PyPI - pulumi-vault - Versions diffs - 7.6.0a1764657486__py3-none-any.whl - Mend

pulumi-vault 7.6.0a1764657486__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (274) hide show

pulumi_vault/__init__.py +1399 -0
pulumi_vault/_inputs.py +2701 -0
pulumi_vault/_utilities.py +331 -0
pulumi_vault/ad/__init__.py +12 -0
pulumi_vault/ad/get_access_credentials.py +177 -0
pulumi_vault/ad/secret_backend.py +1916 -0
pulumi_vault/ad/secret_library.py +546 -0
pulumi_vault/ad/secret_role.py +499 -0
pulumi_vault/alicloud/__init__.py +9 -0
pulumi_vault/alicloud/auth_backend_role.py +866 -0
pulumi_vault/approle/__init__.py +12 -0
pulumi_vault/approle/auth_backend_login.py +571 -0
pulumi_vault/approle/auth_backend_role.py +1082 -0
pulumi_vault/approle/auth_backend_role_secret_id.py +796 -0
pulumi_vault/approle/get_auth_backend_role_id.py +169 -0
pulumi_vault/audit.py +499 -0
pulumi_vault/audit_request_header.py +277 -0
pulumi_vault/auth_backend.py +565 -0
pulumi_vault/aws/__init__.py +22 -0
pulumi_vault/aws/auth_backend_cert.py +420 -0
pulumi_vault/aws/auth_backend_client.py +1259 -0
pulumi_vault/aws/auth_backend_config_identity.py +494 -0
pulumi_vault/aws/auth_backend_identity_whitelist.py +380 -0
pulumi_vault/aws/auth_backend_login.py +1046 -0
pulumi_vault/aws/auth_backend_role.py +1961 -0
pulumi_vault/aws/auth_backend_role_tag.py +638 -0
pulumi_vault/aws/auth_backend_roletag_blacklist.py +366 -0
pulumi_vault/aws/auth_backend_sts_role.py +414 -0
pulumi_vault/aws/get_access_credentials.py +369 -0
pulumi_vault/aws/get_static_access_credentials.py +137 -0
pulumi_vault/aws/secret_backend.py +2018 -0
pulumi_vault/aws/secret_backend_role.py +1188 -0
pulumi_vault/aws/secret_backend_static_role.py +639 -0
pulumi_vault/azure/__init__.py +15 -0
pulumi_vault/azure/_inputs.py +108 -0
pulumi_vault/azure/auth_backend_config.py +1096 -0
pulumi_vault/azure/auth_backend_role.py +1176 -0
pulumi_vault/azure/backend.py +1793 -0
pulumi_vault/azure/backend_role.py +883 -0
pulumi_vault/azure/get_access_credentials.py +400 -0
pulumi_vault/azure/outputs.py +107 -0
pulumi_vault/cert_auth_backend_role.py +1539 -0
pulumi_vault/config/__init__.py +9 -0
pulumi_vault/config/__init__.pyi +164 -0
pulumi_vault/config/_inputs.py +73 -0
pulumi_vault/config/outputs.py +1225 -0
pulumi_vault/config/ui_custom_message.py +530 -0
pulumi_vault/config/vars.py +230 -0
pulumi_vault/consul/__init__.py +10 -0
pulumi_vault/consul/secret_backend.py +1517 -0
pulumi_vault/consul/secret_backend_role.py +847 -0
pulumi_vault/database/__init__.py +14 -0
pulumi_vault/database/_inputs.py +11907 -0
pulumi_vault/database/outputs.py +8496 -0
pulumi_vault/database/secret_backend_connection.py +1676 -0
pulumi_vault/database/secret_backend_role.py +840 -0
pulumi_vault/database/secret_backend_static_role.py +881 -0
pulumi_vault/database/secrets_mount.py +2160 -0
pulumi_vault/egp_policy.py +399 -0
pulumi_vault/gcp/__init__.py +17 -0
pulumi_vault/gcp/_inputs.py +441 -0
pulumi_vault/gcp/auth_backend.py +1486 -0
pulumi_vault/gcp/auth_backend_role.py +1235 -0
pulumi_vault/gcp/get_auth_backend_role.py +514 -0
pulumi_vault/gcp/outputs.py +302 -0
pulumi_vault/gcp/secret_backend.py +1807 -0
pulumi_vault/gcp/secret_impersonated_account.py +484 -0
pulumi_vault/gcp/secret_roleset.py +554 -0
pulumi_vault/gcp/secret_static_account.py +557 -0
pulumi_vault/generic/__init__.py +11 -0
pulumi_vault/generic/endpoint.py +786 -0
pulumi_vault/generic/get_secret.py +306 -0
pulumi_vault/generic/secret.py +486 -0
pulumi_vault/get_auth_backend.py +226 -0
pulumi_vault/get_auth_backends.py +170 -0
pulumi_vault/get_namespace.py +226 -0
pulumi_vault/get_namespaces.py +202 -0
pulumi_vault/get_nomad_access_token.py +210 -0
pulumi_vault/get_policy_document.py +160 -0
pulumi_vault/get_raft_autopilot_state.py +267 -0
pulumi_vault/github/__init__.py +13 -0
pulumi_vault/github/_inputs.py +225 -0
pulumi_vault/github/auth_backend.py +1194 -0
pulumi_vault/github/outputs.py +174 -0
pulumi_vault/github/team.py +380 -0
pulumi_vault/github/user.py +380 -0
pulumi_vault/identity/__init__.py +35 -0
pulumi_vault/identity/entity.py +447 -0
pulumi_vault/identity/entity_alias.py +398 -0
pulumi_vault/identity/entity_policies.py +455 -0
pulumi_vault/identity/get_entity.py +384 -0
pulumi_vault/identity/get_group.py +467 -0
pulumi_vault/identity/get_oidc_client_creds.py +175 -0
pulumi_vault/identity/get_oidc_openid_config.py +334 -0
pulumi_vault/identity/get_oidc_public_keys.py +179 -0
pulumi_vault/identity/group.py +805 -0
pulumi_vault/identity/group_alias.py +386 -0
pulumi_vault/identity/group_member_entity_ids.py +444 -0
pulumi_vault/identity/group_member_group_ids.py +467 -0
