pulumi-vault-kotlin/com.pulumi.vault.kmip.kotlin/SecretRole

SecretRole

class SecretRole : KotlinCustomResource

Manages KMIP Secret roles in a Vault server. This feature requires Vault Enterprise. See the Vault documentation for more information.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const _default = new vault.kmip.SecretBackend("default", {
    path: "kmip",
    description: "Vault KMIP backend",
});
const dev = new vault.kmip.SecretScope("dev", {
    path: _default.path,
    scope: "dev",
    force: true,
});
const admin = new vault.kmip.SecretRole("admin", {
    path: dev.path,
    scope: dev.scope,
    role: "admin",
    tlsClientKeyType: "ec",
    tlsClientKeyBits: 256,
    operationActivate: true,
    operationGet: true,
    operationGetAttributes: true,
    operationCreate: true,
    operationDestroy: true,
});
Content copied to clipboard
import pulumi
import pulumi_vault as vault
default = vault.kmip.SecretBackend("default",
    path="kmip",
    description="Vault KMIP backend")
dev = vault.kmip.SecretScope("dev",
    path=default.path,
    scope="dev",
    force=True)
admin = vault.kmip.SecretRole("admin",
    path=dev.path,
    scope=dev.scope,
    role="admin",
    tls_client_key_type="ec",
    tls_client_key_bits=256,
    operation_activate=True,
    operation_get=True,
    operation_get_attributes=True,
    operation_create=True,
    operation_destroy=True)
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
    var @default = new Vault.Kmip.SecretBackend("default", new()
    {
        Path = "kmip",
        Description = "Vault KMIP backend",
    });
    var dev = new Vault.Kmip.SecretScope("dev", new()
    {
        Path = @default.Path,
        Scope = "dev",
        Force = true,
    });
    var admin = new Vault.Kmip.SecretRole("admin", new()
    {
        Path = dev.Path,
        Scope = dev.Scope,
        Role = "admin",
        TlsClientKeyType = "ec",
        TlsClientKeyBits = 256,
        OperationActivate = true,
        OperationGet = true,
        OperationGetAttributes = true,
        OperationCreate = true,
        OperationDestroy = true,
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/kmip"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_default, err := kmip.NewSecretBackend(ctx, "default", &kmip.SecretBackendArgs{
			Path:        pulumi.String("kmip"),
			Description: pulumi.String("Vault KMIP backend"),
		})
		if err != nil {
			return err
		}
		dev, err := kmip.NewSecretScope(ctx, "dev", &kmip.SecretScopeArgs{
			Path:  _default.Path,
			Scope: pulumi.String("dev"),
			Force: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = kmip.NewSecretRole(ctx, "admin", &kmip.SecretRoleArgs{
			Path:                   dev.Path,
			Scope:                  dev.Scope,
			Role:                   pulumi.String("admin"),
			TlsClientKeyType:       pulumi.String("ec"),
			TlsClientKeyBits:       pulumi.Int(256),
			OperationActivate:      pulumi.Bool(true),
			OperationGet:           pulumi.Bool(true),
			OperationGetAttributes: pulumi.Bool(true),
			OperationCreate:        pulumi.Bool(true),
			OperationDestroy:       pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.kmip.SecretBackend;
import com.pulumi.vault.kmip.SecretBackendArgs;
import com.pulumi.vault.kmip.SecretScope;
import com.pulumi.vault.kmip.SecretScopeArgs;
import com.pulumi.vault.kmip.SecretRole;
import com.pulumi.vault.kmip.SecretRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var default_ = new SecretBackend("default", SecretBackendArgs.builder()
            .path("kmip")
            .description("Vault KMIP backend")
            .build());
        var dev = new SecretScope("dev", SecretScopeArgs.builder()
            .path(default_.path())
            .scope("dev")
            .force(true)
            .build());
        var admin = new SecretRole("admin", SecretRoleArgs.builder()
            .path(dev.path())
            .scope(dev.scope())
            .role("admin")
            .tlsClientKeyType("ec")
            .tlsClientKeyBits(256)
            .operationActivate(true)
            .operationGet(true)
            .operationGetAttributes(true)
            .operationCreate(true)
            .operationDestroy(true)
            .build());
    }
}
Content copied to clipboard
resources:
  default:
    type: vault:kmip:SecretBackend
    properties:
      path: kmip
      description: Vault KMIP backend
  dev:
    type: vault:kmip:SecretScope
    properties:
      path: ${default.path}
      scope: dev
      force: true
  admin:
    type: vault:kmip:SecretRole
    properties:
      path: ${dev.path}
      scope: ${dev.scope}
      role: admin
      tlsClientKeyType: ec
      tlsClientKeyBits: 256
      operationActivate: true
      operationGet: true
      operationGetAttributes: true
      operationCreate: true
      operationDestroy: true
Content copied to clipboard

Import

KMIP Secret role can be imported using the path, e.g.

$ pulumi import vault:kmip/secretRole:SecretRole admin kmip
Content copied to clipboard

Properties

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val namespace: Output<String>?

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

Link copied to clipboard
val operationActivate: Output<Boolean>

Grant permission to use the KMIP Activate operation.

Link copied to clipboard
val operationAddAttribute: Output<Boolean>

Grant permission to use the KMIP Add Attribute operation.

Link copied to clipboard
val operationAll: Output<Boolean>

Grant all permissions to this role. May not be specified with any other operation_* params.

Link copied to clipboard
val operationCreate: Output<Boolean>

Grant permission to use the KMIP Create operation.

Link copied to clipboard
val operationDestroy: Output<Boolean>

Grant permission to use the KMIP Destroy operation.

Link copied to clipboard
val operationDiscoverVersions: Output<Boolean>

Grant permission to use the KMIP Discover Version operation.

Link copied to clipboard
val operationGet: Output<Boolean>

Grant permission to use the KMIP Get operation.

Link copied to clipboard
val operationGetAttributeList: Output<Boolean>

Grant permission to use the KMIP Get Atrribute List operation.

Link copied to clipboard
val operationGetAttributes: Output<Boolean>

Grant permission to use the KMIP Get Atrributes operation.

Link copied to clipboard
val operationLocate: Output<Boolean>

Grant permission to use the KMIP Get Locate operation.

Link copied to clipboard
val operationNone: Output<Boolean>

Remove all permissions from this role. May not be specified with any other operation_* params.

Link copied to clipboard
val operationRegister: Output<Boolean>

Grant permission to use the KMIP Register operation.

Link copied to clipboard
val operationRekey: Output<Boolean>

Grant permission to use the KMIP Rekey operation.

Link copied to clipboard
val operationRevoke: Output<Boolean>

Grant permission to use the KMIP Revoke operation.

Link copied to clipboard
val path: Output<String>

The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val role: Output<String>

Name of the role.

Link copied to clipboard
val scope: Output<String>

Name of the scope.

Link copied to clipboard
val tlsClientKeyBits: Output<Int>?

Client certificate key bits, valid values depend on key type.

Link copied to clipboard
val tlsClientKeyType: Output<String>?

Client certificate key type, rsa or ec.

Link copied to clipboard
val tlsClientTtl: Output<Int>?

Client certificate TTL in seconds.

Link copied to clipboard
val urn: Output<String>