Viewing docs for akeyless 2.0.1
published on Monday, Apr 27, 2026 by akeyless-community
published on Monday, Apr 27, 2026 by akeyless-community
Viewing docs for akeyless 2.0.1
published on Monday, Apr 27, 2026 by akeyless-community
published on Monday, Apr 27, 2026 by akeyless-community
Kubernetes Auth Method Resource
Create AuthMethodK8s Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AuthMethodK8s(name: string, args?: AuthMethodK8sArgs, opts?: CustomResourceOptions);@overload
def AuthMethodK8s(resource_name: str,
args: Optional[AuthMethodK8sArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def AuthMethodK8s(resource_name: str,
opts: Optional[ResourceOptions] = None,
access_expires: Optional[float] = None,
allowed_client_types: Optional[Sequence[str]] = None,
audience: Optional[str] = None,
audit_logs_claims: Optional[Sequence[str]] = None,
auth_method_k8s_id: Optional[str] = None,
bound_ips: Optional[Sequence[str]] = None,
bound_namespaces: Optional[Sequence[str]] = None,
bound_pod_names: Optional[Sequence[str]] = None,
bound_sa_names: Optional[Sequence[str]] = None,
delete_protection: Optional[str] = None,
description: Optional[str] = None,
expiration_event_ins: Optional[Sequence[str]] = None,
force_sub_claims: Optional[bool] = None,
gen_key: Optional[str] = None,
gw_bound_ips: Optional[Sequence[str]] = None,
jwt_ttl: Optional[float] = None,
name: Optional[str] = None,
product_types: Optional[Sequence[str]] = None,
public_key: Optional[str] = None)func NewAuthMethodK8s(ctx *Context, name string, args *AuthMethodK8sArgs, opts ...ResourceOption) (*AuthMethodK8s, error)public AuthMethodK8s(string name, AuthMethodK8sArgs? args = null, CustomResourceOptions? opts = null)
public AuthMethodK8s(String name, AuthMethodK8sArgs args)
public AuthMethodK8s(String name, AuthMethodK8sArgs args, CustomResourceOptions options)
type: akeyless:AuthMethodK8s
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
resource "akeyless_authmethodk8s" "name" {
# resource properties
}Parameters
- name string
- The unique name of the resource.
- args AuthMethodK8sArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AuthMethodK8sArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AuthMethodK8sArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AuthMethodK8sArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AuthMethodK8sArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var authMethodK8sResource = new Akeyless.AuthMethodK8s("authMethodK8sResource", new()
{
AccessExpires = 0,
AllowedClientTypes = new[]
{
"string",
},
Audience = "string",
AuditLogsClaims = new[]
{
"string",
},
AuthMethodK8sId = "string",
BoundIps = new[]
{
"string",
},
BoundNamespaces = new[]
{
"string",
},
BoundPodNames = new[]
{
"string",
},
BoundSaNames = new[]
{
"string",
},
DeleteProtection = "string",
Description = "string",
ExpirationEventIns = new[]
{
"string",
},
ForceSubClaims = false,
GenKey = "string",
GwBoundIps = new[]
{
"string",
},
JwtTtl = 0,
Name = "string",
ProductTypes = new[]
{
"string",
},
PublicKey = "string",
});
example, err := akeyless.NewAuthMethodK8s(ctx, "authMethodK8sResource", &akeyless.AuthMethodK8sArgs{
AccessExpires: pulumi.Float64(0),
AllowedClientTypes: pulumi.StringArray{
pulumi.String("string"),
},
Audience: pulumi.String("string"),
AuditLogsClaims: pulumi.StringArray{
pulumi.String("string"),
},
AuthMethodK8sId: pulumi.String("string"),
BoundIps: pulumi.StringArray{
pulumi.String("string"),
},
BoundNamespaces: pulumi.StringArray{
pulumi.String("string"),
},
BoundPodNames: pulumi.StringArray{
pulumi.String("string"),
},
BoundSaNames: pulumi.StringArray{
pulumi.String("string"),
},
DeleteProtection: pulumi.String("string"),
Description: pulumi.String("string"),
ExpirationEventIns: pulumi.StringArray{
pulumi.String("string"),
},
ForceSubClaims: pulumi.Bool(false),
GenKey: pulumi.String("string"),
GwBoundIps: pulumi.StringArray{
pulumi.String("string"),
},
JwtTtl: pulumi.Float64(0),
Name: pulumi.String("string"),
ProductTypes: pulumi.StringArray{
pulumi.String("string"),
},
PublicKey: pulumi.String("string"),
})
resource "akeyless_authmethodk8s" "authMethodK8sResource" {
access_expires = 0
allowed_client_types = ["string"]
audience = "string"
audit_logs_claims = ["string"]
auth_method_k8s_id = "string"
bound_ips = ["string"]
bound_namespaces = ["string"]
bound_pod_names = ["string"]
bound_sa_names = ["string"]