pulumi_vault/identity/group_policies.py +471 -0
pulumi_vault/identity/mfa_duo.py +674 -0
pulumi_vault/identity/mfa_login_enforcement.py +566 -0
pulumi_vault/identity/mfa_okta.py +626 -0
pulumi_vault/identity/mfa_pingid.py +616 -0
pulumi_vault/identity/mfa_totp.py +758 -0
pulumi_vault/identity/oidc.py +268 -0
pulumi_vault/identity/oidc_assignment.py +375 -0
pulumi_vault/identity/oidc_client.py +667 -0
pulumi_vault/identity/oidc_key.py +474 -0
pulumi_vault/identity/oidc_key_allowed_client_id.py +298 -0
pulumi_vault/identity/oidc_provider.py +550 -0
pulumi_vault/identity/oidc_role.py +543 -0
pulumi_vault/identity/oidc_scope.py +355 -0
pulumi_vault/identity/outputs.py +137 -0
pulumi_vault/jwt/__init__.py +12 -0
pulumi_vault/jwt/_inputs.py +225 -0
pulumi_vault/jwt/auth_backend.py +1347 -0
pulumi_vault/jwt/auth_backend_role.py +1847 -0
pulumi_vault/jwt/outputs.py +174 -0
pulumi_vault/kmip/__init__.py +11 -0
pulumi_vault/kmip/secret_backend.py +1591 -0
pulumi_vault/kmip/secret_role.py +1194 -0
pulumi_vault/kmip/secret_scope.py +372 -0
pulumi_vault/kubernetes/__init__.py +15 -0
pulumi_vault/kubernetes/auth_backend_config.py +654 -0
pulumi_vault/kubernetes/auth_backend_role.py +1031 -0
pulumi_vault/kubernetes/get_auth_backend_config.py +280 -0
pulumi_vault/kubernetes/get_auth_backend_role.py +470 -0
pulumi_vault/kubernetes/get_service_account_token.py +344 -0
pulumi_vault/kubernetes/secret_backend.py +1341 -0
pulumi_vault/kubernetes/secret_backend_role.py +1140 -0
pulumi_vault/kv/__init__.py +18 -0
pulumi_vault/kv/_inputs.py +124 -0
pulumi_vault/kv/get_secret.py +240 -0
pulumi_vault/kv/get_secret_subkeys_v2.py +275 -0
pulumi_vault/kv/get_secret_v2.py +315 -0
pulumi_vault/kv/get_secrets_list.py +186 -0
pulumi_vault/kv/get_secrets_list_v2.py +243 -0
pulumi_vault/kv/outputs.py +102 -0
pulumi_vault/kv/secret.py +397 -0
pulumi_vault/kv/secret_backend_v2.py +455 -0
pulumi_vault/kv/secret_v2.py +970 -0
pulumi_vault/ldap/__init__.py +19 -0
pulumi_vault/ldap/_inputs.py +225 -0
pulumi_vault/ldap/auth_backend.py +2520 -0
pulumi_vault/ldap/auth_backend_group.py +386 -0
pulumi_vault/ldap/auth_backend_user.py +439 -0
pulumi_vault/ldap/get_dynamic_credentials.py +181 -0
pulumi_vault/ldap/get_static_credentials.py +192 -0
pulumi_vault/ldap/outputs.py +174 -0
pulumi_vault/ldap/secret_backend.py +2207 -0
pulumi_vault/ldap/secret_backend_dynamic_role.py +767 -0
pulumi_vault/ldap/secret_backend_library_set.py +552 -0
pulumi_vault/ldap/secret_backend_static_role.py +541 -0
pulumi_vault/managed/__init__.py +11 -0
pulumi_vault/managed/_inputs.py +944 -0
pulumi_vault/managed/keys.py +398 -0
pulumi_vault/managed/outputs.py +667 -0
pulumi_vault/mfa_duo.py +589 -0
pulumi_vault/mfa_okta.py +623 -0
pulumi_vault/mfa_pingid.py +670 -0
pulumi_vault/mfa_totp.py +620 -0
pulumi_vault/mongodbatlas/__init__.py +10 -0
pulumi_vault/mongodbatlas/secret_backend.py +388 -0
pulumi_vault/mongodbatlas/secret_role.py +726 -0
pulumi_vault/mount.py +1262 -0
pulumi_vault/namespace.py +452 -0
pulumi_vault/nomad_secret_backend.py +1559 -0
pulumi_vault/nomad_secret_role.py +489 -0
pulumi_vault/oci_auth_backend.py +676 -0
pulumi_vault/oci_auth_backend_role.py +852 -0
pulumi_vault/okta/__init__.py +13 -0
pulumi_vault/okta/_inputs.py +320 -0
pulumi_vault/okta/auth_backend.py +1231 -0
pulumi_vault/okta/auth_backend_group.py +369 -0
pulumi_vault/okta/auth_backend_user.py +416 -0
pulumi_vault/okta/outputs.py +244 -0
pulumi_vault/outputs.py +502 -0
pulumi_vault/pkisecret/__init__.py +38 -0
pulumi_vault/pkisecret/_inputs.py +270 -0
pulumi_vault/pkisecret/backend_acme_eab.py +550 -0
pulumi_vault/pkisecret/backend_config_acme.py +690 -0
pulumi_vault/pkisecret/backend_config_auto_tidy.py +1370 -0
pulumi_vault/pkisecret/backend_config_cluster.py +370 -0
pulumi_vault/pkisecret/backend_config_cmpv2.py +693 -0
pulumi_vault/pkisecret/backend_config_est.py +756 -0
pulumi_vault/pkisecret/backend_config_scep.py +738 -0
pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
pulumi_vault/pkisecret/get_backend_config_cmpv2.py +226 -0
pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
pulumi_vault/pkisecret/get_backend_config_scep.py +271 -0
pulumi_vault/pkisecret/get_backend_issuer.py +395 -0
pulumi_vault/pkisecret/get_backend_issuers.py +192 -0
pulumi_vault/pkisecret/get_backend_key.py +211 -0
pulumi_vault/pkisecret/get_backend_keys.py +192 -0
pulumi_vault/pkisecret/outputs.py +270 -0
pulumi_vault/pkisecret/secret_backend_cert.py +1315 -0
pulumi_vault/pkisecret/secret_backend_config_ca.py +386 -0
pulumi_vault/pkisecret/secret_backend_config_issuers.py +392 -0
pulumi_vault/pkisecret/secret_backend_config_urls.py +462 -0
pulumi_vault/pkisecret/secret_backend_crl_config.py +846 -0
pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +1629 -0
pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +444 -0
pulumi_vault/pkisecret/secret_backend_issuer.py +1089 -0
pulumi_vault/pkisecret/secret_backend_key.py +613 -0
pulumi_vault/pkisecret/secret_backend_role.py +2694 -0
pulumi_vault/pkisecret/secret_backend_root_cert.py +2134 -0
pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +2031 -0
pulumi_vault/pkisecret/secret_backend_sign.py +1194 -0
pulumi_vault/plugin.py +596 -0
pulumi_vault/plugin_pinned_version.py +299 -0
pulumi_vault/policy.py +279 -0
pulumi_vault/provider.py +781 -0
pulumi_vault/pulumi-plugin.json +5 -0
pulumi_vault/py.typed +0 -0
pulumi_vault/quota_lease_count.py +504 -0
pulumi_vault/quota_rate_limit.py +751 -0
pulumi_vault/rabbitmq/__init__.py +12 -0
pulumi_vault/rabbitmq/_inputs.py +235 -0
pulumi_vault/rabbitmq/outputs.py +144 -0
pulumi_vault/rabbitmq/secret_backend.py +1437 -0
pulumi_vault/rabbitmq/secret_backend_role.py +496 -0
pulumi_vault/raft_autopilot.py +609 -0
pulumi_vault/raft_snapshot_agent_config.py +1591 -0
pulumi_vault/rgp_policy.py +349 -0
pulumi_vault/saml/__init__.py +12 -0
pulumi_vault/saml/_inputs.py +225 -0
pulumi_vault/saml/auth_backend.py +811 -0
pulumi_vault/saml/auth_backend_role.py +1068 -0
pulumi_vault/saml/outputs.py +174 -0
pulumi_vault/scep_auth_backend_role.py +908 -0
pulumi_vault/secrets/__init__.py +18 -0
pulumi_vault/secrets/_inputs.py +110 -0
pulumi_vault/secrets/outputs.py +94 -0
pulumi_vault/secrets/sync_association.py +450 -0
pulumi_vault/secrets/sync_aws_destination.py +780 -0
pulumi_vault/secrets/sync_azure_destination.py +736 -0
pulumi_vault/secrets/sync_config.py +303 -0
pulumi_vault/secrets/sync_gcp_destination.py +572 -0
pulumi_vault/secrets/sync_gh_destination.py +688 -0
pulumi_vault/secrets/sync_github_apps.py +376 -0
pulumi_vault/secrets/sync_vercel_destination.py +603 -0
pulumi_vault/ssh/__init__.py +13 -0
pulumi_vault/ssh/_inputs.py +76 -0
pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
pulumi_vault/ssh/outputs.py +51 -0
pulumi_vault/ssh/secret_backend_ca.py +588 -0
pulumi_vault/ssh/secret_backend_role.py +1493 -0
pulumi_vault/terraformcloud/__init__.py +11 -0
pulumi_vault/terraformcloud/secret_backend.py +1321 -0
pulumi_vault/terraformcloud/secret_creds.py +445 -0
pulumi_vault/terraformcloud/secret_role.py +563 -0
pulumi_vault/token.py +1026 -0
pulumi_vault/tokenauth/__init__.py +9 -0
pulumi_vault/tokenauth/auth_backend_role.py +1135 -0
pulumi_vault/transform/__init__.py +14 -0
pulumi_vault/transform/alphabet.py +348 -0
pulumi_vault/transform/get_decode.py +287 -0
pulumi_vault/transform/get_encode.py +291 -0
pulumi_vault/transform/role.py +350 -0
pulumi_vault/transform/template.py +592 -0
pulumi_vault/transform/transformation.py +608 -0
pulumi_vault/transit/__init__.py +15 -0
pulumi_vault/transit/get_cmac.py +256 -0
pulumi_vault/transit/get_decrypt.py +181 -0
pulumi_vault/transit/get_encrypt.py +174 -0
pulumi_vault/transit/get_sign.py +328 -0
pulumi_vault/transit/get_verify.py +373 -0
pulumi_vault/transit/secret_backend_key.py +1202 -0
pulumi_vault/transit/secret_cache_config.py +302 -0
pulumi_vault-7.6.0a1764657486.dist-info/METADATA +92 -0
pulumi_vault-7.6.0a1764657486.dist-info/RECORD +274 -0
pulumi_vault-7.6.0a1764657486.dist-info/WHEEL +5 -0
pulumi_vault-7.6.0a1764657486.dist-info/top_level.txt +1 -0

pulumi_vault/approle/auth_backend_role_secret_id.py ADDED Viewed

@@ -0,0 +1,796 @@
+# coding=utf-8
+# *** WARNING: this file was generated by pulumi-language-python. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+import builtins as _builtins
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from .. import _utilities
+__all__ = ['AuthBackendRoleSecretIdArgs', 'AuthBackendRoleSecretId']
+@pulumi.input_type
+class AuthBackendRoleSecretIdArgs:
+    def __init__(__self__, *,
+                 role_name: pulumi.Input[_builtins.str],
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 cidr_lists: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 metadata: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 num_uses: Optional[pulumi.Input[_builtins.int]] = None,
+                 secret_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 ttl: Optional[pulumi.Input[_builtins.int]] = None,
+                 with_wrapped_accessor: Optional[pulumi.Input[_builtins.bool]] = None,
+                 wrapping_ttl: Optional[pulumi.Input[_builtins.str]] = None):
+        """
+        The set of arguments for constructing a AuthBackendRoleSecretId resource.
+        :param pulumi.Input[_builtins.str] role_name: The name of the role to create the SecretID for.
+        :param pulumi.Input[_builtins.str] backend: Unique name of the auth backend to configure.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] cidr_lists: If set, specifies blocks of IP addresses which can
+               perform the login operation using this SecretID.
+        :param pulumi.Input[_builtins.str] metadata: A JSON-encoded string containing metadata in
+               key-value pairs to be set on tokens issued with this SecretID.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+               *Available only for Vault Enterprise*.
+        :param pulumi.Input[_builtins.int] num_uses: The number of uses for the secret-id.
+        :param pulumi.Input[_builtins.str] secret_id: The SecretID to be created. If set, uses "Push"
+               mode.  Defaults to Vault auto-generating SecretIDs.
+        :param pulumi.Input[_builtins.int] ttl: The TTL duration of the SecretID.
+        :param pulumi.Input[_builtins.bool] with_wrapped_accessor: Set to `true` to use the wrapped secret-id accessor as the resource ID.
+               If `false` (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or
+               invalidated through unwrapping.
+        :param pulumi.Input[_builtins.str] wrapping_ttl: If set, the SecretID response will be
+               [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping)
+               and available for the duration specified. Only a single unwrapping of the
+               token is allowed.
+        """
+        pulumi.set(__self__, "role_name", role_name)
+        if backend is not None:
+            pulumi.set(__self__, "backend", backend)
+        if cidr_lists is not None:
+            pulumi.set(__self__, "cidr_lists", cidr_lists)
+        if metadata is not None:
+            pulumi.set(__self__, "metadata", metadata)
+        if namespace is not None:
+            pulumi.set(__self__, "namespace", namespace)
+        if num_uses is not None:
+            pulumi.set(__self__, "num_uses", num_uses)
+        if secret_id is not None:
+            pulumi.set(__self__, "secret_id", secret_id)
+        if ttl is not None:
+            pulumi.set(__self__, "ttl", ttl)
+        if with_wrapped_accessor is not None:
+            pulumi.set(__self__, "with_wrapped_accessor", with_wrapped_accessor)
+        if wrapping_ttl is not None:
+            pulumi.set(__self__, "wrapping_ttl", wrapping_ttl)
+    @_builtins.property
+    @pulumi.getter(name="roleName")
+    def role_name(self) -> pulumi.Input[_builtins.str]:
+        """
+        The name of the role to create the SecretID for.
+        """
+        return pulumi.get(self, "role_name")
+    @role_name.setter
+    def role_name(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "role_name", value)
+    @_builtins.property
+    @pulumi.getter
+    def backend(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Unique name of the auth backend to configure.
+        """
+        return pulumi.get(self, "backend")
+    @backend.setter
+    def backend(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "backend", value)
+    @_builtins.property
+    @pulumi.getter(name="cidrLists")
+    def cidr_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
+        """
+        If set, specifies blocks of IP addresses which can
+        perform the login operation using this SecretID.
+        """
+        return pulumi.get(self, "cidr_lists")
+    @cidr_lists.setter
+    def cidr_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "cidr_lists", value)
+    @_builtins.property
+    @pulumi.getter
+    def metadata(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        A JSON-encoded string containing metadata in
+        key-value pairs to be set on tokens issued with this SecretID.
+        """
+        return pulumi.get(self, "metadata")
+    @metadata.setter
+    def metadata(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "metadata", value)
+    @_builtins.property
+    @pulumi.getter
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The namespace to provision the resource in.
+        The value should not contain leading or trailing forward slashes.
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "namespace")
+    @namespace.setter
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "namespace", value)
+    @_builtins.property
+    @pulumi.getter(name="numUses")
+    def num_uses(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        The number of uses for the secret-id.
+        """
+        return pulumi.get(self, "num_uses")
+    @num_uses.setter
+    def num_uses(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "num_uses", value)
+    @_builtins.property
+    @pulumi.getter(name="secretId")
+    def secret_id(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The SecretID to be created. If set, uses "Push"
+        mode.  Defaults to Vault auto-generating SecretIDs.
+        """
+        return pulumi.get(self, "secret_id")
+    @secret_id.setter
+    def secret_id(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "secret_id", value)
+    @_builtins.property
+    @pulumi.getter
+    def ttl(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        The TTL duration of the SecretID.
