Secret
data class SecretBackendArgs(val defaultTlsClientKeyBits: Output<Int>? = null, val defaultTlsClientKeyType: Output<String>? = null, val defaultTlsClientTtl: Output<Int>? = null, val description: Output<String>? = null, val disableRemount: Output<Boolean>? = null, val listenAddrs: Output<List<String>>? = null, val namespace: Output<String>? = null, val path: Output<String>? = null, val serverHostnames: Output<List<String>>? = null, val serverIps: Output<List<String>>? = null, val tlsCaKeyBits: Output<Int>? = null, val tlsCaKeyType: Output<String>? = null, val tlsMinVersion: Output<String>? = null) : ConvertibleToJava<SecretBackendArgs>
Manages KMIP Secret backends in a Vault server. This feature requires Vault Enterprise. See the Vault documentation for more information.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const _default = new vault.kmip.SecretBackend("default", {
path: "kmip",
description: "Vault KMIP backend",
listenAddrs: [
"127.0.0.1:5696",
"127.0.0.1:8080",
],
tlsCaKeyType: "rsa",
tlsCaKeyBits: 4096,
defaultTlsClientKeyType: "rsa",
defaultTlsClientKeyBits: 4096,
defaultTlsClientTtl: 86400,
});Content copied to clipboard
import pulumi
import pulumi_vault as vault
default = vault.kmip.SecretBackend("default",
path="kmip",
description="Vault KMIP backend",
listen_addrs=[
"127.0.0.1:5696",
"127.0.0.1:8080",
],
tls_ca_key_type="rsa",
tls_ca_key_bits=4096,
default_tls_client_key_type="rsa",
default_tls_client_key_bits=4096,
default_tls_client_ttl=86400)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var @default = new Vault.Kmip.SecretBackend("default", new()
{
Path = "kmip",
Description = "Vault KMIP backend",
ListenAddrs = new[]
{
"127.0.0.1:5696",
"127.0.0.1:8080",
},
TlsCaKeyType = "rsa",
TlsCaKeyBits = 4096,
DefaultTlsClientKeyType = "rsa",
DefaultTlsClientKeyBits = 4096,
DefaultTlsClientTtl = 86400,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/kmip"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := kmip.NewSecretBackend(ctx, "default", &kmip.SecretBackendArgs{
Path: pulumi.String("kmip"),
Description: pulumi.String("Vault KMIP backend"),
ListenAddrs: pulumi.StringArray{
pulumi.String("127.0.0.1:5696"),
pulumi.String("127.0.0.1:8080"),
},
TlsCaKeyType: pulumi.String("rsa"),
TlsCaKeyBits: pulumi.Int(4096),
DefaultTlsClientKeyType: pulumi.String("rsa"),
DefaultTlsClientKeyBits: pulumi.Int(4096),
DefaultTlsClientTtl: pulumi.Int(86400),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.kmip.SecretBackend;
import com.pulumi.vault.kmip.SecretBackendArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new SecretBackend("default", SecretBackendArgs.builder()
.path("kmip")
.description("Vault KMIP backend")
.listenAddrs(
"127.0.0.1:5696",
"127.0.0.1:8080")
.tlsCaKeyType("rsa")
.tlsCaKeyBits(4096)
.defaultTlsClientKeyType("rsa")
.defaultTlsClientKeyBits(4096)
.defaultTlsClientTtl(86400)
.build());
}
}Content copied to clipboard
resources:
default:
type: vault:kmip:SecretBackend
properties:
path: kmip
description: Vault KMIP backend
listenAddrs:
- 127.0.0.1:5696
- 127.0.0.1:8080
tlsCaKeyType: rsa
tlsCaKeyBits: 4096
defaultTlsClientKeyType: rsa
defaultTlsClientKeyBits: 4096
defaultTlsClientTtl: 86400Content copied to clipboard
Import
KMIP Secret backend can be imported using the path, e.g.
$ pulumi import vault:kmip/secretBackend:SecretBackend default kmipContent copied to clipboard
Constructors
Link copied to clipboard
constructor(defaultTlsClientKeyBits: Output<Int>? = null, defaultTlsClientKeyType: Output<String>? = null, defaultTlsClientTtl: Output<Int>? = null, description: Output<String>? = null, disableRemount: Output<Boolean>? = null, listenAddrs: Output<List<String>>? = null, namespace: Output<String>? = null, path: Output<String>? = null, serverHostnames: Output<List<String>>? = null, serverIps: Output<List<String>>? = null, tlsCaKeyBits: Output<Int>? = null, tlsCaKeyType: Output<String>? = null, tlsMinVersion: Output<String>? = null)
Properties
Link copied to clipboard
Client certificate key bits, valid values depend on key type.
Link copied to clipboard
Client certificate key type, rsa or ec.
Link copied to clipboard
Client certificate TTL in seconds
Link copied to clipboard
A human-friendly description for this backend.
Link copied to clipboard
If set, opts out of mount migration on path updates. See here for more info on Mount Migration
Link copied to clipboard
Addresses the KMIP server should listen on (host:port).
Link copied to clipboard
Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN).
Link copied to clipboard
CA key bits, valid values depend on key type.
Link copied to clipboard
CA key type, rsa or ec.
Link copied to clipboard
Minimum TLS version to accept.