1. Docs
  2. Reference
  3. API
  4. @pulumi/vault

Package @pulumi/vault

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-vault repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-vault repo.

var vault = require("@pulumi/vault");

import * as vault from "@pulumi/vault";

Modules

Resources

Functions

Others

Resources

Resource Audit

class Audit extends CustomResource

Example Usage (file audit device)

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const test = new vault.Audit("test", {
    options: {
        file_path: "C:/temp/audit.txt",
    },
    type: "file",
});

Example Usage (socket audit device)

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const test = new vault.Audit("test", {
    options: {
        address: "127.0.0.1:8000",
        description: "application x socket",
        socket_type: "tcp",
    },
    path: "appSocket",
    type: "socket",
});

constructor

new Audit(name: string, args: AuditArgs, opts?: pulumi.CustomResourceOptions)

Create a Audit resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AuditState, opts?: pulumi.CustomResourceOptions): Audit

Get an existing Audit resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Audit

Returns true if the given object is an instance of Audit. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property description

public description: pulumi.Output<string | undefined>;

Human-friendly description of the audit device.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property options

public options: pulumi.Output<{[key: string]: string}>;

Configuration options to pass to the audit device itself.

property path

public path: pulumi.Output<string>;

The path to mount the audit device. This defaults to the type.

property type

public type: pulumi.Output<string>;

Type of the audit device, such as ‘file’.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource AuthBackend

class AuthBackend extends CustomResource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const example = new vault.AuthBackend("example", {
    tune: {
        listingVisibility: "unauth",
        maxLeaseTtl: "90000s",
    },
    type: "github",
});

constructor

new AuthBackend(name: string, args: AuthBackendArgs, opts?: pulumi.CustomResourceOptions)

Create a AuthBackend resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AuthBackendState, opts?: pulumi.CustomResourceOptions): AuthBackend

Get an existing AuthBackend resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AuthBackend

Returns true if the given object is an instance of AuthBackend. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accessor

public accessor: pulumi.Output<string>;

The accessor for this auth method

property defaultLeaseTtlSeconds

public defaultLeaseTtlSeconds: pulumi.Output<number>;

(Optional; Deprecated, use tune.default_lease_ttl if you are using Vault provider version >= 1.8) The default lease duration in seconds.

property description

public description: pulumi.Output<string | undefined>;

A description of the auth method

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property listingVisibility

public listingVisibility: pulumi.Output<string>;

Specifies whether to show this mount in the UI-specific listing endpoint. Valid values are “unauth” or “hidden”.

property local

public local: pulumi.Output<boolean | undefined>;

Specifies if the auth method is local only.

property maxLeaseTtlSeconds

public maxLeaseTtlSeconds: pulumi.Output<number>;

(Optional; Deprecated, use tune.max_lease_ttl if you are using Vault provider version >= 1.8) The maximum lease duration in seconds.

property path

public path: pulumi.Output<string>;

The path to mount the auth method — this defaults to the name of the type

property tune

public tune: pulumi.Output<AuthBackendTune>;

Extra configuration block. Structure is documented below.

property type

public type: pulumi.Output<string>;

The name of the auth method type

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource CertAuthBackendRole

class CertAuthBackendRole extends CustomResource

Provides a resource to create a role in an Cert auth backend within Vault.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
import * from "fs";

const certAuthBackend = new vault.AuthBackend("certAuthBackend", {
    path: "cert",
    type: "cert",
});
const certCertAuthBackendRole = new vault.CertAuthBackendRole("certCertAuthBackendRole", {
    certificate: fs.readFileSync("/path/to/certs/ca-cert.pem"),
    backend: certAuthBackend.path,
    allowedNames: [
        "foo.example.org",
        "baz.example.org",
    ],
    tokenTtl: 300,
    tokenMaxTtl: 600,
    tokenPolicies: ["foo"],
});

constructor

new CertAuthBackendRole(name: string, args: CertAuthBackendRoleArgs, opts?: pulumi.CustomResourceOptions)

Create a CertAuthBackendRole resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: CertAuthBackendRoleState, opts?: pulumi.CustomResourceOptions): CertAuthBackendRole

Get an existing CertAuthBackendRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is CertAuthBackendRole

Returns true if the given object is an instance of CertAuthBackendRole. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property allowedCommonNames

public allowedCommonNames: pulumi.Output<string[]>;

Allowed the common names for authenticated client certificates

property allowedDnsSans

public allowedDnsSans: pulumi.Output<string[]>;

Allowed alternative dns names for authenticated client certificates

property allowedEmailSans

public allowedEmailSans: pulumi.Output<string[]>;

Allowed emails for authenticated client certificates

property allowedNames

public allowedNames: pulumi.Output<string[]>;

Allowed subject names for authenticated client certificates

property allowedOrganizationUnits

public allowedOrganizationUnits: pulumi.Output<string[]>;

Allowed organization units for authenticated client certificates

property allowedUriSans

public allowedUriSans: pulumi.Output<string[]>;

Allowed URIs for authenticated client certificates

property backend

public backend: pulumi.Output<string | undefined>;

Path to the mounted Cert auth backend

property boundCidrs

public boundCidrs: pulumi.Output<string[]>;

