Docs
PackagesHashiCorp Vault v6.1.0 published on Thursday, Apr 4, 2024 by Pulumi
vault.Mount
Explore with Pulumi AI
This resource enables a new secrets engine at the given path.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const example = new vault.Mount("example", {
description: "This is an example mount",
path: "dummy",
type: "generic",
});
import pulumi
import pulumi_vault as vault
example = vault.Mount("example",
description="This is an example mount",
path="dummy",
type="generic")
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := vault.NewMount(ctx, "example", &vault.MountArgs{
Description: pulumi.String("This is an example mount"),
Path: pulumi.String("dummy"),
Type: pulumi.String("generic"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var example = new Vault.Mount("example", new()
{
Description = "This is an example mount",
Path = "dummy",
Type = "generic",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Mount("example", MountArgs.builder()
.description("This is an example mount")
.path("dummy")
.type("generic")
.build());
}
}
resources:
example:
type: vault:Mount
properties:
description: This is an example mount
path: dummy
type: generic
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const kvv2_example = new vault.Mount("kvv2-example", {
description: "This is an example KV Version 2 secret engine mount",
options: {
type: "kv-v2",
version: "2",
},
path: "version2-example",
type: "kv-v2",
});
import pulumi
import pulumi_vault as vault
kvv2_example = vault.Mount("kvv2-example",
description="This is an example KV Version 2 secret engine mount",
options={
"type": "kv-v2",
"version": "2",
},
path="version2-example",
type="kv-v2")
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := vault.NewMount(ctx, "kvv2-example", &vault.MountArgs{
Description: pulumi.String("This is an example KV Version 2 secret engine mount"),
Options: pulumi.Map{
"type": pulumi.Any("kv-v2"),
"version": pulumi.Any("2"),
},
Path: pulumi.String("version2-example"),
Type: pulumi.String("kv-v2"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var kvv2_example = new Vault.Mount("kvv2-example", new()
{
Description = "This is an example KV Version 2 secret engine mount",
Options =
{
{ "type", "kv-v2" },
{ "version", "2" },
},
Path = "version2-example",
Type = "kv-v2",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var kvv2_example = new Mount("kvv2-example", MountArgs.builder()
.description("This is an example KV Version 2 secret engine mount")
.options(Map.ofEntries(
Map.entry("type", "kv-v2"),
Map.entry("version", "2")
))
.path("version2-example")
.type("kv-v2")
.build());
}
}
resources:
kvv2-example:
type: vault:Mount
properties:
description: This is an example KV Version 2 secret engine mount
options:
type: kv-v2
version: '2'
path: version2-example
type: kv-v2
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const transit_example = new vault.Mount("transit-example", {
description: "This is an example transit secret engine mount",
options: {
convergent_encryption: false,
},
path: "transit-example",
type: "transit",
});
import pulumi
import pulumi_vault as vault
transit_example = vault.Mount("transit-example",
description="This is an example transit secret engine mount",
options={
"convergent_encryption": False,
},
path="transit-example",
type="transit")
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := vault.NewMount(ctx, "transit-example", &vault.MountArgs{
Description: pulumi.String("This is an example transit secret engine mount"),
Options: pulumi.Map{
"convergent_encryption": pulumi.Any(false),
},
Path: pulumi.String("transit-example"),
Type: pulumi.String("transit"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var transit_example = new Vault.Mount("transit-example", new()
{
Description = "This is an example transit secret engine mount",
Options =
{
{ "convergent_encryption", false },
},
Path = "transit-example",
Type = "transit",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var transit_example = new Mount("transit-example", MountArgs.builder()
.description("This is an example transit secret engine mount")
.options(Map.of("convergent_encryption", false))
.path("transit-example")
.type("transit")
.build());
}
}
resources:
transit-example:
type: vault:Mount
properties:
description: This is an example transit secret engine mount
options:
convergent_encryption: false
path: transit-example
type: transit
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const pki_example = new vault.Mount("pki-example", {
defaultLeaseTtlSeconds: 3600,
description: "This is an example PKI mount",
maxLeaseTtlSeconds: 86400,
path: "pki-example",
type: "pki",
});
import pulumi
