1. Docs
  2. Reference
  3. API
  4. @pulumi/vault
  5. database

Module database

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-vault repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-vault repo.

Resources

Others

Resources

Resource SecretBackendConnection

class SecretBackendConnection extends CustomResource

constructor

new SecretBackendConnection(name: string, args: SecretBackendConnectionArgs, opts?: pulumi.CustomResourceOptions)

Create a SecretBackendConnection resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SecretBackendConnectionState, opts?: pulumi.CustomResourceOptions): SecretBackendConnection

Get an existing SecretBackendConnection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is SecretBackendConnection

Returns true if the given object is an instance of SecretBackendConnection. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property allowedRoles

public allowedRoles: pulumi.Output<string[] | undefined>;

A list of roles that are allowed to use this connection.

property backend

public backend: pulumi.Output<string>;

The unique name of the Vault mount to configure.

property cassandra

public cassandra: pulumi.Output<SecretBackendConnectionCassandra | undefined>;

A nested block containing configuration options for Cassandra connections.

property data

public data: pulumi.Output<{[key: string]: any} | undefined>;

A map of sensitive data to pass to the endpoint. Useful for templated connection strings.

property elasticsearch

public elasticsearch: pulumi.Output<SecretBackendConnectionElasticsearch | undefined>;

A nested block containing configuration options for Elasticsearch connections.

property hana

public hana: pulumi.Output<SecretBackendConnectionHana | undefined>;

A nested block containing configuration options for SAP HanaDB connections.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property mongodb

public mongodb: pulumi.Output<SecretBackendConnectionMongodb | undefined>;

A nested block containing configuration options for MongoDB connections.

property mssql

public mssql: pulumi.Output<SecretBackendConnectionMssql | undefined>;

A nested block containing configuration options for MSSQL connections.

property mysql

public mysql: pulumi.Output<SecretBackendConnectionMysql | undefined>;

A nested block containing configuration options for MySQL connections.

property mysqlAurora

public mysqlAurora: pulumi.Output<SecretBackendConnectionMysqlAurora | undefined>;

A nested block containing configuration options for Aurora MySQL connections.

property mysqlLegacy

public mysqlLegacy: pulumi.Output<SecretBackendConnectionMysqlLegacy | undefined>;

A nested block containing configuration options for legacy MySQL connections.

property mysqlRds

public mysqlRds: pulumi.Output<SecretBackendConnectionMysqlRds | undefined>;

A nested block containing configuration options for RDS MySQL connections.

property name

public name: pulumi.Output<string>;

A unique name to give the database connection.

property oracle

public oracle: pulumi.Output<SecretBackendConnectionOracle | undefined>;

A nested block containing configuration options for Oracle connections.

property postgresql

public postgresql: pulumi.Output<SecretBackendConnectionPostgresql | undefined>;

A nested block containing configuration options for PostgreSQL connections.

property rootRotationStatements

public rootRotationStatements: pulumi.Output<string[] | undefined>;

A list of database statements to be executed to rotate the root user’s credentials.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property verifyConnection

public verifyConnection: pulumi.Output<boolean | undefined>;

Whether the connection should be verified on initial configuration or not.

Resource SecretBackendRole

class SecretBackendRole extends CustomResource

constructor

new SecretBackendRole(name: string, args: SecretBackendRoleArgs, opts?: pulumi.CustomResourceOptions)

Create a SecretBackendRole resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SecretBackendRoleState, opts?: pulumi.CustomResourceOptions): SecretBackendRole

Get an existing SecretBackendRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is SecretBackendRole

Returns true if the given object is an instance of SecretBackendRole. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property backend

public backend: pulumi.Output<string>;

The unique name of the Vault mount to configure.

property creationStatements

public creationStatements: pulumi.Output<string[]>;

The database statements to execute when creating a user.

property dbName

public dbName: pulumi.Output<string>;

The unique name of the database connection to use for the role.

property defaultTtl

public defaultTtl: pulumi.Output<number | undefined>;

The default number of seconds for leases for this role.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property maxTtl

public maxTtl: pulumi.Output<number | undefined>;

The maximum number of seconds for leases for this role.

property name

public name: pulumi.Output<string>;

A unique name to give the role.

property renewStatements

public renewStatements: pulumi.Output<string[] | undefined>;

The database statements to execute when renewing a user.

property revocationStatements

public revocationStatements: pulumi.Output<string[] | undefined>;

The database statements to execute when revoking a user.

property rollbackStatements

public rollbackStatements: pulumi.Output<string[] | undefined>;

The database statements to execute when rolling back creation due to an error.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource SecretBackendStaticRole

class SecretBackendStaticRole extends CustomResource

Creates a Database Secret Backend static role in Vault. Database secret backend static roles can be used to manage 1-to-1 mapping of a Vault Role to a user in a database for the database.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const db = new vault.Mount("db", {
    path: "postgres",
    type: "database",
});
const postgres = new vault.database.SecretBackendConnection("postgres", {
    allowedRoles: ["*"],
    backend: db.path,
    postgresql: {
        connectionUrl: "postgres://username:password@host:port/database",
    },
});
const staticRole = new vault.database.SecretBackendStaticRole("staticRole", {
    backend: db.path,
    dbName: postgres.name,
    rotationPeriod: 3600,
    rotationStatements: ["ALTER USER \"{{name}}\" WITH PASSWORD '{{password}}';"],
    username: "example",
});

constructor

new SecretBackendStaticRole(name: string, args: SecretBackendStaticRoleArgs, opts?: pulumi.CustomResourceOptions)

Create a SecretBackendStaticRole resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SecretBackendStaticRoleState, opts?: pulumi.CustomResourceOptions): SecretBackendStaticRole

Get an existing SecretBackendStaticRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is SecretBackendStaticRole

Returns true if the given object is an instance of SecretBackendStaticRole. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property backend

public backend: pulumi.Output<string>;

The unique name of the Vault mount to configure.

property dbName

public dbName: pulumi.Output<string>;

The unique name of the database connection to use for the static role.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

A unique name to give the static role.

property rotationPeriod

public rotationPeriod: pulumi.Output<number>;

The amount of time Vault should wait before rotating the password, in seconds.

property rotationStatements

public rotationStatements: pulumi.Output<string[] | undefined>;

Database statements to execute to rotate the password for the configured database user.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property username

public username: pulumi.Output<string>;

The database username that this static role corresponds to.

Others

interface SecretBackendConnectionArgs

interface SecretBackendConnectionArgs

The set of arguments for constructing a SecretBackendConnection resource.

property allowedRoles

allowedRoles?: pulumi.Input<pulumi.Input<string>[]>;

A list of roles that are allowed to use this connection.

property backend

backend: pulumi.Input<string>;

The unique name of the Vault mount to configure.

property cassandra

cassandra?: pulumi.Input<SecretBackendConnectionCassandra>;

A nested block containing configuration options for Cassandra connections.

property data

data?: pulumi.Input<{[key: string]: any}>;

A map of sensitive data to pass to the endpoint. Useful for templated connection strings.

property elasticsearch

elasticsearch?: pulumi.Input<SecretBackendConnectionElasticsearch>;

A nested block containing configuration options for Elasticsearch connections.

property hana

hana?: pulumi.Input<SecretBackendConnectionHana>;

A nested block containing configuration options for SAP HanaDB connections.

property mongodb

mongodb?: pulumi.Input<SecretBackendConnectionMongodb>;

A nested block containing configuration options for MongoDB connections.

property mssql

mssql?: pulumi.Input<SecretBackendConnectionMssql>;

A nested block containing configuration options for MSSQL connections.

property mysql

mysql?: pulumi.Input<SecretBackendConnectionMysql>;

A nested block containing configuration options for MySQL connections.

property mysqlAurora

mysqlAurora?: pulumi.Input<SecretBackendConnectionMysqlAurora>;

A nested block containing configuration options for Aurora MySQL connections.

property mysqlLegacy

mysqlLegacy?: pulumi.Input<SecretBackendConnectionMysqlLegacy>;

A nested block containing configuration options for legacy MySQL connections.

property mysqlRds

mysqlRds?: pulumi.Input<SecretBackendConnectionMysqlRds>;

A nested block containing configuration options for RDS MySQL connections.

property name

name?: pulumi.Input<string>;

A unique name to give the database connection.

property oracle

oracle?: pulumi.Input<SecretBackendConnectionOracle>;

A nested block containing configuration options for Oracle connections.

property postgresql

postgresql?: pulumi.Input<SecretBackendConnectionPostgresql>;

A nested block containing configuration options for PostgreSQL connections.

property rootRotationStatements

rootRotationStatements?: pulumi.Input<pulumi.Input<string>[]>;

A list of database statements to be executed to rotate the root user’s credentials.

property verifyConnection

verifyConnection?: pulumi.Input<boolean>;

Whether the connection should be verified on initial configuration or not.

interface SecretBackendConnectionState

interface SecretBackendConnectionState

Input properties used for looking up and filtering SecretBackendConnection resources.

property allowedRoles

allowedRoles?: pulumi.Input<pulumi.Input<string>[]>;

A list of roles that are allowed to use this connection.

property backend

backend?: pulumi.Input<string>;

The unique name of the Vault mount to configure.

property cassandra

cassandra?: pulumi.Input<SecretBackendConnectionCassandra>;

A nested block containing configuration options for Cassandra connections.

property data

data?: pulumi.Input<{[key: string]: any}>;

A map of sensitive data to pass to the endpoint. Useful for templated connection strings.

property elasticsearch

elasticsearch?: pulumi.Input<SecretBackendConnectionElasticsearch>;

A nested block containing configuration options for Elasticsearch connections.

property hana

hana?: pulumi.Input<SecretBackendConnectionHana>;

A nested block containing configuration options for SAP HanaDB connections.

property mongodb

mongodb?: pulumi.Input<SecretBackendConnectionMongodb>;

A nested block containing configuration options for MongoDB connections.

property mssql

mssql?: pulumi.Input<SecretBackendConnectionMssql>;

A nested block containing configuration options for MSSQL connections.

