PyPI - pulumi-vault - Versions diffs - 7.6.0a1764657486__py3-none-any.whl - Mend

pulumi-vault 7.6.0a1764657486__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (274) hide show

pulumi_vault/__init__.py +1399 -0
pulumi_vault/_inputs.py +2701 -0
pulumi_vault/_utilities.py +331 -0
pulumi_vault/ad/__init__.py +12 -0
pulumi_vault/ad/get_access_credentials.py +177 -0
pulumi_vault/ad/secret_backend.py +1916 -0
pulumi_vault/ad/secret_library.py +546 -0
pulumi_vault/ad/secret_role.py +499 -0
pulumi_vault/alicloud/__init__.py +9 -0
pulumi_vault/alicloud/auth_backend_role.py +866 -0
pulumi_vault/approle/__init__.py +12 -0
pulumi_vault/approle/auth_backend_login.py +571 -0
pulumi_vault/approle/auth_backend_role.py +1082 -0
pulumi_vault/approle/auth_backend_role_secret_id.py +796 -0
pulumi_vault/approle/get_auth_backend_role_id.py +169 -0
pulumi_vault/audit.py +499 -0
pulumi_vault/audit_request_header.py +277 -0
pulumi_vault/auth_backend.py +565 -0
pulumi_vault/aws/__init__.py +22 -0
pulumi_vault/aws/auth_backend_cert.py +420 -0
pulumi_vault/aws/auth_backend_client.py +1259 -0
pulumi_vault/aws/auth_backend_config_identity.py +494 -0
pulumi_vault/aws/auth_backend_identity_whitelist.py +380 -0
pulumi_vault/aws/auth_backend_login.py +1046 -0
pulumi_vault/aws/auth_backend_role.py +1961 -0
pulumi_vault/aws/auth_backend_role_tag.py +638 -0
pulumi_vault/aws/auth_backend_roletag_blacklist.py +366 -0
pulumi_vault/aws/auth_backend_sts_role.py +414 -0
pulumi_vault/aws/get_access_credentials.py +369 -0
pulumi_vault/aws/get_static_access_credentials.py +137 -0
pulumi_vault/aws/secret_backend.py +2018 -0
pulumi_vault/aws/secret_backend_role.py +1188 -0
pulumi_vault/aws/secret_backend_static_role.py +639 -0
pulumi_vault/azure/__init__.py +15 -0
pulumi_vault/azure/_inputs.py +108 -0
pulumi_vault/azure/auth_backend_config.py +1096 -0
pulumi_vault/azure/auth_backend_role.py +1176 -0
pulumi_vault/azure/backend.py +1793 -0
pulumi_vault/azure/backend_role.py +883 -0
pulumi_vault/azure/get_access_credentials.py +400 -0
pulumi_vault/azure/outputs.py +107 -0
pulumi_vault/cert_auth_backend_role.py +1539 -0
pulumi_vault/config/__init__.py +9 -0
pulumi_vault/config/__init__.pyi +164 -0
pulumi_vault/config/_inputs.py +73 -0
pulumi_vault/config/outputs.py +1225 -0
pulumi_vault/config/ui_custom_message.py +530 -0
pulumi_vault/config/vars.py +230 -0
pulumi_vault/consul/__init__.py +10 -0
pulumi_vault/consul/secret_backend.py +1517 -0
pulumi_vault/consul/secret_backend_role.py +847 -0
pulumi_vault/database/__init__.py +14 -0
pulumi_vault/database/_inputs.py +11907 -0
pulumi_vault/database/outputs.py +8496 -0
pulumi_vault/database/secret_backend_connection.py +1676 -0
pulumi_vault/database/secret_backend_role.py +840 -0
pulumi_vault/database/secret_backend_static_role.py +881 -0
pulumi_vault/database/secrets_mount.py +2160 -0
pulumi_vault/egp_policy.py +399 -0
pulumi_vault/gcp/__init__.py +17 -0
pulumi_vault/gcp/_inputs.py +441 -0
pulumi_vault/gcp/auth_backend.py +1486 -0
pulumi_vault/gcp/auth_backend_role.py +1235 -0
pulumi_vault/gcp/get_auth_backend_role.py +514 -0
pulumi_vault/gcp/outputs.py +302 -0
pulumi_vault/gcp/secret_backend.py +1807 -0
pulumi_vault/gcp/secret_impersonated_account.py +484 -0
pulumi_vault/gcp/secret_roleset.py +554 -0
pulumi_vault/gcp/secret_static_account.py +557 -0
pulumi_vault/generic/__init__.py +11 -0
pulumi_vault/generic/endpoint.py +786 -0
pulumi_vault/generic/get_secret.py +306 -0
pulumi_vault/generic/secret.py +486 -0
pulumi_vault/get_auth_backend.py +226 -0
pulumi_vault/get_auth_backends.py +170 -0
pulumi_vault/get_namespace.py +226 -0
pulumi_vault/get_namespaces.py +202 -0
pulumi_vault/get_nomad_access_token.py +210 -0
pulumi_vault/get_policy_document.py +160 -0
pulumi_vault/get_raft_autopilot_state.py +267 -0
pulumi_vault/github/__init__.py +13 -0
pulumi_vault/github/_inputs.py +225 -0
pulumi_vault/github/auth_backend.py +1194 -0
pulumi_vault/github/outputs.py +174 -0
pulumi_vault/github/team.py +380 -0
pulumi_vault/github/user.py +380 -0
pulumi_vault/identity/__init__.py +35 -0
pulumi_vault/identity/entity.py +447 -0
pulumi_vault/identity/entity_alias.py +398 -0
pulumi_vault/identity/entity_policies.py +455 -0
pulumi_vault/identity/get_entity.py +384 -0
pulumi_vault/identity/get_group.py +467 -0
pulumi_vault/identity/get_oidc_client_creds.py +175 -0
pulumi_vault/identity/get_oidc_openid_config.py +334 -0
pulumi_vault/identity/get_oidc_public_keys.py +179 -0
pulumi_vault/identity/group.py +805 -0
pulumi_vault/identity/group_alias.py +386 -0
pulumi_vault/identity/group_member_entity_ids.py +444 -0
pulumi_vault/identity/group_member_group_ids.py +467 -0
pulumi_vault/identity/group_policies.py +471 -0
pulumi_vault/identity/mfa_duo.py +674 -0
pulumi_vault/identity/mfa_login_enforcement.py +566 -0
pulumi_vault/identity/mfa_okta.py +626 -0
pulumi_vault/identity/mfa_pingid.py +616 -0
pulumi_vault/identity/mfa_totp.py +758 -0
pulumi_vault/identity/oidc.py +268 -0
pulumi_vault/identity/oidc_assignment.py +375 -0
pulumi_vault/identity/oidc_client.py +667 -0
pulumi_vault/identity/oidc_key.py +474 -0
pulumi_vault/identity/oidc_key_allowed_client_id.py +298 -0
pulumi_vault/identity/oidc_provider.py +550 -0
pulumi_vault/identity/oidc_role.py +543 -0
pulumi_vault/identity/oidc_scope.py +355 -0
pulumi_vault/identity/outputs.py +137 -0
pulumi_vault/jwt/__init__.py +12 -0
pulumi_vault/jwt/_inputs.py +225 -0
pulumi_vault/jwt/auth_backend.py +1347 -0
pulumi_vault/jwt/auth_backend_role.py +1847 -0
pulumi_vault/jwt/outputs.py +174 -0
pulumi_vault/kmip/__init__.py +11 -0
pulumi_vault/kmip/secret_backend.py +1591 -0
pulumi_vault/kmip/secret_role.py +1194 -0
pulumi_vault/kmip/secret_scope.py +372 -0
pulumi_vault/kubernetes/__init__.py +15 -0
pulumi_vault/kubernetes/auth_backend_config.py +654 -0
pulumi_vault/kubernetes/auth_backend_role.py +1031 -0
pulumi_vault/kubernetes/get_auth_backend_config.py +280 -0
pulumi_vault/kubernetes/get_auth_backend_role.py +470 -0
pulumi_vault/kubernetes/get_service_account_token.py +344 -0
pulumi_vault/kubernetes/secret_backend.py +1341 -0
pulumi_vault/kubernetes/secret_backend_role.py +1140 -0
pulumi_vault/kv/__init__.py +18 -0
pulumi_vault/kv/_inputs.py +124 -0
pulumi_vault/kv/get_secret.py +240 -0
pulumi_vault/kv/get_secret_subkeys_v2.py +275 -0
pulumi_vault/kv/get_secret_v2.py +315 -0
pulumi_vault/kv/get_secrets_list.py +186 -0
pulumi_vault/kv/get_secrets_list_v2.py +243 -0
pulumi_vault/kv/outputs.py +102 -0
pulumi_vault/kv/secret.py +397 -0
pulumi_vault/kv/secret_backend_v2.py +455 -0
pulumi_vault/kv/secret_v2.py +970 -0
pulumi_vault/ldap/__init__.py +19 -0
pulumi_vault/ldap/_inputs.py +225 -0
pulumi_vault/ldap/auth_backend.py +2520 -0
pulumi_vault/ldap/auth_backend_group.py +386 -0
pulumi_vault/ldap/auth_backend_user.py +439 -0
pulumi_vault/ldap/get_dynamic_credentials.py +181 -0
pulumi_vault/ldap/get_static_credentials.py +192 -0
pulumi_vault/ldap/outputs.py +174 -0
pulumi_vault/ldap/secret_backend.py +2207 -0
pulumi_vault/ldap/secret_backend_dynamic_role.py +767 -0
pulumi_vault/ldap/secret_backend_library_set.py +552 -0
pulumi_vault/ldap/secret_backend_static_role.py +541 -0
pulumi_vault/managed/__init__.py +11 -0
pulumi_vault/managed/_inputs.py +944 -0
pulumi_vault/managed/keys.py +398 -0
pulumi_vault/managed/outputs.py +667 -0
pulumi_vault/mfa_duo.py +589 -0
pulumi_vault/mfa_okta.py +623 -0
pulumi_vault/mfa_pingid.py +670 -0
pulumi_vault/mfa_totp.py +620 -0
pulumi_vault/mongodbatlas/__init__.py +10 -0
pulumi_vault/mongodbatlas/secret_backend.py +388 -0
pulumi_vault/mongodbatlas/secret_role.py +726 -0
pulumi_vault/mount.py +1262 -0
pulumi_vault/namespace.py +452 -0
pulumi_vault/nomad_secret_backend.py +1559 -0
pulumi_vault/nomad_secret_role.py +489 -0
pulumi_vault/oci_auth_backend.py +676 -0
pulumi_vault/oci_auth_backend_role.py +852 -0
pulumi_vault/okta/__init__.py +13 -0
pulumi_vault/okta/_inputs.py +320 -0
pulumi_vault/okta/auth_backend.py +1231 -0
pulumi_vault/okta/auth_backend_group.py +369 -0
pulumi_vault/okta/auth_backend_user.py +416 -0
pulumi_vault/okta/outputs.py +244 -0
pulumi_vault/outputs.py +502 -0
pulumi_vault/pkisecret/__init__.py +38 -0
pulumi_vault/pkisecret/_inputs.py +270 -0
pulumi_vault/pkisecret/backend_acme_eab.py +550 -0
pulumi_vault/pkisecret/backend_config_acme.py +690 -0
pulumi_vault/pkisecret/backend_config_auto_tidy.py +1370 -0
pulumi_vault/pkisecret/backend_config_cluster.py +370 -0
pulumi_vault/pkisecret/backend_config_cmpv2.py +693 -0
pulumi_vault/pkisecret/backend_config_est.py +756 -0
pulumi_vault/pkisecret/backend_config_scep.py +738 -0
pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
pulumi_vault/pkisecret/get_backend_config_cmpv2.py +226 -0
pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
pulumi_vault/pkisecret/get_backend_config_scep.py +271 -0
pulumi_vault/pkisecret/get_backend_issuer.py +395 -0
pulumi_vault/pkisecret/get_backend_issuers.py +192 -0
pulumi_vault/pkisecret/get_backend_key.py +211 -0
pulumi_vault/pkisecret/get_backend_keys.py +192 -0
pulumi_vault/pkisecret/outputs.py +270 -0
pulumi_vault/pkisecret/secret_backend_cert.py +1315 -0
pulumi_vault/pkisecret/secret_backend_config_ca.py +386 -0
pulumi_vault/pkisecret/secret_backend_config_issuers.py +392 -0
pulumi_vault/pkisecret/secret_backend_config_urls.py +462 -0
pulumi_vault/pkisecret/secret_backend_crl_config.py +846 -0
pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +1629 -0
pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +444 -0
pulumi_vault/pkisecret/secret_backend_issuer.py +1089 -0
pulumi_vault/pkisecret/secret_backend_key.py +613 -0
pulumi_vault/pkisecret/secret_backend_role.py +2694 -0
pulumi_vault/pkisecret/secret_backend_root_cert.py +2134 -0
pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +2031 -0
pulumi_vault/pkisecret/secret_backend_sign.py +1194 -0
pulumi_vault/plugin.py +596 -0
pulumi_vault/plugin_pinned_version.py +299 -0
pulumi_vault/policy.py +279 -0
pulumi_vault/provider.py +781 -0
pulumi_vault/pulumi-plugin.json +5 -0
pulumi_vault/py.typed +0 -0
pulumi_vault/quota_lease_count.py +504 -0
pulumi_vault/quota_rate_limit.py +751 -0
pulumi_vault/rabbitmq/__init__.py +12 -0
pulumi_vault/rabbitmq/_inputs.py +235 -0
pulumi_vault/rabbitmq/outputs.py +144 -0
pulumi_vault/rabbitmq/secret_backend.py +1437 -0
pulumi_vault/rabbitmq/secret_backend_role.py +496 -0
pulumi_vault/raft_autopilot.py +609 -0
pulumi_vault/raft_snapshot_agent_config.py +1591 -0
pulumi_vault/rgp_policy.py +349 -0
pulumi_vault/saml/__init__.py +12 -0
pulumi_vault/saml/_inputs.py +225 -0
pulumi_vault/saml/auth_backend.py +811 -0
pulumi_vault/saml/auth_backend_role.py +1068 -0
pulumi_vault/saml/outputs.py +174 -0
pulumi_vault/scep_auth_backend_role.py +908 -0
pulumi_vault/secrets/__init__.py +18 -0
pulumi_vault/secrets/_inputs.py +110 -0
pulumi_vault/secrets/outputs.py +94 -0
pulumi_vault/secrets/sync_association.py +450 -0
pulumi_vault/secrets/sync_aws_destination.py +780 -0
pulumi_vault/secrets/sync_azure_destination.py +736 -0
pulumi_vault/secrets/sync_config.py +303 -0
pulumi_vault/secrets/sync_gcp_destination.py +572 -0
pulumi_vault/secrets/sync_gh_destination.py +688 -0
pulumi_vault/secrets/sync_github_apps.py +376 -0
pulumi_vault/secrets/sync_vercel_destination.py +603 -0
pulumi_vault/ssh/__init__.py +13 -0
pulumi_vault/ssh/_inputs.py +76 -0
pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
pulumi_vault/ssh/outputs.py +51 -0
pulumi_vault/ssh/secret_backend_ca.py +588 -0
pulumi_vault/ssh/secret_backend_role.py +1493 -0
pulumi_vault/terraformcloud/__init__.py +11 -0
pulumi_vault/terraformcloud/secret_backend.py +1321 -0
pulumi_vault/terraformcloud/secret_creds.py +445 -0
pulumi_vault/terraformcloud/secret_role.py +563 -0
pulumi_vault/token.py +1026 -0
pulumi_vault/tokenauth/__init__.py +9 -0
pulumi_vault/tokenauth/auth_backend_role.py +1135 -0
pulumi_vault/transform/__init__.py +14 -0
pulumi_vault/transform/alphabet.py +348 -0
pulumi_vault/transform/get_decode.py +287 -0
pulumi_vault/transform/get_encode.py +291 -0
pulumi_vault/transform/role.py +350 -0
pulumi_vault/transform/template.py +592 -0
pulumi_vault/transform/transformation.py +608 -0
pulumi_vault/transit/__init__.py +15 -0
pulumi_vault/transit/get_cmac.py +256 -0
pulumi_vault/transit/get_decrypt.py +181 -0
pulumi_vault/transit/get_encrypt.py +174 -0
pulumi_vault/transit/get_sign.py +328 -0
pulumi_vault/transit/get_verify.py +373 -0
pulumi_vault/transit/secret_backend_key.py +1202 -0
pulumi_vault/transit/secret_cache_config.py +302 -0
pulumi_vault-7.6.0a1764657486.dist-info/METADATA +92 -0
pulumi_vault-7.6.0a1764657486.dist-info/RECORD +274 -0
pulumi_vault-7.6.0a1764657486.dist-info/WHEEL +5 -0
pulumi_vault-7.6.0a1764657486.dist-info/top_level.txt +1 -0

pulumi_vault/managed/_inputs.py ADDED Viewed

@@ -0,0 +1,944 @@
+# coding=utf-8
+# *** WARNING: this file was generated by pulumi-language-python. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+import builtins as _builtins
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from .. import _utilities
+__all__ = [
+    'KeysAwArgs',
+    'KeysAwArgsDict',
+    'KeysAzureArgs',
+    'KeysAzureArgsDict',
+    'KeysPkcArgs',
+    'KeysPkcArgsDict',
+]
+MYPY = False
+if not MYPY:
+    class KeysAwArgsDict(TypedDict):
+        access_key: pulumi.Input[_builtins.str]
+        """
+        The AWS access key to use
+        """
+        key_bits: pulumi.Input[_builtins.str]
+        """
+        The size in bits for an RSA key. This field is required when 'key_type' is 'RSA'
+        """
+        key_type: pulumi.Input[_builtins.str]
+        """
+        The type of key to use
+        """
+        kms_key: pulumi.Input[_builtins.str]
+        """
+        An identifier for the key
+        """
+        name: pulumi.Input[_builtins.str]
+        """
+        A unique lowercase name that serves as identifying the key
+        """
+        secret_key: pulumi.Input[_builtins.str]
+        """
+        The AWS secret key to use
+        """
+        allow_generate_key: NotRequired[pulumi.Input[_builtins.bool]]
+        """
+        If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
+        """
+        allow_replace_key: NotRequired[pulumi.Input[_builtins.bool]]
+        """
+        Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
+        """
+        allow_store_key: NotRequired[pulumi.Input[_builtins.bool]]
+        """
+        Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
+        """
+        any_mount: NotRequired[pulumi.Input[_builtins.bool]]
+        """
+        Allow usage from any mount point within the namespace if 'true'
+        """
+        curve: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        The curve to use for an ECDSA key. Used when key_type is 'ECDSA'. Required if 'allow_generate_key' is true
+        """
+        endpoint: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        Used to specify a custom AWS endpoint
+        """
+        region: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        The AWS region where the keys are stored (or will be stored)
+        """
+        uuid: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        ID of the managed key read from Vault
+        """
+elif False:
+    KeysAwArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class KeysAwArgs:
+    def __init__(__self__, *,
+                 access_key: pulumi.Input[_builtins.str],
+                 key_bits: pulumi.Input[_builtins.str],
+                 key_type: pulumi.Input[_builtins.str],
+                 kms_key: pulumi.Input[_builtins.str],
+                 name: pulumi.Input[_builtins.str],
+                 secret_key: pulumi.Input[_builtins.str],
+                 allow_generate_key: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_replace_key: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_store_key: Optional[pulumi.Input[_builtins.bool]] = None,
+                 any_mount: Optional[pulumi.Input[_builtins.bool]] = None,
+                 curve: Optional[pulumi.Input[_builtins.str]] = None,
+                 endpoint: Optional[pulumi.Input[_builtins.str]] = None,
+                 region: Optional[pulumi.Input[_builtins.str]] = None,
+                 uuid: Optional[pulumi.Input[_builtins.str]] = None):
+        """
+        :param pulumi.Input[_builtins.str] access_key: The AWS access key to use
+        :param pulumi.Input[_builtins.str] key_bits: The size in bits for an RSA key. This field is required when 'key_type' is 'RSA'
+        :param pulumi.Input[_builtins.str] key_type: The type of key to use
+        :param pulumi.Input[_builtins.str] kms_key: An identifier for the key
+        :param pulumi.Input[_builtins.str] name: A unique lowercase name that serves as identifying the key
+        :param pulumi.Input[_builtins.str] secret_key: The AWS secret key to use
+        :param pulumi.Input[_builtins.bool] allow_generate_key: If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
+        :param pulumi.Input[_builtins.bool] allow_replace_key: Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
+        :param pulumi.Input[_builtins.bool] allow_store_key: Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
+        :param pulumi.Input[_builtins.bool] any_mount: Allow usage from any mount point within the namespace if 'true'
+        :param pulumi.Input[_builtins.str] curve: The curve to use for an ECDSA key. Used when key_type is 'ECDSA'. Required if 'allow_generate_key' is true
+        :param pulumi.Input[_builtins.str] endpoint: Used to specify a custom AWS endpoint
+        :param pulumi.Input[_builtins.str] region: The AWS region where the keys are stored (or will be stored)
+        :param pulumi.Input[_builtins.str] uuid: ID of the managed key read from Vault
+        """
+        pulumi.set(__self__, "access_key", access_key)
+        pulumi.set(__self__, "key_bits", key_bits)
+        pulumi.set(__self__, "key_type", key_type)
+        pulumi.set(__self__, "kms_key", kms_key)
+        pulumi.set(__self__, "name", name)
+        pulumi.set(__self__, "secret_key", secret_key)
+        if allow_generate_key is not None:
+            pulumi.set(__self__, "allow_generate_key", allow_generate_key)
+        if allow_replace_key is not None:
+            pulumi.set(__self__, "allow_replace_key", allow_replace_key)
+        if allow_store_key is not None:
+            pulumi.set(__self__, "allow_store_key", allow_store_key)
+        if any_mount is not None:
+            pulumi.set(__self__, "any_mount", any_mount)
+        if curve is not None:
+            pulumi.set(__self__, "curve", curve)
+        if endpoint is not None:
+            pulumi.set(__self__, "endpoint", endpoint)
+        if region is not None:
+            pulumi.set(__self__, "region", region)
+        if uuid is not None:
+            pulumi.set(__self__, "uuid", uuid)
+    @_builtins.property
+    @pulumi.getter(name="accessKey")
+    def access_key(self) -> pulumi.Input[_builtins.str]:
+        """
+        The AWS access key to use
+        """
+        return pulumi.get(self, "access_key")
+    @access_key.setter
+    def access_key(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "access_key", value)
+    @_builtins.property
+    @pulumi.getter(name="keyBits")
+    def key_bits(self) -> pulumi.Input[_builtins.str]:
+        """
+        The size in bits for an RSA key. This field is required when 'key_type' is 'RSA'
+        """
+        return pulumi.get(self, "key_bits")
+    @key_bits.setter
+    def key_bits(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "key_bits", value)
+    @_builtins.property
+    @pulumi.getter(name="keyType")
+    def key_type(self) -> pulumi.Input[_builtins.str]:
+        """
+        The type of key to use
+        """
+        return pulumi.get(self, "key_type")
+    @key_type.setter
+    def key_type(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "key_type", value)
+    @_builtins.property
+    @pulumi.getter(name="kmsKey")
+    def kms_key(self) -> pulumi.Input[_builtins.str]:
+        """
+        An identifier for the key
+        """
+        return pulumi.get(self, "kms_key")
+    @kms_key.setter
+    def kms_key(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "kms_key", value)
+    @_builtins.property
+    @pulumi.getter
+    def name(self) -> pulumi.Input[_builtins.str]:
+        """
+        A unique lowercase name that serves as identifying the key
+        """
+        return pulumi.get(self, "name")
+    @name.setter
+    def name(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "name", value)
+    @_builtins.property
+    @pulumi.getter(name="secretKey")
+    def secret_key(self) -> pulumi.Input[_builtins.str]:
+        """
+        The AWS secret key to use
+        """
+        return pulumi.get(self, "secret_key")
+    @secret_key.setter
+    def secret_key(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "secret_key", value)
+    @_builtins.property
+    @pulumi.getter(name="allowGenerateKey")
+    def allow_generate_key(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
+        """
+        return pulumi.get(self, "allow_generate_key")
+    @allow_generate_key.setter
+    def allow_generate_key(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "allow_generate_key", value)
+    @_builtins.property
+    @pulumi.getter(name="allowReplaceKey")
+    def allow_replace_key(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
+        """
+        return pulumi.get(self, "allow_replace_key")
+    @allow_replace_key.setter
+    def allow_replace_key(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "allow_replace_key", value)
+    @_builtins.property
+    @pulumi.getter(name="allowStoreKey")
+    def allow_store_key(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
+        """
+        return pulumi.get(self, "allow_store_key")
+    @allow_store_key.setter
+    def allow_store_key(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "allow_store_key", value)
+    @_builtins.property
+    @pulumi.getter(name="anyMount")
+    def any_mount(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Allow usage from any mount point within the namespace if 'true'
+        """
+        return pulumi.get(self, "any_mount")
+    @any_mount.setter
+    def any_mount(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "any_mount", value)
+    @_builtins.property
+    @pulumi.getter
+    def curve(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The curve to use for an ECDSA key. Used when key_type is 'ECDSA'. Required if 'allow_generate_key' is true
+        """
+        return pulumi.get(self, "curve")
+    @curve.setter
+    def curve(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "curve", value)
+    @_builtins.property
+    @pulumi.getter
+    def endpoint(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Used to specify a custom AWS endpoint
+        """
+        return pulumi.get(self, "endpoint")
+    @endpoint.setter
+    def endpoint(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "endpoint", value)
+    @_builtins.property
+    @pulumi.getter
+    def region(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The AWS region where the keys are stored (or will be stored)
+        """
+        return pulumi.get(self, "region")
+    @region.setter
+    def region(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "region", value)
+    @_builtins.property
+    @pulumi.getter
+    def uuid(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        ID of the managed key read from Vault
+        """
+        return pulumi.get(self, "uuid")
+    @uuid.setter
+    def uuid(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "uuid", value)
+if not MYPY:
+    class KeysAzureArgsDict(TypedDict):
+        client_id: pulumi.Input[_builtins.str]
+        """
+        The client id for credentials to query the Azure APIs
+        """
+        client_secret: pulumi.Input[_builtins.str]
+        """
+        The client secret for credentials to query the Azure APIs
+        """
+        key_name: pulumi.Input[_builtins.str]
+        """
+        The Key Vault key to use for encryption and decryption
+        """
+        key_type: pulumi.Input[_builtins.str]
+        """
+        The type of key to use
+        """
+        name: pulumi.Input[_builtins.str]
+        """
+        A unique lowercase name that serves as identifying the key
+        """
+        tenant_id: pulumi.Input[_builtins.str]
+        """
+        The tenant id for the Azure Active Directory organization
+        """
+        vault_name: pulumi.Input[_builtins.str]
+        """
+        The Key Vault vault to use the encryption keys for encryption and decryption
+        """
+        allow_generate_key: NotRequired[pulumi.Input[_builtins.bool]]
+        """
+        If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
+        """
+        allow_replace_key: NotRequired[pulumi.Input[_builtins.bool]]
+        """
+        Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
+        """
+        allow_store_key: NotRequired[pulumi.Input[_builtins.bool]]
+        """
+        Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
+        """
+        any_mount: NotRequired[pulumi.Input[_builtins.bool]]
+        """
+        Allow usage from any mount point within the namespace if 'true'
+        """
+        environment: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        The Azure Cloud environment API endpoints to use
+        """
+        key_bits: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        The size in bits for an RSA key. This field is required when 'key_type' is 'RSA' or when 'allow_generate_key' is true
+        """
+        resource: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        The Azure Key Vault resource's DNS Suffix to connect to
+        """
+        uuid: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        ID of the managed key read from Vault
+        """
+elif False:
+    KeysAzureArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class KeysAzureArgs:
+    def __init__(__self__, *,
+                 client_id: pulumi.Input[_builtins.str],
+                 client_secret: pulumi.Input[_builtins.str],
+                 key_name: pulumi.Input[_builtins.str],
+                 key_type: pulumi.Input[_builtins.str],
+                 name: pulumi.Input[_builtins.str],
+                 tenant_id: pulumi.Input[_builtins.str],
+                 vault_name: pulumi.Input[_builtins.str],
+                 allow_generate_key: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_replace_key: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_store_key: Optional[pulumi.Input[_builtins.bool]] = None,
+                 any_mount: Optional[pulumi.Input[_builtins.bool]] = None,
+                 environment: Optional[pulumi.Input[_builtins.str]] = None,
+                 key_bits: Optional[pulumi.Input[_builtins.str]] = None,
+                 resource: Optional[pulumi.Input[_builtins.str]] = None,
+                 uuid: Optional[pulumi.Input[_builtins.str]] = None):
+        """
+        :param pulumi.Input[_builtins.str] client_id: The client id for credentials to query the Azure APIs
+        :param pulumi.Input[_builtins.str] client_secret: The client secret for credentials to query the Azure APIs
+        :param pulumi.Input[_builtins.str] key_name: The Key Vault key to use for encryption and decryption
+        :param pulumi.Input[_builtins.str] key_type: The type of key to use
+        :param pulumi.Input[_builtins.str] name: A unique lowercase name that serves as identifying the key
+        :param pulumi.Input[_builtins.str] tenant_id: The tenant id for the Azure Active Directory organization
+        :param pulumi.Input[_builtins.str] vault_name: The Key Vault vault to use the encryption keys for encryption and decryption
+        :param pulumi.Input[_builtins.bool] allow_generate_key: If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
+        :param pulumi.Input[_builtins.bool] allow_replace_key: Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
+        :param pulumi.Input[_builtins.bool] allow_store_key: Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
+        :param pulumi.Input[_builtins.bool] any_mount: Allow usage from any mount point within the namespace if 'true'
+        :param pulumi.Input[_builtins.str] environment: The Azure Cloud environment API endpoints to use
+        :param pulumi.Input[_builtins.str] key_bits: The size in bits for an RSA key. This field is required when 'key_type' is 'RSA' or when 'allow_generate_key' is true
+        :param pulumi.Input[_builtins.str] resource: The Azure Key Vault resource's DNS Suffix to connect to
+        :param pulumi.Input[_builtins.str] uuid: ID of the managed key read from Vault
+        """
+        pulumi.set(__self__, "client_id", client_id)
+        pulumi.set(__self__, "client_secret", client_secret)
+        pulumi.set(__self__, "key_name", key_name)
+        pulumi.set(__self__, "key_type", key_type)
+        pulumi.set(__self__, "name", name)
+        pulumi.set(__self__, "tenant_id", tenant_id)
+        pulumi.set(__self__, "vault_name", vault_name)
+        if allow_generate_key is not None:
+            pulumi.set(__self__, "allow_generate_key", allow_generate_key)
+        if allow_replace_key is not None:
+            pulumi.set(__self__, "allow_replace_key", allow_replace_key)
+        if allow_store_key is not None:
+            pulumi.set(__self__, "allow_store_key", allow_store_key)
+        if any_mount is not None:
+            pulumi.set(__self__, "any_mount", any_mount)
+        if environment is not None:
+            pulumi.set(__self__, "environment", environment)
+        if key_bits is not None:
+            pulumi.set(__self__, "key_bits", key_bits)
+        if resource is not None:
+            pulumi.set(__self__, "resource", resource)
+        if uuid is not None:
+            pulumi.set(__self__, "uuid", uuid)
+    @_builtins.property
+    @pulumi.getter(name="clientId")
+    def client_id(self) -> pulumi.Input[_builtins.str]:
+        """
+        The client id for credentials to query the Azure APIs
+        """
+        return pulumi.get(self, "client_id")
+    @client_id.setter
+    def client_id(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "client_id", value)
+    @_builtins.property
+    @pulumi.getter(name="clientSecret")
+    def client_secret(self) -> pulumi.Input[_builtins.str]:
+        """
+        The client secret for credentials to query the Azure APIs
+        """
+        return pulumi.get(self, "client_secret")
+    @client_secret.setter
+    def client_secret(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "client_secret", value)
+    @_builtins.property
+    @pulumi.getter(name="keyName")
+    def key_name(self) -> pulumi.Input[_builtins.str]:
+        """
+        The Key Vault key to use for encryption and decryption
+        """
+        return pulumi.get(self, "key_name")
+    @key_name.setter
+    def key_name(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "key_name", value)
+    @_builtins.property
+    @pulumi.getter(name="keyType")
+    def key_type(self) -> pulumi.Input[_builtins.str]:
+        """
+        The type of key to use
+        """
+        return pulumi.get(self, "key_type")
+    @key_type.setter
+    def key_type(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "key_type", value)
+    @_builtins.property
+    @pulumi.getter
+    def name(self) -> pulumi.Input[_builtins.str]:
+        """
+        A unique lowercase name that serves as identifying the key
+        """
+        return pulumi.get(self, "name")
+    @name.setter
+    def name(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "name", value)
+    @_builtins.property
+    @pulumi.getter(name="tenantId")
+    def tenant_id(self) -> pulumi.Input[_builtins.str]:
+        """
+        The tenant id for the Azure Active Directory organization
+        """
+        return pulumi.get(self, "tenant_id")
+    @tenant_id.setter
+    def tenant_id(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "tenant_id", value)
+    @_builtins.property
+    @pulumi.getter(name="vaultName")
+    def vault_name(self) -> pulumi.Input[_builtins.str]:
+        """
+        The Key Vault vault to use the encryption keys for encryption and decryption
+        """
+        return pulumi.get(self, "vault_name")
+    @vault_name.setter
+    def vault_name(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "vault_name", value)
+    @_builtins.property
+    @pulumi.getter(name="allowGenerateKey")
+    def allow_generate_key(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
+        """
+        return pulumi.get(self, "allow_generate_key")
+    @allow_generate_key.setter
+    def allow_generate_key(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "allow_generate_key", value)
+    @_builtins.property
+    @pulumi.getter(name="allowReplaceKey")
+    def allow_replace_key(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
+        """
+        return pulumi.get(self, "allow_replace_key")
+    @allow_replace_key.setter
+    def allow_replace_key(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "allow_replace_key", value)
+    @_builtins.property
+    @pulumi.getter(name="allowStoreKey")
+    def allow_store_key(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
+        """
+        return pulumi.get(self, "allow_store_key")
+    @allow_store_key.setter
+    def allow_store_key(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "allow_store_key", value)
+    @_builtins.property
+    @pulumi.getter(name="anyMount")
+    def any_mount(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Allow usage from any mount point within the namespace if 'true'
+        """
+        return pulumi.get(self, "any_mount")
+    @any_mount.setter
+    def any_mount(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "any_mount", value)
+    @_builtins.property
+    @pulumi.getter
+    def environment(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The Azure Cloud environment API endpoints to use
+        """
+        return pulumi.get(self, "environment")
+    @environment.setter
+    def environment(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "environment", value)
+    @_builtins.property
+    @pulumi.getter(name="keyBits")
+    def key_bits(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The size in bits for an RSA key. This field is required when 'key_type' is 'RSA' or when 'allow_generate_key' is true
+        """
+        return pulumi.get(self, "key_bits")
+    @key_bits.setter
+    def key_bits(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "key_bits", value)
+    @_builtins.property
+    @pulumi.getter
+    def resource(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The Azure Key Vault resource's DNS Suffix to connect to
+        """
+        return pulumi.get(self, "resource")
+    @resource.setter
+    def resource(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "resource", value)
+    @_builtins.property
+    @pulumi.getter
+    def uuid(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        ID of the managed key read from Vault
+        """
+        return pulumi.get(self, "uuid")
+    @uuid.setter
+    def uuid(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "uuid", value)
+if not MYPY:
+    class KeysPkcArgsDict(TypedDict):
+        key_id: pulumi.Input[_builtins.str]
+        """
+        The id of a PKCS#11 key to use
+        """
+        key_label: pulumi.Input[_builtins.str]
+        """
+        The label of the key to use
+        """
+        library: pulumi.Input[_builtins.str]
+        """
+        The name of the kms_library stanza to use from Vault's config to lookup the local library path
+        """
+        mechanism: pulumi.Input[_builtins.str]
+        """
+        The encryption/decryption mechanism to use, specified as a hexadecimal (prefixed by 0x) string.
+        """
+        name: pulumi.Input[_builtins.str]
+        """
+        A unique lowercase name that serves as identifying the key
+        """
+        pin: pulumi.Input[_builtins.str]
+        """
+        The PIN for login
+        """
+        allow_generate_key: NotRequired[pulumi.Input[_builtins.bool]]
+        """
+        If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
+        """
+        allow_replace_key: NotRequired[pulumi.Input[_builtins.bool]]
+        """
+        Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
+        """
+        allow_store_key: NotRequired[pulumi.Input[_builtins.bool]]
+        """
+        Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
+        """
+        any_mount: NotRequired[pulumi.Input[_builtins.bool]]
+        """
+        Allow usage from any mount point within the namespace if 'true'
+        """
+        curve: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        Supplies the curve value when using the 'CKM_ECDSA' mechanism. Required if 'allow_generate_key' is true
+        """
+        force_rw_session: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        Force all operations to open up a read-write session to the HSM
+        """
+        key_bits: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        Supplies the size in bits of the key when using 'CKM_RSA_PKCS_PSS', 'CKM_RSA_PKCS_OAEP' or 'CKM_RSA_PKCS' as a value for 'mechanism'. Required if 'allow_generate_key' is true
+        """
+        slot: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        The slot number to use, specified as a string in a decimal format (e.g. '2305843009213693953')
+        """
+        token_label: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        The slot token label to use
+        """
+        uuid: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        ID of the managed key read from Vault
+        """
+elif False:
+    KeysPkcArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class KeysPkcArgs:
+    def __init__(__self__, *,
+                 key_id: pulumi.Input[_builtins.str],
+                 key_label: pulumi.Input[_builtins.str],
+                 library: pulumi.Input[_builtins.str],
+                 mechanism: pulumi.Input[_builtins.str],
+                 name: pulumi.Input[_builtins.str],
+                 pin: pulumi.Input[_builtins.str],
+                 allow_generate_key: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_replace_key: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_store_key: Optional[pulumi.Input[_builtins.bool]] = None,
+                 any_mount: Optional[pulumi.Input[_builtins.bool]] = None,
+                 curve: Optional[pulumi.Input[_builtins.str]] = None,
+                 force_rw_session: Optional[pulumi.Input[_builtins.str]] = None,
+                 key_bits: Optional[pulumi.Input[_builtins.str]] = None,
+                 slot: Optional[pulumi.Input[_builtins.str]] = None,
+                 token_label: Optional[pulumi.Input[_builtins.str]] = None,
+                 uuid: Optional[pulumi.Input[_builtins.str]] = None):
+        """
+        :param pulumi.Input[_builtins.str] key_id: The id of a PKCS#11 key to use
+        :param pulumi.Input[_builtins.str] key_label: The label of the key to use
+        :param pulumi.Input[_builtins.str] library: The name of the kms_library stanza to use from Vault's config to lookup the local library path
+        :param pulumi.Input[_builtins.str] mechanism: The encryption/decryption mechanism to use, specified as a hexadecimal (prefixed by 0x) string.
+        :param pulumi.Input[_builtins.str] name: A unique lowercase name that serves as identifying the key
+        :param pulumi.Input[_builtins.str] pin: The PIN for login
+        :param pulumi.Input[_builtins.bool] allow_generate_key: If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
+        :param pulumi.Input[_builtins.bool] allow_replace_key: Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
+        :param pulumi.Input[_builtins.bool] allow_store_key: Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
+        :param pulumi.Input[_builtins.bool] any_mount: Allow usage from any mount point within the namespace if 'true'
+        :param pulumi.Input[_builtins.str] curve: Supplies the curve value when using the 'CKM_ECDSA' mechanism. Required if 'allow_generate_key' is true
+        :param pulumi.Input[_builtins.str] force_rw_session: Force all operations to open up a read-write session to the HSM
+        :param pulumi.Input[_builtins.str] key_bits: Supplies the size in bits of the key when using 'CKM_RSA_PKCS_PSS', 'CKM_RSA_PKCS_OAEP' or 'CKM_RSA_PKCS' as a value for 'mechanism'. Required if 'allow_generate_key' is true
+        :param pulumi.Input[_builtins.str] slot: The slot number to use, specified as a string in a decimal format (e.g. '2305843009213693953')
+        :param pulumi.Input[_builtins.str] token_label: The slot token label to use
+        :param pulumi.Input[_builtins.str] uuid: ID of the managed key read from Vault
+        """
+        pulumi.set(__self__, "key_id", key_id)
+        pulumi.set(__self__, "key_label", key_label)
+        pulumi.set(__self__, "library", library)
+        pulumi.set(__self__, "mechanism", mechanism)
+        pulumi.set(__self__, "name", name)
+        pulumi.set(__self__, "pin", pin)
+        if allow_generate_key is not None:
+            pulumi.set(__self__, "allow_generate_key", allow_generate_key)
+        if allow_replace_key is not None:
+            pulumi.set(__self__, "allow_replace_key", allow_replace_key)
+        if allow_store_key is not None:
+            pulumi.set(__self__, "allow_store_key", allow_store_key)
+        if any_mount is not None:
+            pulumi.set(__self__, "any_mount", any_mount)
+        if curve is not None:
+            pulumi.set(__self__, "curve", curve)
+        if force_rw_session is not None:
+            pulumi.set(__self__, "force_rw_session", force_rw_session)
+        if key_bits is not None:
+            pulumi.set(__self__, "key_bits", key_bits)
+        if slot is not None:
+            pulumi.set(__self__, "slot", slot)
+        if token_label is not None:
+            pulumi.set(__self__, "token_label", token_label)
+        if uuid is not None:
+            pulumi.set(__self__, "uuid", uuid)
+    @_builtins.property
+    @pulumi.getter(name="keyId")
+    def key_id(self) -> pulumi.Input[_builtins.str]:
+        """
+        The id of a PKCS#11 key to use
+        """
+        return pulumi.get(self, "key_id")
+    @key_id.setter
+    def key_id(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "key_id", value)
+    @_builtins.property
+    @pulumi.getter(name="keyLabel")
+    def key_label(self) -> pulumi.Input[_builtins.str]:
+        """
+        The label of the key to use
+        """
+        return pulumi.get(self, "key_label")
+    @key_label.setter
+    def key_label(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "key_label", value)
+    @_builtins.property
+    @pulumi.getter
+    def library(self) -> pulumi.Input[_builtins.str]:
+        """
+        The name of the kms_library stanza to use from Vault's config to lookup the local library path
+        """
+        return pulumi.get(self, "library")
+    @library.setter
+    def library(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "library", value)
+    @_builtins.property
+    @pulumi.getter
+    def mechanism(self) -> pulumi.Input[_builtins.str]:
+        """
+        The encryption/decryption mechanism to use, specified as a hexadecimal (prefixed by 0x) string.
+        """
+        return pulumi.get(self, "mechanism")
+    @mechanism.setter
+    def mechanism(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "mechanism", value)
+    @_builtins.property
+    @pulumi.getter
+    def name(self) -> pulumi.Input[_builtins.str]:
+        """
+        A unique lowercase name that serves as identifying the key
+        """
+        return pulumi.get(self, "name")
+    @name.setter
+    def name(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "name", value)
+    @_builtins.property
+    @pulumi.getter
+    def pin(self) -> pulumi.Input[_builtins.str]:
+        """
+        The PIN for login
+        """
+        return pulumi.get(self, "pin")
+    @pin.setter
+    def pin(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "pin", value)
+    @_builtins.property
+    @pulumi.getter(name="allowGenerateKey")
+    def allow_generate_key(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
+        """
+        return pulumi.get(self, "allow_generate_key")
+    @allow_generate_key.setter
+    def allow_generate_key(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "allow_generate_key", value)
+    @_builtins.property
+    @pulumi.getter(name="allowReplaceKey")
+    def allow_replace_key(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
+        """
+        return pulumi.get(self, "allow_replace_key")
+    @allow_replace_key.setter
+    def allow_replace_key(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "allow_replace_key", value)
+    @_builtins.property
+    @pulumi.getter(name="allowStoreKey")
+    def allow_store_key(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
+        """
+        return pulumi.get(self, "allow_store_key")
+    @allow_store_key.setter
+    def allow_store_key(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "allow_store_key", value)
+    @_builtins.property
+    @pulumi.getter(name="anyMount")
+    def any_mount(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Allow usage from any mount point within the namespace if 'true'
+        """
+        return pulumi.get(self, "any_mount")
+    @any_mount.setter
+    def any_mount(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "any_mount", value)
+    @_builtins.property
+    @pulumi.getter
+    def curve(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Supplies the curve value when using the 'CKM_ECDSA' mechanism. Required if 'allow_generate_key' is true
+        """
+        return pulumi.get(self, "curve")
+    @curve.setter
+    def curve(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "curve", value)
+    @_builtins.property
+    @pulumi.getter(name="forceRwSession")
+    def force_rw_session(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Force all operations to open up a read-write session to the HSM
+        """
+        return pulumi.get(self, "force_rw_session")
+    @force_rw_session.setter
+    def force_rw_session(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "force_rw_session", value)
+    @_builtins.property
+    @pulumi.getter(name="keyBits")
+    def key_bits(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Supplies the size in bits of the key when using 'CKM_RSA_PKCS_PSS', 'CKM_RSA_PKCS_OAEP' or 'CKM_RSA_PKCS' as a value for 'mechanism'. Required if 'allow_generate_key' is true
+        """
+        return pulumi.get(self, "key_bits")
+    @key_bits.setter
+    def key_bits(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "key_bits", value)
+    @_builtins.property
+    @pulumi.getter
+    def slot(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The slot number to use, specified as a string in a decimal format (e.g. '2305843009213693953')
+        """
+        return pulumi.get(self, "slot")
+    @slot.setter
+    def slot(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "slot", value)
+    @_builtins.property
+    @pulumi.getter(name="tokenLabel")
+    def token_label(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The slot token label to use
+        """
+        return pulumi.get(self, "token_label")
+    @token_label.setter
+    def token_label(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "token_label", value)
+    @_builtins.property
+    @pulumi.getter
+    def uuid(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        ID of the managed key read from Vault
+        """
+        return pulumi.get(self, "uuid")
+    @uuid.setter
+    def uuid(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "uuid", value)