1. Docs
2. Reference
3. API
4. @pulumi/vault
5. types
6. output

Module types/output

namespace azure

• BackendRoleAzureRole

namespace database

• SecretBackendConnectionCassandra
• SecretBackendConnectionElasticsearch
• SecretBackendConnectionHana
• SecretBackendConnectionMongodb
• SecretBackendConnectionMssql
• SecretBackendConnectionMysql
• SecretBackendConnectionMysqlAurora
• SecretBackendConnectionMysqlLegacy
• SecretBackendConnectionMysqlRds
• SecretBackendConnectionOracle
• SecretBackendConnectionPostgresql

namespace gcp

• SecretRolesetBinding

namespace github

• AuthBackendTune

namespace identity

• GetEntityAlias

namespace jwt

• AuthBackendTune

namespace okta

• AuthBackendGroup
• AuthBackendUser

namespace rabbitMq

• SecretBackendRoleVhost

APIs

• AuthBackendTune
• GetPolicyDocumentRule
• GetPolicyDocumentRuleAllowedParameter
• GetPolicyDocumentRuleDeniedParameter

namespace azure

interface BackendRoleAzureRole

interface BackendRoleAzureRole

property roleId

roleId: string;

property roleName

roleName: string;

property scope

scope: string;

namespace database

interface SecretBackendConnectionCassandra

interface SecretBackendConnectionCassandra

property connectTimeout

connectTimeout?: undefined | number;

The number of seconds to use as a connection timeout.

property hosts

hosts?: string[];

The hosts to connect to.

property insecureTls

insecureTls?: undefined | false | true;

Whether to skip verification of the server certificate when using TLS.

property password

password?: undefined | string;

The password to be used in the connection.

property pemBundle

pemBundle?: undefined | string;

Concatenated PEM blocks configuring the certificate chain.

property pemJson

pemJson?: undefined | string;

A JSON structure configuring the certificate chain.

property port

port?: undefined | number;

The default port to connect to if no port is specified as part of the host.

property protocolVersion

protocolVersion?: undefined | number;

The CQL protocol version to use.

property tls

tls?: undefined | false | true;

Whether to use TLS when connecting to Cassandra.

property username

username?: undefined | string;

The username to be used in the connection.

interface SecretBackendConnectionElasticsearch

interface SecretBackendConnectionElasticsearch

property password

password: string;

The password to be used in the connection.

property url

url: string;

The URL for Elasticsearch’s API. https requires certificate by trusted CA if used.

property username

username: string;

The username to be used in the connection.

interface SecretBackendConnectionHana

interface SecretBackendConnectionHana

property connectionUrl

connectionUrl?: undefined | string;

A URL containing connection information. See the Vault docs for an example.

property maxConnectionLifetime

maxConnectionLifetime?: undefined | number;

The maximum number of seconds to keep a connection alive for.

property maxIdleConnections

maxIdleConnections?: undefined | number;

The maximum number of idle connections to maintain.

property maxOpenConnections

maxOpenConnections?: undefined | number;

The maximum number of open connections to use.

interface SecretBackendConnectionMongodb

interface SecretBackendConnectionMongodb

property connectionUrl

connectionUrl?: undefined | string;

A URL containing connection information. See the Vault docs for an example.

property maxConnectionLifetime

maxConnectionLifetime?: undefined | number;

The maximum number of seconds to keep a connection alive for.

property maxIdleConnections

maxIdleConnections?: undefined | number;

The maximum number of idle connections to maintain.

property maxOpenConnections

maxOpenConnections?: undefined | number;

The maximum number of open connections to use.

interface SecretBackendConnectionMssql

interface SecretBackendConnectionMssql

property connectionUrl

connectionUrl?: undefined | string;

A URL containing connection information. See the Vault docs for an example.

property maxConnectionLifetime

maxConnectionLifetime?: undefined | number;

The maximum number of seconds to keep a connection alive for.

property maxIdleConnections

maxIdleConnections?: undefined | number;

The maximum number of idle connections to maintain.

property maxOpenConnections

maxOpenConnections?: undefined | number;

The maximum number of open connections to use.

interface SecretBackendConnectionMysql

interface SecretBackendConnectionMysql

property connectionUrl

connectionUrl?: undefined | string;

A URL containing connection information. See the Vault docs for an example.

property maxConnectionLifetime

maxConnectionLifetime?: undefined | number;

The maximum number of seconds to keep a connection alive for.

property maxIdleConnections

maxIdleConnections?: undefined | number;

The maximum number of idle connections to maintain.

property maxOpenConnections

maxOpenConnections?: undefined | number;

The maximum number of open connections to use.

interface SecretBackendConnectionMysqlAurora

interface SecretBackendConnectionMysqlAurora

property connectionUrl

connectionUrl?: undefined | string;

