pulumi-vault-kotlin/com.pulumi.vault.ad.kotlin/SecretBackend

SecretBackend

class SecretBackend : KotlinCustomResource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const config = new vault.ad.SecretBackend("config", {
    backend: "ad",
    binddn: "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
    bindpass: "SuperSecretPassw0rd",
    url: "ldaps://ad",
    insecureTls: true,
    userdn: "CN=Users,DC=corp,DC=example,DC=net",
});
Content copied to clipboard
import pulumi
import pulumi_vault as vault
config = vault.ad.SecretBackend("config",
    backend="ad",
    binddn="CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
    bindpass="SuperSecretPassw0rd",
    url="ldaps://ad",
    insecure_tls=True,
    userdn="CN=Users,DC=corp,DC=example,DC=net")
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
    var config = new Vault.AD.SecretBackend("config", new()
    {
        Backend = "ad",
        Binddn = "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
        Bindpass = "SuperSecretPassw0rd",
        Url = "ldaps://ad",
        InsecureTls = true,
        Userdn = "CN=Users,DC=corp,DC=example,DC=net",
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ad"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ad.NewSecretBackend(ctx, "config", &ad.SecretBackendArgs{
			Backend:     pulumi.String("ad"),
			Binddn:      pulumi.String("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"),
			Bindpass:    pulumi.String("SuperSecretPassw0rd"),
			Url:         pulumi.String("ldaps://ad"),
			InsecureTls: pulumi.Bool(true),
			Userdn:      pulumi.String("CN=Users,DC=corp,DC=example,DC=net"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.ad.SecretBackend;
import com.pulumi.vault.ad.SecretBackendArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var config = new SecretBackend("config", SecretBackendArgs.builder()
            .backend("ad")
            .binddn("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net")
            .bindpass("SuperSecretPassw0rd")
            .url("ldaps://ad")
            .insecureTls("true")
            .userdn("CN=Users,DC=corp,DC=example,DC=net")
            .build());
    }
}
Content copied to clipboard
resources:
  config:
    type: vault:ad:SecretBackend
    properties:
      backend: ad
      binddn: CN=Administrator,CN=Users,DC=corp,DC=example,DC=net
      bindpass: SuperSecretPassw0rd
      url: ldaps://ad
      insecureTls: 'true'
      userdn: CN=Users,DC=corp,DC=example,DC=net
Content copied to clipboard

Import

AD secret backend can be imported using the backend, e.g.

$ pulumi import vault:ad/secretBackend:SecretBackend ad ad
Content copied to clipboard

Properties

Link copied to clipboard
val anonymousGroupSearch: Output<Boolean>?

Use anonymous binds when performing LDAP group searches (if true the initial credentials will still be used for the initial connection test).

Link copied to clipboard
val backend: Output<String>?

The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ad.

Link copied to clipboard
val binddn: Output<String>

Distinguished name of object to bind when performing user and group search.

Link copied to clipboard
val bindpass: Output<String>

Password to use along with binddn when performing user search.

Link copied to clipboard
val caseSensitiveNames: Output<Boolean>?

If set, user and group names assigned to policies within the backend will be case sensitive. Otherwise, names will be normalized to lower case.

Link copied to clipboard
val certificate: Output<String>?

CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.

Link copied to clipboard
val clientTlsCert: Output<String>?

Client certificate to provide to the LDAP server, must be x509 PEM encoded.

Link copied to clipboard
val clientTlsKey: Output<String>?

Client certificate key to provide to the LDAP server, must be x509 PEM encoded.

Link copied to clipboard
val defaultLeaseTtlSeconds: Output<Int>

Default lease duration for secrets in seconds.

Link copied to clipboard
val denyNullBind: Output<Boolean>?

Denies an unauthenticated LDAP bind request if the user's password is empty; defaults to true.

Link copied to clipboard
val description: Output<String>?

Human-friendly description of the mount for the Active Directory backend.

Link copied to clipboard
val disableRemount: Output<Boolean>?

If set, opts out of mount migration on path updates. See here for more info on Mount Migration

Link copied to clipboard
val discoverdn: Output<Boolean>?

Use anonymous bind to discover the bind Distinguished Name of a user.

Link copied to clipboard
val groupattr: Output<String>?

LDAP attribute to follow on objects returned by in order to enumerate user group membership. Examples: cn or memberOf, etc. Defaults to cn.

Link copied to clipboard
val groupdn: Output<String>?

LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).

Link copied to clipboard
val groupfilter: Output<String>?

Go template for querying group membership of user (optional) The template can access the following context variables: UserDN, Username. Defaults to (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val insecureTls: Output<Boolean>?

Skip LDAP server SSL Certificate verification. This is not recommended for production. Defaults to false.

Link copied to clipboard
val lastRotationTolerance: Output<Int>

The number of seconds after a Vault rotation where, if Active Directory shows a later rotation, it should be considered out-of-band

Link copied to clipboard
val local: Output<Boolean>?

Mark the secrets engine as local-only. Local engines are not replicated or removed by replication.Tolerance duration to use when checking the last rotation time.

Link copied to clipboard
val maxLeaseTtlSeconds: Output<Int>

Maximum possible lease duration for secrets in seconds.

Link copied to clipboard
val maxTtl: Output<Int>

In seconds, the maximum password time-to-live.

Link copied to clipboard
val namespace: Output<String>?

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

Link copied to clipboard
val passwordPolicy: Output<String>?

Name of the password policy to use to generate passwords.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val requestTimeout: Output<Int>?

Timeout, in seconds, for the connection when making requests against the server before returning back an error.

Link copied to clipboard
val starttls: Output<Boolean>

Issue a StartTLS command after establishing unencrypted connection.

Link copied to clipboard
val tlsMaxVersion: Output<String>

Maximum TLS version to use. Accepted values are tls10, tls11, tls12 or tls13. Defaults to tls12.

Link copied to clipboard
val tlsMinVersion: Output<String>

Minimum TLS version to use. Accepted values are tls10, tls11, tls12 or tls13. Defaults to tls12.

Link copied to clipboard
val ttl: Output<Int>

In seconds, the default password time-to-live.

Link copied to clipboard
val upndomain: Output<String>

Enables userPrincipalDomain login with username@UPNDomain.

Link copied to clipboard
val url: Output<String>?

LDAP URL to connect to. Multiple URLs can be specified by concatenating them with commas; they will be tried in-order. Defaults to ldap://127.0.0.1.

Link copied to clipboard
val urn: Output<String>
Link copied to clipboard
val usePre111GroupCnBehavior: Output<Boolean>

In Vault 1.1.1 a fix for handling group CN values of different cases unfortunately introduced a regression that could cause previously defined groups to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for matching group CNs will be used. This is only needed in some upgrade scenarios for backwards compatibility. It is enabled by default if the config is upgraded but disabled by default on new configurations.

Link copied to clipboard
val userattr: Output<String>?

Attribute used when searching users. Defaults to cn.

Link copied to clipboard
val userdn: Output<String>?

LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.

Link copied to clipboard
val useTokenGroups: Output<Boolean>?

If true, use the Active Directory tokenGroups constructed attribute of the user to find the group memberships. This will find all security groups including nested ones.