Secret
data class SecretBackendCrlConfigArgs(val autoRebuild: Output<Boolean>? = null, val autoRebuildGracePeriod: Output<String>? = null, val backend: Output<String>? = null, val crossClusterRevocation: Output<Boolean>? = null, val deltaRebuildInterval: Output<String>? = null, val disable: Output<Boolean>? = null, val enableDelta: Output<Boolean>? = null, val expiry: Output<String>? = null, val maxCrlEntries: Output<Int>? = null, val namespace: Output<String>? = null, val ocspDisable: Output<Boolean>? = null, val ocspExpiry: Output<String>? = null, val unifiedCrl: Output<Boolean>? = null, val unifiedCrlOnExistingPaths: Output<Boolean>? = null) : ConvertibleToJava<SecretBackendCrlConfigArgs>
Allows setting the duration for which the generated CRL should be marked valid. If the CRL is disabled, it will return a signed but zero-length CRL for any request. If enabled, it will re-build the CRL.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const pki = new vault.Mount("pki", {
path: "%s",
type: "pki",
defaultLeaseTtlSeconds: 3600,
maxLeaseTtlSeconds: 86400,
});
const crlConfig = new vault.pkisecret.SecretBackendCrlConfig("crl_config", {
backend: pki.path,
expiry: "72h",
disable: false,
});Content copied to clipboard
import pulumi
import pulumi_vault as vault
pki = vault.Mount("pki",
path="%s",
type="pki",
default_lease_ttl_seconds=3600,
max_lease_ttl_seconds=86400)
crl_config = vault.pki_secret.SecretBackendCrlConfig("crl_config",
backend=pki.path,
expiry="72h",
disable=False)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var pki = new Vault.Mount("pki", new()
{
Path = "%s",
Type = "pki",
DefaultLeaseTtlSeconds = 3600,
MaxLeaseTtlSeconds = 86400,
});
var crlConfig = new Vault.PkiSecret.SecretBackendCrlConfig("crl_config", new()
{
Backend = pki.Path,
Expiry = "72h",
Disable = false,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/pkisecret"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
pki, err := vault.NewMount(ctx, "pki", &vault.MountArgs{
Path: pulumi.String("%s"),
Type: pulumi.String("pki"),
DefaultLeaseTtlSeconds: pulumi.Int(3600),
MaxLeaseTtlSeconds: pulumi.Int(86400),
})
if err != nil {
return err
}
_, err = pkisecret.NewSecretBackendCrlConfig(ctx, "crl_config", &pkisecret.SecretBackendCrlConfigArgs{
Backend: pki.Path,
Expiry: pulumi.String("72h"),
Disable: pulumi.Bool(false),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import com.pulumi.vault.pkiSecret.SecretBackendCrlConfig;
import com.pulumi.vault.pkiSecret.SecretBackendCrlConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var pki = new Mount("pki", MountArgs.builder()
.path("%s")
.type("pki")
.defaultLeaseTtlSeconds(3600)
.maxLeaseTtlSeconds(86400)
.build());
var crlConfig = new SecretBackendCrlConfig("crlConfig", SecretBackendCrlConfigArgs.builder()
.backend(pki.path())
.expiry("72h")
.disable(false)
.build());
}
}Content copied to clipboard
resources:
pki:
type: vault:Mount
properties:
path: '%s'
type: pki
defaultLeaseTtlSeconds: 3600
maxLeaseTtlSeconds: 86400
crlConfig:
type: vault:pkiSecret:SecretBackendCrlConfig
name: crl_config
properties:
backend: ${pki.path}
expiry: 72h
disable: falseContent copied to clipboard
Constructors
Link copied to clipboard
constructor(autoRebuild: Output<Boolean>? = null, autoRebuildGracePeriod: Output<String>? = null, backend: Output<String>? = null, crossClusterRevocation: Output<Boolean>? = null, deltaRebuildInterval: Output<String>? = null, disable: Output<Boolean>? = null, enableDelta: Output<Boolean>? = null, expiry: Output<String>? = null, maxCrlEntries: Output<Int>? = null, namespace: Output<String>? = null, ocspDisable: Output<Boolean>? = null, ocspExpiry: Output<String>? = null, unifiedCrl: Output<Boolean>? = null, unifiedCrlOnExistingPaths: Output<Boolean>? = null)
Properties
Link copied to clipboard
Enables periodic rebuilding of the CRL upon expiry. Vault 1.12+
Link copied to clipboard
Grace period before CRL expiry to attempt rebuild of CRL. Vault 1.12+
Link copied to clipboard
Enable cross-cluster revocation request queues. Vault 1.13+
Link copied to clipboard
Interval to check for new revocations on, to regenerate the delta CRL.
Link copied to clipboard
Enables building of delta CRLs with up-to-date revocation information, augmenting the last complete CRL. Vault 1.12+
Link copied to clipboard
The maximum number of entries a CRL can contain. This option exists to prevent accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. Vault 1.19
Link copied to clipboard
Disables the OCSP responder in Vault. Vault 1.12+
Link copied to clipboard
The amount of time an OCSP response can be cached for, useful for OCSP stapling refresh durations. Vault 1.12+
Link copied to clipboard
Enables unified CRL and OCSP building. Vault 1.13+
Link copied to clipboard
Enables serving the unified CRL and OCSP on the existing, previously cluster-local paths. Vault 1.13+