Restriction usage of the certificates to client IPs falling within the range of the specified CIDRs

property certificate

public certificate: pulumi.Output<string>;

CA certificate used to validate client certificates

property displayName

public displayName: pulumi.Output<string>;

The name to display on tokens issued under this role.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property maxTtl

public maxTtl: pulumi.Output<string>;

The maximum allowed lifetime of tokens issued using this role, provided as a number of seconds.

property name

public name: pulumi.Output<string>;

Name of the role

property period

public period: pulumi.Output<string>;

If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token’s TTL will be set to the value of this field. Specified in seconds.

property policies

public policies: pulumi.Output<string[]>;

An array of strings specifying the policies to be set on tokens issued using this role.

property requiredExtensions

public requiredExtensions: pulumi.Output<string[]>;

TLS extensions required on client certificates

property tokenBoundCidrs

public tokenBoundCidrs: pulumi.Output<string[] | undefined>;

List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.

property tokenExplicitMaxTtl

public tokenExplicitMaxTtl: pulumi.Output<number | undefined>;

If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if tokenTtl and tokenMaxTtl would otherwise allow a renewal.

property tokenMaxTtl

public tokenMaxTtl: pulumi.Output<number | undefined>;

The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

property tokenNoDefaultPolicy

public tokenNoDefaultPolicy: pulumi.Output<boolean | undefined>;

If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.

property tokenNumUses

public tokenNumUses: pulumi.Output<number | undefined>;

The period, if any, in number of seconds to set on the token.

property tokenPeriod

public tokenPeriod: pulumi.Output<number | undefined>;

If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token’s TTL will be set to the value of this field. Specified in seconds.

property tokenPolicies

public tokenPolicies: pulumi.Output<string[] | undefined>;

List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.

property tokenTtl

public tokenTtl: pulumi.Output<number | undefined>;

The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

property tokenType

public tokenType: pulumi.Output<string | undefined>;

The type of token that should be generated. Can be service, batch, or default to use the mount’s tuned default (which unless changed will be service tokens). For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.

property ttl

public ttl: pulumi.Output<string>;

The TTL period of tokens issued using this role, provided as a number of seconds.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource EgpPolicy

class EgpPolicy extends CustomResource

Provides a resource to manage Endpoint Governing Policy (EGP) via Sentinel.

Note this feature is available only with Vault Enterprise.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const allowAll = new vault.EgpPolicy("allow-all", {
    enforcementLevel: "soft-mandatory",
    paths: ["*"],
    policy: `main = rule {
  true
}
`,
});

constructor

new EgpPolicy(name: string, args: EgpPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a EgpPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: EgpPolicyState, opts?: pulumi.CustomResourceOptions): EgpPolicy

Get an existing EgpPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is EgpPolicy

Returns true if the given object is an instance of EgpPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property enforcementLevel

public enforcementLevel: pulumi.Output<string>;

Enforcement level of Sentinel policy. Can be either advisory or soft-mandatory or hard-mandatory

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the policy

property paths

public paths: pulumi.Output<string[]>;

List of paths to which the policy will be applied to

property policy

public policy: pulumi.Output<string>;

String containing a Sentinel policy

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource MfaDuo

class MfaDuo extends CustomResource

Provides a resource to manage Duo MFA.

Note this feature is available only with Vault Enterprise.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const userpass = new vault.AuthBackend("userpass", {
    path: "userpass",
    type: "userpass",
});
const myDuo = new vault.MfaDuo("myDuo", {
    apiHostname: "api-2b5c39f5.duosecurity.com",
    integrationKey: "BIACEUEAXI20BNWTEYXT",
    mountAccessor: userpass.accessor,
    secretKey: "8C7THtrIigh2rPZQMbguugt8IUftWhMRCOBzbuyz",
});

constructor

new MfaDuo(name: string, args: MfaDuoArgs, opts?: pulumi.CustomResourceOptions)

Create a MfaDuo resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: MfaDuoState, opts?: pulumi.CustomResourceOptions): MfaDuo

Get an existing MfaDuo resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is MfaDuo

Returns true if the given object is an instance of MfaDuo. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property apiHostname

public apiHostname: pulumi.Output<string>;

API hostname for Duo.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property integrationKey

public integrationKey: pulumi.Output<string>;

Integration key for Duo.

property mountAccessor

public mountAccessor: pulumi.Output<string>;

The mount to tie this method to for use in automatic mappings. The mapping will use the Name field of Aliases associated with this mount as the username in the mapping.

property name

public name: pulumi.Output<string>;

Name of the MFA method.

property pushInfo

public pushInfo: pulumi.Output<string | undefined>;

Push information for Duo.

property secretKey

public secretKey: pulumi.Output<string>;

Secret key for Duo.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property usernameFormat

public usernameFormat: pulumi.Output<string | undefined>;

A format string for mapping Identity names to MFA method names. Values to substitute should be placed in {{}}.

