pulumi-vault-kotlin/com.pulumi.vault.pkiSecret.kotlin/SecretBackendCrlConfig

SecretBackendCrlConfig

class SecretBackendCrlConfig : KotlinCustomResource

Allows setting the duration for which the generated CRL should be marked valid. If the CRL is disabled, it will return a signed but zero-length CRL for any request. If enabled, it will re-build the CRL.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const pki = new vault.Mount("pki", {
    path: "%s",
    type: "pki",
    defaultLeaseTtlSeconds: 3600,
    maxLeaseTtlSeconds: 86400,
});
const crlConfig = new vault.pkisecret.SecretBackendCrlConfig("crl_config", {
    backend: pki.path,
    expiry: "72h",
    disable: false,
});

import pulumi
import pulumi_vault as vault
pki = vault.Mount("pki",
    path="%s",
    type="pki",
    default_lease_ttl_seconds=3600,
    max_lease_ttl_seconds=86400)
crl_config = vault.pki_secret.SecretBackendCrlConfig("crl_config",
    backend=pki.path,
    expiry="72h",
    disable=False)

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
    var pki = new Vault.Mount("pki", new()
    {
        Path = "%s",
        Type = "pki",
        DefaultLeaseTtlSeconds = 3600,
        MaxLeaseTtlSeconds = 86400,
    });
    var crlConfig = new Vault.PkiSecret.SecretBackendCrlConfig("crl_config", new()
    {
        Backend = pki.Path,
        Expiry = "72h",
        Disable = false,
    });
});

package main
import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/pkisecret"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pki, err := vault.NewMount(ctx, "pki", &vault.MountArgs{
			Path:                   pulumi.String("%s"),
			Type:                   pulumi.String("pki"),
			DefaultLeaseTtlSeconds: pulumi.Int(3600),
			MaxLeaseTtlSeconds:     pulumi.Int(86400),
		})
		if err != nil {
			return err
		}
		_, err = pkisecret.NewSecretBackendCrlConfig(ctx, "crl_config", &pkisecret.SecretBackendCrlConfigArgs{
			Backend: pki.Path,
			Expiry:  pulumi.String("72h"),
			Disable: pulumi.Bool(false),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import com.pulumi.vault.pkiSecret.SecretBackendCrlConfig;
import com.pulumi.vault.pkiSecret.SecretBackendCrlConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var pki = new Mount("pki", MountArgs.builder()
            .path("%s")
            .type("pki")
            .defaultLeaseTtlSeconds(3600)
            .maxLeaseTtlSeconds(86400)
            .build());
        var crlConfig = new SecretBackendCrlConfig("crlConfig", SecretBackendCrlConfigArgs.builder()
            .backend(pki.path())
            .expiry("72h")
            .disable(false)
            .build());
    }
}

resources:
  pki:
    type: vault:Mount
    properties:
      path: '%s'
      type: pki
      defaultLeaseTtlSeconds: 3600
      maxLeaseTtlSeconds: 86400
  crlConfig:
    type: vault:pkiSecret:SecretBackendCrlConfig
    name: crl_config
    properties:
      backend: ${pki.path}
      expiry: 72h
      disable: false

Properties

autoRebuild

val autoRebuild: Output<Boolean>?

Enables periodic rebuilding of the CRL upon expiry. Vault 1.12+

autoRebuildGracePeriod

val autoRebuildGracePeriod: Output<String>

Grace period before CRL expiry to attempt rebuild of CRL. Vault 1.12+

backend

val backend: Output<String>

The path the PKI secret backend is mounted at, with no leading or trailing /s.

crossClusterRevocation

val crossClusterRevocation: Output<Boolean>

Enable cross-cluster revocation request queues. Vault 1.13+

deltaRebuildInterval

val deltaRebuildInterval: Output<String>

Interval to check for new revocations on, to regenerate the delta CRL.

disable

val disable: Output<Boolean>?

Disables or enables CRL building.

enableDelta

val enableDelta: Output<Boolean>?

Enables building of delta CRLs with up-to-date revocation information, augmenting the last complete CRL. Vault 1.12+

expiry

val expiry: Output<String>?

Specifies the time until expiration.

val id: Output<String>

maxCrlEntries

val maxCrlEntries: Output<Int>

The maximum number of entries a CRL can contain. This option exists to prevent accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. Vault 1.19

namespace

val namespace: Output<String>?

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

ocspDisable

val ocspDisable: Output<Boolean>?

Disables the OCSP responder in Vault. Vault 1.12+

ocspExpiry

val ocspExpiry: Output<String>

The amount of time an OCSP response can be cached for, useful for OCSP stapling refresh durations. Vault 1.12+

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String