A URL containing connection information. See the Vault docs for an example.

property maxConnectionLifetime

maxConnectionLifetime?: undefined | number;

The maximum number of seconds to keep a connection alive for.

property maxIdleConnections

maxIdleConnections?: undefined | number;

The maximum number of idle connections to maintain.

property maxOpenConnections

maxOpenConnections?: undefined | number;

The maximum number of open connections to use.

interface SecretBackendConnectionMysqlLegacy

interface SecretBackendConnectionMysqlLegacy

property connectionUrl

connectionUrl?: undefined | string;

A URL containing connection information. See the Vault docs for an example.

property maxConnectionLifetime

maxConnectionLifetime?: undefined | number;

The maximum number of seconds to keep a connection alive for.

property maxIdleConnections

maxIdleConnections?: undefined | number;

The maximum number of idle connections to maintain.

property maxOpenConnections

maxOpenConnections?: undefined | number;

The maximum number of open connections to use.

interface SecretBackendConnectionMysqlRds

interface SecretBackendConnectionMysqlRds

property connectionUrl

connectionUrl?: undefined | string;

A URL containing connection information. See the Vault docs for an example.

property maxConnectionLifetime

maxConnectionLifetime?: undefined | number;

The maximum number of seconds to keep a connection alive for.

property maxIdleConnections

maxIdleConnections?: undefined | number;

The maximum number of idle connections to maintain.

property maxOpenConnections

maxOpenConnections?: undefined | number;

The maximum number of open connections to use.

interface SecretBackendConnectionOracle

interface SecretBackendConnectionOracle

property connectionUrl

connectionUrl?: undefined | string;

A URL containing connection information. See the Vault docs for an example.

property maxConnectionLifetime

maxConnectionLifetime?: undefined | number;

The maximum number of seconds to keep a connection alive for.

property maxIdleConnections

maxIdleConnections?: undefined | number;

The maximum number of idle connections to maintain.

property maxOpenConnections

maxOpenConnections?: undefined | number;

The maximum number of open connections to use.

interface SecretBackendConnectionPostgresql

interface SecretBackendConnectionPostgresql

property connectionUrl

connectionUrl?: undefined | string;

A URL containing connection information. See the Vault docs for an example.

property maxConnectionLifetime

maxConnectionLifetime?: undefined | number;

The maximum number of seconds to keep a connection alive for.

property maxIdleConnections

maxIdleConnections?: undefined | number;

The maximum number of idle connections to maintain.

property maxOpenConnections

maxOpenConnections?: undefined | number;

The maximum number of open connections to use.

namespace gcp

interface SecretRolesetBinding

interface SecretRolesetBinding

property resource

resource: string;

Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different formats.

property roles

roles: string[];

List of GCP IAM roles for the resource.

namespace github

interface AuthBackendTune

interface AuthBackendTune

property allowedResponseHeaders

allowedResponseHeaders?: string[];

List of headers to whitelist and allowing a plugin to include them in the response.

property auditNonHmacRequestKeys

auditNonHmacRequestKeys?: string[];

Specifies the list of keys that will not be HMAC’d by audit devices in the request data object.

property auditNonHmacResponseKeys

auditNonHmacResponseKeys?: string[];

Specifies the list of keys that will not be HMAC’d by audit devices in the response data object.

property defaultLeaseTtl

defaultLeaseTtl?: undefined | string;

Specifies the default time-to-live. If set, this overrides the global default. Must be a valid duration string

property listingVisibility

listingVisibility?: undefined | string;

Specifies whether to show this mount in the UI-specific listing endpoint. Valid values are “unauth” or “hidden”.

property maxLeaseTtl

maxLeaseTtl?: undefined | string;

Specifies the maximum time-to-live. If set, this overrides the global default. Must be a valid duration string

property passthroughRequestHeaders

passthroughRequestHeaders?: string[];

List of headers to whitelist and pass from the request to the backend.

property tokenType

tokenType?: undefined | string;

Specifies the type of tokens that should be returned by the mount. Valid values are “default-service”, “default-batch”, “service”, “batch”.

namespace identity

interface GetEntityAlias

interface GetEntityAlias

property canonicalId

canonicalId: string;

Canonical ID of the Alias

property creationTime

creationTime: string;

Creation time of the Alias

property id

id: string;

ID of the alias

property lastUpdateTime

lastUpdateTime: string;

Last update time of the alias

property mergedFromCanonicalIds

mergedFromCanonicalIds: string[];

List of canonical IDs merged with this alias

property metadata

metadata: {[key: string]: any};

Arbitrary metadata

property mountAccessor

mountAccessor: string;

Authentication mount acccessor which this alias belongs to

property mountPath

mountPath: string;

Authentication mount path which this alias belongs to

property mountType

mountType: string;

Authentication mount type which this alias belongs to

property name

name: string;

