pulumi-vault 7.2.0a1753339763__py3-none-any.whl → 7.2.0a1753512474__py3-none-any.whl

pulumi_vault/kubernetes/secret_backend.py

@@ -2,8 +2,7 @@
 # *** WARNING: this file was generated by pulumi-language-python. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
 
-import builtins
-import copy
+import builtins as _builtins
 import warnings
 import sys
 import pulumi
@@ -20,61 +19,61 @@ __all__ = ['SecretBackendArgs', 'SecretBackend']
 @pulumi.input_type
 class SecretBackendArgs:
     def __init__(__self__, *,
-                 path: pulumi.Input[builtins.str],
-                 allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
-                 delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 description: Optional[pulumi.Input[builtins.str]] = None,
-                 disable_local_ca_jwt: Optional[pulumi.Input[builtins.bool]] = None,
-                 external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
-                 identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
-                 kubernetes_ca_cert: Optional[pulumi.Input[builtins.str]] = None,
-                 kubernetes_host: Optional[pulumi.Input[builtins.str]] = None,
-                 listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
-                 local: Optional[pulumi.Input[builtins.bool]] = None,
-                 max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
-                 passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 plugin_version: Optional[pulumi.Input[builtins.str]] = None,
-                 seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
-                 service_account_jwt: Optional[pulumi.Input[builtins.str]] = None):
+                 path: pulumi.Input[_builtins.str],
+                 allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 default_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
+                 delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 description: Optional[pulumi.Input[_builtins.str]] = None,
+                 disable_local_ca_jwt: Optional[pulumi.Input[_builtins.bool]] = None,
+                 external_entropy_access: Optional[pulumi.Input[_builtins.bool]] = None,
+                 identity_token_key: Optional[pulumi.Input[_builtins.str]] = None,
+                 kubernetes_ca_cert: Optional[pulumi.Input[_builtins.str]] = None,
+                 kubernetes_host: Optional[pulumi.Input[_builtins.str]] = None,
+                 listing_visibility: Optional[pulumi.Input[_builtins.str]] = None,
+                 local: Optional[pulumi.Input[_builtins.bool]] = None,
+                 max_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 plugin_version: Optional[pulumi.Input[_builtins.str]] = None,
+                 seal_wrap: Optional[pulumi.Input[_builtins.bool]] = None,
+                 service_account_jwt: Optional[pulumi.Input[_builtins.str]] = None):
         """
         The set of arguments for constructing a SecretBackend resource.
-        :param pulumi.Input[builtins.str] path: Where the secret backend will be mounted
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
-        :param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
-        :param pulumi.Input[builtins.str] description: Human-friendly description of the mount
-        :param pulumi.Input[builtins.bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and 
+        :param pulumi.Input[_builtins.str] path: Where the secret backend will be mounted
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
+        :param pulumi.Input[_builtins.int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
+        :param pulumi.Input[_builtins.str] description: Human-friendly description of the mount
+        :param pulumi.Input[_builtins.bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and 
                service account JWT when Vault is running in a Kubernetes pod.
-        :param pulumi.Input[builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
-        :param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
-        :param pulumi.Input[builtins.str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the 
+        :param pulumi.Input[_builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
+        :param pulumi.Input[_builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
+        :param pulumi.Input[_builtins.str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the 
                secrets engine to verify the Kubernetes API server certificate. Defaults to the local
                pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where
                Vault is running.
-        :param pulumi.Input[builtins.str] kubernetes_host: The Kubernetes API URL to connect to. Required if the 
+        :param pulumi.Input[_builtins.str] kubernetes_host: The Kubernetes API URL to connect to. Required if the 
                standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
                are not set on the host that Vault is running on.
-        :param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
-        :param pulumi.Input[builtins.bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
-        :param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
+        :param pulumi.Input[_builtins.bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
+        :param pulumi.Input[_builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
-        :param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
-        :param pulumi.Input[builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
-        :param pulumi.Input[builtins.str] service_account_jwt: The JSON web token of the service account used by the
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] options: Specifies mount type specific options that are passed to the backend
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
+        :param pulumi.Input[_builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
+        :param pulumi.Input[_builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
+        :param pulumi.Input[_builtins.str] service_account_jwt: The JSON web token of the service account used by the
                secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
                is running in Kubernetes.
         """
@@ -122,105 +121,105 @@ class SecretBackendArgs:
         if service_account_jwt is not None:
             pulumi.set(__self__, "service_account_jwt", service_account_jwt)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def path(self) -> pulumi.Input[builtins.str]:
+    def path(self) -> pulumi.Input[_builtins.str]:
         """
         Where the secret backend will be mounted
         """
         return pulumi.get(self, "path")
 
     @path.setter
-    def path(self, value: pulumi.Input[builtins.str]):
+    def path(self, value: pulumi.Input[_builtins.str]):
         pulumi.set(self, "path", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedManagedKeys")
-    def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         List of managed key registry entry names that the mount in question is allowed to access
         """
         return pulumi.get(self, "allowed_managed_keys")
 
