Secret
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const db = new vault.Mount("db", {
path: "postgres",
type: "database",
});
const postgres = new vault.database.SecretBackendConnection("postgres", {
backend: db.path,
name: "postgres",
allowedRoles: [
"dev",
"prod",
],
postgresql: {
connectionUrl: "postgres://username:password@host:port/database",
},
});import pulumi
import pulumi_vault as vault
db = vault.Mount("db",
path="postgres",
type="database")
postgres = vault.database.SecretBackendConnection("postgres",
backend=db.path,
name="postgres",
allowed_roles=[
"dev",
"prod",
],
postgresql=vault.database.SecretBackendConnectionPostgresqlArgs(
connection_url="postgres://username:password@host:port/database",
))using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var db = new Vault.Mount("db", new()
{
Path = "postgres",
Type = "database",
});
var postgres = new Vault.Database.SecretBackendConnection("postgres", new()
{
Backend = db.Path,
Name = "postgres",
AllowedRoles = new[]
{
"dev",
"prod",
},
Postgresql = new Vault.Database.Inputs.SecretBackendConnectionPostgresqlArgs
{
ConnectionUrl = "postgres://username:password@host:port/database",
},
});
});package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/database"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
db, err := vault.NewMount(ctx, "db", &vault.MountArgs{
Path: pulumi.String("postgres"),
Type: pulumi.String("database"),
})
if err != nil {
return err
}
_, err = database.NewSecretBackendConnection(ctx, "postgres", &database.SecretBackendConnectionArgs{
Backend: db.Path,
Name: pulumi.String("postgres"),
AllowedRoles: pulumi.StringArray{
pulumi.String("dev"),
pulumi.String("prod"),
},
Postgresql: &database.SecretBackendConnectionPostgresqlArgs{
ConnectionUrl: pulumi.String("postgres://username:password@host:port/database"),
},
})
if err != nil {
return err
}
return nil
})
}package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import com.pulumi.vault.database.SecretBackendConnection;
import com.pulumi.vault.database.SecretBackendConnectionArgs;
import com.pulumi.vault.database.inputs.SecretBackendConnectionPostgresqlArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var db = new Mount("db", MountArgs.builder()
.path("postgres")
.type("database")
.build());
var postgres = new SecretBackendConnection("postgres", SecretBackendConnectionArgs.builder()
.backend(db.path())
.name("postgres")
.allowedRoles(
"dev",
"prod")
.postgresql(SecretBackendConnectionPostgresqlArgs.builder()
.connectionUrl("postgres://username:password@host:port/database")
.build())
.build());
}
}resources:
db:
type: vault:Mount
properties:
path: postgres
type: database
postgres:
type: vault:database:SecretBackendConnection
properties:
backend: ${db.path}
name: postgres
allowedRoles:
- dev
- prod
postgresql:
connectionUrl: postgres://username:password@host:port/databaseImport
Database secret backend connections can be imported using the backend, /config/, and the name e.g.
$ pulumi import vault:database/secretBackendConnection:SecretBackendConnection example postgres/config/postgresProperties
A list of roles that are allowed to use this connection.
A nested block containing configuration options for Cassandra connections.
A nested block containing configuration options for Couchbase connections.
A nested block containing configuration options for Elasticsearch connections.
A nested block containing configuration options for SAP HanaDB connections.
A nested block containing configuration options for InfluxDB connections.
A nested block containing configuration options for MongoDB connections.
A nested block containing configuration options for MongoDB Atlas connections.
A nested block containing configuration options for MSSQL connections.
A nested block containing configuration options for MySQL connections.
A nested block containing configuration options for Aurora MySQL connections.
A nested block containing configuration options for legacy MySQL connections.
A nested block containing configuration options for RDS MySQL connections.
A nested block containing configuration options for Oracle connections.
Specifies the name of the plugin to use.
A nested block containing configuration options for PostgreSQL connections.
A nested block containing configuration options for Redis connections.
A nested block containing configuration options for Redis ElastiCache connections. Exactly one of the nested blocks of configuration options must be supplied.
Connection parameters for the redshift-database-plugin plugin.
A list of database statements to be executed to rotate the root user's credentials.
A nested block containing configuration options for Snowflake connections.
Whether the connection should be verified on initial configuration or not.