property mysql

mysql?: pulumi.Input<SecretBackendConnectionMysql>;

A nested block containing configuration options for MySQL connections.

property mysqlAurora

mysqlAurora?: pulumi.Input<SecretBackendConnectionMysqlAurora>;

A nested block containing configuration options for Aurora MySQL connections.

property mysqlLegacy

mysqlLegacy?: pulumi.Input<SecretBackendConnectionMysqlLegacy>;

A nested block containing configuration options for legacy MySQL connections.

property mysqlRds

mysqlRds?: pulumi.Input<SecretBackendConnectionMysqlRds>;

A nested block containing configuration options for RDS MySQL connections.

property name

name?: pulumi.Input<string>;

A unique name to give the database connection.

property oracle

oracle?: pulumi.Input<SecretBackendConnectionOracle>;

A nested block containing configuration options for Oracle connections.

property postgresql

postgresql?: pulumi.Input<SecretBackendConnectionPostgresql>;

A nested block containing configuration options for PostgreSQL connections.

property rootRotationStatements

rootRotationStatements?: pulumi.Input<pulumi.Input<string>[]>;

A list of database statements to be executed to rotate the root user’s credentials.

property verifyConnection

verifyConnection?: pulumi.Input<boolean>;

Whether the connection should be verified on initial configuration or not.

interface SecretBackendRoleArgs

interface SecretBackendRoleArgs

The set of arguments for constructing a SecretBackendRole resource.

property backend

backend: pulumi.Input<string>;

The unique name of the Vault mount to configure.

property creationStatements

creationStatements: pulumi.Input<pulumi.Input<string>[]>;

The database statements to execute when creating a user.

property dbName

dbName: pulumi.Input<string>;

The unique name of the database connection to use for the role.

property defaultTtl

defaultTtl?: pulumi.Input<number>;

The default number of seconds for leases for this role.

property maxTtl

maxTtl?: pulumi.Input<number>;

The maximum number of seconds for leases for this role.

property name

name?: pulumi.Input<string>;

A unique name to give the role.

property renewStatements

renewStatements?: pulumi.Input<pulumi.Input<string>[]>;

The database statements to execute when renewing a user.

property revocationStatements

revocationStatements?: pulumi.Input<pulumi.Input<string>[]>;

The database statements to execute when revoking a user.

property rollbackStatements

rollbackStatements?: pulumi.Input<pulumi.Input<string>[]>;

The database statements to execute when rolling back creation due to an error.

interface SecretBackendRoleState

interface SecretBackendRoleState

Input properties used for looking up and filtering SecretBackendRole resources.

property backend

backend?: pulumi.Input<string>;

The unique name of the Vault mount to configure.

property creationStatements

creationStatements?: pulumi.Input<pulumi.Input<string>[]>;

The database statements to execute when creating a user.

property dbName

dbName?: pulumi.Input<string>;

The unique name of the database connection to use for the role.

property defaultTtl

defaultTtl?: pulumi.Input<number>;

The default number of seconds for leases for this role.

property maxTtl

maxTtl?: pulumi.Input<number>;

The maximum number of seconds for leases for this role.

property name

name?: pulumi.Input<string>;

A unique name to give the role.

property renewStatements

renewStatements?: pulumi.Input<pulumi.Input<string>[]>;

The database statements to execute when renewing a user.

property revocationStatements

revocationStatements?: pulumi.Input<pulumi.Input<string>[]>;

The database statements to execute when revoking a user.

property rollbackStatements

rollbackStatements?: pulumi.Input<pulumi.Input<string>[]>;

The database statements to execute when rolling back creation due to an error.

interface SecretBackendStaticRoleArgs

interface SecretBackendStaticRoleArgs

The set of arguments for constructing a SecretBackendStaticRole resource.

property backend

backend: pulumi.Input<string>;

The unique name of the Vault mount to configure.

property dbName

dbName: pulumi.Input<string>;

The unique name of the database connection to use for the static role.

property name

name?: pulumi.Input<string>;

A unique name to give the static role.

property rotationPeriod

rotationPeriod: pulumi.Input<number>;

The amount of time Vault should wait before rotating the password, in seconds.

property rotationStatements

rotationStatements?: pulumi.Input<pulumi.Input<string>[]>;

Database statements to execute to rotate the password for the configured database user.

property username

username: pulumi.Input<string>;

The database username that this static role corresponds to.

interface SecretBackendStaticRoleState

interface SecretBackendStaticRoleState

Input properties used for looking up and filtering SecretBackendStaticRole resources.

property backend

backend?: pulumi.Input<string>;

The unique name of the Vault mount to configure.

property dbName

dbName?: pulumi.Input<string>;

The unique name of the database connection to use for the static role.

property name

name?: pulumi.Input<string>;

A unique name to give the static role.

property rotationPeriod

rotationPeriod?: pulumi.Input<number>;

The amount of time Vault should wait before rotating the password, in seconds.

property rotationStatements

rotationStatements?: pulumi.Input<pulumi.Input<string>[]>;

Database statements to execute to rotate the password for the configured database user.

property username

username?: pulumi.Input<string>;

The database username that this static role corresponds to.