pulumi-vault-kotlin/com.pulumi.vault.ad.kotlin/SecretLibraryArgs

SecretLibraryArgs

data class SecretLibraryArgs(val backend: Output<String>? = null, val disableCheckInEnforcement: Output<Boolean>? = null, val maxTtl: Output<Int>? = null, val name: Output<String>? = null, val namespace: Output<String>? = null, val serviceAccountNames: Output<List<String>>? = null, val ttl: Output<Int>? = null) : ConvertibleToJava<SecretLibraryArgs>

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const config = new vault.ad.SecretBackend("config", {
    backend: "ad",
    binddn: "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
    bindpass: "SuperSecretPassw0rd",
    url: "ldaps://ad",
    insecureTls: true,
    userdn: "CN=Users,DC=corp,DC=example,DC=net",
});
const qa = new vault.ad.SecretLibrary("qa", {
    backend: config.backend,
    name: "qa",
    serviceAccountNames: [
        "Bob",
        "Mary",
    ],
    ttl: 60,
    disableCheckInEnforcement: true,
    maxTtl: 120,
});
Content copied to clipboard
import pulumi
import pulumi_vault as vault
config = vault.ad.SecretBackend("config",
    backend="ad",
    binddn="CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
    bindpass="SuperSecretPassw0rd",
    url="ldaps://ad",
    insecure_tls=True,
    userdn="CN=Users,DC=corp,DC=example,DC=net")
qa = vault.ad.SecretLibrary("qa",
    backend=config.backend,
    name="qa",
    service_account_names=[
        "Bob",
        "Mary",
    ],
    ttl=60,
    disable_check_in_enforcement=True,
    max_ttl=120)
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
    var config = new Vault.AD.SecretBackend("config", new()
    {
        Backend = "ad",
        Binddn = "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
        Bindpass = "SuperSecretPassw0rd",
        Url = "ldaps://ad",
        InsecureTls = true,
        Userdn = "CN=Users,DC=corp,DC=example,DC=net",
    });
    var qa = new Vault.AD.SecretLibrary("qa", new()
    {
        Backend = config.Backend,
        Name = "qa",
        ServiceAccountNames = new[]
        {
            "Bob",
            "Mary",
        },
        Ttl = 60,
        DisableCheckInEnforcement = true,
        MaxTtl = 120,
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ad"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		config, err := ad.NewSecretBackend(ctx, "config", &ad.SecretBackendArgs{
			Backend:     pulumi.String("ad"),
			Binddn:      pulumi.String("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"),
			Bindpass:    pulumi.String("SuperSecretPassw0rd"),
			Url:         pulumi.String("ldaps://ad"),
			InsecureTls: pulumi.Bool(true),
			Userdn:      pulumi.String("CN=Users,DC=corp,DC=example,DC=net"),
		})
		if err != nil {
			return err
		}
		_, err = ad.NewSecretLibrary(ctx, "qa", &ad.SecretLibraryArgs{
			Backend: config.Backend,
			Name:    pulumi.String("qa"),
			ServiceAccountNames: pulumi.StringArray{
				pulumi.String("Bob"),
				pulumi.String("Mary"),
			},
			Ttl:                       pulumi.Int(60),
			DisableCheckInEnforcement: pulumi.Bool(true),
			MaxTtl:                    pulumi.Int(120),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.ad.SecretBackend;
import com.pulumi.vault.ad.SecretBackendArgs;
import com.pulumi.vault.ad.SecretLibrary;
import com.pulumi.vault.ad.SecretLibraryArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var config = new SecretBackend("config", SecretBackendArgs.builder()
            .backend("ad")
            .binddn("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net")
            .bindpass("SuperSecretPassw0rd")
            .url("ldaps://ad")
            .insecureTls("true")
            .userdn("CN=Users,DC=corp,DC=example,DC=net")
            .build());
        var qa = new SecretLibrary("qa", SecretLibraryArgs.builder()
            .backend(config.backend())
            .name("qa")
            .serviceAccountNames(
                "Bob",
                "Mary")
            .ttl(60)
            .disableCheckInEnforcement(true)
            .maxTtl(120)
            .build());
    }
}
Content copied to clipboard
resources:
  config:
    type: vault:ad:SecretBackend
    properties:
      backend: ad
      binddn: CN=Administrator,CN=Users,DC=corp,DC=example,DC=net
      bindpass: SuperSecretPassw0rd
      url: ldaps://ad
      insecureTls: 'true'
      userdn: CN=Users,DC=corp,DC=example,DC=net
  qa:
    type: vault:ad:SecretLibrary
    properties:
      backend: ${config.backend}
      name: qa
      serviceAccountNames:
        - Bob
        - Mary
      ttl: 60
      disableCheckInEnforcement: true
      maxTtl: 120
Content copied to clipboard

Import

AD secret backend libraries can be imported using the path, e.g.

$ pulumi import vault:ad/secretLibrary:SecretLibrary role ad/library/bob
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(backend: Output<String>? = null, disableCheckInEnforcement: Output<Boolean>? = null, maxTtl: Output<Int>? = null, name: Output<String>? = null, namespace: Output<String>? = null, serviceAccountNames: Output<List<String>>? = null, ttl: Output<Int>? = null)

Properties

Link copied to clipboard
val backend: Output<String>? = null

The path the AD secret backend is mounted at, with no leading or trailing /s.

Link copied to clipboard
val disableCheckInEnforcement: Output<Boolean>? = null

Disable enforcing that service accounts must be checked in by the entity or client token that checked them out.

Link copied to clipboard
val maxTtl: Output<Int>? = null

The maximum password time-to-live in seconds. Defaults to the configuration max_ttl if not provided.

Link copied to clipboard
val name: Output<String>? = null

The name to identify this set of service accounts. Must be unique within the backend.

Link copied to clipboard
val namespace: Output<String>? = null

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

Link copied to clipboard
val serviceAccountNames: Output<List<String>>? = null

Specifies the slice of service accounts mapped to this set.

Link copied to clipboard
val ttl: Output<Int>? = null

The password time-to-live in seconds. Defaults to the configuration ttl if not provided.

Functions

Link copied to clipboard
open override fun toJava(): SecretLibraryArgs