Secret
data class SecretRoleArgs(val namespace: Output<String>? = null, val operationActivate: Output<Boolean>? = null, val operationAddAttribute: Output<Boolean>? = null, val operationAll: Output<Boolean>? = null, val operationCreate: Output<Boolean>? = null, val operationDestroy: Output<Boolean>? = null, val operationDiscoverVersions: Output<Boolean>? = null, val operationGet: Output<Boolean>? = null, val operationGetAttributeList: Output<Boolean>? = null, val operationGetAttributes: Output<Boolean>? = null, val operationLocate: Output<Boolean>? = null, val operationNone: Output<Boolean>? = null, val operationRegister: Output<Boolean>? = null, val operationRekey: Output<Boolean>? = null, val operationRevoke: Output<Boolean>? = null, val path: Output<String>? = null, val role: Output<String>? = null, val scope: Output<String>? = null, val tlsClientKeyBits: Output<Int>? = null, val tlsClientKeyType: Output<String>? = null, val tlsClientTtl: Output<Int>? = null) : ConvertibleToJava<SecretRoleArgs>
Manages KMIP Secret roles in a Vault server. This feature requires Vault Enterprise. See the Vault documentation for more information.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const _default = new vault.kmip.SecretBackend("default", {
path: "kmip",
description: "Vault KMIP backend",
});
const dev = new vault.kmip.SecretScope("dev", {
path: _default.path,
scope: "dev",
force: true,
});
const admin = new vault.kmip.SecretRole("admin", {
path: dev.path,
scope: dev.scope,
role: "admin",
tlsClientKeyType: "ec",
tlsClientKeyBits: 256,
operationActivate: true,
operationGet: true,
operationGetAttributes: true,
operationCreate: true,
operationDestroy: true,
});Content copied to clipboard
import pulumi
import pulumi_vault as vault
default = vault.kmip.SecretBackend("default",
path="kmip",
description="Vault KMIP backend")
dev = vault.kmip.SecretScope("dev",
path=default.path,
scope="dev",
force=True)
admin = vault.kmip.SecretRole("admin",
path=dev.path,
scope=dev.scope,
role="admin",
tls_client_key_type="ec",
tls_client_key_bits=256,
operation_activate=True,
operation_get=True,
operation_get_attributes=True,
operation_create=True,
operation_destroy=True)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var @default = new Vault.Kmip.SecretBackend("default", new()
{
Path = "kmip",
Description = "Vault KMIP backend",
});
var dev = new Vault.Kmip.SecretScope("dev", new()
{
Path = @default.Path,
Scope = "dev",
Force = true,
});
var admin = new Vault.Kmip.SecretRole("admin", new()
{
Path = dev.Path,
Scope = dev.Scope,
Role = "admin",
TlsClientKeyType = "ec",
TlsClientKeyBits = 256,
OperationActivate = true,
OperationGet = true,
OperationGetAttributes = true,
OperationCreate = true,
OperationDestroy = true,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/kmip"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := kmip.NewSecretBackend(ctx, "default", &kmip.SecretBackendArgs{
Path: pulumi.String("kmip"),
Description: pulumi.String("Vault KMIP backend"),
})
if err != nil {
return err
}
dev, err := kmip.NewSecretScope(ctx, "dev", &kmip.SecretScopeArgs{
Path: _default.Path,
Scope: pulumi.String("dev"),
Force: pulumi.Bool(true),
})
if err != nil {
return err
}
_, err = kmip.NewSecretRole(ctx, "admin", &kmip.SecretRoleArgs{
Path: dev.Path,
Scope: dev.Scope,
Role: pulumi.String("admin"),
TlsClientKeyType: pulumi.String("ec"),
TlsClientKeyBits: pulumi.Int(256),
OperationActivate: pulumi.Bool(true),
OperationGet: pulumi.Bool(true),
OperationGetAttributes: pulumi.Bool(true),
OperationCreate: pulumi.Bool(true),
OperationDestroy: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.kmip.SecretBackend;
import com.pulumi.vault.kmip.SecretBackendArgs;
import com.pulumi.vault.kmip.SecretScope;
import com.pulumi.vault.kmip.SecretScopeArgs;
import com.pulumi.vault.kmip.SecretRole;
import com.pulumi.vault.kmip.SecretRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new SecretBackend("default", SecretBackendArgs.builder()
.path("kmip")
.description("Vault KMIP backend")
.build());
var dev = new SecretScope("dev", SecretScopeArgs.builder()
.path(default_.path())
.scope("dev")
.force(true)
.build());
var admin = new SecretRole("admin", SecretRoleArgs.builder()
.path(dev.path())
.scope(dev.scope())
.role("admin")
.tlsClientKeyType("ec")
.tlsClientKeyBits(256)
.operationActivate(true)
.operationGet(true)
.operationGetAttributes(true)
.operationCreate(true)
.operationDestroy(true)
.build());
}
}Content copied to clipboard
resources:
default:
type: vault:kmip:SecretBackend
properties:
path: kmip
description: Vault KMIP backend
dev:
type: vault:kmip:SecretScope
properties:
path: ${default.path}
scope: dev
force: true
admin:
type: vault:kmip:SecretRole
properties:
path: ${dev.path}
scope: ${dev.scope}
role: admin
tlsClientKeyType: ec
tlsClientKeyBits: 256
operationActivate: true
operationGet: true
operationGetAttributes: true
operationCreate: true
operationDestroy: trueContent copied to clipboard
Import
KMIP Secret role can be imported using the path, e.g.
$ pulumi import vault:kmip/secretRole:SecretRole admin kmipContent copied to clipboard
Constructors
Link copied to clipboard
constructor(namespace: Output<String>? = null, operationActivate: Output<Boolean>? = null, operationAddAttribute: Output<Boolean>? = null, operationAll: Output<Boolean>? = null, operationCreate: Output<Boolean>? = null, operationDestroy: Output<Boolean>? = null, operationDiscoverVersions: Output<Boolean>? = null, operationGet: Output<Boolean>? = null, operationGetAttributeList: Output<Boolean>? = null, operationGetAttributes: Output<Boolean>? = null, operationLocate: Output<Boolean>? = null, operationNone: Output<Boolean>? = null, operationRegister: Output<Boolean>? = null, operationRekey: Output<Boolean>? = null, operationRevoke: Output<Boolean>? = null, path: Output<String>? = null, role: Output<String>? = null, scope: Output<String>? = null, tlsClientKeyBits: Output<Int>? = null, tlsClientKeyType: Output<String>? = null, tlsClientTtl: Output<Int>? = null)
Properties
Link copied to clipboard
Grant permission to use the KMIP Activate operation.
Link copied to clipboard
Grant permission to use the KMIP Add Attribute operation.
Link copied to clipboard
Grant all permissions to this role. May not be specified with any other operation_* params.
Link copied to clipboard
Grant permission to use the KMIP Create operation.
Link copied to clipboard
Grant permission to use the KMIP Destroy operation.
Link copied to clipboard
Grant permission to use the KMIP Discover Version operation.
Link copied to clipboard
Grant permission to use the KMIP Get operation.
Link copied to clipboard
Grant permission to use the KMIP Get Atrribute List operation.
Link copied to clipboard
Grant permission to use the KMIP Get Atrributes operation.
Link copied to clipboard
Grant permission to use the KMIP Get Locate operation.
Link copied to clipboard
Remove all permissions from this role. May not be specified with any other operation_* params.
Link copied to clipboard
Grant permission to use the KMIP Register operation.
Link copied to clipboard
Grant permission to use the KMIP Rekey operation.
Link copied to clipboard
Grant permission to use the KMIP Revoke operation.
Link copied to clipboard
Client certificate key bits, valid values depend on key type.
Link copied to clipboard
Client certificate key type, rsa or ec.
Link copied to clipboard
Client certificate TTL in seconds.