pulumi-vault 7.2.0a1753339763__py3-none-any.whl → 7.2.0a1753398491__py3-none-any.whl

pulumi_vault/transit/secret_backend_key.py

@@ -2,8 +2,7 @@
 # *** WARNING: this file was generated by pulumi-language-python. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
 
-import builtins
-import copy
+import builtins as _builtins
 import warnings
 import sys
 import pulumi
@@ -20,48 +19,48 @@ __all__ = ['SecretBackendKeyArgs', 'SecretBackendKey']
 @pulumi.input_type
 class SecretBackendKeyArgs:
     def __init__(__self__, *,
-                 backend: pulumi.Input[builtins.str],
-                 allow_plaintext_backup: Optional[pulumi.Input[builtins.bool]] = None,
-                 auto_rotate_period: Optional[pulumi.Input[builtins.int]] = None,
-                 convergent_encryption: Optional[pulumi.Input[builtins.bool]] = None,
-                 deletion_allowed: Optional[pulumi.Input[builtins.bool]] = None,
-                 derived: Optional[pulumi.Input[builtins.bool]] = None,
-                 exportable: Optional[pulumi.Input[builtins.bool]] = None,
-                 hybrid_key_type_ec: Optional[pulumi.Input[builtins.str]] = None,
-                 hybrid_key_type_pqc: Optional[pulumi.Input[builtins.str]] = None,
-                 key_size: Optional[pulumi.Input[builtins.int]] = None,
-                 min_decryption_version: Optional[pulumi.Input[builtins.int]] = None,
-                 min_encryption_version: Optional[pulumi.Input[builtins.int]] = None,
-                 name: Optional[pulumi.Input[builtins.str]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 parameter_set: Optional[pulumi.Input[builtins.str]] = None,
-                 type: Optional[pulumi.Input[builtins.str]] = None):
+                 backend: pulumi.Input[_builtins.str],
+                 allow_plaintext_backup: Optional[pulumi.Input[_builtins.bool]] = None,
+                 auto_rotate_period: Optional[pulumi.Input[_builtins.int]] = None,
+                 convergent_encryption: Optional[pulumi.Input[_builtins.bool]] = None,
+                 deletion_allowed: Optional[pulumi.Input[_builtins.bool]] = None,
+                 derived: Optional[pulumi.Input[_builtins.bool]] = None,
+                 exportable: Optional[pulumi.Input[_builtins.bool]] = None,
+                 hybrid_key_type_ec: Optional[pulumi.Input[_builtins.str]] = None,
+                 hybrid_key_type_pqc: Optional[pulumi.Input[_builtins.str]] = None,
+                 key_size: Optional[pulumi.Input[_builtins.int]] = None,
+                 min_decryption_version: Optional[pulumi.Input[_builtins.int]] = None,
+                 min_encryption_version: Optional[pulumi.Input[_builtins.int]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 parameter_set: Optional[pulumi.Input[_builtins.str]] = None,
+                 type: Optional[pulumi.Input[_builtins.str]] = None):
         """
         The set of arguments for constructing a SecretBackendKey resource.
-        :param pulumi.Input[builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
-        :param pulumi.Input[builtins.bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
+        :param pulumi.Input[_builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
+        :param pulumi.Input[_builtins.bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
                * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
-        :param pulumi.Input[builtins.int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
+        :param pulumi.Input[_builtins.int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
                A value of 0 disables automatic rotation for the key.
-        :param pulumi.Input[builtins.bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
-        :param pulumi.Input[builtins.bool] deletion_allowed: Specifies if the key is allowed to be deleted.
-        :param pulumi.Input[builtins.bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
-        :param pulumi.Input[builtins.bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
-        :param pulumi.Input[builtins.str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
+        :param pulumi.Input[_builtins.bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
+        :param pulumi.Input[_builtins.bool] deletion_allowed: Specifies if the key is allowed to be deleted.
+        :param pulumi.Input[_builtins.bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
+        :param pulumi.Input[_builtins.bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
+        :param pulumi.Input[_builtins.str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
                Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
-        :param pulumi.Input[builtins.str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
+        :param pulumi.Input[_builtins.str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
                Currently, ML-DSA is the only supported key type.
-        :param pulumi.Input[builtins.int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
-        :param pulumi.Input[builtins.int] min_decryption_version: Minimum key version to use for decryption.
-        :param pulumi.Input[builtins.int] min_encryption_version: Minimum key version to use for encryption
-        :param pulumi.Input[builtins.str] name: The name to identify this key within the backend. Must be unique within the backend.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
+        :param pulumi.Input[_builtins.int] min_decryption_version: Minimum key version to use for decryption.
+        :param pulumi.Input[_builtins.int] min_encryption_version: Minimum key version to use for encryption
+        :param pulumi.Input[_builtins.str] name: The name to identify this key within the backend. Must be unique within the backend.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[builtins.str] parameter_set: The parameter set to use for ML-DSA. Required for
+        :param pulumi.Input[_builtins.str] parameter_set: The parameter set to use for ML-DSA. Required for
                ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
-        :param pulumi.Input[builtins.str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
+        :param pulumi.Input[_builtins.str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
                * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
         """
         pulumi.set(__self__, "backend", backend)
@@ -96,21 +95,21 @@ class SecretBackendKeyArgs:
         if type is not None:
             pulumi.set(__self__, "type", type)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def backend(self) -> pulumi.Input[builtins.str]:
+    def backend(self) -> pulumi.Input[_builtins.str]:
         """
         The path the transit secret backend is mounted at, with no leading or trailing `/`s.
         """
         return pulumi.get(self, "backend")
 
     @backend.setter
-    def backend(self, value: pulumi.Input[builtins.str]):
+    def backend(self, value: pulumi.Input[_builtins.str]):
         pulumi.set(self, "backend", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowPlaintextBackup")
-    def allow_plaintext_backup(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def allow_plaintext_backup(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
         * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
@@ -118,12 +117,12 @@ class SecretBackendKeyArgs:
         return pulumi.get(self, "allow_plaintext_backup")
 
     @allow_plaintext_backup.setter
-    def allow_plaintext_backup(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def allow_plaintext_backup(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "allow_plaintext_backup", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="autoRotatePeriod")
-    def auto_rotate_period(self) -> Optional[pulumi.Input[builtins.int]]:
+    def auto_rotate_period(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         Amount of seconds the key should live before being automatically rotated.
         A value of 0 disables automatic rotation for the key.
@@ -131,60 +130,60 @@ class SecretBackendKeyArgs:
         return pulumi.get(self, "auto_rotate_period")
 
     @auto_rotate_period.setter
-    def auto_rotate_period(self, value: Optional[pulumi.Input[builtins.int]]):
+    def auto_rotate_period(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "auto_rotate_period", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="convergentEncryption")
-    def convergent_encryption(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def convergent_encryption(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
         """
         return pulumi.get(self, "convergent_encryption")
 
     @convergent_encryption.setter
-    def convergent_encryption(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def convergent_encryption(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "convergent_encryption", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="deletionAllowed")
-    def deletion_allowed(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def deletion_allowed(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Specifies if the key is allowed to be deleted.
         """
         return pulumi.get(self, "deletion_allowed")
 
     @deletion_allowed.setter
-    def deletion_allowed(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def deletion_allowed(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "deletion_allowed", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def derived(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def derived(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
         """
         return pulumi.get(self, "derived")
 
     @derived.setter
-    def derived(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def derived(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "derived", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def exportable(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def exportable(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
         """
         return pulumi.get(self, "exportable")
 
     @exportable.setter
-    def exportable(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def exportable(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "exportable", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="hybridKeyTypeEc")
-    def hybrid_key_type_ec(self) -> Optional[pulumi.Input[builtins.str]]:
+    def hybrid_key_type_ec(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The elliptic curve algorithm to use for hybrid signatures.
         Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
@@ -192,12 +191,12 @@ class SecretBackendKeyArgs:
         return pulumi.get(self, "hybrid_key_type_ec")
 
     @hybrid_key_type_ec.setter
-    def hybrid_key_type_ec(self, value: Optional[pulumi.Input[builtins.str]]):
+    def hybrid_key_type_ec(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "hybrid_key_type_ec", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="hybridKeyTypePqc")
-    def hybrid_key_type_pqc(self) -> Optional[pulumi.Input[builtins.str]]:
+    def hybrid_key_type_pqc(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The post-quantum algorithm to use for hybrid signatures.
         Currently, ML-DSA is the only supported key type.
@@ -205,60 +204,60 @@ class SecretBackendKeyArgs:
         return pulumi.get(self, "hybrid_key_type_pqc")
 
     @hybrid_key_type_pqc.setter
-    def hybrid_key_type_pqc(self, value: Optional[pulumi.Input[builtins.str]]):
+    def hybrid_key_type_pqc(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "hybrid_key_type_pqc", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="keySize")
-    def key_size(self) -> Optional[pulumi.Input[builtins.int]]:
+    def key_size(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
         """
         return pulumi.get(self, "key_size")
 
     @key_size.setter
-    def key_size(self, value: Optional[pulumi.Input[builtins.int]]):
+    def key_size(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "key_size", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="minDecryptionVersion")
-    def min_decryption_version(self) -> Optional[pulumi.Input[builtins.int]]:
+    def min_decryption_version(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         Minimum key version to use for decryption.
         """
         return pulumi.get(self, "min_decryption_version")
 
     @min_decryption_version.setter
-    def min_decryption_version(self, value: Optional[pulumi.Input[builtins.int]]):
+    def min_decryption_version(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "min_decryption_version", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="minEncryptionVersion")
-    def min_encryption_version(self) -> Optional[pulumi.Input[builtins.int]]:
+    def min_encryption_version(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         Minimum key version to use for encryption
         """
         return pulumi.get(self, "min_encryption_version")
 
     @min_encryption_version.setter
-    def min_encryption_version(self, value: Optional[pulumi.Input[builtins.int]]):
+    def min_encryption_version(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "min_encryption_version", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def name(self) -> Optional[pulumi.Input[builtins.str]]:
+    def name(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The name to identify this key within the backend. Must be unique within the backend.
         """
         return pulumi.get(self, "name")
 
     @name.setter
-    def name(self, value: Optional[pulumi.Input[builtins.str]]):
+    def name(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "name", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -268,12 +267,12 @@ class SecretBackendKeyArgs:
         return pulumi.get(self, "namespace")
 
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "namespace", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="parameterSet")
-    def parameter_set(self) -> Optional[pulumi.Input[builtins.str]]:
+    def parameter_set(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The parameter set to use for ML-DSA. Required for
         ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
@@ -281,12 +280,12 @@ class SecretBackendKeyArgs:
         return pulumi.get(self, "parameter_set")
 
     @parameter_set.setter
-    def parameter_set(self, value: Optional[pulumi.Input[builtins.str]]):
+    def parameter_set(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "parameter_set", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def type(self) -> Optional[pulumi.Input[builtins.str]]:
+    def type(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
         * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
@@ -294,71 +293,71 @@ class SecretBackendKeyArgs:
         return pulumi.get(self, "type")
 
     @type.setter
-    def type(self, value: Optional[pulumi.Input[builtins.str]]):
+    def type(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "type", value)
 
 
 @pulumi.input_type
 class _SecretBackendKeyState:
     def __init__(__self__, *,
-                 allow_plaintext_backup: Optional[pulumi.Input[builtins.bool]] = None,
-                 auto_rotate_period: Optional[pulumi.Input[builtins.int]] = None,
-                 backend: Optional[pulumi.Input[builtins.str]] = None,
-                 convergent_encryption: Optional[pulumi.Input[builtins.bool]] = None,
-                 deletion_allowed: Optional[pulumi.Input[builtins.bool]] = None,
-                 derived: Optional[pulumi.Input[builtins.bool]] = None,
-                 exportable: Optional[pulumi.Input[builtins.bool]] = None,
-                 hybrid_key_type_ec: Optional[pulumi.Input[builtins.str]] = None,
-                 hybrid_key_type_pqc: Optional[pulumi.Input[builtins.str]] = None,
-                 key_size: Optional[pulumi.Input[builtins.int]] = None,
-                 keys: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]]] = None,
-                 latest_version: Optional[pulumi.Input[builtins.int]] = None,
-                 min_available_version: Optional[pulumi.Input[builtins.int]] = None,
-                 min_decryption_version: Optional[pulumi.Input[builtins.int]] = None,
-                 min_encryption_version: Optional[pulumi.Input[builtins.int]] = None,
-                 name: Optional[pulumi.Input[builtins.str]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 parameter_set: Optional[pulumi.Input[builtins.str]] = None,
-                 supports_decryption: Optional[pulumi.Input[builtins.bool]] = None,
-                 supports_derivation: Optional[pulumi.Input[builtins.bool]] = None,
-                 supports_encryption: Optional[pulumi.Input[builtins.bool]] = None,
-                 supports_signing: Optional[pulumi.Input[builtins.bool]] = None,
-                 type: Optional[pulumi.Input[builtins.str]] = None):
+                 allow_plaintext_backup: Optional[pulumi.Input[_builtins.bool]] = None,
+                 auto_rotate_period: Optional[pulumi.Input[_builtins.int]] = None,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 convergent_encryption: Optional[pulumi.Input[_builtins.bool]] = None,
+                 deletion_allowed: Optional[pulumi.Input[_builtins.bool]] = None,
+                 derived: Optional[pulumi.Input[_builtins.bool]] = None,
+                 exportable: Optional[pulumi.Input[_builtins.bool]] = None,
+                 hybrid_key_type_ec: Optional[pulumi.Input[_builtins.str]] = None,
+                 hybrid_key_type_pqc: Optional[pulumi.Input[_builtins.str]] = None,
+                 key_size: Optional[pulumi.Input[_builtins.int]] = None,
+                 keys: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]]] = None,
+                 latest_version: Optional[pulumi.Input[_builtins.int]] = None,
+                 min_available_version: Optional[pulumi.Input[_builtins.int]] = None,
+                 min_decryption_version: Optional[pulumi.Input[_builtins.int]] = None,
+                 min_encryption_version: Optional[pulumi.Input[_builtins.int]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 parameter_set: Optional[pulumi.Input[_builtins.str]] = None,
+                 supports_decryption: Optional[pulumi.Input[_builtins.bool]] = None,
+                 supports_derivation: Optional[pulumi.Input[_builtins.bool]] = None,
+                 supports_encryption: Optional[pulumi.Input[_builtins.bool]] = None,
+                 supports_signing: Optional[pulumi.Input[_builtins.bool]] = None,
+                 type: Optional[pulumi.Input[_builtins.str]] = None):
         """
         Input properties used for looking up and filtering SecretBackendKey resources.
-        :param pulumi.Input[builtins.bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
+        :param pulumi.Input[_builtins.bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
                * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
-        :param pulumi.Input[builtins.int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
+        :param pulumi.Input[_builtins.int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
                A value of 0 disables automatic rotation for the key.
-        :param pulumi.Input[builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
-        :param pulumi.Input[builtins.bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
-        :param pulumi.Input[builtins.bool] deletion_allowed: Specifies if the key is allowed to be deleted.
-        :param pulumi.Input[builtins.bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
-        :param pulumi.Input[builtins.bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
-        :param pulumi.Input[builtins.str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
+        :param pulumi.Input[_builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
+        :param pulumi.Input[_builtins.bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
+        :param pulumi.Input[_builtins.bool] deletion_allowed: Specifies if the key is allowed to be deleted.
+        :param pulumi.Input[_builtins.bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
+        :param pulumi.Input[_builtins.bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
+        :param pulumi.Input[_builtins.str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
                Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
-        :param pulumi.Input[builtins.str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
+        :param pulumi.Input[_builtins.str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
                Currently, ML-DSA is the only supported key type.
-        :param pulumi.Input[builtins.int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
-        :param pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]] keys: List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
+        :param pulumi.Input[_builtins.int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
+        :param pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]] keys: List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
                * for key types `aes128-gcm96`, `aes256-gcm96` and `chacha20-poly1305`, each key version will be a map of a single value `id` which is just a hash of the key's metadata.
                * for key types `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `rsa-2048`, `rsa-3072` and `rsa-4096`, each key version will be a map of the following:
-        :param pulumi.Input[builtins.int] latest_version: Latest key version available. This value is 1-indexed, so if `latest_version` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
-        :param pulumi.Input[builtins.int] min_available_version: Minimum key version available for use. If keys have been archived by increasing `min_decryption_version`, this attribute will reflect that change.
-        :param pulumi.Input[builtins.int] min_decryption_version: Minimum key version to use for decryption.
-        :param pulumi.Input[builtins.int] min_encryption_version: Minimum key version to use for encryption
-        :param pulumi.Input[builtins.str] name: The name to identify this key within the backend. Must be unique within the backend.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.int] latest_version: Latest key version available. This value is 1-indexed, so if `latest_version` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
+        :param pulumi.Input[_builtins.int] min_available_version: Minimum key version available for use. If keys have been archived by increasing `min_decryption_version`, this attribute will reflect that change.
+        :param pulumi.Input[_builtins.int] min_decryption_version: Minimum key version to use for decryption.
+        :param pulumi.Input[_builtins.int] min_encryption_version: Minimum key version to use for encryption
+        :param pulumi.Input[_builtins.str] name: The name to identify this key within the backend. Must be unique within the backend.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[builtins.str] parameter_set: The parameter set to use for ML-DSA. Required for
+        :param pulumi.Input[_builtins.str] parameter_set: The parameter set to use for ML-DSA. Required for
                ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
-        :param pulumi.Input[builtins.bool] supports_decryption: Whether or not the key supports decryption, based on key type.
-        :param pulumi.Input[builtins.bool] supports_derivation: Whether or not the key supports derivation, based on key type.
-        :param pulumi.Input[builtins.bool] supports_encryption: Whether or not the key supports encryption, based on key type.
-        :param pulumi.Input[builtins.bool] supports_signing: Whether or not the key supports signing, based on key type.
-        :param pulumi.Input[builtins.str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
+        :param pulumi.Input[_builtins.bool] supports_decryption: Whether or not the key supports decryption, based on key type.
+        :param pulumi.Input[_builtins.bool] supports_derivation: Whether or not the key supports derivation, based on key type.
+        :param pulumi.Input[_builtins.bool] supports_encryption: Whether or not the key supports encryption, based on key type.
+        :param pulumi.Input[_builtins.bool] supports_signing: Whether or not the key supports signing, based on key type.
+        :param pulumi.Input[_builtins.str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
                * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
         """
         if allow_plaintext_backup is not None:
@@ -408,9 +407,9 @@ class _SecretBackendKeyState:
         if type is not None:
             pulumi.set(__self__, "type", type)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowPlaintextBackup")
-    def allow_plaintext_backup(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def allow_plaintext_backup(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
         * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
@@ -418,12 +417,12 @@ class _SecretBackendKeyState:
         return pulumi.get(self, "allow_plaintext_backup")
 
     @allow_plaintext_backup.setter
-    def allow_plaintext_backup(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def allow_plaintext_backup(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "allow_plaintext_backup", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="autoRotatePeriod")
-    def auto_rotate_period(self) -> Optional[pulumi.Input[builtins.int]]:
+    def auto_rotate_period(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         Amount of seconds the key should live before being automatically rotated.
         A value of 0 disables automatic rotation for the key.
@@ -431,72 +430,72 @@ class _SecretBackendKeyState:
         return pulumi.get(self, "auto_rotate_period")
 
     @auto_rotate_period.setter
-    def auto_rotate_period(self, value: Optional[pulumi.Input[builtins.int]]):
+    def auto_rotate_period(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "auto_rotate_period", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def backend(self) -> Optional[pulumi.Input[builtins.str]]:
+    def backend(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The path the transit secret backend is mounted at, with no leading or trailing `/`s.
         """
         return pulumi.get(self, "backend")
 
     @backend.setter
-    def backend(self, value: Optional[pulumi.Input[builtins.str]]):
+    def backend(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "backend", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="convergentEncryption")
-    def convergent_encryption(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def convergent_encryption(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
         """
         return pulumi.get(self, "convergent_encryption")
 
     @convergent_encryption.setter
-    def convergent_encryption(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def convergent_encryption(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "convergent_encryption", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="deletionAllowed")
-    def deletion_allowed(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def deletion_allowed(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Specifies if the key is allowed to be deleted.
         """
         return pulumi.get(self, "deletion_allowed")
 
     @deletion_allowed.setter
-    def deletion_allowed(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def deletion_allowed(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "deletion_allowed", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def derived(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def derived(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
         """
         return pulumi.get(self, "derived")
 
     @derived.setter
-    def derived(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def derived(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "derived", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def exportable(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def exportable(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
         """
         return pulumi.get(self, "exportable")
 
     @exportable.setter
-    def exportable(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def exportable(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "exportable", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="hybridKeyTypeEc")
-    def hybrid_key_type_ec(self) -> Optional[pulumi.Input[builtins.str]]:
+    def hybrid_key_type_ec(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The elliptic curve algorithm to use for hybrid signatures.
         Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
@@ -504,12 +503,12 @@ class _SecretBackendKeyState:
         return pulumi.get(self, "hybrid_key_type_ec")
 
     @hybrid_key_type_ec.setter
-    def hybrid_key_type_ec(self, value: Optional[pulumi.Input[builtins.str]]):
+    def hybrid_key_type_ec(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "hybrid_key_type_ec", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="hybridKeyTypePqc")
-    def hybrid_key_type_pqc(self) -> Optional[pulumi.Input[builtins.str]]:
+    def hybrid_key_type_pqc(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The post-quantum algorithm to use for hybrid signatures.
         Currently, ML-DSA is the only supported key type.
@@ -517,24 +516,24 @@ class _SecretBackendKeyState:
         return pulumi.get(self, "hybrid_key_type_pqc")
 
     @hybrid_key_type_pqc.setter
-    def hybrid_key_type_pqc(self, value: Optional[pulumi.Input[builtins.str]]):
+    def hybrid_key_type_pqc(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "hybrid_key_type_pqc", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="keySize")
-    def key_size(self) -> Optional[pulumi.Input[builtins.int]]:
+    def key_size(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
         """
         return pulumi.get(self, "key_size")
 
     @key_size.setter
-    def key_size(self, value: Optional[pulumi.Input[builtins.int]]):
+    def key_size(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "key_size", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]]]:
+    def keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]]]:
         """
         List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
         * for key types `aes128-gcm96`, `aes256-gcm96` and `chacha20-poly1305`, each key version will be a map of a single value `id` which is just a hash of the key's metadata.
@@ -543,72 +542,72 @@ class _SecretBackendKeyState:
         return pulumi.get(self, "keys")
 
     @keys.setter
-    def keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]]]):
+    def keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]]]):
         pulumi.set(self, "keys", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="latestVersion")
-    def latest_version(self) -> Optional[pulumi.Input[builtins.int]]:
+    def latest_version(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         Latest key version available. This value is 1-indexed, so if `latest_version` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
         """
         return pulumi.get(self, "latest_version")
 
     @latest_version.setter
-    def latest_version(self, value: Optional[pulumi.Input[builtins.int]]):
+    def latest_version(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "latest_version", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="minAvailableVersion")
-    def min_available_version(self) -> Optional[pulumi.Input[builtins.int]]:
+    def min_available_version(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         Minimum key version available for use. If keys have been archived by increasing `min_decryption_version`, this attribute will reflect that change.
         """
         return pulumi.get(self, "min_available_version")
 
     @min_available_version.setter
-    def min_available_version(self, value: Optional[pulumi.Input[builtins.int]]):
+    def min_available_version(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "min_available_version", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="minDecryptionVersion")
-    def min_decryption_version(self) -> Optional[pulumi.Input[builtins.int]]:
+    def min_decryption_version(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         Minimum key version to use for decryption.
         """
         return pulumi.get(self, "min_decryption_version")
 
     @min_decryption_version.setter
-    def min_decryption_version(self, value: Optional[pulumi.Input[builtins.int]]):
+    def min_decryption_version(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "min_decryption_version", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="minEncryptionVersion")
-    def min_encryption_version(self) -> Optional[pulumi.Input[builtins.int]]:
+    def min_encryption_version(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         Minimum key version to use for encryption
         """
         return pulumi.get(self, "min_encryption_version")
 
     @min_encryption_version.setter
-    def min_encryption_version(self, value: Optional[pulumi.Input[builtins.int]]):
+    def min_encryption_version(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "min_encryption_version", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def name(self) -> Optional[pulumi.Input[builtins.str]]:
+    def name(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The name to identify this key within the backend. Must be unique within the backend.
         """
         return pulumi.get(self, "name")
 
     @name.setter
-    def name(self, value: Optional[pulumi.Input[builtins.str]]):
+    def name(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "name", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -618,12 +617,12 @@ class _SecretBackendKeyState:
         return pulumi.get(self, "namespace")
 
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "namespace", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="parameterSet")
-    def parameter_set(self) -> Optional[pulumi.Input[builtins.str]]:
+    def parameter_set(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The parameter set to use for ML-DSA. Required for
         ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
@@ -631,60 +630,60 @@ class _SecretBackendKeyState:
         return pulumi.get(self, "parameter_set")
 
     @parameter_set.setter
-    def parameter_set(self, value: Optional[pulumi.Input[builtins.str]]):
+    def parameter_set(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "parameter_set", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="supportsDecryption")
-    def supports_decryption(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def supports_decryption(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Whether or not the key supports decryption, based on key type.
         """
         return pulumi.get(self, "supports_decryption")
 
     @supports_decryption.setter
-    def supports_decryption(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def supports_decryption(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "supports_decryption", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="supportsDerivation")
-    def supports_derivation(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def supports_derivation(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Whether or not the key supports derivation, based on key type.
         """
         return pulumi.get(self, "supports_derivation")
 
     @supports_derivation.setter
-    def supports_derivation(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def supports_derivation(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "supports_derivation", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="supportsEncryption")
-    def supports_encryption(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def supports_encryption(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Whether or not the key supports encryption, based on key type.
         """
         return pulumi.get(self, "supports_encryption")
 
     @supports_encryption.setter
-    def supports_encryption(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def supports_encryption(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "supports_encryption", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="supportsSigning")
-    def supports_signing(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def supports_signing(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Whether or not the key supports signing, based on key type.
         """
         return pulumi.get(self, "supports_signing")
 
     @supports_signing.setter
-    def supports_signing(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def supports_signing(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "supports_signing", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def type(self) -> Optional[pulumi.Input[builtins.str]]:
+    def type(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
         * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
@@ -692,7 +691,7 @@ class _SecretBackendKeyState:
         return pulumi.get(self, "type")
 
     @type.setter
-    def type(self, value: Optional[pulumi.Input[builtins.str]]):
+    def type(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "type", value)
 
 
@@ -702,22 +701,22 @@ class SecretBackendKey(pulumi.CustomResource):
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 allow_plaintext_backup: Optional[pulumi.Input[builtins.bool]] = None,
-                 auto_rotate_period: Optional[pulumi.Input[builtins.int]] = None,
-                 backend: Optional[pulumi.Input[builtins.str]] = None,
-                 convergent_encryption: Optional[pulumi.Input[builtins.bool]] = None,
-                 deletion_allowed: Optional[pulumi.Input[builtins.bool]] = None,
-                 derived: Optional[pulumi.Input[builtins.bool]] = None,
-                 exportable: Optional[pulumi.Input[builtins.bool]] = None,
-                 hybrid_key_type_ec: Optional[pulumi.Input[builtins.str]] = None,
-                 hybrid_key_type_pqc: Optional[pulumi.Input[builtins.str]] = None,
-                 key_size: Optional[pulumi.Input[builtins.int]] = None,
-                 min_decryption_version: Optional[pulumi.Input[builtins.int]] = None,
-                 min_encryption_version: Optional[pulumi.Input[builtins.int]] = None,
-                 name: Optional[pulumi.Input[builtins.str]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 parameter_set: Optional[pulumi.Input[builtins.str]] = None,
-                 type: Optional[pulumi.Input[builtins.str]] = None,
+                 allow_plaintext_backup: Optional[pulumi.Input[_builtins.bool]] = None,
+                 auto_rotate_period: Optional[pulumi.Input[_builtins.int]] = None,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 convergent_encryption: Optional[pulumi.Input[_builtins.bool]] = None,
+                 deletion_allowed: Optional[pulumi.Input[_builtins.bool]] = None,
+                 derived: Optional[pulumi.Input[_builtins.bool]] = None,
+                 exportable: Optional[pulumi.Input[_builtins.bool]] = None,
+                 hybrid_key_type_ec: Optional[pulumi.Input[_builtins.str]] = None,
+                 hybrid_key_type_pqc: Optional[pulumi.Input[_builtins.str]] = None,
+                 key_size: Optional[pulumi.Input[_builtins.int]] = None,
+                 min_decryption_version: Optional[pulumi.Input[_builtins.int]] = None,
+                 min_encryption_version: Optional[pulumi.Input[_builtins.int]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 parameter_set: Optional[pulumi.Input[_builtins.str]] = None,
+                 type: Optional[pulumi.Input[_builtins.str]] = None,
                  __props__=None):
         """
         Creates an Encryption Keyring on a Transit Secret Backend for Vault.
@@ -749,30 +748,30 @@ class SecretBackendKey(pulumi.CustomResource):
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[builtins.bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
+        :param pulumi.Input[_builtins.bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
                * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
-        :param pulumi.Input[builtins.int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
+        :param pulumi.Input[_builtins.int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
                A value of 0 disables automatic rotation for the key.
-        :param pulumi.Input[builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
-        :param pulumi.Input[builtins.bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
-        :param pulumi.Input[builtins.bool] deletion_allowed: Specifies if the key is allowed to be deleted.
-        :param pulumi.Input[builtins.bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
-        :param pulumi.Input[builtins.bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
-        :param pulumi.Input[builtins.str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
+        :param pulumi.Input[_builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
+        :param pulumi.Input[_builtins.bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
+        :param pulumi.Input[_builtins.bool] deletion_allowed: Specifies if the key is allowed to be deleted.
+        :param pulumi.Input[_builtins.bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
+        :param pulumi.Input[_builtins.bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
+        :param pulumi.Input[_builtins.str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
                Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
-        :param pulumi.Input[builtins.str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
+        :param pulumi.Input[_builtins.str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
                Currently, ML-DSA is the only supported key type.
-        :param pulumi.Input[builtins.int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
-        :param pulumi.Input[builtins.int] min_decryption_version: Minimum key version to use for decryption.
-        :param pulumi.Input[builtins.int] min_encryption_version: Minimum key version to use for encryption
-        :param pulumi.Input[builtins.str] name: The name to identify this key within the backend. Must be unique within the backend.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
+        :param pulumi.Input[_builtins.int] min_decryption_version: Minimum key version to use for decryption.
+        :param pulumi.Input[_builtins.int] min_encryption_version: Minimum key version to use for encryption
+        :param pulumi.Input[_builtins.str] name: The name to identify this key within the backend. Must be unique within the backend.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[builtins.str] parameter_set: The parameter set to use for ML-DSA. Required for
+        :param pulumi.Input[_builtins.str] parameter_set: The parameter set to use for ML-DSA. Required for
                ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
-        :param pulumi.Input[builtins.str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
+        :param pulumi.Input[_builtins.str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
                * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
         """
         ...
@@ -824,22 +823,22 @@ class SecretBackendKey(pulumi.CustomResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 allow_plaintext_backup: Optional[pulumi.Input[builtins.bool]] = None,
-                 auto_rotate_period: Optional[pulumi.Input[builtins.int]] = None,
-                 backend: Optional[pulumi.Input[builtins.str]] = None,
-                 convergent_encryption: Optional[pulumi.Input[builtins.bool]] = None,
-                 deletion_allowed: Optional[pulumi.Input[builtins.bool]] = None,
-                 derived: Optional[pulumi.Input[builtins.bool]] = None,
-                 exportable: Optional[pulumi.Input[builtins.bool]] = None,
-                 hybrid_key_type_ec: Optional[pulumi.Input[builtins.str]] = None,
-                 hybrid_key_type_pqc: Optional[pulumi.Input[builtins.str]] = None,
-                 key_size: Optional[pulumi.Input[builtins.int]] = None,
-                 min_decryption_version: Optional[pulumi.Input[builtins.int]] = None,
-                 min_encryption_version: Optional[pulumi.Input[builtins.int]] = None,
-                 name: Optional[pulumi.Input[builtins.str]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 parameter_set: Optional[pulumi.Input[builtins.str]] = None,
-                 type: Optional[pulumi.Input[builtins.str]] = None,
+                 allow_plaintext_backup: Optional[pulumi.Input[_builtins.bool]] = None,
+                 auto_rotate_period: Optional[pulumi.Input[_builtins.int]] = None,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 convergent_encryption: Optional[pulumi.Input[_builtins.bool]] = None,
+                 deletion_allowed: Optional[pulumi.Input[_builtins.bool]] = None,
+                 derived: Optional[pulumi.Input[_builtins.bool]] = None,
+                 exportable: Optional[pulumi.Input[_builtins.bool]] = None,
+                 hybrid_key_type_ec: Optional[pulumi.Input[_builtins.str]] = None,
+                 hybrid_key_type_pqc: Optional[pulumi.Input[_builtins.str]] = None,
+                 key_size: Optional[pulumi.Input[_builtins.int]] = None,
+                 min_decryption_version: Optional[pulumi.Input[_builtins.int]] = None,
+                 min_encryption_version: Optional[pulumi.Input[_builtins.int]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 parameter_set: Optional[pulumi.Input[_builtins.str]] = None,
+                 type: Optional[pulumi.Input[_builtins.str]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -884,29 +883,29 @@ class SecretBackendKey(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
-            allow_plaintext_backup: Optional[pulumi.Input[builtins.bool]] = None,
-            auto_rotate_period: Optional[pulumi.Input[builtins.int]] = None,
-            backend: Optional[pulumi.Input[builtins.str]] = None,
-            convergent_encryption: Optional[pulumi.Input[builtins.bool]] = None,
-            deletion_allowed: Optional[pulumi.Input[builtins.bool]] = None,
-            derived: Optional[pulumi.Input[builtins.bool]] = None,
-            exportable: Optional[pulumi.Input[builtins.bool]] = None,
-            hybrid_key_type_ec: Optional[pulumi.Input[builtins.str]] = None,
-            hybrid_key_type_pqc: Optional[pulumi.Input[builtins.str]] = None,
-            key_size: Optional[pulumi.Input[builtins.int]] = None,
-            keys: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]]] = None,
-            latest_version: Optional[pulumi.Input[builtins.int]] = None,
-            min_available_version: Optional[pulumi.Input[builtins.int]] = None,
-            min_decryption_version: Optional[pulumi.Input[builtins.int]] = None,
-            min_encryption_version: Optional[pulumi.Input[builtins.int]] = None,
-            name: Optional[pulumi.Input[builtins.str]] = None,
-            namespace: Optional[pulumi.Input[builtins.str]] = None,
-            parameter_set: Optional[pulumi.Input[builtins.str]] = None,
-            supports_decryption: Optional[pulumi.Input[builtins.bool]] = None,
-            supports_derivation: Optional[pulumi.Input[builtins.bool]] = None,
-            supports_encryption: Optional[pulumi.Input[builtins.bool]] = None,
-            supports_signing: Optional[pulumi.Input[builtins.bool]] = None,
-            type: Optional[pulumi.Input[builtins.str]] = None) -> 'SecretBackendKey':
+            allow_plaintext_backup: Optional[pulumi.Input[_builtins.bool]] = None,
+            auto_rotate_period: Optional[pulumi.Input[_builtins.int]] = None,
+            backend: Optional[pulumi.Input[_builtins.str]] = None,
+            convergent_encryption: Optional[pulumi.Input[_builtins.bool]] = None,
+            deletion_allowed: Optional[pulumi.Input[_builtins.bool]] = None,
+            derived: Optional[pulumi.Input[_builtins.bool]] = None,
+            exportable: Optional[pulumi.Input[_builtins.bool]] = None,
+            hybrid_key_type_ec: Optional[pulumi.Input[_builtins.str]] = None,
+            hybrid_key_type_pqc: Optional[pulumi.Input[_builtins.str]] = None,
+            key_size: Optional[pulumi.Input[_builtins.int]] = None,
+            keys: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]]] = None,
+            latest_version: Optional[pulumi.Input[_builtins.int]] = None,
+            min_available_version: Optional[pulumi.Input[_builtins.int]] = None,
+            min_decryption_version: Optional[pulumi.Input[_builtins.int]] = None,
+            min_encryption_version: Optional[pulumi.Input[_builtins.int]] = None,
+            name: Optional[pulumi.Input[_builtins.str]] = None,
+            namespace: Optional[pulumi.Input[_builtins.str]] = None,
+            parameter_set: Optional[pulumi.Input[_builtins.str]] = None,
+            supports_decryption: Optional[pulumi.Input[_builtins.bool]] = None,
+            supports_derivation: Optional[pulumi.Input[_builtins.bool]] = None,
+            supports_encryption: Optional[pulumi.Input[_builtins.bool]] = None,
+            supports_signing: Optional[pulumi.Input[_builtins.bool]] = None,
+            type: Optional[pulumi.Input[_builtins.str]] = None) -> 'SecretBackendKey':
         """
         Get an existing SecretBackendKey resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -914,39 +913,39 @@ class SecretBackendKey(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[builtins.bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
+        :param pulumi.Input[_builtins.bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
                * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
-        :param pulumi.Input[builtins.int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
+        :param pulumi.Input[_builtins.int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
                A value of 0 disables automatic rotation for the key.
-        :param pulumi.Input[builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
-        :param pulumi.Input[builtins.bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
-        :param pulumi.Input[builtins.bool] deletion_allowed: Specifies if the key is allowed to be deleted.
-        :param pulumi.Input[builtins.bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
-        :param pulumi.Input[builtins.bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
-        :param pulumi.Input[builtins.str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
+        :param pulumi.Input[_builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
+        :param pulumi.Input[_builtins.bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
+        :param pulumi.Input[_builtins.bool] deletion_allowed: Specifies if the key is allowed to be deleted.
+        :param pulumi.Input[_builtins.bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
+        :param pulumi.Input[_builtins.bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
+        :param pulumi.Input[_builtins.str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
                Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
-        :param pulumi.Input[builtins.str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
+        :param pulumi.Input[_builtins.str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
                Currently, ML-DSA is the only supported key type.
-        :param pulumi.Input[builtins.int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
-        :param pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]] keys: List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
+        :param pulumi.Input[_builtins.int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
+        :param pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]] keys: List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
                * for key types `aes128-gcm96`, `aes256-gcm96` and `chacha20-poly1305`, each key version will be a map of a single value `id` which is just a hash of the key's metadata.
                * for key types `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `rsa-2048`, `rsa-3072` and `rsa-4096`, each key version will be a map of the following:
-        :param pulumi.Input[builtins.int] latest_version: Latest key version available. This value is 1-indexed, so if `latest_version` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
-        :param pulumi.Input[builtins.int] min_available_version: Minimum key version available for use. If keys have been archived by increasing `min_decryption_version`, this attribute will reflect that change.
-        :param pulumi.Input[builtins.int] min_decryption_version: Minimum key version to use for decryption.
-        :param pulumi.Input[builtins.int] min_encryption_version: Minimum key version to use for encryption
-        :param pulumi.Input[builtins.str] name: The name to identify this key within the backend. Must be unique within the backend.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.int] latest_version: Latest key version available. This value is 1-indexed, so if `latest_version` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
+        :param pulumi.Input[_builtins.int] min_available_version: Minimum key version available for use. If keys have been archived by increasing `min_decryption_version`, this attribute will reflect that change.
+        :param pulumi.Input[_builtins.int] min_decryption_version: Minimum key version to use for decryption.
+        :param pulumi.Input[_builtins.int] min_encryption_version: Minimum key version to use for encryption
+        :param pulumi.Input[_builtins.str] name: The name to identify this key within the backend. Must be unique within the backend.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[builtins.str] parameter_set: The parameter set to use for ML-DSA. Required for
+        :param pulumi.Input[_builtins.str] parameter_set: The parameter set to use for ML-DSA. Required for
                ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
-        :param pulumi.Input[builtins.bool] supports_decryption: Whether or not the key supports decryption, based on key type.
-        :param pulumi.Input[builtins.bool] supports_derivation: Whether or not the key supports derivation, based on key type.
-        :param pulumi.Input[builtins.bool] supports_encryption: Whether or not the key supports encryption, based on key type.
-        :param pulumi.Input[builtins.bool] supports_signing: Whether or not the key supports signing, based on key type.
-        :param pulumi.Input[builtins.str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
+        :param pulumi.Input[_builtins.bool] supports_decryption: Whether or not the key supports decryption, based on key type.
+        :param pulumi.Input[_builtins.bool] supports_derivation: Whether or not the key supports derivation, based on key type.
+        :param pulumi.Input[_builtins.bool] supports_encryption: Whether or not the key supports encryption, based on key type.
+        :param pulumi.Input[_builtins.bool] supports_signing: Whether or not the key supports signing, based on key type.
+        :param pulumi.Input[_builtins.str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
                * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -978,93 +977,93 @@ class SecretBackendKey(pulumi.CustomResource):
         __props__.__dict__["type"] = type
         return SecretBackendKey(resource_name, opts=opts, __props__=__props__)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowPlaintextBackup")
-    def allow_plaintext_backup(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def allow_plaintext_backup(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
         * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
         """
         return pulumi.get(self, "allow_plaintext_backup")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="autoRotatePeriod")
-    def auto_rotate_period(self) -> pulumi.Output[builtins.int]:
+    def auto_rotate_period(self) -> pulumi.Output[_builtins.int]:
         """
         Amount of seconds the key should live before being automatically rotated.
         A value of 0 disables automatic rotation for the key.
         """
         return pulumi.get(self, "auto_rotate_period")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def backend(self) -> pulumi.Output[builtins.str]:
+    def backend(self) -> pulumi.Output[_builtins.str]:
         """
         The path the transit secret backend is mounted at, with no leading or trailing `/`s.
         """
         return pulumi.get(self, "backend")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="convergentEncryption")
-    def convergent_encryption(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def convergent_encryption(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
         """
         return pulumi.get(self, "convergent_encryption")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="deletionAllowed")
-    def deletion_allowed(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def deletion_allowed(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Specifies if the key is allowed to be deleted.
         """
         return pulumi.get(self, "deletion_allowed")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def derived(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def derived(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
         """
         return pulumi.get(self, "derived")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def exportable(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def exportable(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
         """
         return pulumi.get(self, "exportable")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="hybridKeyTypeEc")
-    def hybrid_key_type_ec(self) -> pulumi.Output[Optional[builtins.str]]:
+    def hybrid_key_type_ec(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The elliptic curve algorithm to use for hybrid signatures.
         Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
         """
         return pulumi.get(self, "hybrid_key_type_ec")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="hybridKeyTypePqc")
-    def hybrid_key_type_pqc(self) -> pulumi.Output[Optional[builtins.str]]:
+    def hybrid_key_type_pqc(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The post-quantum algorithm to use for hybrid signatures.
         Currently, ML-DSA is the only supported key type.
         """
         return pulumi.get(self, "hybrid_key_type_pqc")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="keySize")
-    def key_size(self) -> pulumi.Output[Optional[builtins.int]]:
+    def key_size(self) -> pulumi.Output[Optional[_builtins.int]]:
         """
         The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
         """
         return pulumi.get(self, "key_size")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def keys(self) -> pulumi.Output[Sequence[Mapping[str, builtins.str]]]:
+    def keys(self) -> pulumi.Output[Sequence[Mapping[str, _builtins.str]]]:
         """
         List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
         * for key types `aes128-gcm96`, `aes256-gcm96` and `chacha20-poly1305`, each key version will be a map of a single value `id` which is just a hash of the key's metadata.
@@ -1072,49 +1071,49 @@ class SecretBackendKey(pulumi.CustomResource):
         """
         return pulumi.get(self, "keys")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="latestVersion")
-    def latest_version(self) -> pulumi.Output[builtins.int]:
+    def latest_version(self) -> pulumi.Output[_builtins.int]:
         """
         Latest key version available. This value is 1-indexed, so if `latest_version` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
         """
         return pulumi.get(self, "latest_version")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="minAvailableVersion")
-    def min_available_version(self) -> pulumi.Output[builtins.int]:
+    def min_available_version(self) -> pulumi.Output[_builtins.int]:
         """
         Minimum key version available for use. If keys have been archived by increasing `min_decryption_version`, this attribute will reflect that change.
         """
         return pulumi.get(self, "min_available_version")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="minDecryptionVersion")
-    def min_decryption_version(self) -> pulumi.Output[Optional[builtins.int]]:
+    def min_decryption_version(self) -> pulumi.Output[Optional[_builtins.int]]:
         """
         Minimum key version to use for decryption.
         """
         return pulumi.get(self, "min_decryption_version")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="minEncryptionVersion")
-    def min_encryption_version(self) -> pulumi.Output[Optional[builtins.int]]:
+    def min_encryption_version(self) -> pulumi.Output[Optional[_builtins.int]]:
         """
         Minimum key version to use for encryption
         """
         return pulumi.get(self, "min_encryption_version")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def name(self) -> pulumi.Output[builtins.str]:
+    def name(self) -> pulumi.Output[_builtins.str]:
         """
         The name to identify this key within the backend. Must be unique within the backend.
         """
         return pulumi.get(self, "name")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
+    def namespace(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -1123,50 +1122,50 @@ class SecretBackendKey(pulumi.CustomResource):
         """
         return pulumi.get(self, "namespace")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="parameterSet")
-    def parameter_set(self) -> pulumi.Output[Optional[builtins.str]]:
+    def parameter_set(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The parameter set to use for ML-DSA. Required for
         ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
         """
         return pulumi.get(self, "parameter_set")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="supportsDecryption")
-    def supports_decryption(self) -> pulumi.Output[builtins.bool]:
+    def supports_decryption(self) -> pulumi.Output[_builtins.bool]:
         """
         Whether or not the key supports decryption, based on key type.
         """
         return pulumi.get(self, "supports_decryption")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="supportsDerivation")
-    def supports_derivation(self) -> pulumi.Output[builtins.bool]:
+    def supports_derivation(self) -> pulumi.Output[_builtins.bool]:
         """
         Whether or not the key supports derivation, based on key type.
         """
         return pulumi.get(self, "supports_derivation")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="supportsEncryption")
-    def supports_encryption(self) -> pulumi.Output[builtins.bool]:
+    def supports_encryption(self) -> pulumi.Output[_builtins.bool]:
         """
         Whether or not the key supports encryption, based on key type.
         """
         return pulumi.get(self, "supports_encryption")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="supportsSigning")
-    def supports_signing(self) -> pulumi.Output[builtins.bool]:
+    def supports_signing(self) -> pulumi.Output[_builtins.bool]:
         """
         Whether or not the key supports signing, based on key type.
         """
         return pulumi.get(self, "supports_signing")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def type(self) -> pulumi.Output[Optional[builtins.str]]:
+    def type(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
         * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)