Secret
Import
AWS secret backends can be imported using the path, e.g.
$ pulumi import vault:aws/secretBackend:SecretBackend aws awsConstructors
Properties
The default TTL for credentials issued by this backend.
A human-friendly description for this backend.
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
If set, opts out of mount migration on path updates. See here for more info on Mount Migration
Specifies a custom HTTP IAM endpoint to use.
The audience claim value. Requires Vault 1.16+.
The key to use for signing identity tokens. Requires Vault 1.16+.
The TTL of generated identity tokens in seconds. Requires Vault 1.16+.
The maximum TTL that can be requested for credentials issued by this backend.
The amount of time in seconds Vault should wait before rotating the root credential. A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
The schedule, in cron-style time format, defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
The maximum amount of time in seconds allowed to complete a rotation when a scheduled token rotation occurs. The default rotation window is unbound and the minimum allowable window is 3600. Requires Vault Enterprise 1.19+.
Specifies a custom HTTP STS endpoint to use.
Ordered list of sts_endpoints to try if the defined one fails. Requires Vault 1.19+
Ordered list of sts_regions matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template: