Secret
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const mongo = new vault.Mount("mongo", {
path: "%s",
type: "mongodbatlas",
description: "MongoDB Atlas secret engine mount",
});
const config = new vault.mongodbatlas.SecretBackend("config", {
mount: mongo.path,
privateKey: "privateKey",
publicKey: "publicKey",
});
const role = new vault.mongodbatlas.SecretRole("role", {
mount: mongo.path,
name: "tf-test-role",
organizationId: "7cf5a45a9ccf6400e60981b7",
projectId: "5cf5a45a9ccf6400e60981b6",
roles: ["ORG_READ_ONLY"],
ipAddresses: "192.168.1.5, 192.168.1.6",
cidrBlocks: "192.168.1.3/35",
projectRoles: ["GROUP_READ_ONLY"],
ttl: "60",
maxTtl: "120",
});Content copied to clipboard
import pulumi
import pulumi_vault as vault
mongo = vault.Mount("mongo",
path="%s",
type="mongodbatlas",
description="MongoDB Atlas secret engine mount")
config = vault.mongodbatlas.SecretBackend("config",
mount=mongo.path,
private_key="privateKey",
public_key="publicKey")
role = vault.mongodbatlas.SecretRole("role",
mount=mongo.path,
name="tf-test-role",
organization_id="7cf5a45a9ccf6400e60981b7",
project_id="5cf5a45a9ccf6400e60981b6",
roles=["ORG_READ_ONLY"],
ip_addresses="192.168.1.5, 192.168.1.6",
cidr_blocks="192.168.1.3/35",
project_roles=["GROUP_READ_ONLY"],
ttl="60",
max_ttl="120")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var mongo = new Vault.Mount("mongo", new()
{
Path = "%s",
Type = "mongodbatlas",
Description = "MongoDB Atlas secret engine mount",
});
var config = new Vault.MongoDBAtlas.SecretBackend("config", new()
{
Mount = mongo.Path,
PrivateKey = "privateKey",
PublicKey = "publicKey",
});
var role = new Vault.MongoDBAtlas.SecretRole("role", new()
{
Mount = mongo.Path,
Name = "tf-test-role",
OrganizationId = "7cf5a45a9ccf6400e60981b7",
ProjectId = "5cf5a45a9ccf6400e60981b6",
Roles = new[]
{
"ORG_READ_ONLY",
},
IpAddresses = "192.168.1.5, 192.168.1.6",
CidrBlocks = "192.168.1.3/35",
ProjectRoles = new[]
{
"GROUP_READ_ONLY",
},
Ttl = "60",
MaxTtl = "120",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
mongo, err := vault.NewMount(ctx, "mongo", &vault.MountArgs{
Path: pulumi.String("%s"),
Type: pulumi.String("mongodbatlas"),
Description: pulumi.String("MongoDB Atlas secret engine mount"),
})
if err != nil {
return err
}
_, err = mongodbatlas.NewSecretBackend(ctx, "config", &mongodbatlas.SecretBackendArgs{
Mount: mongo.Path,
PrivateKey: pulumi.String("privateKey"),
PublicKey: pulumi.String("publicKey"),
})
if err != nil {
return err
}
_, err = mongodbatlas.NewSecretRole(ctx, "role", &mongodbatlas.SecretRoleArgs{
Mount: mongo.Path,
Name: pulumi.String("tf-test-role"),
OrganizationId: pulumi.String("7cf5a45a9ccf6400e60981b7"),
ProjectId: pulumi.String("5cf5a45a9ccf6400e60981b6"),
Roles: pulumi.StringArray{
pulumi.String("ORG_READ_ONLY"),
},
IpAddresses: pulumi.StringArray("192.168.1.5, 192.168.1.6"),
CidrBlocks: pulumi.StringArray("192.168.1.3/35"),
ProjectRoles: pulumi.StringArray{
pulumi.String("GROUP_READ_ONLY"),
},
Ttl: pulumi.String("60"),
MaxTtl: pulumi.String("120"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import com.pulumi.vault.mongodbatlas.SecretBackend;
import com.pulumi.vault.mongodbatlas.SecretBackendArgs;
import com.pulumi.vault.mongodbatlas.SecretRole;
import com.pulumi.vault.mongodbatlas.SecretRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var mongo = new Mount("mongo", MountArgs.builder()
.path("%s")
.type("mongodbatlas")
.description("MongoDB Atlas secret engine mount")
.build());
var config = new SecretBackend("config", SecretBackendArgs.builder()
.mount(mongo.path())
.privateKey("privateKey")
.publicKey("publicKey")
.build());
var role = new SecretRole("role", SecretRoleArgs.builder()
.mount(mongo.path())
.name("tf-test-role")
.organizationId("7cf5a45a9ccf6400e60981b7")
.projectId("5cf5a45a9ccf6400e60981b6")
.roles("ORG_READ_ONLY")
.ipAddresses("192.168.1.5, 192.168.1.6")
.cidrBlocks("192.168.1.3/35")
.projectRoles("GROUP_READ_ONLY")
.ttl("60")
.maxTtl("120")
.build());
}
}Content copied to clipboard
resources:
mongo:
type: vault:Mount
properties:
path: '%s'
type: mongodbatlas
description: MongoDB Atlas secret engine mount
config:
type: vault:mongodbatlas:SecretBackend
properties:
mount: ${mongo.path}
privateKey: privateKey
publicKey: publicKey
role:
type: vault:mongodbatlas:SecretRole
properties:
mount: ${mongo.path}
name: tf-test-role
organizationId: 7cf5a45a9ccf6400e60981b7
projectId: 5cf5a45a9ccf6400e60981b6
roles:
- ORG_READ_ONLY
ipAddresses: 192.168.1.5, 192.168.1.6
cidrBlocks: 192.168.1.3/35
projectRoles:
- GROUP_READ_ONLY
ttl: '60'
maxTtl: '120'Content copied to clipboard
Import
The MongoDB Atlas secret role can be imported using the full path to the role of the form: <mount_path>/roles/<role_name> e.g.
$ pulumi import vault:mongodbatlas/secretRole:SecretRole example mongodbatlas/roles/example-roleContent copied to clipboard
Properties
Link copied to clipboard
Whitelist entry in CIDR notation to be added for the API key.
Link copied to clipboard
IP address to be added to the whitelist for the API key.
Link copied to clipboard
Unique identifier for the organization to which the target API Key belongs. Required if project_id is not set.
Link copied to clipboard
Roles assigned when an org API key is assigned to a project API key. Possible values are GROUP_CLUSTER_MANAGER, GROUP_DATA_ACCESS_ADMIN, GROUP_DATA_ACCESS_READ_ONLY, GROUP_DATA_ACCESS_READ_WRITE, GROUP_OWNER and GROUP_READ_ONLY.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard