1. Docs
  2. Reference
  3. API
  4. pulumi_vault
  5. azure

azure

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-vault repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-vault repo.

class pulumi_vault.azure.AuthBackendConfig(resource_name, opts=None, backend=None, client_id=None, client_secret=None, environment=None, resource=None, tenant_id=None, __props__=None, __name__=None, __opts__=None)

Create a AuthBackendConfig resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] backend: The path the Azure auth backend being configured was

mounted at. Defaults to azure.

Parameters

  • client_id (pulumi.Input[str]) – The client id for credentials to query the Azure APIs. Currently read permissions to query compute resources are required.

  • client_secret (pulumi.Input[str]) – The client secret for credentials to query the Azure APIs.

  • environment (pulumi.Input[str]) – The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud. Defaults to AzurePublicCloud.

  • resource (pulumi.Input[str]) – The configured URL for the application registered in Azure Active Directory.

  • tenant_id (pulumi.Input[str]) – The tenant id for the Azure Active Directory organization.

backend: pulumi.Output[str] = None

The path the Azure auth backend being configured was mounted at. Defaults to azure.

client_id: pulumi.Output[str] = None

The client id for credentials to query the Azure APIs. Currently read permissions to query compute resources are required.

client_secret: pulumi.Output[str] = None

The client secret for credentials to query the Azure APIs.

environment: pulumi.Output[str] = None

The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud. Defaults to AzurePublicCloud.

resource: pulumi.Output[str] = None

The configured URL for the application registered in Azure Active Directory.

tenant_id: pulumi.Output[str] = None

The tenant id for the Azure Active Directory organization.

static get(resource_name, id, opts=None, backend=None, client_id=None, client_secret=None, environment=None, resource=None, tenant_id=None)

Get an existing AuthBackendConfig resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • backend (pulumi.Input[str]) – The path the Azure auth backend being configured was mounted at. Defaults to azure.

  • client_id (pulumi.Input[str]) – The client id for credentials to query the Azure APIs. Currently read permissions to query compute resources are required.

  • client_secret (pulumi.Input[str]) – The client secret for credentials to query the Azure APIs.

  • environment (pulumi.Input[str]) – The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud. Defaults to AzurePublicCloud.

  • resource (pulumi.Input[str]) – The configured URL for the application registered in Azure Active Directory.

  • tenant_id (pulumi.Input[str]) – The tenant id for the Azure Active Directory organization.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.azure.AuthBackendRole(resource_name, opts=None, backend=None, bound_group_ids=None, bound_locations=None, bound_resource_groups=None, bound_scale_sets=None, bound_service_principal_ids=None, bound_subscription_ids=None, max_ttl=None, period=None, policies=None, role=None, token_bound_cidrs=None, token_explicit_max_ttl=None, token_max_ttl=None, token_no_default_policy=None, token_num_uses=None, token_period=None, token_policies=None, token_ttl=None, token_type=None, ttl=None, __props__=None, __name__=None, __opts__=None)

Manages an Azure auth backend role in a Vault server. Roles constrain the instances or principals that can perform the login operation against the backend. See the Vault documentation for more information.

import pulumi
import pulumi_vault as vault

azure = vault.AuthBackend("azure", type="azure")
example = vault.azure.AuthBackendRole("example",
    backend=azure.path,
    bound_resource_groups=["123456789012"],
    bound_subscription_ids=["11111111-2222-3333-4444-555555555555"],
    role="test-role",
    token_max_ttl=120,
    token_policies=[
        "default",
        "dev",
        "prod",
    ],
    token_ttl=60)
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • backend (pulumi.Input[str]) – Unique name of the auth backend to configure.

  • bound_group_ids (pulumi.Input[list]) – If set, defines a constraint on the groups that can perform the login operation that they should be using the group ID specified by this field.

  • bound_locations (pulumi.Input[list]) – If set, defines a constraint on the virtual machines that can perform the login operation that the location in their identity document must match the one specified by this field.

  • bound_resource_groups (pulumi.Input[list]) – If set, defines a constraint on the virtual machiness that can perform the login operation that they be associated with the resource group that matches the value specified by this field.

  • bound_scale_sets (pulumi.Input[list]) – If set, defines a constraint on the virtual machines that can perform the login operation that they must match the scale set specified by this field.

  • bound_service_principal_ids (pulumi.Input[list]) – If set, defines a constraint on the service principals that can perform the login operation that they should be possess the ids specified by this field.

  • bound_subscription_ids (pulumi.Input[list]) – If set, defines a constraint on the subscriptions that can perform the login operation to ones which matches the value specified by this field.

  • max_ttl (pulumi.Input[float]) – The maximum allowed lifetime of tokens issued using this role, provided as a number of seconds.

  • period (pulumi.Input[float]) – If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token’s TTL will be set to the value of this field. Specified in seconds.

  • policies (pulumi.Input[list]) – An array of strings specifying the policies to be set on tokens issued using this role.

  • role (pulumi.Input[str]) – The name of the role.

  • token_bound_cidrs (pulumi.Input[list]) – List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.

  • token_explicit_max_ttl (pulumi.Input[float]) – If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if token_ttl and token_max_ttl would otherwise allow a renewal.

  • token_max_ttl (pulumi.Input[float]) – The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

  • token_no_default_policy (pulumi.Input[bool]) – If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.

  • token_num_uses (pulumi.Input[float]) – The period, if any, in number of seconds to set on the token.

  • token_period (pulumi.Input[float]) – If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token’s TTL will be set to the value of this field. Specified in seconds.

  • token_policies (pulumi.Input[list]) – List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.

  • token_ttl (pulumi.Input[float]) – The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

  • token_type (pulumi.Input[str]) – The type of token that should be generated. Can be service, batch, or default to use the mount’s tuned default (which unless changed will be service tokens). For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.

  • ttl (pulumi.Input[float]) – The TTL period of tokens issued using this role, provided as a number of seconds.

backend: pulumi.Output[str] = None

Unique name of the auth backend to configure.

bound_group_ids: pulumi.Output[list] = None

If set, defines a constraint on the groups that can perform the login operation that they should be using the group ID specified by this field.

bound_locations: pulumi.Output[list] = None

If set, defines a constraint on the virtual machines that can perform the login operation that the location in their identity document must match the one specified by this field.

bound_resource_groups: pulumi.Output[list] = None

If set, defines a constraint on the virtual machiness that can perform the login operation that they be associated with the resource group that matches the value specified by this field.

bound_scale_sets: pulumi.Output[list] = None

If set, defines a constraint on the virtual machines that can perform the login operation that they must match the scale set specified by this field.

bound_service_principal_ids: pulumi.Output[list] = None

If set, defines a constraint on the service principals that can perform the login operation that they should be possess the ids specified by this field.

bound_subscription_ids: pulumi.Output[list] = None

If set, defines a constraint on the subscriptions that can perform the login operation to ones which matches the value specified by this field.

max_ttl: pulumi.Output[float] = None

The maximum allowed lifetime of tokens issued using this role, provided as a number of seconds.

period: pulumi.Output[float] = None

If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token’s TTL will be set to the value of this field. Specified in seconds.

policies: pulumi.Output[list] = None

An array of strings specifying the policies to be set on tokens issued using this role.

role: pulumi.Output[str] = None

The name of the role.

token_bound_cidrs: pulumi.Output[list] = None

List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.

token_explicit_max_ttl: pulumi.Output[float] = None

If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if token_ttl and token_max_ttl would otherwise allow a renewal.

token_max_ttl: pulumi.Output[float] = None

The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

token_no_default_policy: pulumi.Output[bool] = None

If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.

token_num_uses: pulumi.Output[float] = None

The period, if any, in number of seconds to set on the token.

token_period: pulumi.Output[float] = None

If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token’s TTL will be set to the value of this field. Specified in seconds.

token_policies: pulumi.Output[list] = None

List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.

token_ttl: pulumi.Output[float] = None

The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

token_type: pulumi.Output[str] = None

The type of token that should be generated. Can be service, batch, or default to use the mount’s tuned default (which unless changed will be service tokens). For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.

ttl: pulumi.Output[float] = None

The TTL period of tokens issued using this role, provided as a number of seconds.

static get(resource_name, id, opts=None, backend=None, bound_group_ids=None, bound_locations=None, bound_resource_groups=None, bound_scale_sets=None, bound_service_principal_ids=None, bound_subscription_ids=None, max_ttl=None, period=None, policies=None, role=None, token_bound_cidrs=None, token_explicit_max_ttl=None, token_max_ttl=None, token_no_default_policy=None, token_num_uses=None, token_period=None, token_policies=None, token_ttl=None, token_type=None, ttl=None)

Get an existing AuthBackendRole resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • backend (pulumi.Input[str]) – Unique name of the auth backend to configure.

  • bound_group_ids (pulumi.Input[list]) – If set, defines a constraint on the groups that can perform the login operation that they should be using the group ID specified by this field.

  • bound_locations (pulumi.Input[list]) – If set, defines a constraint on the virtual machines that can perform the login operation that the location in their identity document must match the one specified by this field.

  • bound_resource_groups (pulumi.Input[list]) – If set, defines a constraint on the virtual machiness that can perform the login operation that they be associated with the resource group that matches the value specified by this field.

  • bound_scale_sets (pulumi.Input[list]) – If set, defines a constraint on the virtual machines that can perform the login operation that they must match the scale set specified by this field.

  • bound_service_principal_ids (pulumi.Input[list]) – If set, defines a constraint on the service principals that can perform the login operation that they should be possess the ids specified by this field.

  • bound_subscription_ids (pulumi.Input[list]) – If set, defines a constraint on the subscriptions that can perform the login operation to ones which matches the value specified by this field.

  • max_ttl (pulumi.Input[float]) – The maximum allowed lifetime of tokens issued using this role, provided as a number of seconds.

  • period (pulumi.Input[float]) – If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token’s TTL will be set to the value of this field. Specified in seconds.

  • policies (pulumi.Input[list]) – An array of strings specifying the policies to be set on tokens issued using this role.

  • role (pulumi.Input[str]) – The name of the role.

  • token_bound_cidrs (pulumi.Input[list]) – List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.

  • token_explicit_max_ttl (pulumi.Input[float]) –

    If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if token_ttl and token_max_ttl would otherwise allow a renewal.

  • token_max_ttl (pulumi.Input[float]) – The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

  • token_no_default_policy (pulumi.Input[bool]) – If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.

  • token_num_uses (pulumi.Input[float]) –

    The period, if any, in number of seconds to set on the token.

  • token_period (pulumi.Input[float]) – If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token’s TTL will be set to the value of this field. Specified in seconds.

  • token_policies (pulumi.Input[list]) – List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.

  • token_ttl (pulumi.Input[float]) – The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

  • token_type (pulumi.Input[str]) – The type of token that should be generated. Can be service, batch, or default to use the mount’s tuned default (which unless changed will be service tokens). For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.

  • ttl (pulumi.Input[float]) – The TTL period of tokens issued using this role, provided as a number of seconds.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.azure.AwaitableGetAccessCredentialsResult(backend=None, client_id=None, client_secret=None, id=None, lease_duration=None, lease_id=None, lease_renewable=None, lease_start_time=None, max_cred_validation_seconds=None, num_seconds_between_tests=None, num_sequential_successes=None, role=None, validate_creds=None)
class pulumi_vault.azure.Backend(resource_name, opts=None, client_id=None, client_secret=None, description=None, environment=None, path=None, subscription_id=None, tenant_id=None, __props__=None, __name__=None, __opts__=None)

Create a Backend resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] client_id: The client id for credentials to query the Azure APIs. Currently read permissions to query compute resources are

required.

Parameters

  • client_secret (pulumi.Input[str]) – The client secret for credentials to query the Azure APIs

  • description (pulumi.Input[str]) – Human-friendly description of the mount for the backend.

  • environment (pulumi.Input[str]) – The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud.

  • path (pulumi.Input[str]) – Path to mount the backend at.

  • subscription_id (pulumi.Input[str]) – The subscription id for the Azure Active Directory.

  • tenant_id (pulumi.Input[str]) – The tenant id for the Azure Active Directory organization.

client_id: pulumi.Output[str] = None

The client id for credentials to query the Azure APIs. Currently read permissions to query compute resources are required.

client_secret: pulumi.Output[str] = None

The client secret for credentials to query the Azure APIs

description: pulumi.Output[str] = None

Human-friendly description of the mount for the backend.

environment: pulumi.Output[str] = None

The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud.

path: pulumi.Output[str] = None

Path to mount the backend at.

subscription_id: pulumi.Output[str] = None

The subscription id for the Azure Active Directory.

tenant_id: pulumi.Output[str] = None

The tenant id for the Azure Active Directory organization.

static get(resource_name, id, opts=None, client_id=None, client_secret=None, description=None, environment=None, path=None, subscription_id=None, tenant_id=None)

Get an existing Backend resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • client_id (pulumi.Input[str]) – The client id for credentials to query the Azure APIs. Currently read permissions to query compute resources are required.

  • client_secret (pulumi.Input[str]) – The client secret for credentials to query the Azure APIs

  • description (pulumi.Input[str]) – Human-friendly description of the mount for the backend.

  • environment (pulumi.Input[str]) – The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud.

  • path (pulumi.Input[str]) – Path to mount the backend at.

  • subscription_id (pulumi.Input[str]) – The subscription id for the Azure Active Directory.

  • tenant_id (pulumi.Input[str]) – The tenant id for the Azure Active Directory organization.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.azure.BackendRole(resource_name, opts=None, application_object_id=None, azure_roles=None, backend=None, description=None, max_ttl=None, role=None, ttl=None, __props__=None, __name__=None, __opts__=None)

Create a BackendRole resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] application_object_id: Application Object ID for an existing service principal that will

be used instead of creating dynamic service principals. If present, azure_roles will be ignored.

Parameters

  • azure_roles (pulumi.Input[list]) – List of Azure roles to be assigned to the generated service principal.

  • backend (pulumi.Input[str]) – Path to the mounted Azure auth backend

  • description (pulumi.Input[str]) – Human-friendly description of the mount for the backend.

  • max_ttl (pulumi.Input[str]) – Specifies the maximum TTL for service principals generated using this role. Accepts time suffixed strings (“1h”) or an integer number of seconds. Defaults to the system/engine max TTL time.

  • role (pulumi.Input[str]) – Name of the Azure role

  • ttl (pulumi.Input[str]) – Specifies the default TTL for service principals generated using this role. Accepts time suffixed strings (“1h”) or an integer number of seconds. Defaults to the system/engine default TTL time.

The azure_roles object supports the following:

  • role_id (pulumi.Input[str])

  • role_name (pulumi.Input[str])

  • scope (pulumi.Input[str])

application_object_id: pulumi.Output[str] = None

Application Object ID for an existing service principal that will be used instead of creating dynamic service principals. If present, azure_roles will be ignored.

azure_roles: pulumi.Output[list] = None

List of Azure roles to be assigned to the generated service principal.

  • role_id (str)

  • role_name (str)

  • scope (str)

backend: pulumi.Output[str] = None

Path to the mounted Azure auth backend

description: pulumi.Output[str] = None

Human-friendly description of the mount for the backend.

max_ttl: pulumi.Output[str] = None

Specifies the maximum TTL for service principals generated using this role. Accepts time suffixed strings (“1h”) or an integer number of seconds. Defaults to the system/engine max TTL time.

role: pulumi.Output[str] = None

Name of the Azure role

ttl: pulumi.Output[str] = None

Specifies the default TTL for service principals generated using this role. Accepts time suffixed strings (“1h”) or an integer number of seconds. Defaults to the system/engine default TTL time.

static get(resource_name, id, opts=None, application_object_id=None, azure_roles=None, backend=None, description=None, max_ttl=None, role=None, ttl=None)

Get an existing BackendRole resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • application_object_id (pulumi.Input[str]) – Application Object ID for an existing service principal that will be used instead of creating dynamic service principals. If present, azure_roles will be ignored.

  • azure_roles (pulumi.Input[list]) – List of Azure roles to be assigned to the generated service principal.

  • backend (pulumi.Input[str]) – Path to the mounted Azure auth backend

  • description (pulumi.Input[str]) – Human-friendly description of the mount for the backend.

  • max_ttl (pulumi.Input[str]) – Specifies the maximum TTL for service principals generated using this role. Accepts time suffixed strings (“1h”) or an integer number of seconds. Defaults to the system/engine max TTL time.

  • role (pulumi.Input[str]) – Name of the Azure role

  • ttl (pulumi.Input[str]) – Specifies the default TTL for service principals generated using this role. Accepts time suffixed strings (“1h”) or an integer number of seconds. Defaults to the system/engine default TTL time.

The azure_roles object supports the following:

  • role_id (pulumi.Input[str])

  • role_name (pulumi.Input[str])

  • scope (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.azure.GetAccessCredentialsResult(backend=None, client_id=None, client_secret=None, id=None, lease_duration=None, lease_id=None, lease_renewable=None, lease_start_time=None, max_cred_validation_seconds=None, num_seconds_between_tests=None, num_sequential_successes=None, role=None, validate_creds=None)

A collection of values returned by getAccessCredentials.

client_id = None

The client id for credentials to query the Azure APIs.

client_secret = None

The client secret for credentials to query the Azure APIs.

id = None

The provider-assigned unique ID for this managed resource.

lease_duration = None

The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.

lease_id = None

The lease identifier assigned by Vault.

pulumi_vault.azure.get_access_credentials(backend=None, max_cred_validation_seconds=None, num_seconds_between_tests=None, num_sequential_successes=None, role=None, validate_creds=None, opts=None)

Use this data source to access information about an existing resource.

Parameters

  • backend (str) – The path to the Azure secret backend to read credentials from, with no leading or trailing /s.

  • max_cred_validation_seconds (float) – If ‘validate_creds’ is true, the number of seconds after which to give up validating credentials. Defaults to 1,200 (20 minutes).

  • num_seconds_between_tests (float) – If ‘validate_creds’ is true, the number of seconds to wait between each test of generated credentials. Defaults to 7.

  • num_sequential_successes (float) – If ‘validate_creds’ is true, the number of sequential successes required to validate generated credentials. Defaults to 8.

  • role (str) – The name of the Azure secret backend role to read credentials from, with no leading or trailing /s.

  • validate_creds (bool) – Whether generated credentials should be validated before being returned. Defaults to false, which returns credentials without checking whether they have fully propagated throughout Azure Active Directory. Designating true activates testing.