Resource Mount

class Mount extends CustomResource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const example = new vault.Mount("example", {
    description: "This is an example mount",
    path: "dummy",
    type: "generic",
});

constructor

new Mount(name: string, args: MountArgs, opts?: pulumi.CustomResourceOptions)

Create a Mount resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: MountState, opts?: pulumi.CustomResourceOptions): Mount

Get an existing Mount resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Mount

Returns true if the given object is an instance of Mount. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accessor

public accessor: pulumi.Output<string>;

The accessor for this mount.

property defaultLeaseTtlSeconds

public defaultLeaseTtlSeconds: pulumi.Output<number>;

Default lease duration for tokens and secrets in seconds

property description

public description: pulumi.Output<string | undefined>;

Human-friendly description of the mount

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property local

public local: pulumi.Output<boolean | undefined>;

Boolean flag that can be explicitly set to true to enforce local mount in HA environment

property maxLeaseTtlSeconds

public maxLeaseTtlSeconds: pulumi.Output<number>;

Maximum possible lease duration for tokens and secrets in seconds

property options

public options: pulumi.Output<{[key: string]: any} | undefined>;

Specifies mount type specific options that are passed to the backend

property path

public path: pulumi.Output<string>;

Where the secret backend will be mounted

property sealWrap

public sealWrap: pulumi.Output<boolean>;

Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal’s encryption capability

property type

public type: pulumi.Output<string>;

Type of the backend, such as “aws”

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Namespace

class Namespace extends CustomResource

Provides a resource to manage Namespaces.

Note this feature is available only with Vault Enterprise.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const ns1 = new vault.Namespace("ns1", {
    path: "ns1",
});

constructor

new Namespace(name: string, args: NamespaceArgs, opts?: pulumi.CustomResourceOptions)

Create a Namespace resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: NamespaceState, opts?: pulumi.CustomResourceOptions): Namespace

Get an existing Namespace resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Namespace

Returns true if the given object is an instance of Namespace. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property namespaceId

public namespaceId: pulumi.Output<string>;

ID of the namepsace.

property path

public path: pulumi.Output<string>;

The path of the namespace. Must not have a trailing /

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Policy

class Policy extends CustomResource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const example = new vault.Policy("example", {
    policy: `path "secret/my_app" {
  capabilities = ["write"]
}
`,
});

constructor

new Policy(name: string, args: PolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a Policy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PolicyState, opts?: pulumi.CustomResourceOptions): Policy

Get an existing Policy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Policy

Returns true if the given object is an instance of Policy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the policy

property policy

public policy: pulumi.Output<string>;

String containing a Vault policy

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Provider

class Provider extends ProviderResource

The provider type for the vault package. By default, resources use package-wide configuration settings, however an explicit Provider instance may be created and passed during resource construction to achieve fine-grained programmatic control over provider settings. See the documentation for more information.

constructor

new Provider(name: string, args?: ProviderArgs, opts?: pulumi.ResourceOptions)

Create a Provider resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Provider

Returns true if the given object is an instance of Provider. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method register

static register(provider: ProviderResource | undefined): Promise<string | undefined>

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource RgpPolicy

class RgpPolicy extends CustomResource

Provides a resource to manage Role Governing Policy (RGP) via Sentinel.

Note this feature is available only with Vault Enterprise.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const allowAll = new vault.RgpPolicy("allow-all", {
    enforcementLevel: "soft-mandatory",
    policy: `main = rule {
  true
}
`,
});

constructor

new RgpPolicy(name: string, args: RgpPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a RgpPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RgpPolicyState, opts?: pulumi.CustomResourceOptions): RgpPolicy

Get an existing RgpPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is RgpPolicy

Returns true if the given object is an instance of RgpPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property enforcementLevel

public enforcementLevel: pulumi.Output<string>;

Enforcement level of Sentinel policy. Can be either advisory or soft-mandatory or hard-mandatory

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the policy

property policy

public policy: pulumi.Output<string>;

String containing a Sentinel policy

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Token

class Token extends CustomResource

constructor

new Token(name: string, args?: TokenArgs, opts?: pulumi.CustomResourceOptions)

Create a Token resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: TokenState, opts?: pulumi.CustomResourceOptions): Token

Get an existing Token resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Token

Returns true if the given object is an instance of Token. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property clientToken

public clientToken: pulumi.Output<string>;

String containing the client token if stored in present file

property displayName

public displayName: pulumi.Output<string | undefined>;

String containing the token display name

property encryptedClientToken

public encryptedClientToken: pulumi.Output<string>;

String containing the client token encrypted with the given pgpKey if stored in present file

property explicitMaxTtl

public explicitMaxTtl: pulumi.Output<string | undefined>;

The explicit max TTL of this token

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property leaseDuration

public leaseDuration: pulumi.Output<number>;

String containing the token lease duration if present in state file

property leaseStarted

public leaseStarted: pulumi.Output<string>;

String containing the token lease started time if present in state file

property noDefaultPolicy

public noDefaultPolicy: pulumi.Output<boolean | undefined>;

Flag to not attach the default policy to this token

property noParent

public noParent: pulumi.Output<boolean>;

Flag to create a token without parent

property numUses

public numUses: pulumi.Output<number>;

The number of allowed uses of this token

property period

public period: pulumi.Output<string | undefined>;

The period of this token

property pgpKey

public pgpKey: pulumi.Output<string | undefined>;

The PGP key (base64 encoded) to encrypt the token.

property policies

public policies: pulumi.Output<string[] | undefined>;

List of policies to attach to this token

property renewIncrement

public renewIncrement: pulumi.Output<number | undefined>;

The renew increment

property renewMinLease

public renewMinLease: pulumi.Output<number | undefined>;

The minimal lease to renew this token

property renewable

public renewable: pulumi.Output<boolean>;

Flag to allow to renew this token

property roleName

public roleName: pulumi.Output<string | undefined>;

The token role name

property ttl

public ttl: pulumi.Output<string | undefined>;

The TTL period of this token

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property wrappedToken

public wrappedToken: pulumi.Output<string>;

The client wrapped token.

property wrappingAccessor

public wrappingAccessor: pulumi.Output<string>;

The client wrapping accessor.

property wrappingTtl

public wrappingTtl: pulumi.Output<string | undefined>;

The TTL period of the wrapped token.

Functions

Function getAuthBackend

getAuthBackend(args: GetAuthBackendArgs, opts?: pulumi.InvokeOptions): Promise<GetAuthBackendResult>

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const example = pulumi.output(vault.getAuthBackend({
    path: "userpass",
}, { async: true }));

Function getPolicyDocument

getPolicyDocument(args?: GetPolicyDocumentArgs, opts?: pulumi.InvokeOptions): Promise<GetPolicyDocumentResult>

This is a data source which can be used to construct a HCL representation of an Vault policy document, for use with resources which expect policy documents, such as the vault..Policy resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const examplePolicyDocument = pulumi.output(vault.getPolicyDocument({
    rules: [{
        capabilities: [
            "create",
            "read",
            "update",
            "delete",
            "list",
        ],
        description: "allow all on secrets",
        path: "secret/*",
    }],
}, { async: true }));
const examplePolicy = new vault.Policy("example", {
    policy: examplePolicyDocument.hcl,
});

Others

interface AuditArgs

interface AuditArgs

The set of arguments for constructing a Audit resource.

property description

description?: pulumi.Input<string>;

Human-friendly description of the audit device.

property options

options: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

Configuration options to pass to the audit device itself.

property path

path?: pulumi.Input<string>;

The path to mount the audit device. This defaults to the type.

property type

type: pulumi.Input<string>;

Type of the audit device, such as ‘file’.

interface AuditState

interface AuditState

Input properties used for looking up and filtering Audit resources.

property description

description?: pulumi.Input<string>;

Human-friendly description of the audit device.

property options

options?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

Configuration options to pass to the audit device itself.

property path

path?: pulumi.Input<string>;

The path to mount the audit device. This defaults to the type.

property type

type?: pulumi.Input<string>;

Type of the audit device, such as ‘file’.

interface AuthBackendArgs

interface AuthBackendArgs

The set of arguments for constructing a AuthBackend resource.

property defaultLeaseTtlSeconds

DEPRECATED Use the tune configuration block to avoid forcing creation of new resource on an update
defaultLeaseTtlSeconds?: pulumi.Input<number>;

(Optional; Deprecated, use tune.default_lease_ttl if you are using Vault provider version >= 1.8) The default lease duration in seconds.

property description

description?: pulumi.Input<string>;

A description of the auth method

property listingVisibility

DEPRECATED Use the tune configuration block to avoid forcing creation of new resource on an update
listingVisibility?: pulumi.Input<string>;

Specifies whether to show this mount in the UI-specific listing endpoint. Valid values are “unauth” or “hidden”.

property local

local?: pulumi.Input<boolean>;

Specifies if the auth method is local only.

property maxLeaseTtlSeconds

DEPRECATED Use the tune configuration block to avoid forcing creation of new resource on an update
maxLeaseTtlSeconds?: pulumi.Input<number>;

(Optional; Deprecated, use tune.max_lease_ttl if you are using Vault provider version >= 1.8) The maximum lease duration in seconds.

property path

path?: pulumi.Input<string>;

The path to mount the auth method — this defaults to the name of the type

property tune

tune?: pulumi.Input<AuthBackendTune>;

Extra configuration block. Structure is documented below.

property type

type: pulumi.Input<string>;

The name of the auth method type

interface AuthBackendState

interface AuthBackendState

Input properties used for looking up and filtering AuthBackend resources.

property accessor

accessor?: pulumi.Input<string>;

The accessor for this auth method

property defaultLeaseTtlSeconds

DEPRECATED Use the tune configuration block to avoid forcing creation of new resource on an update
defaultLeaseTtlSeconds?: pulumi.Input<number>;

(Optional; Deprecated, use tune.default_lease_ttl if you are using Vault provider version >= 1.8) The default lease duration in seconds.

property description

description?: pulumi.Input<string>;

A description of the auth method

property listingVisibility

DEPRECATED Use the tune configuration block to avoid forcing creation of new resource on an update
listingVisibility?: pulumi.Input<string>;

Specifies whether to show this mount in the UI-specific listing endpoint. Valid values are “unauth” or “hidden”.

property local

local?: pulumi.Input<boolean>;

Specifies if the auth method is local only.

property maxLeaseTtlSeconds

DEPRECATED Use the tune configuration block to avoid forcing creation of new resource on an update
maxLeaseTtlSeconds?: pulumi.Input<number>;

(Optional; Deprecated, use tune.max_lease_ttl if you are using Vault provider version >= 1.8) The maximum lease duration in seconds.

property path

path?: pulumi.Input<string>;

The path to mount the auth method — this defaults to the name of the type

property tune

tune?: pulumi.Input<AuthBackendTune>;

Extra configuration block. Structure is documented below.

property type

type?: pulumi.Input<string>;

The name of the auth method type

interface CertAuthBackendRoleArgs

interface CertAuthBackendRoleArgs

The set of arguments for constructing a CertAuthBackendRole resource.

property allowedCommonNames

allowedCommonNames?: pulumi.Input<pulumi.Input<string>[]>;

Allowed the common names for authenticated client certificates

property allowedDnsSans

allowedDnsSans?: pulumi.Input<pulumi.Input<string>[]>;

Allowed alternative dns names for authenticated client certificates

property allowedEmailSans

allowedEmailSans?: pulumi.Input<pulumi.Input<string>[]>;

Allowed emails for authenticated client certificates

property allowedNames

allowedNames?: pulumi.Input<pulumi.Input<string>[]>;

Allowed subject names for authenticated client certificates

property allowedOrganizationUnits

allowedOrganizationUnits?: pulumi.Input<pulumi.Input<string>[]>;

Allowed organization units for authenticated client certificates

property allowedUriSans

allowedUriSans?: pulumi.Input<pulumi.Input<string>[]>;

Allowed URIs for authenticated client certificates

property backend

backend?: pulumi.Input<string>;

Path to the mounted Cert auth backend

property boundCidrs

DEPRECATED use token_bound_cidrs instead if you are running Vault >= 1.2
boundCidrs?: pulumi.Input<pulumi.Input<string>[]>;

Restriction usage of the certificates to client IPs falling within the range of the specified CIDRs

property certificate

certificate: pulumi.Input<string>;

CA certificate used to validate client certificates

property displayName

displayName?: pulumi.Input<string>;

The name to display on tokens issued under this role.

property maxTtl

DEPRECATED use token_max_ttl instead if you are running Vault >= 1.2
maxTtl?: pulumi.Input<string>;

The maximum allowed lifetime of tokens issued using this role, provided as a number of seconds.

property name

name?: pulumi.Input<string>;

Name of the role

property period

DEPRECATED use token_period instead if you are running Vault >= 1.2
period?: pulumi.Input<string>;

If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token’s TTL will be set to the value of this field. Specified in seconds.

property policies

DEPRECATED use token_policies instead if you are running Vault >= 1.2
policies?: pulumi.Input<pulumi.Input<string>[]>;

An array of strings specifying the policies to be set on tokens issued using this role.

property requiredExtensions

requiredExtensions?: pulumi.Input<pulumi.Input<string>[]>;

TLS extensions required on client certificates

property tokenBoundCidrs

tokenBoundCidrs?: pulumi.Input<pulumi.Input<string>[]>;

List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.

property tokenExplicitMaxTtl

tokenExplicitMaxTtl?: pulumi.Input<number>;

If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if tokenTtl and tokenMaxTtl would otherwise allow a renewal.

property tokenMaxTtl

tokenMaxTtl?: pulumi.Input<number>;

The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

property tokenNoDefaultPolicy

tokenNoDefaultPolicy?: pulumi.Input<boolean>;

If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.

property tokenNumUses

tokenNumUses?: pulumi.Input<number>;

The period, if any, in number of seconds to set on the token.

property tokenPeriod

tokenPeriod?: pulumi.Input<number>;

If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token’s TTL will be set to the value of this field. Specified in seconds.

property tokenPolicies

tokenPolicies?: pulumi.Input<pulumi.Input<string>[]>;

List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.

property tokenTtl

tokenTtl?: pulumi.Input<number>;

The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

property tokenType

tokenType?: pulumi.Input<string>;

The type of token that should be generated. Can be service, batch, or default to use the mount’s tuned default (which unless changed will be service tokens). For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.

property ttl

DEPRECATED use token_ttl instead if you are running Vault >= 1.2
ttl?: pulumi.Input<string>;

The TTL period of tokens issued using this role, provided as a number of seconds.

interface CertAuthBackendRoleState

interface CertAuthBackendRoleState

Input properties used for looking up and filtering CertAuthBackendRole resources.

property allowedCommonNames

allowedCommonNames?: pulumi.Input<pulumi.Input<string>[]>;

Allowed the common names for authenticated client certificates

property allowedDnsSans

allowedDnsSans?: pulumi.Input<pulumi.Input<string>[]>;

Allowed alternative dns names for authenticated client certificates

property allowedEmailSans

allowedEmailSans?: pulumi.Input<pulumi.Input<string>[]>;

Allowed emails for authenticated client certificates

property allowedNames

allowedNames?: pulumi.Input<pulumi.Input<string>[]>;

Allowed subject names for authenticated client certificates

property allowedOrganizationUnits

allowedOrganizationUnits?: pulumi.Input<pulumi.Input<string>[]>;

Allowed organization units for authenticated client certificates

property allowedUriSans

allowedUriSans?: pulumi.Input<pulumi.Input<string>[]>;

Allowed URIs for authenticated client certificates

property backend

backend?: pulumi.Input<string>;

Path to the mounted Cert auth backend

property boundCidrs

DEPRECATED use token_bound_cidrs instead if you are running Vault >= 1.2
boundCidrs?: pulumi.Input<pulumi.Input<string>[]>;

Restriction usage of the certificates to client IPs falling within the range of the specified CIDRs

property certificate

certificate?: pulumi.Input<string>;

CA certificate used to validate client certificates

property displayName

displayName?: pulumi.Input<string>;

The name to display on tokens issued under this role.

property maxTtl

DEPRECATED use token_max_ttl instead if you are running Vault >= 1.2
maxTtl?: pulumi.Input<string>;

The maximum allowed lifetime of tokens issued using this role, provided as a number of seconds.

property name

name?: pulumi.Input<string>;

Name of the role

property period

DEPRECATED use token_period instead if you are running Vault >= 1.2
period?: pulumi.Input<string>;

If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token’s TTL will be set to the value of this field. Specified in seconds.

property policies

DEPRECATED use token_policies instead if you are running Vault >= 1.2
policies?: pulumi.Input<pulumi.Input<string>[]>;

An array of strings specifying the policies to be set on tokens issued using this role.

property requiredExtensions

requiredExtensions?: pulumi.Input<pulumi.Input<string>[]>;

TLS extensions required on client certificates

property tokenBoundCidrs

tokenBoundCidrs?: pulumi.Input<pulumi.Input<string>[]>;

List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.

property tokenExplicitMaxTtl

tokenExplicitMaxTtl?: pulumi.Input<number>;

If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if tokenTtl and tokenMaxTtl would otherwise allow a renewal.

property tokenMaxTtl

tokenMaxTtl?: pulumi.Input<number>;

The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

property tokenNoDefaultPolicy

tokenNoDefaultPolicy?: pulumi.Input<boolean>;

If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.

property tokenNumUses

tokenNumUses?: pulumi.Input<number>;

The period, if any, in number of seconds to set on the token.

property tokenPeriod

tokenPeriod?: pulumi.Input<number>;

If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token’s TTL will be set to the value of this field. Specified in seconds.

property tokenPolicies

tokenPolicies?: pulumi.Input<pulumi.Input<string>[]>;

List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.

property tokenTtl

tokenTtl?: pulumi.Input<number>;

The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

property tokenType

tokenType?: pulumi.Input<string>;

The type of token that should be generated. Can be service, batch, or default to use the mount’s tuned default (which unless changed will be service tokens). For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.

property ttl

DEPRECATED use token_ttl instead if you are running Vault >= 1.2
ttl?: pulumi.Input<string>;

The TTL period of tokens issued using this role, provided as a number of seconds.

interface EgpPolicyArgs

interface EgpPolicyArgs

The set of arguments for constructing a EgpPolicy resource.

property enforcementLevel

enforcementLevel: pulumi.Input<string>;

Enforcement level of Sentinel policy. Can be either advisory or soft-mandatory or hard-mandatory

property name

name?: pulumi.Input<string>;

The name of the policy

property paths

paths: pulumi.Input<pulumi.Input<string>[]>;

List of paths to which the policy will be applied to

property policy

policy: pulumi.Input<string>;

String containing a Sentinel policy

interface EgpPolicyState

interface EgpPolicyState

Input properties used for looking up and filtering EgpPolicy resources.

property enforcementLevel

enforcementLevel?: pulumi.Input<string>;

Enforcement level of Sentinel policy. Can be either advisory or soft-mandatory or hard-mandatory

property name

name?: pulumi.Input<string>;

The name of the policy

property paths

paths?: pulumi.Input<pulumi.Input<string>[]>;

List of paths to which the policy will be applied to

property policy

policy?: pulumi.Input<string>;

String containing a Sentinel policy

interface GetAuthBackendArgs

interface GetAuthBackendArgs

A collection of arguments for invoking getAuthBackend.

property path

path: string;

The auth backend mount point.

interface GetAuthBackendResult

interface GetAuthBackendResult

A collection of values returned by getAuthBackend.

property accessor

accessor: string;

The accessor for this auth method

property defaultLeaseTtlSeconds

defaultLeaseTtlSeconds: number;

The default lease duration in seconds.

property description

description: string;

A description of the auth method.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property listingVisibility

listingVisibility: string;

Speficies whether to show this mount in the UI-specific listing endpoint.

property local

local: boolean;

Specifies if the auth method is local only.

property maxLeaseTtlSeconds

maxLeaseTtlSeconds: number;

The maximum lease duration in seconds.

property path

path: string;

property type

type: string;

The name of the auth method type.

function getEnv

getEnv(vars: string[]): string | undefined

function getEnvBoolean

getEnvBoolean(vars: string[]): boolean | undefined

function getEnvNumber

getEnvNumber(vars: string[]): number | undefined

interface GetPolicyDocumentArgs

interface GetPolicyDocumentArgs

A collection of arguments for invoking getPolicyDocument.

property rules

rules?: GetPolicyDocumentRule[];

interface GetPolicyDocumentResult

interface GetPolicyDocumentResult

A collection of values returned by getPolicyDocument.

property hcl

hcl: string;

The above arguments serialized as a standard Vault HCL policy document.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property rules

rules: GetPolicyDocumentRule[];

function getVersion

getVersion(): string

interface MfaDuoArgs

interface MfaDuoArgs

The set of arguments for constructing a MfaDuo resource.

property apiHostname

apiHostname: pulumi.Input<string>;

API hostname for Duo.

property integrationKey

integrationKey: pulumi.Input<string>;

Integration key for Duo.

property mountAccessor

mountAccessor: pulumi.Input<string>;

The mount to tie this method to for use in automatic mappings. The mapping will use the Name field of Aliases associated with this mount as the username in the mapping.

property name

name?: pulumi.Input<string>;

Name of the MFA method.

property pushInfo

pushInfo?: pulumi.Input<string>;

Push information for Duo.

property secretKey

secretKey: pulumi.Input<string>;

Secret key for Duo.

property usernameFormat

usernameFormat?: pulumi.Input<string>;

A format string for mapping Identity names to MFA method names. Values to substitute should be placed in {{}}.

interface MfaDuoState

interface MfaDuoState

Input properties used for looking up and filtering MfaDuo resources.

property apiHostname

apiHostname?: pulumi.Input<string>;

API hostname for Duo.

property integrationKey

integrationKey?: pulumi.Input<string>;

Integration key for Duo.

property mountAccessor

mountAccessor?: pulumi.Input<string>;

The mount to tie this method to for use in automatic mappings. The mapping will use the Name field of Aliases associated with this mount as the username in the mapping.

property name

name?: pulumi.Input<string>;

Name of the MFA method.

property pushInfo

pushInfo?: pulumi.Input<string>;

Push information for Duo.

property secretKey

secretKey?: pulumi.Input<string>;

Secret key for Duo.

property usernameFormat

usernameFormat?: pulumi.Input<string>;

A format string for mapping Identity names to MFA method names. Values to substitute should be placed in {{}}.

interface MountArgs

interface MountArgs

The set of arguments for constructing a Mount resource.

property defaultLeaseTtlSeconds

defaultLeaseTtlSeconds?: pulumi.Input<number>;

Default lease duration for tokens and secrets in seconds

property description

description?: pulumi.Input<string>;

Human-friendly description of the mount

property local

local?: pulumi.Input<boolean>;

Boolean flag that can be explicitly set to true to enforce local mount in HA environment

property maxLeaseTtlSeconds

maxLeaseTtlSeconds?: pulumi.Input<number>;

Maximum possible lease duration for tokens and secrets in seconds

property options

options?: pulumi.Input<{[key: string]: any}>;

Specifies mount type specific options that are passed to the backend

property path

path: pulumi.Input<string>;

Where the secret backend will be mounted

property sealWrap

sealWrap?: pulumi.Input<boolean>;

Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal’s encryption capability

property type

type: pulumi.Input<string>;

Type of the backend, such as “aws”

interface MountState

interface MountState

Input properties used for looking up and filtering Mount resources.

property accessor

accessor?: pulumi.Input<string>;

The accessor for this mount.

property defaultLeaseTtlSeconds

defaultLeaseTtlSeconds?: pulumi.Input<number>;

Default lease duration for tokens and secrets in seconds

property description

description?: pulumi.Input<string>;

Human-friendly description of the mount

property local

local?: pulumi.Input<boolean>;

Boolean flag that can be explicitly set to true to enforce local mount in HA environment

property maxLeaseTtlSeconds

maxLeaseTtlSeconds?: pulumi.Input<number>;

Maximum possible lease duration for tokens and secrets in seconds

property options

options?: pulumi.Input<{[key: string]: any}>;

Specifies mount type specific options that are passed to the backend

property path

path?: pulumi.Input<string>;

Where the secret backend will be mounted

property sealWrap

sealWrap?: pulumi.Input<boolean>;

Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal’s encryption capability

property type

type?: pulumi.Input<string>;

Type of the backend, such as “aws”

interface NamespaceArgs

interface NamespaceArgs

The set of arguments for constructing a Namespace resource.

property path

path: pulumi.Input<string>;

The path of the namespace. Must not have a trailing /

interface NamespaceState

interface NamespaceState

Input properties used for looking up and filtering Namespace resources.

property namespaceId

namespaceId?: pulumi.Input<string>;

ID of the namepsace.

property path

path?: pulumi.Input<string>;

The path of the namespace. Must not have a trailing /

interface PolicyArgs

interface PolicyArgs

The set of arguments for constructing a Policy resource.

property name

name?: pulumi.Input<string>;

The name of the policy

property policy

policy: pulumi.Input<string>;

String containing a Vault policy

interface PolicyState

interface PolicyState

Input properties used for looking up and filtering Policy resources.

property name

name?: pulumi.Input<string>;

The name of the policy

property policy

policy?: pulumi.Input<string>;

String containing a Vault policy

interface ProviderArgs

interface ProviderArgs

The set of arguments for constructing a Provider resource.

property addAddressToEnv

addAddressToEnv?: pulumi.Input<string>;

If true, adds the value of the address argument to the Terraform process environment.

property address

address?: pulumi.Input<string>;

URL of the root of the target Vault server.

property authLogins

authLogins?: pulumi.Input<pulumi.Input<ProviderAuthLogin>[]>;

Login to vault with an existing auth method using auth//login

property caCertDir

caCertDir?: pulumi.Input<string>;

Path to directory containing CA certificate files to validate the server’s certificate.

property caCertFile

caCertFile?: pulumi.Input<string>;

Path to a CA certificate file to validate the server’s certificate.