     @allowed_managed_keys.setter
-    def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "allowed_managed_keys", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedResponseHeaders")
-    def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         List of headers to allow and pass from the request to the plugin
         """
         return pulumi.get(self, "allowed_response_headers")
 
     @allowed_response_headers.setter
-    def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "allowed_response_headers", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="auditNonHmacRequestKeys")
-    def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
         """
         return pulumi.get(self, "audit_non_hmac_request_keys")
 
     @audit_non_hmac_request_keys.setter
-    def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "audit_non_hmac_request_keys", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="auditNonHmacResponseKeys")
-    def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
         """
         return pulumi.get(self, "audit_non_hmac_response_keys")
 
     @audit_non_hmac_response_keys.setter
-    def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "audit_non_hmac_response_keys", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="defaultLeaseTtlSeconds")
-    def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
+    def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         Default lease duration for tokens and secrets in seconds
         """
         return pulumi.get(self, "default_lease_ttl_seconds")
 
     @default_lease_ttl_seconds.setter
-    def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
+    def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "default_lease_ttl_seconds", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="delegatedAuthAccessors")
-    def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         List of headers to allow and pass from the request to the plugin
         """
         return pulumi.get(self, "delegated_auth_accessors")
 
     @delegated_auth_accessors.setter
-    def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "delegated_auth_accessors", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def description(self) -> Optional[pulumi.Input[builtins.str]]:
+    def description(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Human-friendly description of the mount
         """
         return pulumi.get(self, "description")
 
     @description.setter
-    def description(self, value: Optional[pulumi.Input[builtins.str]]):
+    def description(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "description", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="disableLocalCaJwt")
-    def disable_local_ca_jwt(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def disable_local_ca_jwt(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Disable defaulting to the local CA certificate and 
         service account JWT when Vault is running in a Kubernetes pod.
@@ -228,36 +227,36 @@ class SecretBackendArgs:
         return pulumi.get(self, "disable_local_ca_jwt")
 
     @disable_local_ca_jwt.setter
-    def disable_local_ca_jwt(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def disable_local_ca_jwt(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "disable_local_ca_jwt", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="externalEntropyAccess")
-    def external_entropy_access(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def external_entropy_access(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Enable the secrets engine to access Vault's external entropy source
         """
         return pulumi.get(self, "external_entropy_access")
 
     @external_entropy_access.setter
-    def external_entropy_access(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def external_entropy_access(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "external_entropy_access", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="identityTokenKey")
-    def identity_token_key(self) -> Optional[pulumi.Input[builtins.str]]:
+    def identity_token_key(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The key to use for signing plugin workload identity tokens
         """
         return pulumi.get(self, "identity_token_key")
 
     @identity_token_key.setter
-    def identity_token_key(self, value: Optional[pulumi.Input[builtins.str]]):
+    def identity_token_key(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "identity_token_key", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="kubernetesCaCert")
-    def kubernetes_ca_cert(self) -> Optional[pulumi.Input[builtins.str]]:
+    def kubernetes_ca_cert(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         A PEM-encoded CA certificate used by the 
         secrets engine to verify the Kubernetes API server certificate. Defaults to the local
@@ -267,12 +266,12 @@ class SecretBackendArgs:
         return pulumi.get(self, "kubernetes_ca_cert")
 
     @kubernetes_ca_cert.setter
-    def kubernetes_ca_cert(self, value: Optional[pulumi.Input[builtins.str]]):
+    def kubernetes_ca_cert(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "kubernetes_ca_cert", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="kubernetesHost")
-    def kubernetes_host(self) -> Optional[pulumi.Input[builtins.str]]:
+    def kubernetes_host(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The Kubernetes API URL to connect to. Required if the 
         standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
@@ -281,48 +280,48 @@ class SecretBackendArgs:
         return pulumi.get(self, "kubernetes_host")
 
     @kubernetes_host.setter
-    def kubernetes_host(self, value: Optional[pulumi.Input[builtins.str]]):
+    def kubernetes_host(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "kubernetes_host", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="listingVisibility")
-    def listing_visibility(self) -> Optional[pulumi.Input[builtins.str]]:
+    def listing_visibility(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Specifies whether to show this mount in the UI-specific listing endpoint
         """
         return pulumi.get(self, "listing_visibility")
 
     @listing_visibility.setter
-    def listing_visibility(self, value: Optional[pulumi.Input[builtins.str]]):
+    def listing_visibility(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "listing_visibility", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def local(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def local(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Local mount flag that can be explicitly set to true to enforce local mount in HA environment
         """
         return pulumi.get(self, "local")
 
     @local.setter
-    def local(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def local(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "local", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="maxLeaseTtlSeconds")
-    def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
+    def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         Maximum possible lease duration for tokens and secrets in seconds
         """
         return pulumi.get(self, "max_lease_ttl_seconds")
 
