UNPKG

@pulumi/vault

Version:

A Pulumi package for creating and managing HashiCorp Vault cloud resources.

pulumi.io

pulumi/pulumi-vault

163 lines (162 loc) 6.91 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
import * as pulumi from "@pulumi/pulumi"; /** * ## Import * * Generic secrets can be imported using the `path`, e.g. * * ```sh * $ pulumi import vault:generic/secret:Secret example secret/foo * ``` */ export declare class Secret extends pulumi.CustomResource { /** * Get an existing Secret resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SecretState, opts?: pulumi.CustomResourceOptions): Secret; /** * Returns true if the given object is an instance of Secret. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Secret; /** * A mapping whose keys are the top-level data keys returned from * Vault and whose values are the corresponding values. This map can only * represent string data, so any non-string values returned from Vault are * serialized as JSON. */ readonly data: pulumi.Output<{ [key: string]: string; }>; /** * String containing a JSON-encoded object that will be * written as the secret data at the given path. */ readonly dataJson: pulumi.Output<string>; /** * true/false. Only applicable for kv-v2 stores. * If set to `true`, permanently deletes all versions for * the specified key. The default behavior is to only delete the latest version of the * secret. */ readonly deleteAllVersions: pulumi.Output<boolean | undefined>; /** * true/false. Set this to true if your vault * authentication is not able to read the data. Setting this to `true` will * break drift detection. Defaults to false. */ readonly disableRead: pulumi.Output<boolean | undefined>; /** * The namespace to provision the resource in. * The value should not contain leading or trailing forward slashes. * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). * *Available only for Vault Enterprise*. */ readonly namespace: pulumi.Output<string | undefined>; /** * The full logical path at which to write the given data. * To write data into the "generic" secret backend mounted in Vault by default, * this should be prefixed with `secret/`. Writing to other backends with this * resource is possible; consult each backend's documentation to see which * endpoints support the `PUT` and `DELETE` methods. */ readonly path: pulumi.Output<string>; /** * Create a Secret resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: SecretArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Secret resources. */ export interface SecretState { /** * A mapping whose keys are the top-level data keys returned from * Vault and whose values are the corresponding values. This map can only * represent string data, so any non-string values returned from Vault are * serialized as JSON. */ data?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * String containing a JSON-encoded object that will be * written as the secret data at the given path. */ dataJson?: pulumi.Input<string>; /** * true/false. Only applicable for kv-v2 stores. * If set to `true`, permanently deletes all versions for * the specified key. The default behavior is to only delete the latest version of the * secret. */ deleteAllVersions?: pulumi.Input<boolean>; /** * true/false. Set this to true if your vault * authentication is not able to read the data. Setting this to `true` will * break drift detection. Defaults to false. */ disableRead?: pulumi.Input<boolean>; /** * The namespace to provision the resource in. * The value should not contain leading or trailing forward slashes. * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). * *Available only for Vault Enterprise*. */ namespace?: pulumi.Input<string>; /** * The full logical path at which to write the given data. * To write data into the "generic" secret backend mounted in Vault by default, * this should be prefixed with `secret/`. Writing to other backends with this * resource is possible; consult each backend's documentation to see which * endpoints support the `PUT` and `DELETE` methods. */ path?: pulumi.Input<string>; } /** * The set of arguments for constructing a Secret resource. */ export interface SecretArgs { /** * String containing a JSON-encoded object that will be * written as the secret data at the given path. */ dataJson: pulumi.Input<string>; /** * true/false. Only applicable for kv-v2 stores. * If set to `true`, permanently deletes all versions for * the specified key. The default behavior is to only delete the latest version of the * secret. */ deleteAllVersions?: pulumi.Input<boolean>; /** * true/false. Set this to true if your vault * authentication is not able to read the data. Setting this to `true` will * break drift detection. Defaults to false. */ disableRead?: pulumi.Input<boolean>; /** * The namespace to provision the resource in. * The value should not contain leading or trailing forward slashes. * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). * *Available only for Vault Enterprise*. */ namespace?: pulumi.Input<string>; /** * The full logical path at which to write the given data. * To write data into the "generic" secret backend mounted in Vault by default, * this should be prefixed with `secret/`. Writing to other backends with this * resource is possible; consult each backend's documentation to see which * endpoints support the `PUT` and `DELETE` methods. */ path: pulumi.Input<string>; }