property clientAuths

clientAuths?: pulumi.Input<pulumi.Input<ProviderClientAuth>[]>;

Client authentication credentials.

property headers

headers?: pulumi.Input<pulumi.Input<ProviderHeader>[]>;

The headers to send with each Vault request.

property maxLeaseTtlSeconds

maxLeaseTtlSeconds?: pulumi.Input<number>;

Maximum TTL for secret leases requested by this provider

property maxRetries

maxRetries?: pulumi.Input<number>;

Maximum number of retries when a 5xx error code is encountered.

property namespace

namespace?: pulumi.Input<string>;

The namespace to use. Available only for Vault Enterprise

property skipTlsVerify

skipTlsVerify?: pulumi.Input<boolean>;

Set this to true only if the target Vault server is an insecure development instance.

property token

token?: pulumi.Input<string>;

Token to use to authenticate to Vault.

property tokenName

tokenName?: pulumi.Input<string>;

Token name to use for creating the Vault child token.

interface RgpPolicyArgs

interface RgpPolicyArgs

The set of arguments for constructing a RgpPolicy resource.

property enforcementLevel

enforcementLevel: pulumi.Input<string>;

Enforcement level of Sentinel policy. Can be either advisory or soft-mandatory or hard-mandatory

property name

name?: pulumi.Input<string>;

The name of the policy

property policy

policy: pulumi.Input<string>;

String containing a Sentinel policy

interface RgpPolicyState

interface RgpPolicyState

Input properties used for looking up and filtering RgpPolicy resources.

property enforcementLevel

enforcementLevel?: pulumi.Input<string>;

Enforcement level of Sentinel policy. Can be either advisory or soft-mandatory or hard-mandatory

property name

name?: pulumi.Input<string>;

The name of the policy

property policy

policy?: pulumi.Input<string>;

String containing a Sentinel policy

interface TokenArgs

interface TokenArgs

The set of arguments for constructing a Token resource.

property displayName

displayName?: pulumi.Input<string>;

String containing the token display name

property explicitMaxTtl

explicitMaxTtl?: pulumi.Input<string>;

The explicit max TTL of this token

property noDefaultPolicy

noDefaultPolicy?: pulumi.Input<boolean>;

Flag to not attach the default policy to this token

property noParent

noParent?: pulumi.Input<boolean>;

Flag to create a token without parent

property numUses

numUses?: pulumi.Input<number>;

The number of allowed uses of this token

property period

period?: pulumi.Input<string>;

The period of this token

property pgpKey

pgpKey?: pulumi.Input<string>;

The PGP key (base64 encoded) to encrypt the token.

property policies

policies?: pulumi.Input<pulumi.Input<string>[]>;

List of policies to attach to this token

property renewIncrement

renewIncrement?: pulumi.Input<number>;

The renew increment

property renewMinLease

renewMinLease?: pulumi.Input<number>;

The minimal lease to renew this token

property renewable

renewable?: pulumi.Input<boolean>;

Flag to allow to renew this token

property roleName

roleName?: pulumi.Input<string>;

The token role name

property ttl

ttl?: pulumi.Input<string>;

The TTL period of this token

property wrappingTtl

wrappingTtl?: pulumi.Input<string>;

The TTL period of the wrapped token.

interface TokenState

interface TokenState

Input properties used for looking up and filtering Token resources.

property clientToken

clientToken?: pulumi.Input<string>;

String containing the client token if stored in present file

property displayName

displayName?: pulumi.Input<string>;

String containing the token display name

property encryptedClientToken

encryptedClientToken?: pulumi.Input<string>;

String containing the client token encrypted with the given pgpKey if stored in present file

property explicitMaxTtl

explicitMaxTtl?: pulumi.Input<string>;

The explicit max TTL of this token

property leaseDuration

leaseDuration?: pulumi.Input<number>;

String containing the token lease duration if present in state file

property leaseStarted

leaseStarted?: pulumi.Input<string>;

String containing the token lease started time if present in state file

property noDefaultPolicy

noDefaultPolicy?: pulumi.Input<boolean>;

Flag to not attach the default policy to this token

property noParent

noParent?: pulumi.Input<boolean>;

Flag to create a token without parent

property numUses

numUses?: pulumi.Input<number>;

The number of allowed uses of this token

property period

period?: pulumi.Input<string>;

The period of this token

property pgpKey

pgpKey?: pulumi.Input<string>;

The PGP key (base64 encoded) to encrypt the token.

property policies

policies?: pulumi.Input<pulumi.Input<string>[]>;

List of policies to attach to this token

property renewIncrement

renewIncrement?: pulumi.Input<number>;

The renew increment

property renewMinLease

renewMinLease?: pulumi.Input<number>;

The minimal lease to renew this token

property renewable

renewable?: pulumi.Input<boolean>;

Flag to allow to renew this token

property roleName

roleName?: pulumi.Input<string>;

The token role name

property ttl

ttl?: pulumi.Input<string>;

The TTL period of this token

property wrappedToken

wrappedToken?: pulumi.Input<string>;

The client wrapped token.

property wrappingAccessor

wrappingAccessor?: pulumi.Input<string>;

The client wrapping accessor.

property wrappingTtl

wrappingTtl?: pulumi.Input<string>;

The TTL period of the wrapped token.