     @max_lease_ttl_seconds.setter
-    def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
+    def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "max_lease_ttl_seconds", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -332,60 +331,60 @@ class SecretBackendArgs:
         return pulumi.get(self, "namespace")
 
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "namespace", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
+    def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
         """
         Specifies mount type specific options that are passed to the backend
         """
         return pulumi.get(self, "options")
 
     @options.setter
-    def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
+    def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "options", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="passthroughRequestHeaders")
-    def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         List of headers to allow and pass from the request to the plugin
         """
         return pulumi.get(self, "passthrough_request_headers")
 
     @passthrough_request_headers.setter
-    def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "passthrough_request_headers", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="pluginVersion")
-    def plugin_version(self) -> Optional[pulumi.Input[builtins.str]]:
+    def plugin_version(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
         """
         return pulumi.get(self, "plugin_version")
 
     @plugin_version.setter
-    def plugin_version(self, value: Optional[pulumi.Input[builtins.str]]):
+    def plugin_version(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "plugin_version", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="sealWrap")
-    def seal_wrap(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def seal_wrap(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
         """
         return pulumi.get(self, "seal_wrap")
 
     @seal_wrap.setter
-    def seal_wrap(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def seal_wrap(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "seal_wrap", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="serviceAccountJwt")
-    def service_account_jwt(self) -> Optional[pulumi.Input[builtins.str]]:
+    def service_account_jwt(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The JSON web token of the service account used by the
         secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
@@ -394,70 +393,70 @@ class SecretBackendArgs:
         return pulumi.get(self, "service_account_jwt")
 
     @service_account_jwt.setter
-    def service_account_jwt(self, value: Optional[pulumi.Input[builtins.str]]):
+    def service_account_jwt(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "service_account_jwt", value)
 
 
 @pulumi.input_type
 class _SecretBackendState:
     def __init__(__self__, *,
-                 accessor: Optional[pulumi.Input[builtins.str]] = None,
-                 allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
-                 delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 description: Optional[pulumi.Input[builtins.str]] = None,
-                 disable_local_ca_jwt: Optional[pulumi.Input[builtins.bool]] = None,
-                 external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
-                 identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
-                 kubernetes_ca_cert: Optional[pulumi.Input[builtins.str]] = None,
-                 kubernetes_host: Optional[pulumi.Input[builtins.str]] = None,
-                 listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
-                 local: Optional[pulumi.Input[builtins.bool]] = None,
-                 max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
-                 passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 path: Optional[pulumi.Input[builtins.str]] = None,
-                 plugin_version: Optional[pulumi.Input[builtins.str]] = None,
-                 seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
-                 service_account_jwt: Optional[pulumi.Input[builtins.str]] = None):
+                 accessor: Optional[pulumi.Input[_builtins.str]] = None,
+                 allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 default_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
+                 delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 description: Optional[pulumi.Input[_builtins.str]] = None,
+                 disable_local_ca_jwt: Optional[pulumi.Input[_builtins.bool]] = None,
+                 external_entropy_access: Optional[pulumi.Input[_builtins.bool]] = None,
+                 identity_token_key: Optional[pulumi.Input[_builtins.str]] = None,
+                 kubernetes_ca_cert: Optional[pulumi.Input[_builtins.str]] = None,
+                 kubernetes_host: Optional[pulumi.Input[_builtins.str]] = None,
+                 listing_visibility: Optional[pulumi.Input[_builtins.str]] = None,
+                 local: Optional[pulumi.Input[_builtins.bool]] = None,
+                 max_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 path: Optional[pulumi.Input[_builtins.str]] = None,
+                 plugin_version: Optional[pulumi.Input[_builtins.str]] = None,
+                 seal_wrap: Optional[pulumi.Input[_builtins.bool]] = None,
+                 service_account_jwt: Optional[pulumi.Input[_builtins.str]] = None):
         """
         Input properties used for looking up and filtering SecretBackend resources.
-        :param pulumi.Input[builtins.str] accessor: Accessor of the mount
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
-        :param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
-        :param pulumi.Input[builtins.str] description: Human-friendly description of the mount
-        :param pulumi.Input[builtins.bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and 
+        :param pulumi.Input[_builtins.str] accessor: Accessor of the mount
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
+        :param pulumi.Input[_builtins.int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
+        :param pulumi.Input[_builtins.str] description: Human-friendly description of the mount
+        :param pulumi.Input[_builtins.bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and 
                service account JWT when Vault is running in a Kubernetes pod.
-        :param pulumi.Input[builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
-        :param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
-        :param pulumi.Input[builtins.str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the 
+        :param pulumi.Input[_builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
+        :param pulumi.Input[_builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
+        :param pulumi.Input[_builtins.str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the 
                secrets engine to verify the Kubernetes API server certificate. Defaults to the local
                pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where
                Vault is running.
-        :param pulumi.Input[builtins.str] kubernetes_host: The Kubernetes API URL to connect to. Required if the 
+        :param pulumi.Input[_builtins.str] kubernetes_host: The Kubernetes API URL to connect to. Required if the 
                standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
                are not set on the host that Vault is running on.
-        :param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
-        :param pulumi.Input[builtins.bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
-        :param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
+        :param pulumi.Input[_builtins.bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
+        :param pulumi.Input[_builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
-        :param pulumi.Input[builtins.str] path: Where the secret backend will be mounted
-        :param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
-        :param pulumi.Input[builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
-        :param pulumi.Input[builtins.str] service_account_jwt: The JSON web token of the service account used by the
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] options: Specifies mount type specific options that are passed to the backend
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
+        :param pulumi.Input[_builtins.str] path: Where the secret backend will be mounted
+        :param pulumi.Input[_builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
+        :param pulumi.Input[_builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
+        :param pulumi.Input[_builtins.str] service_account_jwt: The JSON web token of the service account used by the
                secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
                is running in Kubernetes.
         """
@@ -508,105 +507,105 @@ class _SecretBackendState:
         if service_account_jwt is not None:
             pulumi.set(__self__, "service_account_jwt", service_account_jwt)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def accessor(self) -> Optional[pulumi.Input[builtins.str]]:
+    def accessor(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Accessor of the mount
         """
         return pulumi.get(self, "accessor")
 
     @accessor.setter
-    def accessor(self, value: Optional[pulumi.Input[builtins.str]]):
+    def accessor(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "accessor", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedManagedKeys")
-    def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         List of managed key registry entry names that the mount in question is allowed to access
         """
         return pulumi.get(self, "allowed_managed_keys")
 
     @allowed_managed_keys.setter
-    def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "allowed_managed_keys", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedResponseHeaders")
-    def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         List of headers to allow and pass from the request to the plugin
         """
         return pulumi.get(self, "allowed_response_headers")
 
     @allowed_response_headers.setter
-    def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "allowed_response_headers", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="auditNonHmacRequestKeys")
-    def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
         """
         return pulumi.get(self, "audit_non_hmac_request_keys")
 
     @audit_non_hmac_request_keys.setter
-    def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "audit_non_hmac_request_keys", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="auditNonHmacResponseKeys")
-    def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
         """
         return pulumi.get(self, "audit_non_hmac_response_keys")
 
     @audit_non_hmac_response_keys.setter
-    def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "audit_non_hmac_response_keys", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="defaultLeaseTtlSeconds")
-    def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
+    def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         Default lease duration for tokens and secrets in seconds
         """
         return pulumi.get(self, "default_lease_ttl_seconds")
 
     @default_lease_ttl_seconds.setter
-    def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
+    def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "default_lease_ttl_seconds", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="delegatedAuthAccessors")
-    def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         List of headers to allow and pass from the request to the plugin
         """
         return pulumi.get(self, "delegated_auth_accessors")
 
     @delegated_auth_accessors.setter
-    def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "delegated_auth_accessors", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def description(self) -> Optional[pulumi.Input[builtins.str]]:
+    def description(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Human-friendly description of the mount
         """
         return pulumi.get(self, "description")
 
     @description.setter
-    def description(self, value: Optional[pulumi.Input[builtins.str]]):
+    def description(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "description", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="disableLocalCaJwt")
-    def disable_local_ca_jwt(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def disable_local_ca_jwt(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Disable defaulting to the local CA certificate and 
         service account JWT when Vault is running in a Kubernetes pod.
@@ -614,36 +613,36 @@ class _SecretBackendState:
         return pulumi.get(self, "disable_local_ca_jwt")
 
     @disable_local_ca_jwt.setter
-    def disable_local_ca_jwt(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def disable_local_ca_jwt(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "disable_local_ca_jwt", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="externalEntropyAccess")
-    def external_entropy_access(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def external_entropy_access(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Enable the secrets engine to access Vault's external entropy source
         """
         return pulumi.get(self, "external_entropy_access")
 
     @external_entropy_access.setter
-    def external_entropy_access(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def external_entropy_access(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "external_entropy_access", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="identityTokenKey")
-    def identity_token_key(self) -> Optional[pulumi.Input[builtins.str]]:
+    def identity_token_key(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The key to use for signing plugin workload identity tokens
         """
         return pulumi.get(self, "identity_token_key")
 
     @identity_token_key.setter
-    def identity_token_key(self, value: Optional[pulumi.Input[builtins.str]]):
+    def identity_token_key(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "identity_token_key", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="kubernetesCaCert")
-    def kubernetes_ca_cert(self) -> Optional[pulumi.Input[builtins.str]]:
+    def kubernetes_ca_cert(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         A PEM-encoded CA certificate used by the 
         secrets engine to verify the Kubernetes API server certificate. Defaults to the local
@@ -653,12 +652,12 @@ class _SecretBackendState:
         return pulumi.get(self, "kubernetes_ca_cert")
 
     @kubernetes_ca_cert.setter
-    def kubernetes_ca_cert(self, value: Optional[pulumi.Input[builtins.str]]):
+    def kubernetes_ca_cert(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "kubernetes_ca_cert", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="kubernetesHost")
-    def kubernetes_host(self) -> Optional[pulumi.Input[builtins.str]]:
+    def kubernetes_host(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The Kubernetes API URL to connect to. Required if the 
         standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
@@ -667,48 +666,48 @@ class _SecretBackendState:
         return pulumi.get(self, "kubernetes_host")
 
     @kubernetes_host.setter
-    def kubernetes_host(self, value: Optional[pulumi.Input[builtins.str]]):
+    def kubernetes_host(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "kubernetes_host", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="listingVisibility")
-    def listing_visibility(self) -> Optional[pulumi.Input[builtins.str]]:
+    def listing_visibility(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Specifies whether to show this mount in the UI-specific listing endpoint
         """
         return pulumi.get(self, "listing_visibility")
 
     @listing_visibility.setter
-    def listing_visibility(self, value: Optional[pulumi.Input[builtins.str]]):
+    def listing_visibility(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "listing_visibility", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def local(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def local(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Local mount flag that can be explicitly set to true to enforce local mount in HA environment
         """
         return pulumi.get(self, "local")
 
     @local.setter
-    def local(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def local(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "local", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="maxLeaseTtlSeconds")
-    def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
+    def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         Maximum possible lease duration for tokens and secrets in seconds
         """
         return pulumi.get(self, "max_lease_ttl_seconds")
 
     @max_lease_ttl_seconds.setter
-    def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
+    def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "max_lease_ttl_seconds", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -718,72 +717,72 @@ class _SecretBackendState:
         return pulumi.get(self, "namespace")
 
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "namespace", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
+    def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
         """
         Specifies mount type specific options that are passed to the backend
         """
         return pulumi.get(self, "options")
 
     @options.setter
-    def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
+    def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "options", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="passthroughRequestHeaders")
-    def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         List of headers to allow and pass from the request to the plugin
         """
         return pulumi.get(self, "passthrough_request_headers")
 
     @passthrough_request_headers.setter
-    def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "passthrough_request_headers", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def path(self) -> Optional[pulumi.Input[builtins.str]]:
+    def path(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Where the secret backend will be mounted
         """
         return pulumi.get(self, "path")
 
     @path.setter
-    def path(self, value: Optional[pulumi.Input[builtins.str]]):
+    def path(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "path", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="pluginVersion")
-    def plugin_version(self) -> Optional[pulumi.Input[builtins.str]]:
+    def plugin_version(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
         """
         return pulumi.get(self, "plugin_version")
 
     @plugin_version.setter
-    def plugin_version(self, value: Optional[pulumi.Input[builtins.str]]):
+    def plugin_version(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "plugin_version", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="sealWrap")
-    def seal_wrap(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def seal_wrap(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
         """
         return pulumi.get(self, "seal_wrap")
 
     @seal_wrap.setter
-    def seal_wrap(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def seal_wrap(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "seal_wrap", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="serviceAccountJwt")
-    def service_account_jwt(self) -> Optional[pulumi.Input[builtins.str]]:
+    def service_account_jwt(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The JSON web token of the service account used by the
         secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
@@ -792,7 +791,7 @@ class _SecretBackendState:
         return pulumi.get(self, "service_account_jwt")
 
     @service_account_jwt.setter
-    def service_account_jwt(self, value: Optional[pulumi.Input[builtins.str]]):
+    def service_account_jwt(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "service_account_jwt", value)
 
 
@@ -802,28 +801,28 @@ class SecretBackend(pulumi.CustomResource):
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
-                 delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 description: Optional[pulumi.Input[builtins.str]] = None,
-                 disable_local_ca_jwt: Optional[pulumi.Input[builtins.bool]] = None,
-                 external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
-                 identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
-                 kubernetes_ca_cert: Optional[pulumi.Input[builtins.str]] = None,
-                 kubernetes_host: Optional[pulumi.Input[builtins.str]] = None,
-                 listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
-                 local: Optional[pulumi.Input[builtins.bool]] = None,
-                 max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
-                 passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 path: Optional[pulumi.Input[builtins.str]] = None,
-                 plugin_version: Optional[pulumi.Input[builtins.str]] = None,
-                 seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
-                 service_account_jwt: Optional[pulumi.Input[builtins.str]] = None,
+                 allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 default_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
+                 delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 description: Optional[pulumi.Input[_builtins.str]] = None,
+                 disable_local_ca_jwt: Optional[pulumi.Input[_builtins.bool]] = None,
+                 external_entropy_access: Optional[pulumi.Input[_builtins.bool]] = None,
+                 identity_token_key: Optional[pulumi.Input[_builtins.str]] = None,
+                 kubernetes_ca_cert: Optional[pulumi.Input[_builtins.str]] = None,
+                 kubernetes_host: Optional[pulumi.Input[_builtins.str]] = None,
+                 listing_visibility: Optional[pulumi.Input[_builtins.str]] = None,
+                 local: Optional[pulumi.Input[_builtins.bool]] = None,
+                 max_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 path: Optional[pulumi.Input[_builtins.str]] = None,
+                 plugin_version: Optional[pulumi.Input[_builtins.str]] = None,
+                 seal_wrap: Optional[pulumi.Input[_builtins.bool]] = None,
+                 service_account_jwt: Optional[pulumi.Input[_builtins.str]] = None,
                  __props__=None):
         """
         ## Example Usage
@@ -854,37 +853,37 @@ class SecretBackend(pulumi.CustomResource):
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
-        :param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
-        :param pulumi.Input[builtins.str] description: Human-friendly description of the mount
-        :param pulumi.Input[builtins.bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and 
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
+        :param pulumi.Input[_builtins.int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
+        :param pulumi.Input[_builtins.str] description: Human-friendly description of the mount
+        :param pulumi.Input[_builtins.bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and 
                service account JWT when Vault is running in a Kubernetes pod.
-        :param pulumi.Input[builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
-        :param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
-        :param pulumi.Input[builtins.str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the 
+        :param pulumi.Input[_builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
+        :param pulumi.Input[_builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
+        :param pulumi.Input[_builtins.str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the 
                secrets engine to verify the Kubernetes API server certificate. Defaults to the local
                pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where
                Vault is running.
-        :param pulumi.Input[builtins.str] kubernetes_host: The Kubernetes API URL to connect to. Required if the 
+        :param pulumi.Input[_builtins.str] kubernetes_host: The Kubernetes API URL to connect to. Required if the 
                standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
                are not set on the host that Vault is running on.
-        :param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
-        :param pulumi.Input[builtins.bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
-        :param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
+        :param pulumi.Input[_builtins.bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
+        :param pulumi.Input[_builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
-        :param pulumi.Input[builtins.str] path: Where the secret backend will be mounted
-        :param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
-        :param pulumi.Input[builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
-        :param pulumi.Input[builtins.str] service_account_jwt: The JSON web token of the service account used by the
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] options: Specifies mount type specific options that are passed to the backend
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
+        :param pulumi.Input[_builtins.str] path: Where the secret backend will be mounted
+        :param pulumi.Input[_builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
+        :param pulumi.Input[_builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
+        :param pulumi.Input[_builtins.str] service_account_jwt: The JSON web token of the service account used by the
                secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
                is running in Kubernetes.
         """
@@ -936,28 +935,28 @@ class SecretBackend(pulumi.CustomResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
-                 delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 description: Optional[pulumi.Input[builtins.str]] = None,
-                 disable_local_ca_jwt: Optional[pulumi.Input[builtins.bool]] = None,
-                 external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
-                 identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
-                 kubernetes_ca_cert: Optional[pulumi.Input[builtins.str]] = None,
-                 kubernetes_host: Optional[pulumi.Input[builtins.str]] = None,
-                 listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
-                 local: Optional[pulumi.Input[builtins.bool]] = None,
-                 max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
-                 passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 path: Optional[pulumi.Input[builtins.str]] = None,
-                 plugin_version: Optional[pulumi.Input[builtins.str]] = None,
-                 seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
-                 service_account_jwt: Optional[pulumi.Input[builtins.str]] = None,
+                 allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 default_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
+                 delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 description: Optional[pulumi.Input[_builtins.str]] = None,
+                 disable_local_ca_jwt: Optional[pulumi.Input[_builtins.bool]] = None,
+                 external_entropy_access: Optional[pulumi.Input[_builtins.bool]] = None,
+                 identity_token_key: Optional[pulumi.Input[_builtins.str]] = None,
+                 kubernetes_ca_cert: Optional[pulumi.Input[_builtins.str]] = None,
+                 kubernetes_host: Optional[pulumi.Input[_builtins.str]] = None,