delete_protection = "string"
description = "string"
expiration_event_ins = ["string"]
force_sub_claims = false
gen_key = "string"
gw_bound_ips = ["string"]
jwt_ttl = 0
name = "string"
product_types = ["string"]
public_key = "string"
}
var authMethodK8sResource = new AuthMethodK8s("authMethodK8sResource", AuthMethodK8sArgs.builder()
.accessExpires(0.0)
.allowedClientTypes("string")
.audience("string")
.auditLogsClaims("string")
.authMethodK8sId("string")
.boundIps("string")
.boundNamespaces("string")
.boundPodNames("string")
.boundSaNames("string")
.deleteProtection("string")
.description("string")
.expirationEventIns("string")
.forceSubClaims(false)
.genKey("string")
.gwBoundIps("string")
.jwtTtl(0.0)
.name("string")
.productTypes("string")
.publicKey("string")
.build());
auth_method_k8s_resource = akeyless.AuthMethodK8s("authMethodK8sResource",
access_expires=float(0),
allowed_client_types=["string"],
audience="string",
audit_logs_claims=["string"],
auth_method_k8s_id="string",
bound_ips=["string"],
bound_namespaces=["string"],
bound_pod_names=["string"],
bound_sa_names=["string"],
delete_protection="string",
description="string",
expiration_event_ins=["string"],
force_sub_claims=False,
gen_key="string",
gw_bound_ips=["string"],
jwt_ttl=float(0),
name="string",
product_types=["string"],
public_key="string")
const authMethodK8sResource = new akeyless.AuthMethodK8s("authMethodK8sResource", {
accessExpires: 0,
allowedClientTypes: ["string"],
audience: "string",
auditLogsClaims: ["string"],
authMethodK8sId: "string",
boundIps: ["string"],
boundNamespaces: ["string"],
boundPodNames: ["string"],
boundSaNames: ["string"],
deleteProtection: "string",
description: "string",
expirationEventIns: ["string"],
forceSubClaims: false,
genKey: "string",
gwBoundIps: ["string"],
jwtTtl: 0,
name: "string",
productTypes: ["string"],
publicKey: "string",
});
type: akeyless:AuthMethodK8s
properties:
accessExpires: 0
allowedClientTypes:
- string
audience: string
auditLogsClaims:
- string
authMethodK8sId: string
boundIps:
- string
boundNamespaces:
- string
boundPodNames:
- string
boundSaNames:
- string
deleteProtection: string
description: string
expirationEventIns:
- string
forceSubClaims: false
genKey: string
gwBoundIps:
- string
jwtTtl: 0
name: string
productTypes:
- string
publicKey: string
AuthMethodK8s Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AuthMethodK8s resource accepts the following input properties:
- Access
Expires double - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- Allowed
Client List<string>Types - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- Audience string
- The audience in the Kubernetes JWT that the access is restricted to
- Audit
Logs List<string>Claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- Auth
Method stringK8s Id - The ID of this resource.
- Bound
Ips List<string> - A CIDR whitelist with the IPs that the access is restricted to
- Bound
Namespaces List<string> - A list of namespaces that the access is restricted to
- Bound
Pod List<string>Names - A list of pod names that the access is restricted to
- Bound
Sa List<string>Names - A list of service account names that the access is restricted to
- Delete
Protection string - Protection from accidental deletion of this auth method, [true/false]
- Description string
- Auth Method description
- Expiration
Event List<string>Ins - How many days before the expiration of the auth method would you like to be notified.
- Force
Sub boolClaims - enforce role-association must include sub claims
- Gen
Key string - Automatically generate key-pair for K8S configuration. If set to false, a public key needs to be provided [true/false]
- Gw
Bound List<string>Ips - A CIDR whitelist with the GW IPs that the access is restricted to
- Jwt
Ttl double - Creds expiration time in minutes
- Name string
- Auth Method name
- Product
Types List<string> - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- Public
Key string - The generated public key
- Access
Expires float64 - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- Allowed
Client []stringTypes - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- Audience string
- The audience in the Kubernetes JWT that the access is restricted to
- Audit
Logs []stringClaims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- Auth
Method stringK8s Id - The ID of this resource.
