pulumi-vault-kotlin/com.pulumi.vault.appRole.kotlin/AuthBackendRoleSecretId

AuthBackendRoleSecretId

class AuthBackendRoleSecretId : KotlinCustomResource

Manages an AppRole auth backend SecretID in a Vault server. See the [Vault

  • documentation](https://www.vaultproject.io/docs/auth/approle) for more information.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const approle = new vault.AuthBackend("approle", {type: "approle"});
const example = new vault.approle.AuthBackendRole("example", {
    backend: approle.path,
    roleName: "test-role",
    tokenPolicies: [
        "default",
        "dev",
        "prod",
    ],
});
const id = new vault.approle.AuthBackendRoleSecretId("id", {
    backend: approle.path,
    roleName: example.roleName,
    metadata: JSON.stringify({
        hello: "world",
    }),
});
Content copied to clipboard
import pulumi
import json
import pulumi_vault as vault
approle = vault.AuthBackend("approle", type="approle")
example = vault.app_role.AuthBackendRole("example",
    backend=approle.path,
    role_name="test-role",
    token_policies=[
        "default",
        "dev",
        "prod",
    ])
id = vault.app_role.AuthBackendRoleSecretId("id",
    backend=approle.path,
    role_name=example.role_name,
    metadata=json.dumps({
        "hello": "world",
    }))
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
    var approle = new Vault.AuthBackend("approle", new()
    {
        Type = "approle",
    });
    var example = new Vault.AppRole.AuthBackendRole("example", new()
    {
        Backend = approle.Path,
        RoleName = "test-role",
        TokenPolicies = new[]
        {
            "default",
            "dev",
            "prod",
        },
    });
    var id = new Vault.AppRole.AuthBackendRoleSecretId("id", new()
    {
        Backend = approle.Path,
        RoleName = example.RoleName,
        Metadata = JsonSerializer.Serialize(new Dictionary<string, object?>
        {
            ["hello"] = "world",
        }),
    });
});
Content copied to clipboard
package main
import (
	"encoding/json"
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/approle"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		approle, err := vault.NewAuthBackend(ctx, "approle", &vault.AuthBackendArgs{
			Type: pulumi.String("approle"),
		})
		if err != nil {
			return err
		}
		example, err := approle.NewAuthBackendRole(ctx, "example", &approle.AuthBackendRoleArgs{
			Backend:  approle.Path,
			RoleName: pulumi.String("test-role"),
			TokenPolicies: pulumi.StringArray{
				pulumi.String("default"),
				pulumi.String("dev"),
				pulumi.String("prod"),
			},
		})
		if err != nil {
			return err
		}
		tmpJSON0, err := json.Marshal(map[string]interface{}{
			"hello": "world",
		})
		if err != nil {
			return err
		}
		json0 := string(tmpJSON0)
		_, err = approle.NewAuthBackendRoleSecretId(ctx, "id", &approle.AuthBackendRoleSecretIdArgs{
			Backend:  approle.Path,
			RoleName: example.RoleName,
			Metadata: pulumi.String(json0),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.AuthBackend;
import com.pulumi.vault.AuthBackendArgs;
import com.pulumi.vault.appRole.AuthBackendRole;
import com.pulumi.vault.appRole.AuthBackendRoleArgs;
import com.pulumi.vault.appRole.AuthBackendRoleSecretId;
import com.pulumi.vault.appRole.AuthBackendRoleSecretIdArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var approle = new AuthBackend("approle", AuthBackendArgs.builder()
            .type("approle")
            .build());
        var example = new AuthBackendRole("example", AuthBackendRoleArgs.builder()
            .backend(approle.path())
            .roleName("test-role")
            .tokenPolicies(
                "default",
                "dev",
                "prod")
            .build());
        var id = new AuthBackendRoleSecretId("id", AuthBackendRoleSecretIdArgs.builder()
            .backend(approle.path())
            .roleName(example.roleName())
            .metadata(serializeJson(
                jsonObject(
                    jsonProperty("hello", "world")
                )))
            .build());
    }
}
Content copied to clipboard
resources:
  approle:
    type: vault:AuthBackend
    properties:
      type: approle
  example:
    type: vault:appRole:AuthBackendRole
    properties:
      backend: ${approle.path}
      roleName: test-role
      tokenPolicies:
        - default
        - dev
        - prod
  id:
    type: vault:appRole:AuthBackendRoleSecretId
    properties:
      backend: ${approle.path}
      roleName: ${example.roleName}
      metadata:
        fn::toJSON:
          hello: world
Content copied to clipboard

Properties

Link copied to clipboard
val accessor: Output<String>

The unique ID for this SecretID that can be safely logged.

Link copied to clipboard
val backend: Output<String>?

Unique name of the auth backend to configure.

Link copied to clipboard
val cidrLists: Output<List<String>>?

If set, specifies blocks of IP addresses which can perform the login operation using this SecretID.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val metadata: Output<String>?

A JSON-encoded string containing metadata in key-value pairs to be set on tokens issued with this SecretID.

Link copied to clipboard
val namespace: Output<String>?

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

Link copied to clipboard
val numUses: Output<Int>?

The number of uses for the secret-id.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val roleName: Output<String>

The name of the role to create the SecretID for.

Link copied to clipboard
val secretId: Output<String>

The SecretID to be created. If set, uses "Push" mode. Defaults to Vault auto-generating SecretIDs.

Link copied to clipboard
val ttl: Output<Int>?

The TTL duration of the SecretID.

Link copied to clipboard
val urn: Output<String>
Link copied to clipboard
val withWrappedAccessor: Output<Boolean>?

Set to true to use the wrapped secret-id accessor as the resource ID. If false (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or invalidated through unwrapping.

Link copied to clipboard
val wrappingAccessor: Output<String>

The unique ID for the response-wrapped SecretID that can be safely logged.

Link copied to clipboard
val wrappingToken: Output<String>

The token used to retrieve a response-wrapped SecretID.

Link copied to clipboard
val wrappingTtl: Output<String>?

If set, the SecretID response will be response-wrapped and available for the duration specified. Only a single unwrapping of the token is allowed.