Mount
data class MountArgs(val allowedManagedKeys: Output<List<String>>? = null, val allowedResponseHeaders: Output<List<String>>? = null, val auditNonHmacRequestKeys: Output<List<String>>? = null, val auditNonHmacResponseKeys: Output<List<String>>? = null, val defaultLeaseTtlSeconds: Output<Int>? = null, val delegatedAuthAccessors: Output<List<String>>? = null, val description: Output<String>? = null, val externalEntropyAccess: Output<Boolean>? = null, val identityTokenKey: Output<String>? = null, val listingVisibility: Output<String>? = null, val local: Output<Boolean>? = null, val maxLeaseTtlSeconds: Output<Int>? = null, val namespace: Output<String>? = null, val options: Output<Map<String, String>>? = null, val passthroughRequestHeaders: Output<List<String>>? = null, val path: Output<String>? = null, val pluginVersion: Output<String>? = null, val sealWrap: Output<Boolean>? = null, val type: Output<String>? = null) : ConvertibleToJava<MountArgs>
This resource enables a new secrets engine at the given path.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const example = new vault.Mount("example", {
path: "dummy",
type: "generic",
description: "This is an example mount",
});Content copied to clipboard
import pulumi
import pulumi_vault as vault
example = vault.Mount("example",
path="dummy",
type="generic",
description="This is an example mount")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var example = new Vault.Mount("example", new()
{
Path = "dummy",
Type = "generic",
Description = "This is an example mount",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := vault.NewMount(ctx, "example", &vault.MountArgs{
Path: pulumi.String("dummy"),
Type: pulumi.String("generic"),
Description: pulumi.String("This is an example mount"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Mount("example", MountArgs.builder()
.path("dummy")
.type("generic")
.description("This is an example mount")
.build());
}
}Content copied to clipboard
resources:
example:
type: vault:Mount
properties:
path: dummy
type: generic
description: This is an example mountContent copied to clipboard
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const kvv2_example = new vault.Mount("kvv2-example", {
path: "version2-example",
type: "kv-v2",
options: {
version: "2",
type: "kv-v2",
},
description: "This is an example KV Version 2 secret engine mount",
});Content copied to clipboard
import pulumi
import pulumi_vault as vault
kvv2_example = vault.Mount("kvv2-example",
path="version2-example",
type="kv-v2",
options={
"version": "2",
"type": "kv-v2",
},
description="This is an example KV Version 2 secret engine mount")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var kvv2_example = new Vault.Mount("kvv2-example", new()
{
Path = "version2-example",
Type = "kv-v2",
Options =
{
{ "version", "2" },
{ "type", "kv-v2" },
},
Description = "This is an example KV Version 2 secret engine mount",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := vault.NewMount(ctx, "kvv2-example", &vault.MountArgs{
Path: pulumi.String("version2-example"),
Type: pulumi.String("kv-v2"),
Options: pulumi.StringMap{
"version": pulumi.String("2"),
"type": pulumi.String("kv-v2"),
},
Description: pulumi.String("This is an example KV Version 2 secret engine mount"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var kvv2_example = new Mount("kvv2-example", MountArgs.builder()
.path("version2-example")
.type("kv-v2")
.options(Map.ofEntries(
Map.entry("version", "2"),
Map.entry("type", "kv-v2")
))
.description("This is an example KV Version 2 secret engine mount")
.build());
}
}Content copied to clipboard
resources:
kvv2-example:
type: vault:Mount
properties:
path: version2-example
type: kv-v2
options:
version: '2'
type: kv-v2
description: This is an example KV Version 2 secret engine mountContent copied to clipboard
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const transit_example = new vault.Mount("transit-example", {
path: "transit-example",
type: "transit",
description: "This is an example transit secret engine mount",
options: {
convergent_encryption: "false",
},
});Content copied to clipboard
import pulumi
import pulumi_vault as vault
transit_example = vault.Mount("transit-example",
path="transit-example",
type="transit",
description="This is an example transit secret engine mount",
options={
"convergent_encryption": "false",
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var transit_example = new Vault.Mount("transit-example", new()
{
Path = "transit-example",
Type = "transit",
Description = "This is an example transit secret engine mount",
Options =
{
{ "convergent_encryption", "false" },
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := vault.NewMount(ctx, "transit-example", &vault.MountArgs{
Path: pulumi.String("transit-example"),