- Bound
Ips []string - A CIDR whitelist with the IPs that the access is restricted to
- Bound
Namespaces []string - A list of namespaces that the access is restricted to
- Bound
Pod []stringNames - A list of pod names that the access is restricted to
- Bound
Sa []stringNames - A list of service account names that the access is restricted to
- Delete
Protection string - Protection from accidental deletion of this auth method, [true/false]
- Description string
- Auth Method description
- Expiration
Event []stringIns - How many days before the expiration of the auth method would you like to be notified.
- Force
Sub boolClaims - enforce role-association must include sub claims
- Gen
Key string - Automatically generate key-pair for K8S configuration. If set to false, a public key needs to be provided [true/false]
- Gw
Bound []stringIps - A CIDR whitelist with the GW IPs that the access is restricted to
- Jwt
Ttl float64 - Creds expiration time in minutes
- Name string
- Auth Method name
- Product
Types []string - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- Public
Key string - The generated public key
- access_
expires number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- allowed_
client_ list(string)types - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audience string
- The audience in the Kubernetes JWT that the access is restricted to
- audit_
logs_ list(string)claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- auth_
method_ stringk8s_ id - The ID of this resource.
- bound_
ips list(string) - A CIDR whitelist with the IPs that the access is restricted to
- bound_
namespaces list(string) - A list of namespaces that the access is restricted to
- bound_
pod_ list(string)names - A list of pod names that the access is restricted to
- bound_
sa_ list(string)names - A list of service account names that the access is restricted to
- delete_
protection string - Protection from accidental deletion of this auth method, [true/false]
- description string
- Auth Method description
- expiration_
event_ list(string)ins - How many days before the expiration of the auth method would you like to be notified.
- force_
sub_ boolclaims - enforce role-association must include sub claims
- gen_
key string - Automatically generate key-pair for K8S configuration. If set to false, a public key needs to be provided [true/false]
- gw_
bound_ list(string)ips - A CIDR whitelist with the GW IPs that the access is restricted to
- jwt_
ttl number - Creds expiration time in minutes
- name string
- Auth Method name
- product_
types list(string) - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- public_
key string - The generated public key
- access
Expires Double - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- allowed
Client List<String>Types - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audience String
- The audience in the Kubernetes JWT that the access is restricted to
- audit
Logs List<String>Claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- auth
Method StringK8s Id - The ID of this resource.
- bound
Ips List<String> - A CIDR whitelist with the IPs that the access is restricted to
- bound
Namespaces List<String> - A list of namespaces that the access is restricted to
- bound
Pod List<String>Names - A list of pod names that the access is restricted to
- bound
Sa List<String>Names - A list of service account names that the access is restricted to
- delete
Protection String - Protection from accidental deletion of this auth method, [true/false]
- description String
- Auth Method description
- expiration
Event List<String>Ins - How many days before the expiration of the auth method would you like to be notified.
- force
Sub BooleanClaims - enforce role-association must include sub claims
- gen
Key String - Automatically generate key-pair for K8S configuration. If set to false, a public key needs to be provided [true/false]
- gw
Bound List<String>Ips - A CIDR whitelist with the GW IPs that the access is restricted to
- jwt
Ttl Double - Creds expiration time in minutes
- name String
- Auth Method name
- product
Types List<String> - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- public
Key String - The generated public key
- access
Expires number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- allowed
Client string[]Types - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audience string
- The audience in the Kubernetes JWT that the access is restricted to
- audit
Logs string[]Claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- auth
Method stringK8s Id - The ID of this resource.
- bound
Ips string[] - A CIDR whitelist with the IPs that the access is restricted to
- bound
Namespaces string[] - A list of namespaces that the access is restricted to
- bound
Pod string[]Names - A list of pod names that the access is restricted to
- bound
Sa string[]Names - A list of service account names that the access is restricted to
- delete
Protection string - Protection from accidental deletion of this auth method, [true/false]
- description string
- Auth Method description
- expiration
Event string[]Ins - How many days before the expiration of the auth method would you like to be notified.