+                 listing_visibility: Optional[pulumi.Input[_builtins.str]] = None,
+                 local: Optional[pulumi.Input[_builtins.bool]] = None,
+                 max_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 path: Optional[pulumi.Input[_builtins.str]] = None,
+                 plugin_version: Optional[pulumi.Input[_builtins.str]] = None,
+                 seal_wrap: Optional[pulumi.Input[_builtins.bool]] = None,
+                 service_account_jwt: Optional[pulumi.Input[_builtins.str]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -1004,29 +1003,29 @@ class SecretBackend(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
-            accessor: Optional[pulumi.Input[builtins.str]] = None,
-            allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
-            delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            description: Optional[pulumi.Input[builtins.str]] = None,
-            disable_local_ca_jwt: Optional[pulumi.Input[builtins.bool]] = None,
-            external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
-            identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
-            kubernetes_ca_cert: Optional[pulumi.Input[builtins.str]] = None,
-            kubernetes_host: Optional[pulumi.Input[builtins.str]] = None,
-            listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
-            local: Optional[pulumi.Input[builtins.bool]] = None,
-            max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
-            namespace: Optional[pulumi.Input[builtins.str]] = None,
-            options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
-            passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            path: Optional[pulumi.Input[builtins.str]] = None,
-            plugin_version: Optional[pulumi.Input[builtins.str]] = None,
-            seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
-            service_account_jwt: Optional[pulumi.Input[builtins.str]] = None) -> 'SecretBackend':
+            accessor: Optional[pulumi.Input[_builtins.str]] = None,
+            allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            default_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
+            delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            description: Optional[pulumi.Input[_builtins.str]] = None,
+            disable_local_ca_jwt: Optional[pulumi.Input[_builtins.bool]] = None,
+            external_entropy_access: Optional[pulumi.Input[_builtins.bool]] = None,
+            identity_token_key: Optional[pulumi.Input[_builtins.str]] = None,
+            kubernetes_ca_cert: Optional[pulumi.Input[_builtins.str]] = None,
+            kubernetes_host: Optional[pulumi.Input[_builtins.str]] = None,
+            listing_visibility: Optional[pulumi.Input[_builtins.str]] = None,
+            local: Optional[pulumi.Input[_builtins.bool]] = None,
+            max_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
+            namespace: Optional[pulumi.Input[_builtins.str]] = None,
+            options: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+            passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            path: Optional[pulumi.Input[_builtins.str]] = None,
+            plugin_version: Optional[pulumi.Input[_builtins.str]] = None,
+            seal_wrap: Optional[pulumi.Input[_builtins.bool]] = None,
+            service_account_jwt: Optional[pulumi.Input[_builtins.str]] = None) -> 'SecretBackend':
         """
         Get an existing SecretBackend resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -1034,38 +1033,38 @@ class SecretBackend(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[builtins.str] accessor: Accessor of the mount
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
-        :param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
-        :param pulumi.Input[builtins.str] description: Human-friendly description of the mount
-        :param pulumi.Input[builtins.bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and 
+        :param pulumi.Input[_builtins.str] accessor: Accessor of the mount
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
+        :param pulumi.Input[_builtins.int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
+        :param pulumi.Input[_builtins.str] description: Human-friendly description of the mount
+        :param pulumi.Input[_builtins.bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and 
                service account JWT when Vault is running in a Kubernetes pod.
-        :param pulumi.Input[builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
-        :param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
-        :param pulumi.Input[builtins.str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the 
+        :param pulumi.Input[_builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
+        :param pulumi.Input[_builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
+        :param pulumi.Input[_builtins.str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the 
                secrets engine to verify the Kubernetes API server certificate. Defaults to the local
                pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where
                Vault is running.
-        :param pulumi.Input[builtins.str] kubernetes_host: The Kubernetes API URL to connect to. Required if the 
+        :param pulumi.Input[_builtins.str] kubernetes_host: The Kubernetes API URL to connect to. Required if the 
                standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
                are not set on the host that Vault is running on.
-        :param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
-        :param pulumi.Input[builtins.bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
-        :param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
+        :param pulumi.Input[_builtins.bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
+        :param pulumi.Input[_builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
-        :param pulumi.Input[builtins.str] path: Where the secret backend will be mounted
-        :param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
-        :param pulumi.Input[builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
-        :param pulumi.Input[builtins.str] service_account_jwt: The JSON web token of the service account used by the
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] options: Specifies mount type specific options that are passed to the backend
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
+        :param pulumi.Input[_builtins.str] path: Where the secret backend will be mounted
+        :param pulumi.Input[_builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
+        :param pulumi.Input[_builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
+        :param pulumi.Input[_builtins.str] service_account_jwt: The JSON web token of the service account used by the
                secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
                is running in Kubernetes.
         """
@@ -1098,98 +1097,98 @@ class SecretBackend(pulumi.CustomResource):
         __props__.__dict__["service_account_jwt"] = service_account_jwt
         return SecretBackend(resource_name, opts=opts, __props__=__props__)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def accessor(self) -> pulumi.Output[builtins.str]:
+    def accessor(self) -> pulumi.Output[_builtins.str]:
         """
         Accessor of the mount
         """
         return pulumi.get(self, "accessor")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedManagedKeys")
-    def allowed_managed_keys(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def allowed_managed_keys(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         List of managed key registry entry names that the mount in question is allowed to access
