Class SecretBackendKey

Creates an Encryption Keyring on a Transit Secret Backend for Vault.

Example Usage

using Pulumi;
using Vault = Pulumi.Vault;

class MyStack : Stack
{
public MyStack()
{
    var transit = new Vault.Mount("transit", new Vault.MountArgs
    {
        DefaultLeaseTtlSeconds = 3600,
        Description = "Example description",
        MaxLeaseTtlSeconds = 86400,
        Path = "transit",
        Type = "transit",
    });
    var key = new Vault.Transit.SecretBackendKey("key", new Vault.Transit.SecretBackendKeyArgs
    {
        Backend = transit.Path,
    });
}

}
Inheritance
System.Object
Resource
CustomResource
SecretBackendKey
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Vault.Transit
Assembly: Pulumi.Vault.dll
Syntax
public class SecretBackendKey : CustomResource

Constructors

View Source

SecretBackendKey(String, SecretBackendKeyArgs, CustomResourceOptions)

Create a SecretBackendKey resource with the given unique name, arguments, and options.

Declaration
public SecretBackendKey(string name, SecretBackendKeyArgs args, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resource
SecretBackendKeyArgs args

The arguments used to populate this resource's properties
CustomResourceOptions options

A bag of options that control this resource's behavior

Properties

View Source

AllowPlaintextBackup

Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.

  • Refer to Vault API documentation on key backups for more information: Backup Key
Declaration
public Output<bool?> AllowPlaintextBackup { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

Backend

The path the transit secret backend is mounted at, with no leading or trailing /s.

Declaration
public Output<string> Backend { get; }
Property Value
Type Description
Output<System.String>
View Source

ConvergentEncryption

Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires derived to be set to true.

Declaration
public Output<bool?> ConvergentEncryption { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

DeletionAllowed

Specifies if the key is allowed to be deleted.

Declaration
public Output<bool?> DeletionAllowed { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

Derived

Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.

Declaration
public Output<bool?> Derived { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

Exportable

Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.

Declaration
public Output<bool?> Exportable { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

Keys

List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the type of the encryption key.

  • for key types aes256-gcm96 and chacha20-poly1305, each key version will be a map of a single value id which is just a hash of the key's metadata.
  • for key types ed25519, ecdsa-p256, rsa-2048 and rsa-4096, each key version will be a map of the following:
Declaration
public Output<ImmutableArray<ImmutableDictionary<string, object>>> Keys { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.Collections.Immutable.ImmutableDictionary<System.String, System.Object>>>
View Source

LatestVersion

Latest key version available. This value is 1-indexed, so if latest_version is 1, then the key's information can be referenced from keys by selecting element 0

Declaration
public Output<int> LatestVersion { get; }
Property Value
Type Description
Output<System.Int32>
View Source

MinAvailableVersion

Minimum key version available for use. If keys have been archived by increasing min_decryption_version, this attribute will reflect that change.

Declaration
public Output<int> MinAvailableVersion { get; }
Property Value
Type Description
Output<System.Int32>
View Source

MinDecryptionVersion

Minimum key version to use for decryption.

Declaration
public Output<int?> MinDecryptionVersion { get; }
Property Value
Type Description
Output<System.Nullable<System.Int32>>
View Source

MinEncryptionVersion

Minimum key version to use for encryption

Declaration
public Output<int?> MinEncryptionVersion { get; }
Property Value
Type Description
Output<System.Nullable<System.Int32>>
View Source

Name

The name to identify this key within the backend. Must be unique within the backend.

Declaration
public Output<string> Name { get; }
Property Value
Type Description
Output<System.String>
View Source

SupportsDecryption

Whether or not the key supports decryption, based on key type.

Declaration
public Output<bool> SupportsDecryption { get; }
Property Value
Type Description
Output<System.Boolean>
View Source

SupportsDerivation

Whether or not the key supports derivation, based on key type.

Declaration
public Output<bool> SupportsDerivation { get; }
Property Value
Type Description
Output<System.Boolean>
View Source

SupportsEncryption

Whether or not the key supports encryption, based on key type.

Declaration
public Output<bool> SupportsEncryption { get; }
Property Value
Type Description
Output<System.Boolean>
View Source

SupportsSigning

Whether or not the key supports signing, based on key type.

Declaration
public Output<bool> SupportsSigning { get; }
Property Value
Type Description
Output<System.Boolean>
View Source

Type

Specifies the type of key to create. The currently-supported types are: aes256-gcm96 (default), chacha20-poly1305, ed25519, ecdsa-p256, rsa-2048 and rsa-4096.

  • Refer to the Vault documentation on transit key types for more information: Key Types
Declaration
public Output<string> Type { get; }
Property Value
Type Description
Output<System.String>

Methods

View Source

Get(String, Input<String>, SecretBackendKeyState, CustomResourceOptions)

Get an existing SecretBackendKey resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration
public static SecretBackendKey Get(string name, Input<string> id, SecretBackendKeyState state = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resulting resource.
Input<System.String> id

The unique provider ID of the resource to lookup.
SecretBackendKeyState state

Any extra arguments used during the lookup.
CustomResourceOptions options

A bag of options that control this resource's behavior
Returns
Type Description
SecretBackendKey