Secret
data class SecretBackendKeyArgs(val allowPlaintextBackup: Output<Boolean>? = null, val autoRotatePeriod: Output<Int>? = null, val backend: Output<String>? = null, val convergentEncryption: Output<Boolean>? = null, val deletionAllowed: Output<Boolean>? = null, val derived: Output<Boolean>? = null, val exportable: Output<Boolean>? = null, val hybridKeyTypeEc: Output<String>? = null, val hybridKeyTypePqc: Output<String>? = null, val keySize: Output<Int>? = null, val minDecryptionVersion: Output<Int>? = null, val minEncryptionVersion: Output<Int>? = null, val name: Output<String>? = null, val namespace: Output<String>? = null, val parameterSet: Output<String>? = null, val type: Output<String>? = null) : ConvertibleToJava<SecretBackendKeyArgs>
Creates an Encryption Keyring on a Transit Secret Backend for Vault.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const transit = new vault.Mount("transit", {
path: "transit",
type: "transit",
description: "Example description",
defaultLeaseTtlSeconds: 3600,
maxLeaseTtlSeconds: 86400,
});
const key = new vault.transit.SecretBackendKey("key", {
backend: transit.path,
name: "my_key",
});Content copied to clipboard
import pulumi
import pulumi_vault as vault
transit = vault.Mount("transit",
path="transit",
type="transit",
description="Example description",
default_lease_ttl_seconds=3600,
max_lease_ttl_seconds=86400)
key = vault.transit.SecretBackendKey("key",
backend=transit.path,
name="my_key")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var transit = new Vault.Mount("transit", new()
{
Path = "transit",
Type = "transit",
Description = "Example description",
DefaultLeaseTtlSeconds = 3600,
MaxLeaseTtlSeconds = 86400,
});
var key = new Vault.Transit.SecretBackendKey("key", new()
{
Backend = transit.Path,
Name = "my_key",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/transit"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
transit, err := vault.NewMount(ctx, "transit", &vault.MountArgs{
Path: pulumi.String("transit"),
Type: pulumi.String("transit"),
Description: pulumi.String("Example description"),
DefaultLeaseTtlSeconds: pulumi.Int(3600),
MaxLeaseTtlSeconds: pulumi.Int(86400),
})
if err != nil {
return err
}
_, err = transit.NewSecretBackendKey(ctx, "key", &transit.SecretBackendKeyArgs{
Backend: transit.Path,
Name: pulumi.String("my_key"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import com.pulumi.vault.transit.SecretBackendKey;
import com.pulumi.vault.transit.SecretBackendKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var transit = new Mount("transit", MountArgs.builder()
.path("transit")
.type("transit")
.description("Example description")
.defaultLeaseTtlSeconds(3600)
.maxLeaseTtlSeconds(86400)
.build());
var key = new SecretBackendKey("key", SecretBackendKeyArgs.builder()
.backend(transit.path())
.name("my_key")
.build());
}
}Content copied to clipboard
resources:
transit:
type: vault:Mount
properties:
path: transit
type: transit
description: Example description
defaultLeaseTtlSeconds: 3600
maxLeaseTtlSeconds: 86400
key:
type: vault:transit:SecretBackendKey
properties:
backend: ${transit.path}
name: my_keyContent copied to clipboard
Import
Transit secret backend keys can be imported using the path, e.g.
$ pulumi import vault:transit/secretBackendKey:SecretBackendKey key transit/keys/my_keyContent copied to clipboard
Constructors
Link copied to clipboard
constructor(allowPlaintextBackup: Output<Boolean>? = null, autoRotatePeriod: Output<Int>? = null, backend: Output<String>? = null, convergentEncryption: Output<Boolean>? = null, deletionAllowed: Output<Boolean>? = null, derived: Output<Boolean>? = null, exportable: Output<Boolean>? = null, hybridKeyTypeEc: Output<String>? = null, hybridKeyTypePqc: Output<String>? = null, keySize: Output<Int>? = null, minDecryptionVersion: Output<Int>? = null, minEncryptionVersion: Output<Int>? = null, name: Output<String>? = null, namespace: Output<String>? = null, parameterSet: Output<String>? = null, type: Output<String>? = null)
Properties
Link copied to clipboard
Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
Link copied to clipboard
Amount of seconds the key should live before being automatically rotated. A value of 0 disables automatic rotation for the key.
Link copied to clipboard
Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires derived to be set to true.
Link copied to clipboard
Specifies if the key is allowed to be deleted.
Link copied to clipboard
Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
Link copied to clipboard
The elliptic curve algorithm to use for hybrid signatures. Supported key types are ecdsa-p256, ecdsa-p384, ecdsa-p521, and ed25519.
Link copied to clipboard
The post-quantum algorithm to use for hybrid signatures. Currently, ML-DSA is the only supported key type.
Link copied to clipboard
Minimum key version to use for decryption.
Link copied to clipboard
Minimum key version to use for encryption
Link copied to clipboard
The parameter set to use for ML-DSA. Required for ML-DSA and hybrid keys. Valid values are 44, 65, and 87.