Name of the alias

namespace jwt

interface AuthBackendTune

interface AuthBackendTune

property allowedResponseHeaders

allowedResponseHeaders?: string[];

List of headers to whitelist and allowing a plugin to include them in the response.

property auditNonHmacRequestKeys

auditNonHmacRequestKeys?: string[];

Specifies the list of keys that will not be HMAC’d by audit devices in the request data object.

property auditNonHmacResponseKeys

auditNonHmacResponseKeys?: string[];

Specifies the list of keys that will not be HMAC’d by audit devices in the response data object.

property defaultLeaseTtl

defaultLeaseTtl?: undefined | string;

Specifies the default time-to-live. If set, this overrides the global default. Must be a valid duration string

property listingVisibility

listingVisibility?: undefined | string;

Specifies whether to show this mount in the UI-specific listing endpoint. Valid values are “unauth” or “hidden”.

property maxLeaseTtl

maxLeaseTtl?: undefined | string;

Specifies the maximum time-to-live. If set, this overrides the global default. Must be a valid duration string

property passthroughRequestHeaders

passthroughRequestHeaders?: string[];

List of headers to whitelist and pass from the request to the backend.

property tokenType

tokenType?: undefined | string;

Specifies the type of tokens that should be returned by the mount. Valid values are “default-service”, “default-batch”, “service”, “batch”.

namespace okta

interface AuthBackendGroup

interface AuthBackendGroup

property groupName

groupName: string;

Name of the group within the Okta

property policies

policies: string[];

List of Vault policies to associate with this user

interface AuthBackendUser

interface AuthBackendUser

property groups

groups: string[];

List of Okta groups to associate with this user

property policies

policies?: string[];

List of Vault policies to associate with this user

property username

username: string;

Name of the user within Okta

namespace rabbitMq

interface SecretBackendRoleVhost

interface SecretBackendRoleVhost

property configure

configure: string;

property host

host: string;

property read

read: string;

property write

write: string;

APIs

interface AuthBackendTune

interface AuthBackendTune

property allowedResponseHeaders

allowedResponseHeaders?: string[];

List of headers to whitelist and allowing a plugin to include them in the response.

property auditNonHmacRequestKeys

auditNonHmacRequestKeys?: string[];

Specifies the list of keys that will not be HMAC’d by audit devices in the request data object.

property auditNonHmacResponseKeys

auditNonHmacResponseKeys?: string[];

Specifies the list of keys that will not be HMAC’d by audit devices in the response data object.

property defaultLeaseTtl

defaultLeaseTtl?: undefined | string;

Specifies the default time-to-live. If set, this overrides the global default. Must be a valid duration string

property listingVisibility

listingVisibility?: undefined | string;

Specifies whether to show this mount in the UI-specific listing endpoint. Valid values are “unauth” or “hidden”.

property maxLeaseTtl

maxLeaseTtl?: undefined | string;

Specifies the maximum time-to-live. If set, this overrides the global default. Must be a valid duration string

property passthroughRequestHeaders

passthroughRequestHeaders?: string[];

List of headers to whitelist and pass from the request to the backend.

property tokenType

tokenType?: undefined | string;

Specifies the type of tokens that should be returned by the mount. Valid values are “default-service”, “default-batch”, “service”, “batch”.

interface GetPolicyDocumentRule

interface GetPolicyDocumentRule

property allowedParameters

allowedParameters?: GetPolicyDocumentRuleAllowedParameter[];

Whitelists a list of keys and values that are permitted on the given path. See Parameters below.

property capabilities

capabilities: string[];

A list of capabilities that this rule apply to path. For example, [“read”, “write”].

property deniedParameters

deniedParameters?: GetPolicyDocumentRuleDeniedParameter[];

Blacklists a list of parameter and values. Any values specified here take precedence over allowedParameter. See Parameters below.

property description

description?: undefined | string;

Description of the rule. Will be added as a commend to rendered rule.

property maxWrappingTtl

maxWrappingTtl?: undefined | string;

The maximum allowed TTL that clients can specify for a wrapped response.

property minWrappingTtl

minWrappingTtl?: undefined | string;

The minimum allowed TTL that clients can specify for a wrapped response.

property path

path: string;

A path in Vault that this rule applies to.

property requiredParameters

requiredParameters?: string[];

A list of parameters that must be specified.

interface GetPolicyDocumentRuleAllowedParameter

interface GetPolicyDocumentRuleAllowedParameter

property key

key: string;

name of permitted or denied parameter.

property values

values: string[];

list of values what are permitted or denied by policy rule.

interface GetPolicyDocumentRuleDeniedParameter

interface GetPolicyDocumentRuleDeniedParameter

property key

key: string;

name of permitted or denied parameter.

property values

values: string[];

list of values what are permitted or denied by policy rule.