SecretBackendStaticRole
Creates a Database Secret Backend static role in Vault. Database secret backend static roles can be used to manage 1-to-1 mapping of a Vault Role to a user in a database for the database.
Example Usage
using Pulumi;
using Vault = Pulumi.Vault;
class MyStack : Stack
{
public MyStack()
{
var db = new Vault.Mount("db", new Vault.MountArgs
{
Path = "postgres",
Type = "database",
});
var postgres = new Vault.Database.SecretBackendConnection("postgres", new Vault.Database.SecretBackendConnectionArgs
{
AllowedRoles =
{
"*",
},
Backend = db.Path,
Postgresql = new Vault.Database.Inputs.SecretBackendConnectionPostgresqlArgs
{
ConnectionUrl = "postgres://username:password@host:port/database",
},
});
var staticRole = new Vault.Database.SecretBackendStaticRole("staticRole", new Vault.Database.SecretBackendStaticRoleArgs
{
Backend = db.Path,
DbName = postgres.Name,
RotationPeriod = "3600",
RotationStatements =
{
"ALTER USER \"{{name}}\" WITH PASSWORD '{{password}}';",
},
Username = "example",
});
}
}
Coming soon!
import pulumi
import pulumi_vault as vault
db = vault.Mount("db",
path="postgres",
type="database")
postgres = vault.database.SecretBackendConnection("postgres",
allowed_roles=["*"],
backend=db.path,
postgresql={
"connectionUrl": "postgres://username:password@host:port/database",
})
static_role = vault.database.SecretBackendStaticRole("staticRole",
backend=db.path,
db_name=postgres.name,
rotation_period="3600",
rotation_statements=["ALTER USER \"{{name}}\" WITH PASSWORD '{{password}}';"],
username="example")import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const db = new vault.Mount("db", {
path: "postgres",
type: "database",
});
const postgres = new vault.database.SecretBackendConnection("postgres", {
allowedRoles: ["*"],
backend: db.path,
postgresql: {
connectionUrl: "postgres://username:password@host:port/database",
},
});
const staticRole = new vault.database.SecretBackendStaticRole("static_role", {
backend: db.path,
dbName: postgres.name,
rotationPeriod: 3600,
rotationStatements: ["ALTER USER \"{{name}}\" WITH PASSWORD '{{password}}';"],
username: "example",
});Create a SecretBackendStaticRole Resource
new SecretBackendStaticRole(name: string, args: SecretBackendStaticRoleArgs, opts?: CustomResourceOptions);def SecretBackendStaticRole(resource_name, opts=None, backend=None, db_name=None, name=None, rotation_period=None, rotation_statements=None, username=None, __props__=None);func NewSecretBackendStaticRole(ctx *Context, name string, args SecretBackendStaticRoleArgs, opts ...ResourceOption) (*SecretBackendStaticRole, error)public SecretBackendStaticRole(string name, SecretBackendStaticRoleArgs args, CustomResourceOptions? opts = null)- name string
- The unique name of the resource.
- args SecretBackendStaticRoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- opts ResourceOptions
- A bag of options that control this resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecretBackendStaticRoleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecretBackendStaticRoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
SecretBackendStaticRole Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.
Inputs
The SecretBackendStaticRole resource accepts the following input properties:
- Backend string
The unique name of the Vault mount to configure.
- Db
Name string The unique name of the database connection to use for the static role.
- Rotation
Period int The amount of time Vault should wait before rotating the password, in seconds.
- Username string
The database username that this static role corresponds to.
- Name string
A unique name to give the static role.
- Rotation
Statements List<string> Database statements to execute to rotate the password for the configured database user.
- Backend string
The unique name of the Vault mount to configure.
- Db
Name string The unique name of the database connection to use for the static role.
- Rotation
Period int The amount of time Vault should wait before rotating the password, in seconds.
- Username string
The database username that this static role corresponds to.
- Name string
A unique name to give the static role.
- Rotation
Statements []string Database statements to execute to rotate the password for the configured database user.
- backend string
The unique name of the Vault mount to configure.
- db
Name string The unique name of the database connection to use for the static role.
- rotation
Period number The amount of time Vault should wait before rotating the password, in seconds.
- username string
The database username that this static role corresponds to.
- name string
A unique name to give the static role.
- rotation
Statements string[] Database statements to execute to rotate the password for the configured database user.
- backend str
The unique name of the Vault mount to configure.
- db_
name str The unique name of the database connection to use for the static role.
- rotation_
period float The amount of time Vault should wait before rotating the password, in seconds.
- username str
The database username that this static role corresponds to.
- name str
A unique name to give the static role.
- rotation_
statements List[str] Database statements to execute to rotate the password for the configured database user.
Outputs
All input properties are implicitly available as output properties. Additionally, the SecretBackendStaticRole resource produces the following output properties:
Look up an Existing SecretBackendStaticRole Resource
Get an existing SecretBackendStaticRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecretBackendStaticRoleState, opts?: CustomResourceOptions): SecretBackendStaticRolestatic get(resource_name, id, opts=None, backend=None, db_name=None, name=None, rotation_period=None, rotation_statements=None, username=None, __props__=None);func GetSecretBackendStaticRole(ctx *Context, name string, id IDInput, state *SecretBackendStaticRoleState, opts ...ResourceOption) (*SecretBackendStaticRole, error)public static SecretBackendStaticRole Get(string name, Input<string> id, SecretBackendStaticRoleState? state, CustomResourceOptions? opts = null)- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Backend string
The unique name of the Vault mount to configure.
- Db
Name string The unique name of the database connection to use for the static role.
- Name string
A unique name to give the static role.
- Rotation
Period int The amount of time Vault should wait before rotating the password, in seconds.
- Rotation
Statements List<string> Database statements to execute to rotate the password for the configured database user.
- Username string
The database username that this static role corresponds to.
- Backend string
The unique name of the Vault mount to configure.
- Db
Name string The unique name of the database connection to use for the static role.
- Name string
A unique name to give the static role.
- Rotation
Period int The amount of time Vault should wait before rotating the password, in seconds.
- Rotation
Statements []string Database statements to execute to rotate the password for the configured database user.
- Username string
The database username that this static role corresponds to.
- backend string
The unique name of the Vault mount to configure.
- db
Name string The unique name of the database connection to use for the static role.
- name string
A unique name to give the static role.
- rotation
Period number The amount of time Vault should wait before rotating the password, in seconds.
- rotation
Statements string[] Database statements to execute to rotate the password for the configured database user.
- username string
The database username that this static role corresponds to.
- backend str
The unique name of the Vault mount to configure.
- db_
name str The unique name of the database connection to use for the static role.
- name str
A unique name to give the static role.
- rotation_
period float The amount of time Vault should wait before rotating the password, in seconds.
- rotation_
statements List[str] Database statements to execute to rotate the password for the configured database user.
- username str
The database username that this static role corresponds to.
Package Details
- Repository
- https://github.com/pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
vaultTerraform Provider.