Type: pulumi.String("transit"),
Description: pulumi.String("This is an example transit secret engine mount"),
Options: pulumi.StringMap{
"convergent_encryption": pulumi.String("false"),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var transit_example = new Mount("transit-example", MountArgs.builder()
.path("transit-example")
.type("transit")
.description("This is an example transit secret engine mount")
.options(Map.of("convergent_encryption", "false"))
.build());
}
}Content copied to clipboard
resources:
transit-example:
type: vault:Mount
properties:
path: transit-example
type: transit
description: This is an example transit secret engine mount
options:
convergent_encryption: falseContent copied to clipboard
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const pki_example = new vault.Mount("pki-example", {
path: "pki-example",
type: "pki",
description: "This is an example PKI mount",
defaultLeaseTtlSeconds: 3600,
maxLeaseTtlSeconds: 86400,
});Content copied to clipboard
import pulumi
import pulumi_vault as vault
pki_example = vault.Mount("pki-example",
path="pki-example",
type="pki",
description="This is an example PKI mount",
default_lease_ttl_seconds=3600,
max_lease_ttl_seconds=86400)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var pki_example = new Vault.Mount("pki-example", new()
{
Path = "pki-example",
Type = "pki",
Description = "This is an example PKI mount",
DefaultLeaseTtlSeconds = 3600,
MaxLeaseTtlSeconds = 86400,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := vault.NewMount(ctx, "pki-example", &vault.MountArgs{
Path: pulumi.String("pki-example"),
Type: pulumi.String("pki"),
Description: pulumi.String("This is an example PKI mount"),
DefaultLeaseTtlSeconds: pulumi.Int(3600),
MaxLeaseTtlSeconds: pulumi.Int(86400),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var pki_example = new Mount("pki-example", MountArgs.builder()
.path("pki-example")
.type("pki")
.description("This is an example PKI mount")
.defaultLeaseTtlSeconds(3600)
.maxLeaseTtlSeconds(86400)
.build());
}
}Content copied to clipboard
resources:
pki-example:
type: vault:Mount
properties:
path: pki-example
type: pki
description: This is an example PKI mount
defaultLeaseTtlSeconds: 3600
maxLeaseTtlSeconds: 86400Content copied to clipboard
Import
Mounts can be imported using the path, e.g.
$ pulumi import vault:index/mount:Mount example dummyContent copied to clipboard
Constructors
Link copied to clipboard
constructor(allowedManagedKeys: Output<List<String>>? = null, allowedResponseHeaders: Output<List<String>>? = null, auditNonHmacRequestKeys: Output<List<String>>? = null, auditNonHmacResponseKeys: Output<List<String>>? = null, defaultLeaseTtlSeconds: Output<Int>? = null, delegatedAuthAccessors: Output<List<String>>? = null, description: Output<String>? = null, externalEntropyAccess: Output<Boolean>? = null, identityTokenKey: Output<String>? = null, listingVisibility: Output<String>? = null, local: Output<Boolean>? = null, maxLeaseTtlSeconds: Output<Int>? = null, namespace: Output<String>? = null, options: Output<Map<String, String>>? = null, passthroughRequestHeaders: Output<List<String>>? = null, path: Output<String>? = null, pluginVersion: Output<String>? = null, sealWrap: Output<Boolean>? = null, type: Output<String>? = null)
Properties
Link copied to clipboard
Set of managed key registry entry names that the mount in question is allowed to access
Link copied to clipboard
List of headers to allow, allowing a plugin to include them in the response.
Link copied to clipboard
Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
Link copied to clipboard
Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
Link copied to clipboard
Default lease duration for tokens and secrets in seconds
Link copied to clipboard
List of allowed authentication mount accessors the backend can request delegated authentication for.
Link copied to clipboard
Human-friendly description of the mount
Link copied to clipboard
Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
Link copied to clipboard
The key to use for signing plugin workload identity tokens. If not provided, this will default to Vault's OIDC default key.
Link copied to clipboard
Specifies whether to show this mount in the UI-specific listing endpoint. Valid values are unauth or hidden. If not set, behaves like hidden.
Link copied to clipboard
Maximum possible lease duration for tokens and secrets in seconds
Link copied to clipboard
List of headers to allow and pass from the request to the plugin.
Link copied to clipboard
Specifies the semantic version of the plugin to use, e.g. "v1.0.0". If unspecified, the server will select any matching unversioned plugin that may have been registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.