+        """
+        return pulumi.get(self, "ttl")
+    @ttl.setter
+    def ttl(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "ttl", value)
+    @_builtins.property
+    @pulumi.getter(name="withWrappedAccessor")
+    def with_wrapped_accessor(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Set to `true` to use the wrapped secret-id accessor as the resource ID.
+        If `false` (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or
+        invalidated through unwrapping.
+        """
+        return pulumi.get(self, "with_wrapped_accessor")
+    @with_wrapped_accessor.setter
+    def with_wrapped_accessor(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "with_wrapped_accessor", value)
+    @_builtins.property
+    @pulumi.getter(name="wrappingTtl")
+    def wrapping_ttl(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        If set, the SecretID response will be
+        [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping)
+        and available for the duration specified. Only a single unwrapping of the
+        token is allowed.
+        """
+        return pulumi.get(self, "wrapping_ttl")
+    @wrapping_ttl.setter
+    def wrapping_ttl(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "wrapping_ttl", value)
+@pulumi.input_type
+class _AuthBackendRoleSecretIdState:
+    def __init__(__self__, *,
+                 accessor: Optional[pulumi.Input[_builtins.str]] = None,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 cidr_lists: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 metadata: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 num_uses: Optional[pulumi.Input[_builtins.int]] = None,
+                 role_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 secret_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 ttl: Optional[pulumi.Input[_builtins.int]] = None,
+                 with_wrapped_accessor: Optional[pulumi.Input[_builtins.bool]] = None,
+                 wrapping_accessor: Optional[pulumi.Input[_builtins.str]] = None,
+                 wrapping_token: Optional[pulumi.Input[_builtins.str]] = None,
+                 wrapping_ttl: Optional[pulumi.Input[_builtins.str]] = None):
+        """
+        Input properties used for looking up and filtering AuthBackendRoleSecretId resources.
+        :param pulumi.Input[_builtins.str] accessor: The unique ID for this SecretID that can be safely logged.
+        :param pulumi.Input[_builtins.str] backend: Unique name of the auth backend to configure.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] cidr_lists: If set, specifies blocks of IP addresses which can
+               perform the login operation using this SecretID.
+        :param pulumi.Input[_builtins.str] metadata: A JSON-encoded string containing metadata in
+               key-value pairs to be set on tokens issued with this SecretID.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+               *Available only for Vault Enterprise*.
+        :param pulumi.Input[_builtins.int] num_uses: The number of uses for the secret-id.
+        :param pulumi.Input[_builtins.str] role_name: The name of the role to create the SecretID for.
+        :param pulumi.Input[_builtins.str] secret_id: The SecretID to be created. If set, uses "Push"
+               mode.  Defaults to Vault auto-generating SecretIDs.
+        :param pulumi.Input[_builtins.int] ttl: The TTL duration of the SecretID.
+        :param pulumi.Input[_builtins.bool] with_wrapped_accessor: Set to `true` to use the wrapped secret-id accessor as the resource ID.
+               If `false` (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or
+               invalidated through unwrapping.
+        :param pulumi.Input[_builtins.str] wrapping_accessor: The unique ID for the response-wrapped SecretID that can
+               be safely logged.
+        :param pulumi.Input[_builtins.str] wrapping_token: The token used to retrieve a response-wrapped SecretID.
+        :param pulumi.Input[_builtins.str] wrapping_ttl: If set, the SecretID response will be
+               [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping)
+               and available for the duration specified. Only a single unwrapping of the
+               token is allowed.
+        """
+        if accessor is not None:
+            pulumi.set(__self__, "accessor", accessor)
+        if backend is not None:
+            pulumi.set(__self__, "backend", backend)
+        if cidr_lists is not None:
+            pulumi.set(__self__, "cidr_lists", cidr_lists)
+        if metadata is not None:
+            pulumi.set(__self__, "metadata", metadata)
+        if namespace is not None:
+            pulumi.set(__self__, "namespace", namespace)
+        if num_uses is not None:
+            pulumi.set(__self__, "num_uses", num_uses)
+        if role_name is not None:
+            pulumi.set(__self__, "role_name", role_name)
+        if secret_id is not None:
+            pulumi.set(__self__, "secret_id", secret_id)
+        if ttl is not None:
+            pulumi.set(__self__, "ttl", ttl)
+        if with_wrapped_accessor is not None:
+            pulumi.set(__self__, "with_wrapped_accessor", with_wrapped_accessor)
+        if wrapping_accessor is not None:
+            pulumi.set(__self__, "wrapping_accessor", wrapping_accessor)
+        if wrapping_token is not None:
+            pulumi.set(__self__, "wrapping_token", wrapping_token)
+        if wrapping_ttl is not None:
+            pulumi.set(__self__, "wrapping_ttl", wrapping_ttl)
+    @_builtins.property
+    @pulumi.getter
+    def accessor(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The unique ID for this SecretID that can be safely logged.
+        """
+        return pulumi.get(self, "accessor")
+    @accessor.setter
+    def accessor(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "accessor", value)
+    @_builtins.property
+    @pulumi.getter
+    def backend(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Unique name of the auth backend to configure.
+        """
+        return pulumi.get(self, "backend")
+    @backend.setter
+    def backend(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "backend", value)
+    @_builtins.property
+    @pulumi.getter(name="cidrLists")
+    def cidr_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
+        """
+        If set, specifies blocks of IP addresses which can
+        perform the login operation using this SecretID.
+        """
+        return pulumi.get(self, "cidr_lists")
+    @cidr_lists.setter
+    def cidr_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "cidr_lists", value)
+    @_builtins.property
+    @pulumi.getter
+    def metadata(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        A JSON-encoded string containing metadata in
+        key-value pairs to be set on tokens issued with this SecretID.
