UNPKG

@pulumi/vault

Version:

A Pulumi package for creating and managing HashiCorp Vault cloud resources.

pulumi.io

pulumi/pulumi-vault

178 lines (177 loc) 5.06 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
import * as pulumi from "@pulumi/pulumi"; /** * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as vault from "@pulumi/vault"; * * const kvv2 = new vault.Mount("kvv2", { * path: "kvv2", * type: "kv", * options: { * version: "2", * }, * description: "KV Version 2 secret engine mount", * }); * const exampleSecretV2 = new vault.kv.SecretV2("example", { * mount: kvv2.path, * name: "secret", * deleteAllVersions: true, * dataJson: JSON.stringify({ * zip: "zap", * foo: "bar", * }), * }); * const example = vault.kv.getSecretV2Output({ * mount: kvv2.path, * name: exampleSecretV2.name, * }); * ``` * * ## Required Vault Capabilities * * Use of this resource requires the `read` capability on the given path. */ export declare function getSecretV2(args: GetSecretV2Args, opts?: pulumi.InvokeOptions): Promise<GetSecretV2Result>; /** * A collection of arguments for invoking getSecretV2. */ export interface GetSecretV2Args { /** * Path where KV-V2 engine is mounted. */ mount: string; /** * Full name of the secret. For a nested secret * the name is the nested path excluding the mount and data * prefix. For example, for a secret at `kvv2/data/foo/bar/baz` * the name is `foo/bar/baz`. */ name: string; /** * The namespace of the target resource. * The value should not contain leading or trailing forward slashes. * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). * *Available only for Vault Enterprise*. */ namespace?: string; /** * Version of the secret to retrieve. */ version?: number; } /** * A collection of values returned by getSecretV2. */ export interface GetSecretV2Result { /** * Time at which secret was created. */ readonly createdTime: string; /** * Custom metadata for the secret. */ readonly customMetadata: { [key: string]: string; }; /** * A mapping whose keys are the top-level data keys returned from * Vault and whose values are the corresponding values. This map can only * represent string data, so any non-string values returned from Vault are * serialized as JSON. */ readonly data: { [key: string]: string; }; /** * JSON-encoded string that that is * read as the secret data at the given path. */ readonly dataJson: string; /** * Deletion time for the secret. */ readonly deletionTime: string; /** * Indicates whether the secret has been destroyed. */ readonly destroyed: boolean; /** * The provider-assigned unique ID for this managed resource. */ readonly id: string; readonly mount: string; readonly name: string; readonly namespace?: string; /** * Full path where the KVV2 secret is written. */ readonly path: string; /** * Version of the secret. */ readonly version?: number; } /** * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as vault from "@pulumi/vault"; * * const kvv2 = new vault.Mount("kvv2", { * path: "kvv2", * type: "kv", * options: { * version: "2", * }, * description: "KV Version 2 secret engine mount", * }); * const exampleSecretV2 = new vault.kv.SecretV2("example", { * mount: kvv2.path, * name: "secret", * deleteAllVersions: true, * dataJson: JSON.stringify({ * zip: "zap", * foo: "bar", * }), * }); * const example = vault.kv.getSecretV2Output({ * mount: kvv2.path, * name: exampleSecretV2.name, * }); * ``` * * ## Required Vault Capabilities * * Use of this resource requires the `read` capability on the given path. */ export declare function getSecretV2Output(args: GetSecretV2OutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output<GetSecretV2Result>; /** * A collection of arguments for invoking getSecretV2. */ export interface GetSecretV2OutputArgs { /** * Path where KV-V2 engine is mounted. */ mount: pulumi.Input<string>; /** * Full name of the secret. For a nested secret * the name is the nested path excluding the mount and data * prefix. For example, for a secret at `kvv2/data/foo/bar/baz` * the name is `foo/bar/baz`. */ name: pulumi.Input<string>; /** * The namespace of the target resource. * The value should not contain leading or trailing forward slashes. * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). * *Available only for Vault Enterprise*. */ namespace?: pulumi.Input<string>; /** * Version of the secret to retrieve. */ version?: pulumi.Input<number>; }