import pulumi_vault as vault
pki_example = vault.Mount("pki-example",
default_lease_ttl_seconds=3600,
description="This is an example PKI mount",
max_lease_ttl_seconds=86400,
path="pki-example",
type="pki")
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := vault.NewMount(ctx, "pki-example", &vault.MountArgs{
DefaultLeaseTtlSeconds: pulumi.Int(3600),
Description: pulumi.String("This is an example PKI mount"),
MaxLeaseTtlSeconds: pulumi.Int(86400),
Path: pulumi.String("pki-example"),
Type: pulumi.String("pki"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var pki_example = new Vault.Mount("pki-example", new()
{
DefaultLeaseTtlSeconds = 3600,
Description = "This is an example PKI mount",
MaxLeaseTtlSeconds = 86400,
Path = "pki-example",
Type = "pki",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var pki_example = new Mount("pki-example", MountArgs.builder()
.defaultLeaseTtlSeconds(3600)
.description("This is an example PKI mount")
.maxLeaseTtlSeconds(86400)
.path("pki-example")
.type("pki")
.build());
}
}
resources:
pki-example:
type: vault:Mount
properties:
defaultLeaseTtlSeconds: 3600
description: This is an example PKI mount
maxLeaseTtlSeconds: 86400
path: pki-example
type: pki
Create Mount Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Mount(name: string, args: MountArgs, opts?: CustomResourceOptions);@overload
def Mount(resource_name: str,
args: MountArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Mount(resource_name: str,
opts: Optional[ResourceOptions] = None,
path: Optional[str] = None,
type: Optional[str] = None,
local: Optional[bool] = None,
default_lease_ttl_seconds: Optional[int] = None,
description: Optional[str] = None,
external_entropy_access: Optional[bool] = None,
allowed_managed_keys: Optional[Sequence[str]] = None,
max_lease_ttl_seconds: Optional[int] = None,
namespace: Optional[str] = None,
options: Optional[Mapping[str, Any]] = None,
audit_non_hmac_response_keys: Optional[Sequence[str]] = None,
seal_wrap: Optional[bool] = None,
audit_non_hmac_request_keys: Optional[Sequence[str]] = None)func NewMount(ctx *Context, name string, args MountArgs, opts ...ResourceOption) (*Mount, error)public Mount(string name, MountArgs args, CustomResourceOptions? opts = null)type: vault:Mount
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args MountArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args MountArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args MountArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args MountArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args MountArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var mountResource = new Vault.Mount("mountResource", new()
{
Path = "string",
Type = "string",
Local = false,
DefaultLeaseTtlSeconds = 0,
Description = "string",
ExternalEntropyAccess = false,
AllowedManagedKeys = new[]
{
"string",
},
MaxLeaseTtlSeconds = 0,
Namespace = "string",
Options =
{
{ "string", "any" },
},
AuditNonHmacResponseKeys = new[]
{
"string",
},
SealWrap = false,
AuditNonHmacRequestKeys = new[]
{
"string",
},
});
example, err := vault.NewMount(ctx, "mountResource", &vault.MountArgs{
Path: pulumi.String("string"),
Type: pulumi.String("string"),
Local: pulumi.Bool(false),
DefaultLeaseTtlSeconds: pulumi.Int(0),
Description: pulumi.String("string"),
ExternalEntropyAccess: pulumi.Bool(false),
AllowedManagedKeys: pulumi.StringArray{
pulumi.String("string"),
},
MaxLeaseTtlSeconds: pulumi.Int(0),
Namespace: pulumi.String("string"),
Options: pulumi.Map{
"string": pulumi.Any("any"),
},
AuditNonHmacResponseKeys: pulumi.StringArray{
pulumi.String("string"),
},
SealWrap: pulumi.Bool(false),
AuditNonHmacRequestKeys: pulumi.StringArray{
pulumi.String("string"),
},
})
var mountResource = new Mount("mountResource", MountArgs.builder()
.path("string")
.type("string")
.local(false)
.defaultLeaseTtlSeconds(0)
.description("string")
.externalEntropyAccess(false)
.allowedManagedKeys("string")
.maxLeaseTtlSeconds(0)
.namespace("string")
.options(Map.of("string", "any"))
.auditNonHmacResponseKeys("string")
.sealWrap(false)
.auditNonHmacRequestKeys("string")
.build());
mount_resource = vault.Mount("mountResource",
path="string",
type="string",
local=False,
default_lease_ttl_seconds=0,
description="string",
external_entropy_access=False,
allowed_managed_keys=["string"],
max_lease_ttl_seconds=0,
namespace="string",
options={
"string": "any",
},
audit_non_hmac_response_keys=["string"],
seal_wrap=False,
audit_non_hmac_request_keys=["string"])
const mountResource = new vault.Mount("mountResource", {
path: "string",
type: "string",
local: false,
defaultLeaseTtlSeconds: 0,
description: "string",