+        """
+        return pulumi.get(self, "metadata")
+    @metadata.setter
+    def metadata(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "metadata", value)
+    @_builtins.property
+    @pulumi.getter
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The namespace to provision the resource in.
+        The value should not contain leading or trailing forward slashes.
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "namespace")
+    @namespace.setter
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "namespace", value)
+    @_builtins.property
+    @pulumi.getter(name="numUses")
+    def num_uses(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        The number of uses for the secret-id.
+        """
+        return pulumi.get(self, "num_uses")
+    @num_uses.setter
+    def num_uses(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "num_uses", value)
+    @_builtins.property
+    @pulumi.getter(name="roleName")
+    def role_name(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The name of the role to create the SecretID for.
+        """
+        return pulumi.get(self, "role_name")
+    @role_name.setter
+    def role_name(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "role_name", value)
+    @_builtins.property
+    @pulumi.getter(name="secretId")
+    def secret_id(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The SecretID to be created. If set, uses "Push"
+        mode.  Defaults to Vault auto-generating SecretIDs.
+        """
+        return pulumi.get(self, "secret_id")
+    @secret_id.setter
+    def secret_id(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "secret_id", value)
+    @_builtins.property
+    @pulumi.getter
+    def ttl(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        The TTL duration of the SecretID.
+        """
+        return pulumi.get(self, "ttl")
+    @ttl.setter
+    def ttl(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "ttl", value)
+    @_builtins.property
+    @pulumi.getter(name="withWrappedAccessor")
+    def with_wrapped_accessor(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Set to `true` to use the wrapped secret-id accessor as the resource ID.
+        If `false` (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or
+        invalidated through unwrapping.
+        """
+        return pulumi.get(self, "with_wrapped_accessor")
+    @with_wrapped_accessor.setter
+    def with_wrapped_accessor(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "with_wrapped_accessor", value)
+    @_builtins.property
+    @pulumi.getter(name="wrappingAccessor")
+    def wrapping_accessor(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The unique ID for the response-wrapped SecretID that can
+        be safely logged.
+        """
+        return pulumi.get(self, "wrapping_accessor")
+    @wrapping_accessor.setter
+    def wrapping_accessor(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "wrapping_accessor", value)
+    @_builtins.property
+    @pulumi.getter(name="wrappingToken")
+    def wrapping_token(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The token used to retrieve a response-wrapped SecretID.
+        """
+        return pulumi.get(self, "wrapping_token")
+    @wrapping_token.setter
+    def wrapping_token(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "wrapping_token", value)
+    @_builtins.property
+    @pulumi.getter(name="wrappingTtl")
+    def wrapping_ttl(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        If set, the SecretID response will be
+        [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping)
+        and available for the duration specified. Only a single unwrapping of the
+        token is allowed.
+        """
+        return pulumi.get(self, "wrapping_ttl")
+    @wrapping_ttl.setter
+    def wrapping_ttl(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "wrapping_ttl", value)
+@pulumi.type_token("vault:appRole/authBackendRoleSecretId:AuthBackendRoleSecretId")
+class AuthBackendRoleSecretId(pulumi.CustomResource):
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 cidr_lists: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 metadata: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 num_uses: Optional[pulumi.Input[_builtins.int]] = None,
+                 role_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 secret_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 ttl: Optional[pulumi.Input[_builtins.int]] = None,
+                 with_wrapped_accessor: Optional[pulumi.Input[_builtins.bool]] = None,
+                 wrapping_ttl: Optional[pulumi.Input[_builtins.str]] = None,
+                 __props__=None):
+        """
+        Manages an AppRole auth backend SecretID in a Vault server. See the [Vault
+        documentation](https://www.vaultproject.io/docs/auth/approle) for more
+        information.
+        ## Example Usage
+        ```python
+        import pulumi
+        import json
+        import pulumi_vault as vault
+        approle = vault.AuthBackend("approle", type="approle")
+        example = vault.approle.AuthBackendRole("example",
+            backend=approle.path,
+            role_name="test-role",
+            token_policies=[
+                "default",
+                "dev",
+                "prod",
+            ])
+        id = vault.approle.AuthBackendRoleSecretId("id",
+            backend=approle.path,
+            role_name=example.role_name,
+            metadata=json.dumps({
+                "hello": "world",
+            }))
+        ```
+        :param str resource_name: The name of the resource.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[_builtins.str] backend: Unique name of the auth backend to configure.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] cidr_lists: If set, specifies blocks of IP addresses which can
+               perform the login operation using this SecretID.
+        :param pulumi.Input[_builtins.str] metadata: A JSON-encoded string containing metadata in
+               key-value pairs to be set on tokens issued with this SecretID.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+               *Available only for Vault Enterprise*.
+        :param pulumi.Input[_builtins.int] num_uses: The number of uses for the secret-id.
+        :param pulumi.Input[_builtins.str] role_name: The name of the role to create the SecretID for.
+        :param pulumi.Input[_builtins.str] secret_id: The SecretID to be created. If set, uses "Push"
+               mode.  Defaults to Vault auto-generating SecretIDs.
+        :param pulumi.Input[_builtins.int] ttl: The TTL duration of the SecretID.
+        :param pulumi.Input[_builtins.bool] with_wrapped_accessor: Set to `true` to use the wrapped secret-id accessor as the resource ID.
+               If `false` (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or
+               invalidated through unwrapping.
+        :param pulumi.Input[_builtins.str] wrapping_ttl: If set, the SecretID response will be
+               [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping)
+               and available for the duration specified. Only a single unwrapping of the
+               token is allowed.
+        """
+        ...
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 args: AuthBackendRoleSecretIdArgs,
+                 opts: Optional[pulumi.ResourceOptions] = None):
+        """
+        Manages an AppRole auth backend SecretID in a Vault server. See the [Vault
+        documentation](https://www.vaultproject.io/docs/auth/approle) for more
+        information.
+        ## Example Usage
+        ```python
+        import pulumi
+        import json
+        import pulumi_vault as vault
+        approle = vault.AuthBackend("approle", type="approle")
+        example = vault.approle.AuthBackendRole("example",
+            backend=approle.path,
+            role_name="test-role",
+            token_policies=[
+                "default",
+                "dev",
+                "prod",
+            ])
+        id = vault.approle.AuthBackendRoleSecretId("id",
+            backend=approle.path,
+            role_name=example.role_name,
+            metadata=json.dumps({
+                "hello": "world",
+            }))
+        ```
+        :param str resource_name: The name of the resource.
+        :param AuthBackendRoleSecretIdArgs args: The arguments to use to populate this resource's properties.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        """
+        ...
+    def __init__(__self__, resource_name: str, *args, **kwargs):
+        resource_args, opts = _utilities.get_resource_args_opts(AuthBackendRoleSecretIdArgs, pulumi.ResourceOptions, *args, **kwargs)
+        if resource_args is not None:
+            __self__._internal_init(resource_name, opts, **resource_args.__dict__)
+        else:
+            __self__._internal_init(resource_name, *args, **kwargs)
+    def _internal_init(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 cidr_lists: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 metadata: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 num_uses: Optional[pulumi.Input[_builtins.int]] = None,
+                 role_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 secret_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 ttl: Optional[pulumi.Input[_builtins.int]] = None,
+                 with_wrapped_accessor: Optional[pulumi.Input[_builtins.bool]] = None,
+                 wrapping_ttl: Optional[pulumi.Input[_builtins.str]] = None,
+                 __props__=None):
+        opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
+        if not isinstance(opts, pulumi.ResourceOptions):
+            raise TypeError('Expected resource options to be a ResourceOptions instance')
+        if opts.id is None:
+            if __props__ is not None:
+                raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
+            __props__ = AuthBackendRoleSecretIdArgs.__new__(AuthBackendRoleSecretIdArgs)
+            __props__.__dict__["backend"] = backend
+            __props__.__dict__["cidr_lists"] = cidr_lists
+            __props__.__dict__["metadata"] = metadata
+            __props__.__dict__["namespace"] = namespace
+            __props__.__dict__["num_uses"] = num_uses
+            if role_name is None and not opts.urn:
+                raise TypeError("Missing required property 'role_name'")
+            __props__.__dict__["role_name"] = role_name
+            __props__.__dict__["secret_id"] = None if secret_id is None else pulumi.Output.secret(secret_id)
+            __props__.__dict__["ttl"] = ttl
+            __props__.__dict__["with_wrapped_accessor"] = with_wrapped_accessor
+            __props__.__dict__["wrapping_ttl"] = wrapping_ttl
+            __props__.__dict__["accessor"] = None
+            __props__.__dict__["wrapping_accessor"] = None
+            __props__.__dict__["wrapping_token"] = None
+        alias_opts = pulumi.ResourceOptions(aliases=[pulumi.Alias(type_="vault:appRole/authBackendRoleSecretID:AuthBackendRoleSecretID")])
+        opts = pulumi.ResourceOptions.merge(opts, alias_opts)
+        secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["secretId", "wrappingToken"])
+        opts = pulumi.ResourceOptions.merge(opts, secret_opts)
+        super(AuthBackendRoleSecretId, __self__).__init__(
+            'vault:appRole/authBackendRoleSecretId:AuthBackendRoleSecretId',
+            resource_name,
+            __props__,
+            opts)
+    @staticmethod
+    def get(resource_name: str,
+            id: pulumi.Input[str],
+            opts: Optional[pulumi.ResourceOptions] = None,
+            accessor: Optional[pulumi.Input[_builtins.str]] = None,
+            backend: Optional[pulumi.Input[_builtins.str]] = None,
+            cidr_lists: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            metadata: Optional[pulumi.Input[_builtins.str]] = None,
+            namespace: Optional[pulumi.Input[_builtins.str]] = None,
+            num_uses: Optional[pulumi.Input[_builtins.int]] = None,
+            role_name: Optional[pulumi.Input[_builtins.str]] = None,
+            secret_id: Optional[pulumi.Input[_builtins.str]] = None,
+            ttl: Optional[pulumi.Input[_builtins.int]] = None,
+            with_wrapped_accessor: Optional[pulumi.Input[_builtins.bool]] = None,
+            wrapping_accessor: Optional[pulumi.Input[_builtins.str]] = None,
+            wrapping_token: Optional[pulumi.Input[_builtins.str]] = None,
+            wrapping_ttl: Optional[pulumi.Input[_builtins.str]] = None) -> 'AuthBackendRoleSecretId':
+        """
+        Get an existing AuthBackendRoleSecretId resource's state with the given name, id, and optional extra
+        properties used to qualify the lookup.
+        :param str resource_name: The unique name of the resulting resource.
+        :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[_builtins.str] accessor: The unique ID for this SecretID that can be safely logged.
+        :param pulumi.Input[_builtins.str] backend: Unique name of the auth backend to configure.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] cidr_lists: If set, specifies blocks of IP addresses which can
+               perform the login operation using this SecretID.
+        :param pulumi.Input[_builtins.str] metadata: A JSON-encoded string containing metadata in
+               key-value pairs to be set on tokens issued with this SecretID.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+               *Available only for Vault Enterprise*.