         """
         return pulumi.get(self, "allowed_managed_keys")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedResponseHeaders")
-    def allowed_response_headers(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def allowed_response_headers(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         List of headers to allow and pass from the request to the plugin
         """
         return pulumi.get(self, "allowed_response_headers")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="auditNonHmacRequestKeys")
-    def audit_non_hmac_request_keys(self) -> pulumi.Output[Sequence[builtins.str]]:
+    def audit_non_hmac_request_keys(self) -> pulumi.Output[Sequence[_builtins.str]]:
         """
         Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
         """
         return pulumi.get(self, "audit_non_hmac_request_keys")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="auditNonHmacResponseKeys")
-    def audit_non_hmac_response_keys(self) -> pulumi.Output[Sequence[builtins.str]]:
+    def audit_non_hmac_response_keys(self) -> pulumi.Output[Sequence[_builtins.str]]:
         """
         Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
         """
         return pulumi.get(self, "audit_non_hmac_response_keys")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="defaultLeaseTtlSeconds")
-    def default_lease_ttl_seconds(self) -> pulumi.Output[builtins.int]:
+    def default_lease_ttl_seconds(self) -> pulumi.Output[_builtins.int]:
         """
         Default lease duration for tokens and secrets in seconds
         """
         return pulumi.get(self, "default_lease_ttl_seconds")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="delegatedAuthAccessors")
-    def delegated_auth_accessors(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def delegated_auth_accessors(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         List of headers to allow and pass from the request to the plugin
         """
         return pulumi.get(self, "delegated_auth_accessors")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def description(self) -> pulumi.Output[Optional[builtins.str]]:
+    def description(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         Human-friendly description of the mount
         """
         return pulumi.get(self, "description")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="disableLocalCaJwt")
-    def disable_local_ca_jwt(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def disable_local_ca_jwt(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Disable defaulting to the local CA certificate and 
         service account JWT when Vault is running in a Kubernetes pod.
         """
         return pulumi.get(self, "disable_local_ca_jwt")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="externalEntropyAccess")
-    def external_entropy_access(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def external_entropy_access(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Enable the secrets engine to access Vault's external entropy source
         """
         return pulumi.get(self, "external_entropy_access")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="identityTokenKey")
-    def identity_token_key(self) -> pulumi.Output[Optional[builtins.str]]:
+    def identity_token_key(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The key to use for signing plugin workload identity tokens
         """
         return pulumi.get(self, "identity_token_key")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="kubernetesCaCert")
-    def kubernetes_ca_cert(self) -> pulumi.Output[Optional[builtins.str]]:
+    def kubernetes_ca_cert(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         A PEM-encoded CA certificate used by the 
         secrets engine to verify the Kubernetes API server certificate. Defaults to the local
@@ -1198,9 +1197,9 @@ class SecretBackend(pulumi.CustomResource):
         """
         return pulumi.get(self, "kubernetes_ca_cert")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="kubernetesHost")
-    def kubernetes_host(self) -> pulumi.Output[Optional[builtins.str]]:
+    def kubernetes_host(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The Kubernetes API URL to connect to. Required if the 
         standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
@@ -1208,33 +1207,33 @@ class SecretBackend(pulumi.CustomResource):
         """
         return pulumi.get(self, "kubernetes_host")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="listingVisibility")
-    def listing_visibility(self) -> pulumi.Output[Optional[builtins.str]]:
+    def listing_visibility(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         Specifies whether to show this mount in the UI-specific listing endpoint
         """
         return pulumi.get(self, "listing_visibility")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def local(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def local(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Local mount flag that can be explicitly set to true to enforce local mount in HA environment
         """
         return pulumi.get(self, "local")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="maxLeaseTtlSeconds")
-    def max_lease_ttl_seconds(self) -> pulumi.Output[builtins.int]:
+    def max_lease_ttl_seconds(self) -> pulumi.Output[_builtins.int]:
         """
         Maximum possible lease duration for tokens and secrets in seconds
         """
         return pulumi.get(self, "max_lease_ttl_seconds")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
+    def namespace(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -1243,49 +1242,49 @@ class SecretBackend(pulumi.CustomResource):
         """
         return pulumi.get(self, "namespace")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def options(self) -> pulumi.Output[Optional[Mapping[str, builtins.str]]]:
+    def options(self) -> pulumi.Output[Optional[Mapping[str, _builtins.str]]]:
         """
         Specifies mount type specific options that are passed to the backend
         """
         return pulumi.get(self, "options")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="passthroughRequestHeaders")
-    def passthrough_request_headers(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def passthrough_request_headers(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         List of headers to allow and pass from the request to the plugin
         """
         return pulumi.get(self, "passthrough_request_headers")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def path(self) -> pulumi.Output[builtins.str]:
+    def path(self) -> pulumi.Output[_builtins.str]:
         """
         Where the secret backend will be mounted
         """
         return pulumi.get(self, "path")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="pluginVersion")
-    def plugin_version(self) -> pulumi.Output[Optional[builtins.str]]:
+    def plugin_version(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
         """
         return pulumi.get(self, "plugin_version")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="sealWrap")
-    def seal_wrap(self) -> pulumi.Output[builtins.bool]:
+    def seal_wrap(self) -> pulumi.Output[_builtins.bool]:
         """
         Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
         """
         return pulumi.get(self, "seal_wrap")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="serviceAccountJwt")
-    def service_account_jwt(self) -> pulumi.Output[Optional[builtins.str]]:
+    def service_account_jwt(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The JSON web token of the service account used by the
         secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault