PyPI - pulumi-vault - Versions diffs - 7.6.0a1764657486__py3-none-any.whl - Mend

pulumi-vault 7.6.0a1764657486__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (274) hide show

pulumi_vault/__init__.py +1399 -0
pulumi_vault/_inputs.py +2701 -0
pulumi_vault/_utilities.py +331 -0
pulumi_vault/ad/__init__.py +12 -0
pulumi_vault/ad/get_access_credentials.py +177 -0
pulumi_vault/ad/secret_backend.py +1916 -0
pulumi_vault/ad/secret_library.py +546 -0
pulumi_vault/ad/secret_role.py +499 -0
pulumi_vault/alicloud/__init__.py +9 -0
pulumi_vault/alicloud/auth_backend_role.py +866 -0
pulumi_vault/approle/__init__.py +12 -0
pulumi_vault/approle/auth_backend_login.py +571 -0
pulumi_vault/approle/auth_backend_role.py +1082 -0
pulumi_vault/approle/auth_backend_role_secret_id.py +796 -0
pulumi_vault/approle/get_auth_backend_role_id.py +169 -0
pulumi_vault/audit.py +499 -0
pulumi_vault/audit_request_header.py +277 -0
pulumi_vault/auth_backend.py +565 -0
pulumi_vault/aws/__init__.py +22 -0
pulumi_vault/aws/auth_backend_cert.py +420 -0
pulumi_vault/aws/auth_backend_client.py +1259 -0
pulumi_vault/aws/auth_backend_config_identity.py +494 -0
pulumi_vault/aws/auth_backend_identity_whitelist.py +380 -0
pulumi_vault/aws/auth_backend_login.py +1046 -0
pulumi_vault/aws/auth_backend_role.py +1961 -0
pulumi_vault/aws/auth_backend_role_tag.py +638 -0
pulumi_vault/aws/auth_backend_roletag_blacklist.py +366 -0
pulumi_vault/aws/auth_backend_sts_role.py +414 -0
pulumi_vault/aws/get_access_credentials.py +369 -0
pulumi_vault/aws/get_static_access_credentials.py +137 -0
pulumi_vault/aws/secret_backend.py +2018 -0
pulumi_vault/aws/secret_backend_role.py +1188 -0
pulumi_vault/aws/secret_backend_static_role.py +639 -0
pulumi_vault/azure/__init__.py +15 -0
pulumi_vault/azure/_inputs.py +108 -0
pulumi_vault/azure/auth_backend_config.py +1096 -0
pulumi_vault/azure/auth_backend_role.py +1176 -0
pulumi_vault/azure/backend.py +1793 -0
pulumi_vault/azure/backend_role.py +883 -0
pulumi_vault/azure/get_access_credentials.py +400 -0
pulumi_vault/azure/outputs.py +107 -0
pulumi_vault/cert_auth_backend_role.py +1539 -0
pulumi_vault/config/__init__.py +9 -0
pulumi_vault/config/__init__.pyi +164 -0
pulumi_vault/config/_inputs.py +73 -0
pulumi_vault/config/outputs.py +1225 -0
pulumi_vault/config/ui_custom_message.py +530 -0
pulumi_vault/config/vars.py +230 -0
pulumi_vault/consul/__init__.py +10 -0
pulumi_vault/consul/secret_backend.py +1517 -0
pulumi_vault/consul/secret_backend_role.py +847 -0
pulumi_vault/database/__init__.py +14 -0
pulumi_vault/database/_inputs.py +11907 -0
pulumi_vault/database/outputs.py +8496 -0
pulumi_vault/database/secret_backend_connection.py +1676 -0
pulumi_vault/database/secret_backend_role.py +840 -0
pulumi_vault/database/secret_backend_static_role.py +881 -0
pulumi_vault/database/secrets_mount.py +2160 -0
pulumi_vault/egp_policy.py +399 -0
pulumi_vault/gcp/__init__.py +17 -0
pulumi_vault/gcp/_inputs.py +441 -0
pulumi_vault/gcp/auth_backend.py +1486 -0
pulumi_vault/gcp/auth_backend_role.py +1235 -0
pulumi_vault/gcp/get_auth_backend_role.py +514 -0
pulumi_vault/gcp/outputs.py +302 -0
pulumi_vault/gcp/secret_backend.py +1807 -0
pulumi_vault/gcp/secret_impersonated_account.py +484 -0
pulumi_vault/gcp/secret_roleset.py +554 -0
pulumi_vault/gcp/secret_static_account.py +557 -0
pulumi_vault/generic/__init__.py +11 -0
pulumi_vault/generic/endpoint.py +786 -0
pulumi_vault/generic/get_secret.py +306 -0
pulumi_vault/generic/secret.py +486 -0
pulumi_vault/get_auth_backend.py +226 -0
pulumi_vault/get_auth_backends.py +170 -0
pulumi_vault/get_namespace.py +226 -0
pulumi_vault/get_namespaces.py +202 -0
pulumi_vault/get_nomad_access_token.py +210 -0
pulumi_vault/get_policy_document.py +160 -0
pulumi_vault/get_raft_autopilot_state.py +267 -0
pulumi_vault/github/__init__.py +13 -0
pulumi_vault/github/_inputs.py +225 -0
pulumi_vault/github/auth_backend.py +1194 -0
pulumi_vault/github/outputs.py +174 -0
pulumi_vault/github/team.py +380 -0
pulumi_vault/github/user.py +380 -0
pulumi_vault/identity/__init__.py +35 -0
pulumi_vault/identity/entity.py +447 -0
pulumi_vault/identity/entity_alias.py +398 -0
pulumi_vault/identity/entity_policies.py +455 -0
pulumi_vault/identity/get_entity.py +384 -0
pulumi_vault/identity/get_group.py +467 -0
pulumi_vault/identity/get_oidc_client_creds.py +175 -0
pulumi_vault/identity/get_oidc_openid_config.py +334 -0
pulumi_vault/identity/get_oidc_public_keys.py +179 -0
pulumi_vault/identity/group.py +805 -0
pulumi_vault/identity/group_alias.py +386 -0
pulumi_vault/identity/group_member_entity_ids.py +444 -0
pulumi_vault/identity/group_member_group_ids.py +467 -0
pulumi_vault/identity/group_policies.py +471 -0
pulumi_vault/identity/mfa_duo.py +674 -0
pulumi_vault/identity/mfa_login_enforcement.py +566 -0
pulumi_vault/identity/mfa_okta.py +626 -0
pulumi_vault/identity/mfa_pingid.py +616 -0
pulumi_vault/identity/mfa_totp.py +758 -0
pulumi_vault/identity/oidc.py +268 -0
pulumi_vault/identity/oidc_assignment.py +375 -0
pulumi_vault/identity/oidc_client.py +667 -0
pulumi_vault/identity/oidc_key.py +474 -0
pulumi_vault/identity/oidc_key_allowed_client_id.py +298 -0
pulumi_vault/identity/oidc_provider.py +550 -0
pulumi_vault/identity/oidc_role.py +543 -0
pulumi_vault/identity/oidc_scope.py +355 -0
pulumi_vault/identity/outputs.py +137 -0
pulumi_vault/jwt/__init__.py +12 -0
pulumi_vault/jwt/_inputs.py +225 -0
pulumi_vault/jwt/auth_backend.py +1347 -0
pulumi_vault/jwt/auth_backend_role.py +1847 -0
pulumi_vault/jwt/outputs.py +174 -0
pulumi_vault/kmip/__init__.py +11 -0
pulumi_vault/kmip/secret_backend.py +1591 -0
pulumi_vault/kmip/secret_role.py +1194 -0
pulumi_vault/kmip/secret_scope.py +372 -0
pulumi_vault/kubernetes/__init__.py +15 -0
pulumi_vault/kubernetes/auth_backend_config.py +654 -0
pulumi_vault/kubernetes/auth_backend_role.py +1031 -0
pulumi_vault/kubernetes/get_auth_backend_config.py +280 -0
pulumi_vault/kubernetes/get_auth_backend_role.py +470 -0
pulumi_vault/kubernetes/get_service_account_token.py +344 -0
pulumi_vault/kubernetes/secret_backend.py +1341 -0
pulumi_vault/kubernetes/secret_backend_role.py +1140 -0
pulumi_vault/kv/__init__.py +18 -0
pulumi_vault/kv/_inputs.py +124 -0
pulumi_vault/kv/get_secret.py +240 -0
pulumi_vault/kv/get_secret_subkeys_v2.py +275 -0
pulumi_vault/kv/get_secret_v2.py +315 -0
pulumi_vault/kv/get_secrets_list.py +186 -0
pulumi_vault/kv/get_secrets_list_v2.py +243 -0
pulumi_vault/kv/outputs.py +102 -0
pulumi_vault/kv/secret.py +397 -0
pulumi_vault/kv/secret_backend_v2.py +455 -0
pulumi_vault/kv/secret_v2.py +970 -0
pulumi_vault/ldap/__init__.py +19 -0
pulumi_vault/ldap/_inputs.py +225 -0
pulumi_vault/ldap/auth_backend.py +2520 -0
pulumi_vault/ldap/auth_backend_group.py +386 -0
pulumi_vault/ldap/auth_backend_user.py +439 -0
pulumi_vault/ldap/get_dynamic_credentials.py +181 -0
pulumi_vault/ldap/get_static_credentials.py +192 -0
pulumi_vault/ldap/outputs.py +174 -0
pulumi_vault/ldap/secret_backend.py +2207 -0
pulumi_vault/ldap/secret_backend_dynamic_role.py +767 -0
pulumi_vault/ldap/secret_backend_library_set.py +552 -0
pulumi_vault/ldap/secret_backend_static_role.py +541 -0
pulumi_vault/managed/__init__.py +11 -0
pulumi_vault/managed/_inputs.py +944 -0
pulumi_vault/managed/keys.py +398 -0
pulumi_vault/managed/outputs.py +667 -0
pulumi_vault/mfa_duo.py +589 -0
pulumi_vault/mfa_okta.py +623 -0
pulumi_vault/mfa_pingid.py +670 -0
pulumi_vault/mfa_totp.py +620 -0
pulumi_vault/mongodbatlas/__init__.py +10 -0
pulumi_vault/mongodbatlas/secret_backend.py +388 -0
pulumi_vault/mongodbatlas/secret_role.py +726 -0
pulumi_vault/mount.py +1262 -0
pulumi_vault/namespace.py +452 -0
pulumi_vault/nomad_secret_backend.py +1559 -0
pulumi_vault/nomad_secret_role.py +489 -0
pulumi_vault/oci_auth_backend.py +676 -0
pulumi_vault/oci_auth_backend_role.py +852 -0
pulumi_vault/okta/__init__.py +13 -0
pulumi_vault/okta/_inputs.py +320 -0
pulumi_vault/okta/auth_backend.py +1231 -0
pulumi_vault/okta/auth_backend_group.py +369 -0
pulumi_vault/okta/auth_backend_user.py +416 -0
pulumi_vault/okta/outputs.py +244 -0
pulumi_vault/outputs.py +502 -0
pulumi_vault/pkisecret/__init__.py +38 -0
pulumi_vault/pkisecret/_inputs.py +270 -0
pulumi_vault/pkisecret/backend_acme_eab.py +550 -0
pulumi_vault/pkisecret/backend_config_acme.py +690 -0
pulumi_vault/pkisecret/backend_config_auto_tidy.py +1370 -0
pulumi_vault/pkisecret/backend_config_cluster.py +370 -0
pulumi_vault/pkisecret/backend_config_cmpv2.py +693 -0
pulumi_vault/pkisecret/backend_config_est.py +756 -0
pulumi_vault/pkisecret/backend_config_scep.py +738 -0
pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
pulumi_vault/pkisecret/get_backend_config_cmpv2.py +226 -0
pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
pulumi_vault/pkisecret/get_backend_config_scep.py +271 -0
pulumi_vault/pkisecret/get_backend_issuer.py +395 -0
pulumi_vault/pkisecret/get_backend_issuers.py +192 -0
pulumi_vault/pkisecret/get_backend_key.py +211 -0
pulumi_vault/pkisecret/get_backend_keys.py +192 -0
pulumi_vault/pkisecret/outputs.py +270 -0
pulumi_vault/pkisecret/secret_backend_cert.py +1315 -0
pulumi_vault/pkisecret/secret_backend_config_ca.py +386 -0
pulumi_vault/pkisecret/secret_backend_config_issuers.py +392 -0
pulumi_vault/pkisecret/secret_backend_config_urls.py +462 -0
pulumi_vault/pkisecret/secret_backend_crl_config.py +846 -0
pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +1629 -0
pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +444 -0
pulumi_vault/pkisecret/secret_backend_issuer.py +1089 -0
pulumi_vault/pkisecret/secret_backend_key.py +613 -0
pulumi_vault/pkisecret/secret_backend_role.py +2694 -0
pulumi_vault/pkisecret/secret_backend_root_cert.py +2134 -0
pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +2031 -0
pulumi_vault/pkisecret/secret_backend_sign.py +1194 -0
pulumi_vault/plugin.py +596 -0
pulumi_vault/plugin_pinned_version.py +299 -0
pulumi_vault/policy.py +279 -0
pulumi_vault/provider.py +781 -0
pulumi_vault/pulumi-plugin.json +5 -0
pulumi_vault/py.typed +0 -0
pulumi_vault/quota_lease_count.py +504 -0
pulumi_vault/quota_rate_limit.py +751 -0
pulumi_vault/rabbitmq/__init__.py +12 -0
pulumi_vault/rabbitmq/_inputs.py +235 -0
pulumi_vault/rabbitmq/outputs.py +144 -0
pulumi_vault/rabbitmq/secret_backend.py +1437 -0
pulumi_vault/rabbitmq/secret_backend_role.py +496 -0
pulumi_vault/raft_autopilot.py +609 -0
pulumi_vault/raft_snapshot_agent_config.py +1591 -0
pulumi_vault/rgp_policy.py +349 -0
pulumi_vault/saml/__init__.py +12 -0
pulumi_vault/saml/_inputs.py +225 -0
pulumi_vault/saml/auth_backend.py +811 -0
pulumi_vault/saml/auth_backend_role.py +1068 -0
pulumi_vault/saml/outputs.py +174 -0
pulumi_vault/scep_auth_backend_role.py +908 -0
pulumi_vault/secrets/__init__.py +18 -0
pulumi_vault/secrets/_inputs.py +110 -0
pulumi_vault/secrets/outputs.py +94 -0
pulumi_vault/secrets/sync_association.py +450 -0
pulumi_vault/secrets/sync_aws_destination.py +780 -0
pulumi_vault/secrets/sync_azure_destination.py +736 -0
pulumi_vault/secrets/sync_config.py +303 -0
pulumi_vault/secrets/sync_gcp_destination.py +572 -0
pulumi_vault/secrets/sync_gh_destination.py +688 -0
pulumi_vault/secrets/sync_github_apps.py +376 -0
pulumi_vault/secrets/sync_vercel_destination.py +603 -0
pulumi_vault/ssh/__init__.py +13 -0
pulumi_vault/ssh/_inputs.py +76 -0
pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
pulumi_vault/ssh/outputs.py +51 -0
pulumi_vault/ssh/secret_backend_ca.py +588 -0
pulumi_vault/ssh/secret_backend_role.py +1493 -0
pulumi_vault/terraformcloud/__init__.py +11 -0
pulumi_vault/terraformcloud/secret_backend.py +1321 -0
pulumi_vault/terraformcloud/secret_creds.py +445 -0
pulumi_vault/terraformcloud/secret_role.py +563 -0
pulumi_vault/token.py +1026 -0
pulumi_vault/tokenauth/__init__.py +9 -0
pulumi_vault/tokenauth/auth_backend_role.py +1135 -0
pulumi_vault/transform/__init__.py +14 -0
pulumi_vault/transform/alphabet.py +348 -0
pulumi_vault/transform/get_decode.py +287 -0
pulumi_vault/transform/get_encode.py +291 -0
pulumi_vault/transform/role.py +350 -0
pulumi_vault/transform/template.py +592 -0
pulumi_vault/transform/transformation.py +608 -0
pulumi_vault/transit/__init__.py +15 -0
pulumi_vault/transit/get_cmac.py +256 -0
pulumi_vault/transit/get_decrypt.py +181 -0
pulumi_vault/transit/get_encrypt.py +174 -0
pulumi_vault/transit/get_sign.py +328 -0
pulumi_vault/transit/get_verify.py +373 -0
pulumi_vault/transit/secret_backend_key.py +1202 -0
pulumi_vault/transit/secret_cache_config.py +302 -0
pulumi_vault-7.6.0a1764657486.dist-info/METADATA +92 -0
pulumi_vault-7.6.0a1764657486.dist-info/RECORD +274 -0
pulumi_vault-7.6.0a1764657486.dist-info/WHEEL +5 -0
pulumi_vault-7.6.0a1764657486.dist-info/top_level.txt +1 -0

pulumi_vault/secrets/sync_gh_destination.py ADDED Viewed

@@ -0,0 +1,688 @@
+# coding=utf-8
+# *** WARNING: this file was generated by pulumi-language-python. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+import builtins as _builtins
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from .. import _utilities
+__all__ = ['SyncGhDestinationArgs', 'SyncGhDestination']
+@pulumi.input_type
+class SyncGhDestinationArgs:
+    def __init__(__self__, *,
+                 access_token: Optional[pulumi.Input[_builtins.str]] = None,
+                 app_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 granularity: Optional[pulumi.Input[_builtins.str]] = None,
+                 installation_id: Optional[pulumi.Input[_builtins.int]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 repository_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 repository_owner: Optional[pulumi.Input[_builtins.str]] = None,
+                 secret_name_template: Optional[pulumi.Input[_builtins.str]] = None):
+        """
+        The set of arguments for constructing a SyncGhDestination resource.
+        :param pulumi.Input[_builtins.str] access_token: Fine-grained or personal access token.
+               Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment
+               variable.
+        :param pulumi.Input[_builtins.str] app_name: The user-defined name of the GitHub App configuration. This is a reference to the name used
+               on the new endpoint when configuring the GitHub app on the Vault Server. Can be modified.
+               Takes precedence over the `access_token` field.
+        :param pulumi.Input[_builtins.str] granularity: Determines what level of information is synced as a distinct resource
+               at the destination. Supports `secret-path` and `secret-key`.
+        :param pulumi.Input[_builtins.int] installation_id: The ID of the installation generated by GitHub when the app referenced by the `app_name`
+               was installed in the user’s GitHub account. Can be modified. Necessary if the `app_name` field is also provided.
+        :param pulumi.Input[_builtins.str] name: Unique name of the GitHub destination.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        :param pulumi.Input[_builtins.str] repository_name: Name of the repository.
+               Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment
+               variable.
+        :param pulumi.Input[_builtins.str] repository_owner: GitHub organization or username that owns the repository.
+               Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment
+               variable.
+        :param pulumi.Input[_builtins.str] secret_name_template: Template describing how to generate external secret names.
+               Supports a subset of the Go Template syntax.
+        """
+        if access_token is not None:
+            pulumi.set(__self__, "access_token", access_token)
+        if app_name is not None:
+            pulumi.set(__self__, "app_name", app_name)
+        if granularity is not None:
+            pulumi.set(__self__, "granularity", granularity)
+        if installation_id is not None:
+            pulumi.set(__self__, "installation_id", installation_id)
+        if name is not None:
+            pulumi.set(__self__, "name", name)
+        if namespace is not None:
+            pulumi.set(__self__, "namespace", namespace)
+        if repository_name is not None:
+            pulumi.set(__self__, "repository_name", repository_name)
+        if repository_owner is not None:
+            pulumi.set(__self__, "repository_owner", repository_owner)
+        if secret_name_template is not None:
+            pulumi.set(__self__, "secret_name_template", secret_name_template)
+    @_builtins.property
+    @pulumi.getter(name="accessToken")
+    def access_token(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Fine-grained or personal access token.
+        Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment
+        variable.
+        """
+        return pulumi.get(self, "access_token")
+    @access_token.setter
+    def access_token(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "access_token", value)
+    @_builtins.property
+    @pulumi.getter(name="appName")
+    def app_name(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The user-defined name of the GitHub App configuration. This is a reference to the name used
+        on the new endpoint when configuring the GitHub app on the Vault Server. Can be modified.
+        Takes precedence over the `access_token` field.
+        """
+        return pulumi.get(self, "app_name")
+    @app_name.setter
+    def app_name(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "app_name", value)
+    @_builtins.property
+    @pulumi.getter
+    def granularity(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Determines what level of information is synced as a distinct resource
+        at the destination. Supports `secret-path` and `secret-key`.
+        """
+        return pulumi.get(self, "granularity")
+    @granularity.setter
+    def granularity(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "granularity", value)
+    @_builtins.property
+    @pulumi.getter(name="installationId")
+    def installation_id(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        The ID of the installation generated by GitHub when the app referenced by the `app_name`
+        was installed in the user’s GitHub account. Can be modified. Necessary if the `app_name` field is also provided.
+        """
+        return pulumi.get(self, "installation_id")
+    @installation_id.setter
+    def installation_id(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "installation_id", value)
+    @_builtins.property
+    @pulumi.getter
+    def name(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Unique name of the GitHub destination.
+        """
+        return pulumi.get(self, "name")
+    @name.setter
+    def name(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "name", value)
+    @_builtins.property
+    @pulumi.getter
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The namespace to provision the resource in.
+        The value should not contain leading or trailing forward slashes.
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        """
+        return pulumi.get(self, "namespace")
+    @namespace.setter
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "namespace", value)
+    @_builtins.property
+    @pulumi.getter(name="repositoryName")
+    def repository_name(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Name of the repository.
+        Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment
+        variable.
+        """
+        return pulumi.get(self, "repository_name")
+    @repository_name.setter
+    def repository_name(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "repository_name", value)
+    @_builtins.property
+    @pulumi.getter(name="repositoryOwner")
+    def repository_owner(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        GitHub organization or username that owns the repository.
+        Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment
+        variable.
+        """
+        return pulumi.get(self, "repository_owner")
+    @repository_owner.setter
+    def repository_owner(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "repository_owner", value)
+    @_builtins.property
+    @pulumi.getter(name="secretNameTemplate")
+    def secret_name_template(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Template describing how to generate external secret names.
+        Supports a subset of the Go Template syntax.
+        """
+        return pulumi.get(self, "secret_name_template")
+    @secret_name_template.setter
+    def secret_name_template(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "secret_name_template", value)
+@pulumi.input_type
+class _SyncGhDestinationState:
+    def __init__(__self__, *,
+                 access_token: Optional[pulumi.Input[_builtins.str]] = None,
+                 app_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 granularity: Optional[pulumi.Input[_builtins.str]] = None,
+                 installation_id: Optional[pulumi.Input[_builtins.int]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 repository_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 repository_owner: Optional[pulumi.Input[_builtins.str]] = None,
+                 secret_name_template: Optional[pulumi.Input[_builtins.str]] = None,
+                 type: Optional[pulumi.Input[_builtins.str]] = None):
+        """
+        Input properties used for looking up and filtering SyncGhDestination resources.
+        :param pulumi.Input[_builtins.str] access_token: Fine-grained or personal access token.
+               Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment
+               variable.
+        :param pulumi.Input[_builtins.str] app_name: The user-defined name of the GitHub App configuration. This is a reference to the name used
+               on the new endpoint when configuring the GitHub app on the Vault Server. Can be modified.
+               Takes precedence over the `access_token` field.
+        :param pulumi.Input[_builtins.str] granularity: Determines what level of information is synced as a distinct resource
+               at the destination. Supports `secret-path` and `secret-key`.
+        :param pulumi.Input[_builtins.int] installation_id: The ID of the installation generated by GitHub when the app referenced by the `app_name`
+               was installed in the user’s GitHub account. Can be modified. Necessary if the `app_name` field is also provided.
+        :param pulumi.Input[_builtins.str] name: Unique name of the GitHub destination.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        :param pulumi.Input[_builtins.str] repository_name: Name of the repository.
+               Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment
+               variable.
+        :param pulumi.Input[_builtins.str] repository_owner: GitHub organization or username that owns the repository.
+               Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment
+               variable.
+        :param pulumi.Input[_builtins.str] secret_name_template: Template describing how to generate external secret names.
+               Supports a subset of the Go Template syntax.
+        :param pulumi.Input[_builtins.str] type: The type of the secrets destination (`gh`).
+        """
+        if access_token is not None:
+            pulumi.set(__self__, "access_token", access_token)
+        if app_name is not None:
+            pulumi.set(__self__, "app_name", app_name)
+        if granularity is not None:
+            pulumi.set(__self__, "granularity", granularity)
+        if installation_id is not None:
+            pulumi.set(__self__, "installation_id", installation_id)
+        if name is not None:
+            pulumi.set(__self__, "name", name)
+        if namespace is not None:
+            pulumi.set(__self__, "namespace", namespace)
+        if repository_name is not None:
+            pulumi.set(__self__, "repository_name", repository_name)
+        if repository_owner is not None:
+            pulumi.set(__self__, "repository_owner", repository_owner)
+        if secret_name_template is not None:
+            pulumi.set(__self__, "secret_name_template", secret_name_template)
+        if type is not None:
+            pulumi.set(__self__, "type", type)
+    @_builtins.property
+    @pulumi.getter(name="accessToken")
+    def access_token(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Fine-grained or personal access token.
+        Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment
+        variable.
+        """
+        return pulumi.get(self, "access_token")
+    @access_token.setter
+    def access_token(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "access_token", value)
+    @_builtins.property
+    @pulumi.getter(name="appName")
+    def app_name(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The user-defined name of the GitHub App configuration. This is a reference to the name used
+        on the new endpoint when configuring the GitHub app on the Vault Server. Can be modified.
+        Takes precedence over the `access_token` field.
+        """
+        return pulumi.get(self, "app_name")
+    @app_name.setter
+    def app_name(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "app_name", value)
+    @_builtins.property
+    @pulumi.getter
+    def granularity(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Determines what level of information is synced as a distinct resource
+        at the destination. Supports `secret-path` and `secret-key`.
+        """
+        return pulumi.get(self, "granularity")
+    @granularity.setter
+    def granularity(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "granularity", value)
+    @_builtins.property
+    @pulumi.getter(name="installationId")
+    def installation_id(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        The ID of the installation generated by GitHub when the app referenced by the `app_name`
+        was installed in the user’s GitHub account. Can be modified. Necessary if the `app_name` field is also provided.
+        """
+        return pulumi.get(self, "installation_id")
+    @installation_id.setter
+    def installation_id(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "installation_id", value)
+    @_builtins.property
+    @pulumi.getter
+    def name(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Unique name of the GitHub destination.
+        """
+        return pulumi.get(self, "name")
+    @name.setter
+    def name(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "name", value)
+    @_builtins.property
+    @pulumi.getter
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The namespace to provision the resource in.
+        The value should not contain leading or trailing forward slashes.
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        """
+        return pulumi.get(self, "namespace")
+    @namespace.setter
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "namespace", value)
+    @_builtins.property
+    @pulumi.getter(name="repositoryName")
+    def repository_name(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Name of the repository.
+        Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment
+        variable.
+        """
+        return pulumi.get(self, "repository_name")
+    @repository_name.setter
+    def repository_name(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "repository_name", value)
+    @_builtins.property
+    @pulumi.getter(name="repositoryOwner")
+    def repository_owner(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        GitHub organization or username that owns the repository.
+        Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment
+        variable.
+        """
+        return pulumi.get(self, "repository_owner")
+    @repository_owner.setter
+    def repository_owner(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "repository_owner", value)
+    @_builtins.property
+    @pulumi.getter(name="secretNameTemplate")
+    def secret_name_template(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Template describing how to generate external secret names.
+        Supports a subset of the Go Template syntax.
+        """
+        return pulumi.get(self, "secret_name_template")
+    @secret_name_template.setter
+    def secret_name_template(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "secret_name_template", value)
+    @_builtins.property
+    @pulumi.getter
+    def type(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The type of the secrets destination (`gh`).
+        """
+        return pulumi.get(self, "type")
+    @type.setter
+    def type(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "type", value)
+@pulumi.type_token("vault:secrets/syncGhDestination:SyncGhDestination")
+class SyncGhDestination(pulumi.CustomResource):
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 access_token: Optional[pulumi.Input[_builtins.str]] = None,
+                 app_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 granularity: Optional[pulumi.Input[_builtins.str]] = None,
+                 installation_id: Optional[pulumi.Input[_builtins.int]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 repository_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 repository_owner: Optional[pulumi.Input[_builtins.str]] = None,
+                 secret_name_template: Optional[pulumi.Input[_builtins.str]] = None,
+                 __props__=None):
+        """
+        ## Example Usage
+        ```python
+        import pulumi
+        import pulumi_vault as vault
+        gh = vault.secrets.SyncGhDestination("gh",
+            name="gh-dest",
+            access_token=access_token,
+            repository_owner=repo_owner,
+            repository_name="repo-name-example",
+            secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}")
+        ```
+        ## Import
+        GitHub Secrets sync destinations can be imported using the `name`, e.g.
+        ```sh
+        $ pulumi import vault:secrets/syncGhDestination:SyncGhDestination gh gh-dest
+        ```
+        :param str resource_name: The name of the resource.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[_builtins.str] access_token: Fine-grained or personal access token.
+               Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment
+               variable.
+        :param pulumi.Input[_builtins.str] app_name: The user-defined name of the GitHub App configuration. This is a reference to the name used
+               on the new endpoint when configuring the GitHub app on the Vault Server. Can be modified.
+               Takes precedence over the `access_token` field.
+        :param pulumi.Input[_builtins.str] granularity: Determines what level of information is synced as a distinct resource
+               at the destination. Supports `secret-path` and `secret-key`.
+        :param pulumi.Input[_builtins.int] installation_id: The ID of the installation generated by GitHub when the app referenced by the `app_name`
+               was installed in the user’s GitHub account. Can be modified. Necessary if the `app_name` field is also provided.
+        :param pulumi.Input[_builtins.str] name: Unique name of the GitHub destination.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        :param pulumi.Input[_builtins.str] repository_name: Name of the repository.
+               Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment
+               variable.
+        :param pulumi.Input[_builtins.str] repository_owner: GitHub organization or username that owns the repository.
+               Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment
+               variable.
+        :param pulumi.Input[_builtins.str] secret_name_template: Template describing how to generate external secret names.
+               Supports a subset of the Go Template syntax.
+        """
+        ...
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 args: Optional[SyncGhDestinationArgs] = None,
+                 opts: Optional[pulumi.ResourceOptions] = None):
+        """
+        ## Example Usage
+        ```python
+        import pulumi
+        import pulumi_vault as vault
+        gh = vault.secrets.SyncGhDestination("gh",
+            name="gh-dest",
+            access_token=access_token,
+            repository_owner=repo_owner,
+            repository_name="repo-name-example",
+            secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}")
+        ```
+        ## Import
+        GitHub Secrets sync destinations can be imported using the `name`, e.g.
+        ```sh
+        $ pulumi import vault:secrets/syncGhDestination:SyncGhDestination gh gh-dest
+        ```
+        :param str resource_name: The name of the resource.
+        :param SyncGhDestinationArgs args: The arguments to use to populate this resource's properties.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        """
+        ...
+    def __init__(__self__, resource_name: str, *args, **kwargs):
+        resource_args, opts = _utilities.get_resource_args_opts(SyncGhDestinationArgs, pulumi.ResourceOptions, *args, **kwargs)
+        if resource_args is not None:
+            __self__._internal_init(resource_name, opts, **resource_args.__dict__)
+        else:
+            __self__._internal_init(resource_name, *args, **kwargs)
+    def _internal_init(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 access_token: Optional[pulumi.Input[_builtins.str]] = None,
+                 app_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 granularity: Optional[pulumi.Input[_builtins.str]] = None,
+                 installation_id: Optional[pulumi.Input[_builtins.int]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 repository_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 repository_owner: Optional[pulumi.Input[_builtins.str]] = None,
+                 secret_name_template: Optional[pulumi.Input[_builtins.str]] = None,
+                 __props__=None):
+        opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
+        if not isinstance(opts, pulumi.ResourceOptions):
+            raise TypeError('Expected resource options to be a ResourceOptions instance')
+        if opts.id is None:
+            if __props__ is not None:
+                raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
+            __props__ = SyncGhDestinationArgs.__new__(SyncGhDestinationArgs)
+            __props__.__dict__["access_token"] = None if access_token is None else pulumi.Output.secret(access_token)
+            __props__.__dict__["app_name"] = app_name
+            __props__.__dict__["granularity"] = granularity
+            __props__.__dict__["installation_id"] = installation_id
+            __props__.__dict__["name"] = name
+            __props__.__dict__["namespace"] = namespace
+            __props__.__dict__["repository_name"] = repository_name
+            __props__.__dict__["repository_owner"] = repository_owner
+            __props__.__dict__["secret_name_template"] = secret_name_template
+            __props__.__dict__["type"] = None
+        secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["accessToken"])
+        opts = pulumi.ResourceOptions.merge(opts, secret_opts)
+        super(SyncGhDestination, __self__).__init__(
+            'vault:secrets/syncGhDestination:SyncGhDestination',
+            resource_name,
+            __props__,
+            opts)
+    @staticmethod
+    def get(resource_name: str,
+            id: pulumi.Input[str],
+            opts: Optional[pulumi.ResourceOptions] = None,
+            access_token: Optional[pulumi.Input[_builtins.str]] = None,
+            app_name: Optional[pulumi.Input[_builtins.str]] = None,
+            granularity: Optional[pulumi.Input[_builtins.str]] = None,
+            installation_id: Optional[pulumi.Input[_builtins.int]] = None,
+            name: Optional[pulumi.Input[_builtins.str]] = None,
+            namespace: Optional[pulumi.Input[_builtins.str]] = None,
+            repository_name: Optional[pulumi.Input[_builtins.str]] = None,
+            repository_owner: Optional[pulumi.Input[_builtins.str]] = None,
+            secret_name_template: Optional[pulumi.Input[_builtins.str]] = None,
+            type: Optional[pulumi.Input[_builtins.str]] = None) -> 'SyncGhDestination':
+        """
+        Get an existing SyncGhDestination resource's state with the given name, id, and optional extra
+        properties used to qualify the lookup.
+        :param str resource_name: The unique name of the resulting resource.
+        :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[_builtins.str] access_token: Fine-grained or personal access token.
+               Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment
+               variable.
+        :param pulumi.Input[_builtins.str] app_name: The user-defined name of the GitHub App configuration. This is a reference to the name used
+               on the new endpoint when configuring the GitHub app on the Vault Server. Can be modified.
+               Takes precedence over the `access_token` field.
+        :param pulumi.Input[_builtins.str] granularity: Determines what level of information is synced as a distinct resource
+               at the destination. Supports `secret-path` and `secret-key`.
+        :param pulumi.Input[_builtins.int] installation_id: The ID of the installation generated by GitHub when the app referenced by the `app_name`
+               was installed in the user’s GitHub account. Can be modified. Necessary if the `app_name` field is also provided.
+        :param pulumi.Input[_builtins.str] name: Unique name of the GitHub destination.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        :param pulumi.Input[_builtins.str] repository_name: Name of the repository.
+               Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment
+               variable.
+        :param pulumi.Input[_builtins.str] repository_owner: GitHub organization or username that owns the repository.
+               Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment
+               variable.
+        :param pulumi.Input[_builtins.str] secret_name_template: Template describing how to generate external secret names.
+               Supports a subset of the Go Template syntax.
+        :param pulumi.Input[_builtins.str] type: The type of the secrets destination (`gh`).
+        """
+        opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
+        __props__ = _SyncGhDestinationState.__new__(_SyncGhDestinationState)
+        __props__.__dict__["access_token"] = access_token
+        __props__.__dict__["app_name"] = app_name
+        __props__.__dict__["granularity"] = granularity
+        __props__.__dict__["installation_id"] = installation_id
+        __props__.__dict__["name"] = name
+        __props__.__dict__["namespace"] = namespace
+        __props__.__dict__["repository_name"] = repository_name
+        __props__.__dict__["repository_owner"] = repository_owner
+        __props__.__dict__["secret_name_template"] = secret_name_template
+        __props__.__dict__["type"] = type
+        return SyncGhDestination(resource_name, opts=opts, __props__=__props__)
+    @_builtins.property
+    @pulumi.getter(name="accessToken")
+    def access_token(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        Fine-grained or personal access token.
+        Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment
+        variable.
+        """
+        return pulumi.get(self, "access_token")
+    @_builtins.property
+    @pulumi.getter(name="appName")
+    def app_name(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        The user-defined name of the GitHub App configuration. This is a reference to the name used
+        on the new endpoint when configuring the GitHub app on the Vault Server. Can be modified.
+        Takes precedence over the `access_token` field.
+        """
+        return pulumi.get(self, "app_name")
+    @_builtins.property
+    @pulumi.getter
+    def granularity(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        Determines what level of information is synced as a distinct resource
+        at the destination. Supports `secret-path` and `secret-key`.
+        """
+        return pulumi.get(self, "granularity")
+    @_builtins.property
+    @pulumi.getter(name="installationId")
+    def installation_id(self) -> pulumi.Output[Optional[_builtins.int]]:
+        """
+        The ID of the installation generated by GitHub when the app referenced by the `app_name`
+        was installed in the user’s GitHub account. Can be modified. Necessary if the `app_name` field is also provided.
+        """
+        return pulumi.get(self, "installation_id")
+    @_builtins.property
+    @pulumi.getter
+    def name(self) -> pulumi.Output[_builtins.str]:
+        """
+        Unique name of the GitHub destination.
+        """
+        return pulumi.get(self, "name")
+    @_builtins.property
+    @pulumi.getter
+    def namespace(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        The namespace to provision the resource in.
+        The value should not contain leading or trailing forward slashes.
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        """
+        return pulumi.get(self, "namespace")
+    @_builtins.property
+    @pulumi.getter(name="repositoryName")
+    def repository_name(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        Name of the repository.
+        Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment
+        variable.
+        """
+        return pulumi.get(self, "repository_name")
+    @_builtins.property
+    @pulumi.getter(name="repositoryOwner")
+    def repository_owner(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        GitHub organization or username that owns the repository.
+        Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment
+        variable.
+        """
+        return pulumi.get(self, "repository_owner")
+    @_builtins.property
+    @pulumi.getter(name="secretNameTemplate")
+    def secret_name_template(self) -> pulumi.Output[_builtins.str]:
+        """
+        Template describing how to generate external secret names.
+        Supports a subset of the Go Template syntax.
+        """
+        return pulumi.get(self, "secret_name_template")
+    @_builtins.property
+    @pulumi.getter
+    def type(self) -> pulumi.Output[_builtins.str]:
+        """
+        The type of the secrets destination (`gh`).
+        """
+        return pulumi.get(self, "type")