externalEntropyAccess: false,
allowedManagedKeys: ["string"],
maxLeaseTtlSeconds: 0,
namespace: "string",
options: {
string: "any",
},
auditNonHmacResponseKeys: ["string"],
sealWrap: false,
auditNonHmacRequestKeys: ["string"],
});
type: vault:Mount
properties:
allowedManagedKeys:
- string
auditNonHmacRequestKeys:
- string
auditNonHmacResponseKeys:
- string
defaultLeaseTtlSeconds: 0
description: string
externalEntropyAccess: false
local: false
maxLeaseTtlSeconds: 0
namespace: string
options:
string: any
path: string
sealWrap: false
type: string
Mount Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Mount resource accepts the following input properties:
- Path string
- Where the secret backend will be mounted
- Type string
- Type of the backend, such as "aws"
- Allowed
Managed List<string>Keys - Set of managed key registry entry names that the mount in question is allowed to access
- Audit
Non List<string>Hmac Request Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- Audit
Non List<string>Hmac Response Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- Default
Lease intTtl Seconds - Default lease duration for tokens and secrets in seconds
- Description string
- Human-friendly description of the mount
- External
Entropy boolAccess - Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- Local bool
- Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- Max
Lease intTtl Seconds - Maximum possible lease duration for tokens and secrets in seconds
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - Options Dictionary<string, object>
- Specifies mount type specific options that are passed to the backend
- Seal
Wrap bool - Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- Path string
- Where the secret backend will be mounted
- Type string
- Type of the backend, such as "aws"
- Allowed
Managed []stringKeys - Set of managed key registry entry names that the mount in question is allowed to access
- Audit
Non []stringHmac Request Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- Audit
Non []stringHmac Response Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- Default
Lease intTtl Seconds - Default lease duration for tokens and secrets in seconds
- Description string
- Human-friendly description of the mount
- External
Entropy boolAccess - Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- Local bool
- Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- Max
Lease intTtl Seconds - Maximum possible lease duration for tokens and secrets in seconds
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - Options map[string]interface{}
- Specifies mount type specific options that are passed to the backend
- Seal
Wrap bool - Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- path String
- Where the secret backend will be mounted
- type String
- Type of the backend, such as "aws"
- allowed
Managed List<String>Keys - Set of managed key registry entry names that the mount in question is allowed to access
- audit
Non List<String>Hmac Request Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit
Non List<String>Hmac Response Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- default
Lease IntegerTtl Seconds - Default lease duration for tokens and secrets in seconds
- description String
- Human-friendly description of the mount
- external
Entropy BooleanAccess - Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- local Boolean
- Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- max
Lease IntegerTtl Seconds - Maximum possible lease duration for tokens and secrets in seconds
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - options Map<String,Object>
- Specifies mount type specific options that are passed to the backend
- seal
Wrap Boolean - Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- path string
- Where the secret backend will be mounted
- type string
- Type of the backend, such as "aws"
- allowed
Managed string[]Keys - Set of managed key registry entry names that the mount in question is allowed to access
- audit
Non string[]Hmac Request Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit
Non string[]Hmac Response Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- default
Lease numberTtl Seconds - Default lease duration for tokens and secrets in seconds
- description string
- Human-friendly description of the mount
- external
Entropy booleanAccess - Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- local boolean
- Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- max
Lease numberTtl Seconds - Maximum possible lease duration for tokens and secrets in seconds
- namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - options {[key: string]: any}
- Specifies mount type specific options that are passed to the backend
- seal
Wrap boolean - Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- path str
- Where the secret backend will be mounted
- type str
- Type of the backend, such as "aws"
- allowed_
managed_ Sequence[str]keys - Set of managed key registry entry names that the mount in question is allowed to access
- audit_
non_ Sequence[str]hmac_ request_ keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit_
non_ Sequence[str]hmac_ response_ keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- default_
lease_ intttl_ seconds - Default lease duration for tokens and secrets in seconds
- description str
- Human-friendly description of the mount
- external_
entropy_ boolaccess - Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- local bool
- Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- max_
lease_ intttl_ seconds - Maximum possible lease duration for tokens and secrets in seconds
- namespace str
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - options Mapping[str, Any]
- Specifies mount type specific options that are passed to the backend
- seal_
wrap bool - Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- path String
- Where the secret backend will be mounted
- type String
- Type of the backend, such as "aws"
- allowed
Managed List<String>Keys - Set of managed key registry entry names that the mount in question is allowed to access
- audit
Non List<String>Hmac Request Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit
Non List<String>Hmac Response Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- default
Lease NumberTtl Seconds - Default lease duration for tokens and secrets in seconds
- description String
- Human-friendly description of the mount
- external
Entropy BooleanAccess - Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- local Boolean
- Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- max
Lease NumberTtl Seconds - Maximum possible lease duration for tokens and secrets in seconds
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - options Map<Any>
- Specifies mount type specific options that are passed to the backend
- seal
Wrap Boolean - Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
Outputs
All input properties are implicitly available as output properties. Additionally, the Mount resource produces the following output properties:
Look up Existing Mount Resource
Get an existing Mount resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: MountState, opts?: CustomResourceOptions): Mount@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
accessor: Optional[str] = None,
allowed_managed_keys: Optional[Sequence[str]] = None,
audit_non_hmac_request_keys: Optional[Sequence[str]] = None,
audit_non_hmac_response_keys: Optional[Sequence[str]] = None,
default_lease_ttl_seconds: Optional[int] = None,
description: Optional[str] = None,
external_entropy_access: Optional[bool] = None,
local: Optional[bool] = None,
max_lease_ttl_seconds: Optional[int] = None,
namespace: Optional[str] = None,
options: Optional[Mapping[str, Any]] = None,
path: Optional[str] = None,
seal_wrap: Optional[bool] = None,
type: Optional[str] = None) -> Mountfunc GetMount(ctx *Context, name string, id IDInput, state *MountState, opts ...ResourceOption) (*Mount, error)public static Mount Get(string name, Input<string> id, MountState? state, CustomResourceOptions? opts = null)public static Mount get(String name, Output<String> id, MountState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Accessor string
- The accessor for this mount.
- Allowed
Managed List<string>Keys - Set of managed key registry entry names that the mount in question is allowed to access
- Audit
Non List<string>Hmac Request Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- Audit
Non List<string>Hmac Response Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- Default
Lease intTtl Seconds - Default lease duration for tokens and secrets in seconds
- Description string
- Human-friendly description of the mount
- External
Entropy boolAccess - Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- Local bool
- Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- Max
Lease intTtl Seconds - Maximum possible lease duration for tokens and secrets in seconds
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - Options Dictionary<string, object>
- Specifies mount type specific options that are passed to the backend
- Path string
- Where the secret backend will be mounted
- Seal
Wrap bool - Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- Type string
- Type of the backend, such as "aws"
- Accessor string
- The accessor for this mount.
- Allowed
Managed []stringKeys - Set of managed key registry entry names that the mount in question is allowed to access
- Audit
Non []stringHmac Request Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- Audit
Non []stringHmac Response Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- Default
Lease intTtl Seconds - Default lease duration for tokens and secrets in seconds
- Description string
- Human-friendly description of the mount
- External
Entropy boolAccess - Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- Local bool
- Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- Max
Lease intTtl Seconds - Maximum possible lease duration for tokens and secrets in seconds
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - Options map[string]interface{}
- Specifies mount type specific options that are passed to the backend
- Path string
- Where the secret backend will be mounted
- Seal
Wrap bool - Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- Type string
- Type of the backend, such as "aws"
- accessor String
- The accessor for this mount.
- allowed
Managed List<String>Keys - Set of managed key registry entry names that the mount in question is allowed to access
- audit
Non List<String>Hmac Request Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit
Non List<String>Hmac Response Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- default
Lease IntegerTtl Seconds - Default lease duration for tokens and secrets in seconds
- description String
- Human-friendly description of the mount
- external
Entropy BooleanAccess - Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- local Boolean
- Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- max
Lease IntegerTtl Seconds - Maximum possible lease duration for tokens and secrets in seconds
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - options Map<String,Object>
- Specifies mount type specific options that are passed to the backend
- path String
- Where the secret backend will be mounted
- seal
Wrap Boolean - Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- type String
- Type of the backend, such as "aws"
- accessor string
- The accessor for this mount.
- allowed
Managed string[]Keys - Set of managed key registry entry names that the mount in question is allowed to access
- audit
Non string[]Hmac Request Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit
Non string[]Hmac Response Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- default
Lease numberTtl Seconds - Default lease duration for tokens and secrets in seconds
- description string
- Human-friendly description of the mount
- external
Entropy booleanAccess - Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- local boolean
- Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- max
Lease numberTtl Seconds - Maximum possible lease duration for tokens and secrets in seconds
- namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - options {[key: string]: any}
- Specifies mount type specific options that are passed to the backend
- path string
- Where the secret backend will be mounted
- seal
Wrap boolean - Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- type string
- Type of the backend, such as "aws"
- accessor str
- The accessor for this mount.
- allowed_
managed_ Sequence[str]keys - Set of managed key registry entry names that the mount in question is allowed to access
- audit_
non_ Sequence[str]hmac_ request_ keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit_
non_ Sequence[str]hmac_ response_ keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- default_
lease_ intttl_ seconds - Default lease duration for tokens and secrets in seconds
- description str
- Human-friendly description of the mount
- external_
entropy_ boolaccess - Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- local bool
- Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- max_
lease_ intttl_ seconds - Maximum possible lease duration for tokens and secrets in seconds
- namespace str
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - options Mapping[str, Any]
- Specifies mount type specific options that are passed to the backend
- path str
- Where the secret backend will be mounted
- seal_
wrap bool - Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- type str
- Type of the backend, such as "aws"
- accessor String
- The accessor for this mount.
- allowed
Managed List<String>Keys - Set of managed key registry entry names that the mount in question is allowed to access
- audit
Non List<String>Hmac Request Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit
Non List<String>Hmac Response Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- default
Lease NumberTtl Seconds - Default lease duration for tokens and secrets in seconds
- description String
- Human-friendly description of the mount
- external
Entropy BooleanAccess - Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- local Boolean
- Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- max
Lease NumberTtl Seconds - Maximum possible lease duration for tokens and secrets in seconds
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - options Map<Any>
- Specifies mount type specific options that are passed to the backend
- path String
- Where the secret backend will be mounted
- seal
Wrap Boolean - Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- type String
- Type of the backend, such as "aws"
Import
Mounts can be imported using the path, e.g.
$ pulumi import vault:index/mount:Mount example dummy
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
vaultTerraform Provider.