+        :param pulumi.Input[_builtins.int] num_uses: The number of uses for the secret-id.
+        :param pulumi.Input[_builtins.str] role_name: The name of the role to create the SecretID for.
+        :param pulumi.Input[_builtins.str] secret_id: The SecretID to be created. If set, uses "Push"
+               mode.  Defaults to Vault auto-generating SecretIDs.
+        :param pulumi.Input[_builtins.int] ttl: The TTL duration of the SecretID.
+        :param pulumi.Input[_builtins.bool] with_wrapped_accessor: Set to `true` to use the wrapped secret-id accessor as the resource ID.
+               If `false` (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or
+               invalidated through unwrapping.
+        :param pulumi.Input[_builtins.str] wrapping_accessor: The unique ID for the response-wrapped SecretID that can
+               be safely logged.
+        :param pulumi.Input[_builtins.str] wrapping_token: The token used to retrieve a response-wrapped SecretID.
+        :param pulumi.Input[_builtins.str] wrapping_ttl: If set, the SecretID response will be
+               [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping)
+               and available for the duration specified. Only a single unwrapping of the
+               token is allowed.
+        """
+        opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
+        __props__ = _AuthBackendRoleSecretIdState.__new__(_AuthBackendRoleSecretIdState)
+        __props__.__dict__["accessor"] = accessor
+        __props__.__dict__["backend"] = backend
+        __props__.__dict__["cidr_lists"] = cidr_lists
+        __props__.__dict__["metadata"] = metadata
+        __props__.__dict__["namespace"] = namespace
+        __props__.__dict__["num_uses"] = num_uses
+        __props__.__dict__["role_name"] = role_name
+        __props__.__dict__["secret_id"] = secret_id
+        __props__.__dict__["ttl"] = ttl
+        __props__.__dict__["with_wrapped_accessor"] = with_wrapped_accessor
+        __props__.__dict__["wrapping_accessor"] = wrapping_accessor
+        __props__.__dict__["wrapping_token"] = wrapping_token
+        __props__.__dict__["wrapping_ttl"] = wrapping_ttl
+        return AuthBackendRoleSecretId(resource_name, opts=opts, __props__=__props__)
+    @_builtins.property
+    @pulumi.getter
+    def accessor(self) -> pulumi.Output[_builtins.str]:
+        """
+        The unique ID for this SecretID that can be safely logged.
+        """
+        return pulumi.get(self, "accessor")
+    @_builtins.property
+    @pulumi.getter
+    def backend(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        Unique name of the auth backend to configure.
+        """
+        return pulumi.get(self, "backend")
+    @_builtins.property
+    @pulumi.getter(name="cidrLists")
+    def cidr_lists(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
+        """
+        If set, specifies blocks of IP addresses which can
+        perform the login operation using this SecretID.
+        """
+        return pulumi.get(self, "cidr_lists")
+    @_builtins.property
+    @pulumi.getter
+    def metadata(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        A JSON-encoded string containing metadata in
+        key-value pairs to be set on tokens issued with this SecretID.
+        """
+        return pulumi.get(self, "metadata")
+    @_builtins.property
+    @pulumi.getter
+    def namespace(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        The namespace to provision the resource in.
+        The value should not contain leading or trailing forward slashes.
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "namespace")
+    @_builtins.property
+    @pulumi.getter(name="numUses")
+    def num_uses(self) -> pulumi.Output[Optional[_builtins.int]]:
+        """
+        The number of uses for the secret-id.
+        """
+        return pulumi.get(self, "num_uses")
+    @_builtins.property
+    @pulumi.getter(name="roleName")
+    def role_name(self) -> pulumi.Output[_builtins.str]:
+        """
+        The name of the role to create the SecretID for.
+        """
+        return pulumi.get(self, "role_name")
+    @_builtins.property
+    @pulumi.getter(name="secretId")
+    def secret_id(self) -> pulumi.Output[_builtins.str]:
+        """
+        The SecretID to be created. If set, uses "Push"
+        mode.  Defaults to Vault auto-generating SecretIDs.
+        """
+        return pulumi.get(self, "secret_id")
+    @_builtins.property
+    @pulumi.getter
+    def ttl(self) -> pulumi.Output[Optional[_builtins.int]]:
+        """
+        The TTL duration of the SecretID.
+        """
+        return pulumi.get(self, "ttl")
+    @_builtins.property
+    @pulumi.getter(name="withWrappedAccessor")
+    def with_wrapped_accessor(self) -> pulumi.Output[Optional[_builtins.bool]]:
+        """
+        Set to `true` to use the wrapped secret-id accessor as the resource ID.
+        If `false` (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or
+        invalidated through unwrapping.
+        """
+        return pulumi.get(self, "with_wrapped_accessor")
+    @_builtins.property
+    @pulumi.getter(name="wrappingAccessor")
+    def wrapping_accessor(self) -> pulumi.Output[_builtins.str]:
+        """
+        The unique ID for the response-wrapped SecretID that can
+        be safely logged.
+        """
+        return pulumi.get(self, "wrapping_accessor")
+    @_builtins.property
+    @pulumi.getter(name="wrappingToken")
+    def wrapping_token(self) -> pulumi.Output[_builtins.str]:
+        """
+        The token used to retrieve a response-wrapped SecretID.
+        """
+        return pulumi.get(self, "wrapping_token")
+    @_builtins.property
+    @pulumi.getter(name="wrappingTtl")
+    def wrapping_ttl(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        If set, the SecretID response will be
+        [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping)
+        and available for the duration specified. Only a single unwrapping of the
+        token is allowed.
+        """
+        return pulumi.get(self, "wrapping_ttl")