pulumi-vault-kotlin/com.pulumi.vault.ldap.kotlin/SecretBackend

SecretBackend

class SecretBackend : KotlinCustomResource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const config = new vault.ldap.SecretBackend("config", {
    path: "my-custom-ldap",
    binddn: "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
    bindpass: "SuperSecretPassw0rd",
    url: "ldaps://localhost",
    insecureTls: true,
    userdn: "CN=Users,DC=corp,DC=example,DC=net",
    rotationSchedule: "0 * * * SAT",
    rotationWindow: 3600,
});

import pulumi
import pulumi_vault as vault
config = vault.ldap.SecretBackend("config",
    path="my-custom-ldap",
    binddn="CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
    bindpass="SuperSecretPassw0rd",
    url="ldaps://localhost",
    insecure_tls=True,
    userdn="CN=Users,DC=corp,DC=example,DC=net",
    rotation_schedule="0 * * * SAT",
    rotation_window=3600)

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
    var config = new Vault.Ldap.SecretBackend("config", new()
    {
        Path = "my-custom-ldap",
        Binddn = "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
        Bindpass = "SuperSecretPassw0rd",
        Url = "ldaps://localhost",
        InsecureTls = true,
        Userdn = "CN=Users,DC=corp,DC=example,DC=net",
        RotationSchedule = "0 * * * SAT",
        RotationWindow = 3600,
    });
});

package main
import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ldap"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ldap.NewSecretBackend(ctx, "config", &ldap.SecretBackendArgs{
			Path:             pulumi.String("my-custom-ldap"),
			Binddn:           pulumi.String("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"),
			Bindpass:         pulumi.String("SuperSecretPassw0rd"),
			Url:              pulumi.String("ldaps://localhost"),
			InsecureTls:      pulumi.Bool(true),
			Userdn:           pulumi.String("CN=Users,DC=corp,DC=example,DC=net"),
			RotationSchedule: pulumi.String("0 * * * SAT"),
			RotationWindow:   pulumi.Int(3600),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.ldap.SecretBackend;
import com.pulumi.vault.ldap.SecretBackendArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var config = new SecretBackend("config", SecretBackendArgs.builder()
            .path("my-custom-ldap")
            .binddn("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net")
            .bindpass("SuperSecretPassw0rd")
            .url("ldaps://localhost")
            .insecureTls("true")
            .userdn("CN=Users,DC=corp,DC=example,DC=net")
            .rotationSchedule("0 * * * SAT")
            .rotationWindow(3600)
            .build());
    }
}

resources:
  config:
    type: vault:ldap:SecretBackend
    properties:
      path: my-custom-ldap
      binddn: CN=Administrator,CN=Users,DC=corp,DC=example,DC=net
      bindpass: SuperSecretPassw0rd
      url: ldaps://localhost
      insecureTls: 'true'
      userdn: CN=Users,DC=corp,DC=example,DC=net
      rotationSchedule: 0 * * * SAT
      rotationWindow: 3600

Import

LDAP secret backend can be imported using the ${mount}/config, e.g.

$ pulumi import vault:ldap/secretBackend:SecretBackend config ldap/config

Properties

accessor

val accessor: Output<String>

Accessor of the mount

allowedManagedKeys

val allowedManagedKeys: Output<List<String>>?

List of managed key registry entry names that the mount in question is allowed to access

allowedResponseHeaders

val allowedResponseHeaders: Output<List<String>>?

List of headers to allow and pass from the request to the plugin

auditNonHmacRequestKeys

val auditNonHmacRequestKeys: Output<List<String>>

Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.

auditNonHmacResponseKeys

val auditNonHmacResponseKeys: Output<List<String>>

Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.

binddn

val binddn: Output<String>

Distinguished name of object to bind when performing user and group search.

bindpass

val bindpass: Output<String>

Password to use along with binddn when performing user search.

certificate

val certificate: Output<String>?

CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.

clientTlsCert

val clientTlsCert: Output<String>?

Client certificate to provide to the LDAP server, must be x509 PEM encoded.

clientTlsKey

val clientTlsKey: Output<String>?

Client certificate key to provide to the LDAP server, must be x509 PEM encoded.

connectionTimeout

val connectionTimeout: Output<Int>?

Timeout, in seconds, when attempting to connect to the LDAP server before trying the next URL in the configuration.

defaultLeaseTtlSeconds

val defaultLeaseTtlSeconds: Output<Int>

Default lease duration for secrets in seconds.

delegatedAuthAccessors

val delegatedAuthAccessors: Output<List<String>>?

List of headers to allow and pass from the request to the plugin

description

val description: Output<String>?

Human-friendly description of the mount for the Active Directory backend.

disableAutomatedRotation

val disableAutomatedRotation: Output<Boolean>?

Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.

disableRemount

val disableRemount: Output<Boolean>?

If set, opts out of mount migration on path updates.

externalEntropyAccess

val externalEntropyAccess: Output<Boolean>?

Enable the secrets engine to access Vault's external entropy source

val id: Output<String>

identityTokenKey

val identityTokenKey: Output<String>?

The key to use for signing plugin workload identity tokens

insecureTls

val insecureTls: Output<Boolean>?

Skip LDAP server SSL Certificate verification. This is not recommended for production. Defaults to false.

listingVisibility

val listingVisibility: Output<String>?

Specifies whether to show this mount in the UI-specific listing endpoint

local

val local: Output<Boolean>?

Mark the secrets engine as local-only. Local engines are not replicated or removed by replication.Tolerance duration to use when checking the last rotation time.

maxLeaseTtlSeconds

val maxLeaseTtlSeconds: Output<Int>

Maximum possible lease duration for secrets in seconds.

namespace

val namespace: Output<String>?

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

options

val options: Output<Map<String, String>>?

Specifies mount type specific options that are passed to the backend

passthroughRequestHeaders

val passthroughRequestHeaders: Output<List<String>>?

List of headers to allow and pass from the request to the plugin

passwordPolicy

val passwordPolicy: Output<String>?

Name of the password policy to use to generate passwords.

path

val path: Output<String>?

The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.

pluginVersion

val pluginVersion: Output<String>?

Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

requestTimeout

val requestTimeout: Output<Int>

Timeout, in seconds, for the connection when making requests against the server before returning back an error.

rotationPeriod

val rotationPeriod: Output<Int>?

The amount of time in seconds Vault should wait before rotating the root credential. A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.

rotationSchedule

val rotationSchedule: Output<String>?

The schedule, in cron-style time format, defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.

rotationWindow

val rotationWindow: Output<Int>?

The maximum amount of time in seconds allowed to complete a rotation when a scheduled token rotation occurs. The default rotation window is unbound and the minimum allowable window is 3600. Requires Vault Enterprise 1.19+.

schema

val schema: Output<String>

The LDAP schema to use when storing entry passwords. Valid schemas include openldap, ad, and racf. Default is openldap.

sealWrap

val sealWrap: Output<Boolean>

Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability

skipStaticRoleImportRotation

val skipStaticRoleImportRotation: Output<Boolean>?

If set to true, static roles will not be rotated during import. Defaults to false. Requires Vault 1.16 or above.

starttls

val starttls: Output<Boolean>

Issue a StartTLS command after establishing unencrypted connection.

upndomain

val upndomain: Output<String>

Enables userPrincipalDomain login with username@UPNDomain.

url

val url: Output<String>

LDAP URL to connect to. Multiple URLs can be specified by concatenating them with commas; they will be tried in-order. Defaults to ldap://127.0.0.1.

urn

val urn: Output<String>

userattr

val userattr: Output<String>

Attribute used when searching users. Defaults to cn.

userdn

val userdn: Output<String>?

LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.