.Output[Sequence[builtins.str]]:
+    def cn_validations(self) -> pulumi.Output[Sequence[_builtins.str]]:
         """
         Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
         """
         return pulumi.get(self, "cn_validations")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="codeSigningFlag")
-    def code_signing_flag(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def code_signing_flag(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Flag to specify certificates for code signing use
         """
         return pulumi.get(self, "code_signing_flag")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def countries(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def countries(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         The country of generated certificates
         """
         return pulumi.get(self, "countries")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="emailProtectionFlag")
-    def email_protection_flag(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def email_protection_flag(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Flag to specify certificates for email protection use
         """
         return pulumi.get(self, "email_protection_flag")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="enforceHostnames")
-    def enforce_hostnames(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def enforce_hostnames(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Flag to allow only valid host names
         """
         return pulumi.get(self, "enforce_hostnames")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="extKeyUsageOids")
-    def ext_key_usage_oids(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def ext_key_usage_oids(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         Specify the allowed extended key usage OIDs constraint on issued certificates
         """
         return pulumi.get(self, "ext_key_usage_oids")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="extKeyUsages")
-    def ext_key_usages(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def ext_key_usages(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         Specify the allowed extended key usage constraint on issued certificates
         """
         return pulumi.get(self, "ext_key_usages")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="generateLease")
-    def generate_lease(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def generate_lease(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Flag to generate leases with certificates
         """
         return pulumi.get(self, "generate_lease")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="issuerRef")
-    def issuer_ref(self) -> pulumi.Output[builtins.str]:
+    def issuer_ref(self) -> pulumi.Output[_builtins.str]:
         """
         Specifies the default issuer of this request. May
         be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
@@ -2477,26 +2476,26 @@ class SecretBackendRole(pulumi.CustomResource):
         """
         return pulumi.get(self, "issuer_ref")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="keyBits")
-    def key_bits(self) -> pulumi.Output[Optional[builtins.int]]:
+    def key_bits(self) -> pulumi.Output[Optional[_builtins.int]]:
         """
         The number of bits of generated keys
         """
         return pulumi.get(self, "key_bits")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="keyType")
-    def key_type(self) -> pulumi.Output[Optional[builtins.str]]:
+    def key_type(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
         Defaults to `rsa`
         """
         return pulumi.get(self, "key_type")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="keyUsages")
-    def key_usages(self) -> pulumi.Output[Sequence[builtins.str]]:
+    def key_usages(self) -> pulumi.Output[Sequence[_builtins.str]]:
         """
         Specify the allowed key usage constraint on issued
         certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
@@ -2504,33 +2503,33 @@ class SecretBackendRole(pulumi.CustomResource):
         """
         return pulumi.get(self, "key_usages")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def localities(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def localities(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         The locality of generated certificates
         """
         return pulumi.get(self, "localities")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="maxTtl")
-    def max_ttl(self) -> pulumi.Output[builtins.str]:
+    def max_ttl(self) -> pulumi.Output[_builtins.str]:
         """
         The maximum lease TTL, in seconds, for the role.
         """
         return pulumi.get(self, "max_ttl")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def name(self) -> pulumi.Output[builtins.str]:
+    def name(self) -> pulumi.Output[_builtins.str]:
         """
         The name to identify this role within the backend. Must be unique within the backend.
         """
         return pulumi.get(self, "name")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
+    def namespace(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -2539,55 +2538,55 @@ class SecretBackendRole(pulumi.CustomResource):
         """
         return pulumi.get(self, "namespace")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="noStore")
-    def no_store(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def no_store(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Flag to not store certificates in the storage backend
         """
         return pulumi.get(self, "no_store")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="noStoreMetadata")
-    def no_store_metadata(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def no_store_metadata(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
         """
         return pulumi.get(self, "no_store_metadata")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="notAfter")
-    def not_after(self) -> pulumi.Output[Optional[builtins.str]]:
+    def not_after(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
         """
         return pulumi.get(self, "not_after")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="notBeforeDuration")
-    def not_before_duration(self) -> pulumi.Output[builtins.str]:
+    def not_before_duration(self) -> pulumi.Output[_builtins.str]:
         """
         Specifies the duration by which to backdate the NotBefore property.
         """
         return pulumi.get(self, "not_before_duration")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="organizationUnit")
-    def organization_unit(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def organization_unit(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         The organization unit of generated certificates
         """
         return pulumi.get(self, "organization_unit")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def organizations(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def organizations(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         The organization of generated certificates
         """
         return pulumi.get(self, "organizations")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="policyIdentifier")
     def policy_identifier(self) -> pulumi.Output[Optional[Sequence['outputs.SecretBackendRolePolicyIdentifier']]]:
         """
@@ -2595,41 +2594,41 @@ class SecretBackendRole(pulumi.CustomResource):
         """
         return pulumi.get(self, "policy_identifier")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="policyIdentifiers")
-    def policy_identifiers(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def policy_identifiers(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
         """
         return pulumi.get(self, "policy_identifiers")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="postalCodes")
-    def postal_codes(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def postal_codes(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         The postal code of generated certificates
         """
         return pulumi.get(self, "postal_codes")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def provinces(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def provinces(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         The province of generated certificates
         """
         return pulumi.get(self, "provinces")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="requireCn")
-    def require_cn(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def require_cn(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Flag to force CN usage
         """
         return pulumi.get(self, "require_cn")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="serialNumberSource")
-    def serial_number_source(self) -> pulumi.Output[builtins.str]:
+    def serial_number_source(self) -> pulumi.Output[_builtins.str]:
         """
         Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
 
@@ -2637,57 +2636,57 @@ class SecretBackendRole(pulumi.CustomResource):
         """
         return pulumi.get(self, "serial_number_source")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="serverFlag")
-    def server_flag(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def server_flag(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Flag to specify certificates for server use
         """
         return pulumi.get(self, "server_flag")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="signatureBits")
-    def signature_bits(self) -> pulumi.Output[builtins.int]:
+    def signature_bits(self) -> pulumi.Output[_builtins.int]:
         """
         The number of bits to use in the signature algorithm
         """
         return pulumi.get(self, "signature_bits")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="streetAddresses")
-    def street_addresses(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def street_addresses(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         The street address of generated certificates
         """
         return pulumi.get(self, "street_addresses")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def ttl(self) -> pulumi.Output[builtins.str]:
+    def ttl(self) -> pulumi.Output[_builtins.str]:
         """
         The TTL, in seconds, for any certificate issued against this role.
         """
         return pulumi.get(self, "ttl")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="useCsrCommonName")
-    def use_csr_common_name(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def use_csr_common_name(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Flag to use the CN in the CSR
         """
         return pulumi.get(self, "use_csr_common_name")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="useCsrSans")
-    def use_csr_sans(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def use_csr_sans(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Flag to use the SANs in the CSR
         """
         return pulumi.get(self, "use_csr_sans")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="usePss")
-    def use_pss(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def use_pss(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
         """