pulumi-vault-kotlin/com.pulumi.vault.ldap.kotlin/SecretBackend

SecretBackend

class SecretBackend : KotlinCustomResource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const config = new vault.ldap.SecretBackend("config", {
    path: "my-custom-ldap",
    binddn: "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
    bindpass: "SuperSecretPassw0rd",
    url: "ldaps://localhost",
    insecureTls: true,
    userdn: "CN=Users,DC=corp,DC=example,DC=net",
});

import pulumi
import pulumi_vault as vault
config = vault.ldap.SecretBackend("config",
    path="my-custom-ldap",
    binddn="CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
    bindpass="SuperSecretPassw0rd",
    url="ldaps://localhost",
    insecure_tls=True,
    userdn="CN=Users,DC=corp,DC=example,DC=net")

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
    var config = new Vault.Ldap.SecretBackend("config", new()
    {
        Path = "my-custom-ldap",
        Binddn = "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
        Bindpass = "SuperSecretPassw0rd",
        Url = "ldaps://localhost",
        InsecureTls = true,
        Userdn = "CN=Users,DC=corp,DC=example,DC=net",
    });
});

package main
import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ldap"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ldap.NewSecretBackend(ctx, "config", &ldap.SecretBackendArgs{
			Path:        pulumi.String("my-custom-ldap"),
			Binddn:      pulumi.String("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"),
			Bindpass:    pulumi.String("SuperSecretPassw0rd"),
			Url:         pulumi.String("ldaps://localhost"),
			InsecureTls: pulumi.Bool(true),
			Userdn:      pulumi.String("CN=Users,DC=corp,DC=example,DC=net"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.ldap.SecretBackend;
import com.pulumi.vault.ldap.SecretBackendArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var config = new SecretBackend("config", SecretBackendArgs.builder()
            .path("my-custom-ldap")
            .binddn("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net")
            .bindpass("SuperSecretPassw0rd")
            .url("ldaps://localhost")
            .insecureTls("true")
            .userdn("CN=Users,DC=corp,DC=example,DC=net")
            .build());
    }
}

resources:
  config:
    type: vault:ldap:SecretBackend
    properties:
      path: my-custom-ldap
      binddn: CN=Administrator,CN=Users,DC=corp,DC=example,DC=net
      bindpass: SuperSecretPassw0rd
      url: ldaps://localhost
      insecureTls: 'true'
      userdn: CN=Users,DC=corp,DC=example,DC=net

Import

LDAP secret backend can be imported using the ${mount}/config, e.g.

$ pulumi import vault:ldap/secretBackend:SecretBackend config ldap/config

Properties

accessor

val accessor: Output<String>

Accessor of the mount

allowedManagedKeys

val allowedManagedKeys: Output<List<String>>?

List of managed key registry entry names that the mount in question is allowed to access

auditNonHmacRequestKeys

val auditNonHmacRequestKeys: Output<List<String>>

Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.

auditNonHmacResponseKeys

val auditNonHmacResponseKeys: Output<List<String>>

Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.

binddn

val binddn: Output<String>

Distinguished name of object to bind when performing user and group search.

bindpass

val bindpass: Output<String>

Password to use along with binddn when performing user search.

certificate

val certificate: Output<String>?

CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.

clientTlsCert

val clientTlsCert: Output<String>?

Client certificate to provide to the LDAP server, must be x509 PEM encoded.

clientTlsKey

val clientTlsKey: Output<String>?

Client certificate key to provide to the LDAP server, must be x509 PEM encoded.

connectionTimeout

val connectionTimeout: Output<Int>?

Timeout, in seconds, when attempting to connect to the LDAP server before trying the next URL in the configuration.

defaultLeaseTtlSeconds

val defaultLeaseTtlSeconds: Output<Int>

Default lease duration for secrets in seconds.

description

val description: Output<String>?

Human-friendly description of the mount for the Active Directory backend.

disableRemount

val disableRemount: Output<Boolean>?

If set, opts out of mount migration on path updates.

externalEntropyAccess

val externalEntropyAccess: Output<Boolean>?

Enable the secrets engine to access Vault's external entropy source

val id: Output<String>

insecureTls

val insecureTls: Output<Boolean>?

Skip LDAP server SSL Certificate verification. This is not recommended for production. Defaults to false.

local

val local: Output<Boolean>?

Mark the secrets engine as local-only. Local engines are not replicated or removed by replication.Tolerance duration to use when checking the last rotation time.

maxLeaseTtlSeconds

val maxLeaseTtlSeconds: Output<Int>

Maximum possible lease duration for secrets in seconds.

namespace

val namespace: Output<String>?

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

options

val options: Output<Map<String, Any>>?

Specifies mount type specific options that are passed to the backend

passwordPolicy

val passwordPolicy: Output<String>?

Name of the password policy to use to generate passwords.

path

val path: Output<String>?

The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

requestTimeout

val requestTimeout: Output<Int>

Timeout, in seconds, for the connection when making requests against the server before returning back an error.

schema

val schema: Output<String>

The LDAP schema to use when storing entry passwords. Valid schemas include openldap, ad, and racf. Default is openldap.

sealWrap

val sealWrap: Output<Boolean>

Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability

skipStaticRoleImportRotation

val skipStaticRoleImportRotation: Output<Boolean>?

If set to true, static roles will not be rotated during import. Defaults to false. Requires Vault 1.16 or above.

starttls

val starttls: Output<Boolean>

Issue a StartTLS command after establishing unencrypted connection.

upndomain

val upndomain: Output<String>

Enables userPrincipalDomain login with username@UPNDomain.

url

val url: Output<String>

LDAP URL to connect to. Multiple URLs can be specified by concatenating them with commas; they will be tried in-order. Defaults to ldap://127.0.0.1.

urn

val urn: Output<String>

userattr

val userattr: Output<String>

Attribute used when searching users. Defaults to cn.

userdn

val userdn: Output<String>?

LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.