Class SecretBackendRole

Provides a resource to manage roles in an SSH secret backend SSH secret backend within Vault.

Example Usage

using Pulumi;
using Vault = Pulumi.Vault;

class MyStack : Stack
{
public MyStack()
{
    var example = new Vault.Mount("example", new Vault.MountArgs
    {
        Type = "ssh",
    });
    var foo = new Vault.Ssh.SecretBackendRole("foo", new Vault.Ssh.SecretBackendRoleArgs
    {
        AllowUserCertificates = true,
        Backend = example.Path,
        KeyType = "ca",
    });
    var bar = new Vault.Ssh.SecretBackendRole("bar", new Vault.Ssh.SecretBackendRoleArgs
    {
        AllowedUsers = "default,baz",
        Backend = example.Path,
        CidrList = "0.0.0.0/0",
        DefaultUser = "default",
        KeyType = "otp",
    });
}

}
Inheritance
System.Object
Resource
CustomResource
SecretBackendRole
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Vault.Ssh
Assembly: Pulumi.Vault.dll
Syntax
public class SecretBackendRole : CustomResource

Constructors

View Source

SecretBackendRole(String, SecretBackendRoleArgs, CustomResourceOptions)

Create a SecretBackendRole resource with the given unique name, arguments, and options.

Declaration
public SecretBackendRole(string name, SecretBackendRoleArgs args, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resource
SecretBackendRoleArgs args

The arguments used to populate this resource's properties
CustomResourceOptions options

A bag of options that control this resource's behavior

Properties

View Source

AllowBareDomains

Specifies if host certificates that are requested are allowed to use the base domains listed in allowed_domains.

Declaration
public Output<bool?> AllowBareDomains { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

AllowedCriticalOptions

Specifies a comma-separated list of critical options that certificates can have when signed.

Declaration
public Output<string> AllowedCriticalOptions { get; }
Property Value
Type Description
Output<System.String>
View Source

AllowedDomains

The list of domains for which a client can request a host certificate.

Declaration
public Output<string> AllowedDomains { get; }
Property Value
Type Description
Output<System.String>
View Source

AllowedExtensions

Specifies a comma-separated list of extensions that certificates can have when signed.

Declaration
public Output<string> AllowedExtensions { get; }
Property Value
Type Description
Output<System.String>
View Source

AllowedUserKeyLengths

Specifies a map of ssh key types and their expected sizes which are allowed to be signed by the CA type.

Declaration
public Output<ImmutableDictionary<string, object>> AllowedUserKeyLengths { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableDictionary<System.String, System.Object>>
View Source

AllowedUsers

Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.

Declaration
public Output<string> AllowedUsers { get; }
Property Value
Type Description
Output<System.String>
View Source

AllowHostCertificates

Specifies if certificates are allowed to be signed for use as a 'host'.

Declaration
public Output<bool?> AllowHostCertificates { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

AllowSubdomains

Specifies if host certificates that are requested are allowed to be subdomains of those listed in allowed_domains.

Declaration
public Output<bool?> AllowSubdomains { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

AllowUserCertificates

Specifies if certificates are allowed to be signed for use as a 'user'.

Declaration
public Output<bool?> AllowUserCertificates { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

AllowUserKeyIds

Specifies if users can override the key ID for a signed certificate with the key_id field.

Declaration
public Output<bool?> AllowUserKeyIds { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

Backend

The path where the SSH secret backend is mounted.

Declaration
public Output<string> Backend { get; }
Property Value
Type Description
Output<System.String>
View Source

CidrList

The comma-separated string of CIDR blocks for which this role is applicable.

Declaration
public Output<string> CidrList { get; }
Property Value
Type Description
Output<System.String>
View Source

DefaultCriticalOptions

Specifies a map of critical options that certificates have when signed.

Declaration
public Output<ImmutableDictionary<string, object>> DefaultCriticalOptions { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableDictionary<System.String, System.Object>>
View Source

DefaultExtensions

Specifies a map of extensions that certificates have when signed.

Declaration
public Output<ImmutableDictionary<string, object>> DefaultExtensions { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableDictionary<System.String, System.Object>>
View Source

DefaultUser

Specifies the default username for which a credential will be generated.

Declaration
public Output<string> DefaultUser { get; }
Property Value
Type Description
Output<System.String>
View Source

KeyIdFormat

Specifies a custom format for the key id of a signed certificate.

Declaration
public Output<string> KeyIdFormat { get; }
Property Value
Type Description
Output<System.String>
View Source

KeyType

Specifies the type of credentials generated by this role. This can be either otp, dynamic or ca.

Declaration
public Output<string> KeyType { get; }
Property Value
Type Description
Output<System.String>
View Source

MaxTtl

Specifies the maximum Time To Live value.

Declaration
public Output<string> MaxTtl { get; }
Property Value
Type Description
Output<System.String>
View Source

Name

Specifies the name of the role to create.

Declaration
public Output<string> Name { get; }
Property Value
Type Description
Output<System.String>
View Source

Ttl

Specifies the Time To Live value.

Declaration
public Output<string> Ttl { get; }
Property Value
Type Description
Output<System.String>

Methods

View Source

Get(String, Input<String>, SecretBackendRoleState, CustomResourceOptions)

Get an existing SecretBackendRole resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration
public static SecretBackendRole Get(string name, Input<string> id, SecretBackendRoleState state = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resulting resource.
Input<System.String> id

The unique provider ID of the resource to lookup.
SecretBackendRoleState state

Any extra arguments used during the lookup.
CustomResourceOptions options

A bag of options that control this resource's behavior
Returns
Type Description
SecretBackendRole