Oidc
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const key = new vault.identity.OidcKey("key", {
name: "key",
algorithm: "RS256",
});
const role = new vault.identity.OidcRole("role", {
name: "role",
key: key.name,
});
const roleOidcKeyAllowedClientID = new vault.identity.OidcKeyAllowedClientID("role", {
keyName: key.name,
allowedClientId: role.clientId,
});Content copied to clipboard
import pulumi
import pulumi_vault as vault
key = vault.identity.OidcKey("key",
name="key",
algorithm="RS256")
role = vault.identity.OidcRole("role",
name="role",
key=key.name)
role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("role",
key_name=key.name,
allowed_client_id=role.client_id)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var key = new Vault.Identity.OidcKey("key", new()
{
Name = "key",
Algorithm = "RS256",
});
var role = new Vault.Identity.OidcRole("role", new()
{
Name = "role",
Key = key.Name,
});
var roleOidcKeyAllowedClientID = new Vault.Identity.OidcKeyAllowedClientID("role", new()
{
KeyName = key.Name,
AllowedClientId = role.ClientId,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/identity"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
key, err := identity.NewOidcKey(ctx, "key", &identity.OidcKeyArgs{
Name: pulumi.String("key"),
Algorithm: pulumi.String("RS256"),
})
if err != nil {
return err
}
role, err := identity.NewOidcRole(ctx, "role", &identity.OidcRoleArgs{
Name: pulumi.String("role"),
Key: key.Name,
})
if err != nil {
return err
}
_, err = identity.NewOidcKeyAllowedClientID(ctx, "role", &identity.OidcKeyAllowedClientIDArgs{
KeyName: key.Name,
AllowedClientId: role.ClientId,
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.identity.OidcKey;
import com.pulumi.vault.identity.OidcKeyArgs;
import com.pulumi.vault.identity.OidcRole;
import com.pulumi.vault.identity.OidcRoleArgs;
import com.pulumi.vault.identity.OidcKeyAllowedClientID;
import com.pulumi.vault.identity.OidcKeyAllowedClientIDArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var key = new OidcKey("key", OidcKeyArgs.builder()
.name("key")
.algorithm("RS256")
.build());
var role = new OidcRole("role", OidcRoleArgs.builder()
.name("role")
.key(key.name())
.build());
var roleOidcKeyAllowedClientID = new OidcKeyAllowedClientID("roleOidcKeyAllowedClientID", OidcKeyAllowedClientIDArgs.builder()
.keyName(key.name())
.allowedClientId(role.clientId())
.build());
}
}Content copied to clipboard
resources:
key:
type: vault:identity:OidcKey
properties:
name: key
algorithm: RS256
role:
type: vault:identity:OidcRole
properties:
name: role
key: ${key.name}
roleOidcKeyAllowedClientID:
type: vault:identity:OidcKeyAllowedClientID
name: role
properties:
keyName: ${key.name}
allowedClientId: ${role.clientId}Content copied to clipboard
Import
The key can be imported with the key name, for example:
$ pulumi import vault:identity/oidcKey:OidcKey key keyContent copied to clipboard
Properties
Link copied to clipboard
Array of role client ID allowed to use this key for signing. If empty, no roles are allowed. If ["*"], all roles are allowed.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
How often to generate a new signing key in number of seconds
Link copied to clipboard
"Controls how long the public portion of a signing key will be available for verification after being rotated in seconds.