1. Docs
  2. Reference
  3. API
  4. pulumi_vault
  5. identity

identity

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-vault repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-vault repo.

class pulumi_vault.identity.AwaitableGetEntityResult(alias_id=None, alias_mount_accessor=None, alias_name=None, aliases=None, creation_time=None, data_json=None, direct_group_ids=None, disabled=None, entity_id=None, entity_name=None, group_ids=None, id=None, inherited_group_ids=None, last_update_time=None, merged_entity_ids=None, metadata=None, namespace_id=None, policies=None)
class pulumi_vault.identity.AwaitableGetGroupResult(alias_canonical_id=None, alias_creation_time=None, alias_id=None, alias_last_update_time=None, alias_merged_from_canonical_ids=None, alias_metadata=None, alias_mount_accessor=None, alias_mount_path=None, alias_mount_type=None, alias_name=None, creation_time=None, data_json=None, group_id=None, group_name=None, id=None, last_update_time=None, member_entity_ids=None, member_group_ids=None, metadata=None, modify_index=None, namespace_id=None, parent_group_ids=None, policies=None, type=None)
class pulumi_vault.identity.Entity(resource_name, opts=None, disabled=None, external_policies=None, metadata=None, name=None, policies=None, __props__=None, __name__=None, __opts__=None)

Create a Entity resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[bool] disabled: True/false Is this entity currently disabled. Defaults to false :param pulumi.Input[bool] external_policies: false by default. If set to true, this resource will ignore any policies return from Vault or specified in the resource. You can use identity.EntityPolicies to manage policies for this entity in a decoupled manner. :param pulumi.Input[dict] metadata: A Map of additional metadata to associate with the user. :param pulumi.Input[str] name: Name of the identity entity to create. :param pulumi.Input[list] policies: A list of policies to apply to the entity.

disabled: pulumi.Output[bool] = None

True/false Is this entity currently disabled. Defaults to false

external_policies: pulumi.Output[bool] = None

false by default. If set to true, this resource will ignore any policies return from Vault or specified in the resource. You can use identity.EntityPolicies to manage policies for this entity in a decoupled manner.

metadata: pulumi.Output[dict] = None

A Map of additional metadata to associate with the user.

name: pulumi.Output[str] = None

Name of the identity entity to create.

policies: pulumi.Output[list] = None

A list of policies to apply to the entity.

static get(resource_name, id, opts=None, disabled=None, external_policies=None, metadata=None, name=None, policies=None)

Get an existing Entity resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • disabled (pulumi.Input[bool]) – True/false Is this entity currently disabled. Defaults to false

  • external_policies (pulumi.Input[bool]) – false by default. If set to true, this resource will ignore any policies return from Vault or specified in the resource. You can use identity.EntityPolicies to manage policies for this entity in a decoupled manner.

  • metadata (pulumi.Input[dict]) – A Map of additional metadata to associate with the user.

  • name (pulumi.Input[str]) – Name of the identity entity to create.

  • policies (pulumi.Input[list]) – A list of policies to apply to the entity.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.identity.EntityAlias(resource_name, opts=None, canonical_id=None, mount_accessor=None, name=None, __props__=None, __name__=None, __opts__=None)

Create a EntityAlias resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] canonical_id: Entity ID to which this alias belongs to. :param pulumi.Input[str] mount_accessor: Accessor of the mount to which the alias should belong to. :param pulumi.Input[str] name: Name of the alias. Name should be the identifier of the client in the authentication source. For example, if the alias belongs to userpass backend, the name should be a valid username within userpass backend. If alias belongs to GitHub, it should be the GitHub username.

canonical_id: pulumi.Output[str] = None

Entity ID to which this alias belongs to.

mount_accessor: pulumi.Output[str] = None

Accessor of the mount to which the alias should belong to.

name: pulumi.Output[str] = None

Name of the alias. Name should be the identifier of the client in the authentication source. For example, if the alias belongs to userpass backend, the name should be a valid username within userpass backend. If alias belongs to GitHub, it should be the GitHub username.

static get(resource_name, id, opts=None, canonical_id=None, mount_accessor=None, name=None)

Get an existing EntityAlias resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • canonical_id (pulumi.Input[str]) – Entity ID to which this alias belongs to.

  • mount_accessor (pulumi.Input[str]) – Accessor of the mount to which the alias should belong to.

  • name (pulumi.Input[str]) – Name of the alias. Name should be the identifier of the client in the authentication source. For example, if the alias belongs to userpass backend, the name should be a valid username within userpass backend. If alias belongs to GitHub, it should be the GitHub username.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.identity.EntityPolicies(resource_name, opts=None, entity_id=None, exclusive=None, policies=None, __props__=None, __name__=None, __opts__=None)

Manages policies for an Identity Entity for Vault. The Identity secrets engine is the identity management solution for Vault.

import pulumi
import pulumi_vault as vault

entity = vault.identity.Entity("entity", external_policies=True)
policies = vault.identity.EntityPolicies("policies",
    policies=[
        "default",
        "test",
    ],
    exclusive=True,
    entity_id=entity.id)

import pulumi
import pulumi_vault as vault

entity = vault.identity.Entity("entity", external_policies=True)
default = vault.identity.EntityPolicies("default",
    policies=[
        "default",
        "test",
    ],
    exclusive=False,
    entity_id=entity.id)
others = vault.identity.EntityPolicies("others",
    policies=["others"],
    exclusive=False,
    entity_id=entity.id)
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • entity_id (pulumi.Input[str]) – Entity ID to assign policies to.

  • exclusive (pulumi.Input[bool]) – Defaults to true.

  • policies (pulumi.Input[list]) – List of policies to assign to the entity

entity_id: pulumi.Output[str] = None

Entity ID to assign policies to.

entity_name: pulumi.Output[str] = None

The name of the entity that are assigned the policies.

exclusive: pulumi.Output[bool] = None

Defaults to true.

policies: pulumi.Output[list] = None

List of policies to assign to the entity

static get(resource_name, id, opts=None, entity_id=None, entity_name=None, exclusive=None, policies=None)

Get an existing EntityPolicies resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • entity_id (pulumi.Input[str]) – Entity ID to assign policies to.

  • entity_name (pulumi.Input[str]) – The name of the entity that are assigned the policies.

  • exclusive (pulumi.Input[bool]) – Defaults to true.

  • policies (pulumi.Input[list]) – List of policies to assign to the entity

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.identity.GetEntityResult(alias_id=None, alias_mount_accessor=None, alias_name=None, aliases=None, creation_time=None, data_json=None, direct_group_ids=None, disabled=None, entity_id=None, entity_name=None, group_ids=None, id=None, inherited_group_ids=None, last_update_time=None, merged_entity_ids=None, metadata=None, namespace_id=None, policies=None)

A collection of values returned by getEntity.

aliases = None

A list of entity alias. Structure is documented below.

creation_time = None

Creation time of the Alias

data_json = None

A string containing the full data payload retrieved from Vault, serialized in JSON format.

direct_group_ids = None

List of Group IDs of which the entity is directly a member of

disabled = None

Whether the entity is disabled

group_ids = None

List of all Group IDs of which the entity is a member of

id = None

The provider-assigned unique ID for this managed resource.

inherited_group_ids = None

List of all Group IDs of which the entity is a member of transitively

last_update_time = None

Last update time of the alias

merged_entity_ids = None

Other entity IDs which is merged with this entity

metadata = None

Arbitrary metadata

namespace_id = None

Namespace of which the entity is part of

policies = None

List of policies attached to the entity

class pulumi_vault.identity.GetGroupResult(alias_canonical_id=None, alias_creation_time=None, alias_id=None, alias_last_update_time=None, alias_merged_from_canonical_ids=None, alias_metadata=None, alias_mount_accessor=None, alias_mount_path=None, alias_mount_type=None, alias_name=None, creation_time=None, data_json=None, group_id=None, group_name=None, id=None, last_update_time=None, member_entity_ids=None, member_group_ids=None, metadata=None, modify_index=None, namespace_id=None, parent_group_ids=None, policies=None, type=None)

A collection of values returned by getGroup.

alias_canonical_id = None

Canonical ID of the Alias

alias_creation_time = None

Creation time of the Alias

alias_last_update_time = None

Last update time of the alias

alias_merged_from_canonical_ids = None

List of canonical IDs merged with this alias

alias_metadata = None

Arbitrary metadata

alias_mount_path = None

Authentication mount path which this alias belongs to

alias_mount_type = None

Authentication mount type which this alias belongs to

creation_time = None

Creation timestamp of the group

data_json = None

A string containing the full data payload retrieved from Vault, serialized in JSON format.

id = None

The provider-assigned unique ID for this managed resource.

last_update_time = None

Last updated time of the group

member_entity_ids = None

List of Entity IDs which are members of this group

member_group_ids = None

List of Group IDs which are members of this group

metadata = None

Arbitrary metadata

modify_index = None

Modify index of the group

namespace_id = None

Namespace of which the group is part of

parent_group_ids = None

List of Group IDs which are parents of this group.

policies = None

List of policies attached to the group

type = None

Type of group

class pulumi_vault.identity.Group(resource_name, opts=None, external_policies=None, member_entity_ids=None, member_group_ids=None, metadata=None, name=None, policies=None, type=None, __props__=None, __name__=None, __opts__=None)

Creates an Identity Group for Vault. The Identity secrets engine is the identity management solution for Vault.

A group can contain multiple entities as its members. A group can also have subgroups. Policies set on the group is granted to all members of the group. During request time, when the token’s entity ID is being evaluated for the policies that it has access to; along with the policies on the entity itself, policies that are inherited due to group memberships are also granted.

import pulumi
import pulumi_vault as vault

internal = vault.identity.Group("internal",
    metadata={
        "version": "2",
    },
    policies=[
        "dev",
        "test",
    ],
    type="internal")

import pulumi
import pulumi_vault as vault

group = vault.identity.Group("group",
    metadata={
        "version": "1",
    },
    policies=["test"],
    type="external")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • external_policies (pulumi.Input[bool]) – false by default. If set to true, this resource will ignore any policies return from Vault or specified in the resource. You can use identity.GroupPolicies to manage policies for this group in a decoupled manner.

  • member_entity_ids (pulumi.Input[list]) – A list of Entity IDs to be assigned as group members. Not allowed on external groups.

  • member_group_ids (pulumi.Input[list]) – A list of Group IDs to be assigned as group members. Not allowed on external groups.

  • metadata (pulumi.Input[dict]) – A Map of additional metadata to associate with the group.

  • name (pulumi.Input[str]) – Name of the identity group to create.

  • policies (pulumi.Input[list]) – A list of policies to apply to the group.

  • type (pulumi.Input[str]) – Type of the group, internal or external. Defaults to internal.

external_policies: pulumi.Output[bool] = None

false by default. If set to true, this resource will ignore any policies return from Vault or specified in the resource. You can use identity.GroupPolicies to manage policies for this group in a decoupled manner.

member_entity_ids: pulumi.Output[list] = None

A list of Entity IDs to be assigned as group members. Not allowed on external groups.

member_group_ids: pulumi.Output[list] = None

A list of Group IDs to be assigned as group members. Not allowed on external groups.

metadata: pulumi.Output[dict] = None

A Map of additional metadata to associate with the group.

name: pulumi.Output[str] = None

Name of the identity group to create.

policies: pulumi.Output[list] = None

A list of policies to apply to the group.

type: pulumi.Output[str] = None

Type of the group, internal or external. Defaults to internal.

static get(resource_name, id, opts=None, external_policies=None, member_entity_ids=None, member_group_ids=None, metadata=None, name=None, policies=None, type=None)

Get an existing Group resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • external_policies (pulumi.Input[bool]) – false by default. If set to true, this resource will ignore any policies return from Vault or specified in the resource. You can use identity.GroupPolicies to manage policies for this group in a decoupled manner.

  • member_entity_ids (pulumi.Input[list]) – A list of Entity IDs to be assigned as group members. Not allowed on external groups.

  • member_group_ids (pulumi.Input[list]) – A list of Group IDs to be assigned as group members. Not allowed on external groups.

  • metadata (pulumi.Input[dict]) – A Map of additional metadata to associate with the group.

  • name (pulumi.Input[str]) – Name of the identity group to create.

  • policies (pulumi.Input[list]) – A list of policies to apply to the group.

  • type (pulumi.Input[str]) – Type of the group, internal or external. Defaults to internal.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.identity.GroupAlias(resource_name, opts=None, canonical_id=None, mount_accessor=None, name=None, __props__=None, __name__=None, __opts__=None)

Creates an Identity Group Alias for Vault. The Identity secrets engine is the identity management solution for Vault.

Group aliases allows entity membership in external groups to be managed semi-automatically. External group serves as a mapping to a group that is outside of the identity store. External groups can have one (and only one) alias. This alias should map to a notion of group that is outside of the identity store. For example, groups in LDAP, and teams in GitHub. A username in LDAP, belonging to a group in LDAP, can get its entity ID added as a member of a group in Vault automatically during logins and token renewals. This works only if the group in Vault is an external group and has an alias that maps to the group in LDAP. If the user is removed from the group in LDAP, that change gets reflected in Vault only upon the subsequent login or renewal operation.

import pulumi
import pulumi_vault as vault

group = vault.identity.Group("group",
    policies=["test"],
    type="external")
github = vault.AuthBackend("github",
    path="github",
    type="github")
group_alias = vault.identity.GroupAlias("group-alias",
    canonical_id=group.id,
    mount_accessor=github.accessor,
    name="Github_Team_Slug")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • canonical_id (pulumi.Input[str]) – ID of the group to which this is an alias.

  • mount_accessor (pulumi.Input[str]) – Mount accessor of the authentication backend to which this alias belongs to.

  • name (pulumi.Input[str]) – Name of the group alias to create.

canonical_id: pulumi.Output[str] = None

ID of the group to which this is an alias.

mount_accessor: pulumi.Output[str] = None

Mount accessor of the authentication backend to which this alias belongs to.

name: pulumi.Output[str] = None

Name of the group alias to create.

static get(resource_name, id, opts=None, canonical_id=None, mount_accessor=None, name=None)

Get an existing GroupAlias resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • canonical_id (pulumi.Input[str]) – ID of the group to which this is an alias.

  • mount_accessor (pulumi.Input[str]) – Mount accessor of the authentication backend to which this alias belongs to.

  • name (pulumi.Input[str]) – Name of the group alias to create.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.identity.GroupPolicies(resource_name, opts=None, exclusive=None, group_id=None, policies=None, __props__=None, __name__=None, __opts__=None)

Manages policies for an Identity Group for Vault. The Identity secrets engine is the identity management solution for Vault.

import pulumi
import pulumi_vault as vault

internal = vault.identity.Group("internal",
    type="internal",
    external_policies=True,
    metadata={
        "version": "2",
    })
policies = vault.identity.GroupPolicies("policies",
    policies=[
        "default",
        "test",
    ],
    exclusive=True,
    group_id=internal.id)

import pulumi
import pulumi_vault as vault

internal = vault.identity.Group("internal",
    type="internal",
    external_policies=True,
    metadata={
        "version": "2",
    })
default = vault.identity.GroupPolicies("default",
    policies=[
        "default",
        "test",
    ],
    exclusive=False,
    group_id=internal.id)
others = vault.identity.GroupPolicies("others",
    policies=["others"],
    exclusive=False,
    group_id=internal.id)
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • exclusive (pulumi.Input[bool]) – Defaults to true.

  • group_id (pulumi.Input[str]) – Group ID to assign policies to.

  • policies (pulumi.Input[list]) – List of policies to assign to the group

exclusive: pulumi.Output[bool] = None

Defaults to true.

group_id: pulumi.Output[str] = None

Group ID to assign policies to.

group_name: pulumi.Output[str] = None

The name of the group that are assigned the policies.

policies: pulumi.Output[list] = None

List of policies to assign to the group

static get(resource_name, id, opts=None, exclusive=None, group_id=None, group_name=None, policies=None)

Get an existing GroupPolicies resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • exclusive (pulumi.Input[bool]) – Defaults to true.

  • group_id (pulumi.Input[str]) – Group ID to assign policies to.

  • group_name (pulumi.Input[str]) – The name of the group that are assigned the policies.

  • policies (pulumi.Input[list]) – List of policies to assign to the group

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.identity.Oidc(resource_name, opts=None, issuer=None, __props__=None, __name__=None, __opts__=None)

Configure the Identity Tokens Backend.

The Identity secrets engine is the identity management solution for Vault. It internally maintains the clients who are recognized by Vault.

NOTE: Each Vault server may only have one Identity Tokens Backend configuration. Multiple configurations of the resource against the same Vault server will cause a perpetual difference.

import pulumi
import pulumi_vault as vault

server = vault.identity.Oidc("server", issuer="https://www.acme.com")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • issuer (pulumi.Input[str]) – Issuer URL to be used in the iss claim of the token. If not set, Vault’s api_addr will be used. The issuer is a case sensitive URL using the https scheme that contains scheme, host, and optionally, port number and path components, but no query or fragment components.

issuer: pulumi.Output[str] = None

Issuer URL to be used in the iss claim of the token. If not set, Vault’s api_addr will be used. The issuer is a case sensitive URL using the https scheme that contains scheme, host, and optionally, port number and path components, but no query or fragment components.

static get(resource_name, id, opts=None, issuer=None)

Get an existing Oidc resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • issuer (pulumi.Input[str]) – Issuer URL to be used in the iss claim of the token. If not set, Vault’s api_addr will be used. The issuer is a case sensitive URL using the https scheme that contains scheme, host, and optionally, port number and path components, but no query or fragment components.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.identity.OidcKey(resource_name, opts=None, algorithm=None, allowed_client_ids=None, name=None, rotation_period=None, verification_ttl=None, __props__=None, __name__=None, __opts__=None)

Create a OidcKey resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] algorithm: Signing algorithm to use. Signing algorithm to use.

Allowed values are: RS256 (default), RS384, RS512, ES256, ES384, ES512, EdDSA.

Parameters

  • allowed_client_ids (pulumi.Input[list]) – Array of role client ids allowed to use this key for signing. If empty, no roles are allowed. If “*”, all roles are allowed.

  • name (pulumi.Input[str]) – Name of the OIDC Key to create.

  • rotation_period (pulumi.Input[float]) – How often to generate a new signing key in number of seconds

  • verification_ttl (pulumi.Input[float]) – “Controls how long the public portion of a signing key will be available for verification after being rotated in seconds.

algorithm: pulumi.Output[str] = None

Signing algorithm to use. Signing algorithm to use. Allowed values are: RS256 (default), RS384, RS512, ES256, ES384, ES512, EdDSA.

allowed_client_ids: pulumi.Output[list] = None

Array of role client ids allowed to use this key for signing. If empty, no roles are allowed. If “*”, all roles are allowed.

name: pulumi.Output[str] = None

Name of the OIDC Key to create.

rotation_period: pulumi.Output[float] = None

How often to generate a new signing key in number of seconds

verification_ttl: pulumi.Output[float] = None

“Controls how long the public portion of a signing key will be available for verification after being rotated in seconds.

static get(resource_name, id, opts=None, algorithm=None, allowed_client_ids=None, name=None, rotation_period=None, verification_ttl=None)

Get an existing OidcKey resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • algorithm (pulumi.Input[str]) – Signing algorithm to use. Signing algorithm to use. Allowed values are: RS256 (default), RS384, RS512, ES256, ES384, ES512, EdDSA.

  • allowed_client_ids (pulumi.Input[list]) – Array of role client ids allowed to use this key for signing. If empty, no roles are allowed. If “*”, all roles are allowed.

  • name (pulumi.Input[str]) – Name of the OIDC Key to create.

  • rotation_period (pulumi.Input[float]) – How often to generate a new signing key in number of seconds

  • verification_ttl (pulumi.Input[float]) – “Controls how long the public portion of a signing key will be available for verification after being rotated in seconds.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.identity.OidcKeyAllowedClientID(resource_name, opts=None, allowed_client_id=None, key_name=None, __props__=None, __name__=None, __opts__=None)

Create a OidcKeyAllowedClientID resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] allowed_client_id: Client ID to allow usage with the OIDC named key :param pulumi.Input[str] key_name: Name of the OIDC Key allow the Client ID.

allowed_client_id: pulumi.Output[str] = None

Client ID to allow usage with the OIDC named key

key_name: pulumi.Output[str] = None

Name of the OIDC Key allow the Client ID.

static get(resource_name, id, opts=None, allowed_client_id=None, key_name=None)

Get an existing OidcKeyAllowedClientID resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • allowed_client_id (pulumi.Input[str]) – Client ID to allow usage with the OIDC named key

  • key_name (pulumi.Input[str]) – Name of the OIDC Key allow the Client ID.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.identity.OidcRole(resource_name, opts=None, key=None, name=None, template=None, ttl=None, __props__=None, __name__=None, __opts__=None)

Create a OidcRole resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] key: A configured named key, the key must already exist

before tokens can be issued.

Parameters

  • name (pulumi.Input[str]) – Name of the OIDC Role to create.

  • template (pulumi.Input[str]) – The template string to use for generating tokens. This may be in string-ified JSON or base64 format. See the documentation for the template format.

  • ttl (pulumi.Input[float]) – TTL of the tokens generated against the role in number of seconds.

client_id: pulumi.Output[str] = None

The value that will be included in the aud field of all the OIDC identity tokens issued by this role

key: pulumi.Output[str] = None

A configured named key, the key must already exist before tokens can be issued.

name: pulumi.Output[str] = None

Name of the OIDC Role to create.

template: pulumi.Output[str] = None

The template string to use for generating tokens. This may be in string-ified JSON or base64 format. See the documentation for the template format.

ttl: pulumi.Output[float] = None

TTL of the tokens generated against the role in number of seconds.

static get(resource_name, id, opts=None, client_id=None, key=None, name=None, template=None, ttl=None)

Get an existing OidcRole resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • client_id (pulumi.Input[str]) – The value that will be included in the aud field of all the OIDC identity tokens issued by this role

  • key (pulumi.Input[str]) – A configured named key, the key must already exist before tokens can be issued.

  • name (pulumi.Input[str]) – Name of the OIDC Role to create.

  • template (pulumi.Input[str]) –

    The template string to use for generating tokens. This may be in string-ified JSON or base64 format. See the documentation for the template format.

  • ttl (pulumi.Input[float]) – TTL of the tokens generated against the role in number of seconds.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

pulumi_vault.identity.get_entity(alias_id=None, alias_mount_accessor=None, alias_name=None, entity_id=None, entity_name=None, opts=None)

Use this data source to access information about an existing resource.

Parameters

  • alias_id (str) – ID of the alias.

  • alias_mount_accessor (str) – Accessor of the mount to which the alias belongs to. This should be supplied in conjunction with alias_name.

  • alias_name (str) – Name of the alias. This should be supplied in conjunction with alias_mount_accessor.

  • entity_id (str) – ID of the entity.

  • entity_name (str) – Name of the entity.

pulumi_vault.identity.get_group(alias_id=None, alias_mount_accessor=None, alias_name=None, group_id=None, group_name=None, opts=None)

Use this data source to access information about an existing resource.

Parameters

  • alias_id (str) – ID of the alias.

  • alias_mount_accessor (str) – Accessor of the mount to which the alias belongs to. This should be supplied in conjunction with alias_name.

  • alias_name (str) – Name of the alias. This should be supplied in conjunction with alias_mount_accessor.

  • group_id (str) – ID of the group.

  • group_name (str) – Name of the group.