- force
Sub booleanClaims - enforce role-association must include sub claims
- gen
Key string - Automatically generate key-pair for K8S configuration. If set to false, a public key needs to be provided [true/false]
- gw
Bound string[]Ips - A CIDR whitelist with the GW IPs that the access is restricted to
- jwt
Ttl number - Creds expiration time in minutes
- name string
- Auth Method name
- product
Types string[] - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- public
Key string - The generated public key
- access_
expires float - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- allowed_
client_ Sequence[str]types - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audience str
- The audience in the Kubernetes JWT that the access is restricted to
- audit_
logs_ Sequence[str]claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- auth_
method_ strk8s_ id - The ID of this resource.
- bound_
ips Sequence[str] - A CIDR whitelist with the IPs that the access is restricted to
- bound_
namespaces Sequence[str] - A list of namespaces that the access is restricted to
- bound_
pod_ Sequence[str]names - A list of pod names that the access is restricted to
- bound_
sa_ Sequence[str]names - A list of service account names that the access is restricted to
- delete_
protection str - Protection from accidental deletion of this auth method, [true/false]
- description str
- Auth Method description
- expiration_
event_ Sequence[str]ins - How many days before the expiration of the auth method would you like to be notified.
- force_
sub_ boolclaims - enforce role-association must include sub claims
- gen_
key str - Automatically generate key-pair for K8S configuration. If set to false, a public key needs to be provided [true/false]
- gw_
bound_ Sequence[str]ips - A CIDR whitelist with the GW IPs that the access is restricted to
- jwt_
ttl float - Creds expiration time in minutes
- name str
- Auth Method name
- product_
types Sequence[str] - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- public_
key str - The generated public key
- access
Expires Number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- allowed
Client List<String>Types - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audience String
- The audience in the Kubernetes JWT that the access is restricted to
- audit
Logs List<String>Claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- auth
Method StringK8s Id - The ID of this resource.
- bound
Ips List<String> - A CIDR whitelist with the IPs that the access is restricted to
- bound
Namespaces List<String> - A list of namespaces that the access is restricted to
- bound
Pod List<String>Names - A list of pod names that the access is restricted to
- bound
Sa List<String>Names - A list of service account names that the access is restricted to
- delete
Protection String - Protection from accidental deletion of this auth method, [true/false]
- description String
- Auth Method description
- expiration
Event List<String>Ins - How many days before the expiration of the auth method would you like to be notified.
- force
Sub BooleanClaims - enforce role-association must include sub claims
- gen
Key String - Automatically generate key-pair for K8S configuration. If set to false, a public key needs to be provided [true/false]
- gw
Bound List<String>Ips - A CIDR whitelist with the GW IPs that the access is restricted to
- jwt
Ttl Number - Creds expiration time in minutes
- name String
- Auth Method name
- product
Types List<String> - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- public
Key String - The generated public key
Outputs
All input properties are implicitly available as output properties. Additionally, the AuthMethodK8s resource produces the following output properties:
- Access
Id string - Auth Method access ID
- Id string
- The provider-assigned unique ID for this managed resource.
- Private
Key string - The generated private key
- Access
Id string - Auth Method access ID
- Id string
- The provider-assigned unique ID for this managed resource.
- Private
Key string - The generated private key
- access_
id string - Auth Method access ID
- id string
- The provider-assigned unique ID for this managed resource.
- private_
key string - The generated private key
- access
Id String - Auth Method access ID
- id String
- The provider-assigned unique ID for this managed resource.
- private
Key String - The generated private key
- access
Id string - Auth Method access ID
- id string
- The provider-assigned unique ID for this managed resource.
- private
Key string - The generated private key
- access_
id str - Auth Method access ID
- id str
- The provider-assigned unique ID for this managed resource.
- private_
key str - The generated private key
- access
Id String - Auth Method access ID
- id String
- The provider-assigned unique ID for this managed resource.
- private
Key String - The generated private key
Look up Existing AuthMethodK8s Resource
Get an existing AuthMethodK8s resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AuthMethodK8sState, opts?: CustomResourceOptions): AuthMethodK8s@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_expires: Optional[float] = None,
access_id: Optional[str] = None,
allowed_client_types: Optional[Sequence[str]] = None,
audience: Optional[str] = None,
audit_logs_claims: Optional[Sequence[str]] = None,
auth_method_k8s_id: Optional[str] = None,
bound_ips: Optional[Sequence[str]] = None,
bound_namespaces: Optional[Sequence[str]] = None,
bound_pod_names: Optional[Sequence[str]] = None,
bound_sa_names: Optional[Sequence[str]] = None,
delete_protection: Optional[str] = None,
description: Optional[str] = None,
expiration_event_ins: Optional[Sequence[str]] = None,
force_sub_claims: Optional[bool] = None,
gen_key: Optional[str] = None,
gw_bound_ips: Optional[Sequence[str]] = None,
jwt_ttl: Optional[float] = None,
name: Optional[str] = None,
private_key: Optional[str] = None,
product_types: Optional[Sequence[str]] = None,
public_key: Optional[str] = None) -> AuthMethodK8sfunc GetAuthMethodK8s(ctx *Context, name string, id IDInput, state *AuthMethodK8sState, opts ...ResourceOption) (*AuthMethodK8s, error)public static AuthMethodK8s Get(string name, Input<string> id, AuthMethodK8sState? state, CustomResourceOptions? opts = null)public static AuthMethodK8s get(String name, Output<String> id, AuthMethodK8sState state, CustomResourceOptions options)resources: _: type: akeyless:AuthMethodK8s get: id: ${id}import {
to = akeyless_authmethodk8s.example
id = "${id}"
}
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Expires double - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- Access
Id string - Auth Method access ID
- Allowed
Client List<string>Types - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- Audience string
- The audience in the Kubernetes JWT that the access is restricted to
- Audit
Logs List<string>Claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- Auth
Method stringK8s Id - The ID of this resource.
- Bound
Ips List<string> - A CIDR whitelist with the IPs that the access is restricted to
- Bound
Namespaces List<string> - A list of namespaces that the access is restricted to
- Bound
Pod List<string>Names - A list of pod names that the access is restricted to
- Bound
Sa List<string>Names - A list of service account names that the access is restricted to
- Delete
Protection string - Protection from accidental deletion of this auth method, [true/false]
- Description string
- Auth Method description
- Expiration
Event List<string>Ins - How many days before the expiration of the auth method would you like to be notified.
- Force
Sub boolClaims - enforce role-association must include sub claims
- Gen
Key string - Automatically generate key-pair for K8S configuration. If set to false, a public key needs to be provided [true/false]
- Gw
Bound List<string>Ips - A CIDR whitelist with the GW IPs that the access is restricted to
- Jwt
Ttl double - Creds expiration time in minutes
- Name string
- Auth Method name
- Private
Key string - The generated private key
- Product
Types List<string> - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- Public
Key string - The generated public key
- Access
Expires float64 - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- Access
Id string - Auth Method access ID
- Allowed
Client []stringTypes - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- Audience string
- The audience in the Kubernetes JWT that the access is restricted to
- Audit
Logs []stringClaims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- Auth
Method stringK8s Id - The ID of this resource.
- Bound
Ips []string - A CIDR whitelist with the IPs that the access is restricted to
- Bound
Namespaces []string - A list of namespaces that the access is restricted to
- Bound
Pod []stringNames - A list of pod names that the access is restricted to
- Bound
Sa []stringNames - A list of service account names that the access is restricted to
- Delete
Protection string - Protection from accidental deletion of this auth method, [true/false]
- Description string
- Auth Method description
- Expiration
Event []stringIns - How many days before the expiration of the auth method would you like to be notified.
- Force
Sub boolClaims - enforce role-association must include sub claims
- Gen
Key string - Automatically generate key-pair for K8S configuration. If set to false, a public key needs to be provided [true/false]
- Gw
Bound []stringIps - A CIDR whitelist with the GW IPs that the access is restricted to
- Jwt
Ttl float64 - Creds expiration time in minutes
- Name string
- Auth Method name
- Private
Key string - The generated private key
- Product
Types []string - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- Public
Key string - The generated public key
- access_
expires number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- access_
id string - Auth Method access ID
- allowed_
client_ list(string)types - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audience string
- The audience in the Kubernetes JWT that the access is restricted to
- audit_
logs_ list(string)claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- auth_
method_ stringk8s_ id - The ID of this resource.
- bound_
ips list(string) - A CIDR whitelist with the IPs that the access is restricted to
- bound_
namespaces list(string) - A list of namespaces that the access is restricted to
- bound_
pod_ list(string)names - A list of pod names that the access is restricted to
- bound_
sa_ list(string)names - A list of service account names that the access is restricted to
- delete_
protection string - Protection from accidental deletion of this auth method, [true/false]
- description string
- Auth Method description
- expiration_
event_ list(string)ins - How many days before the expiration of the auth method would you like to be notified.
- force_
sub_ boolclaims - enforce role-association must include sub claims
- gen_
key string - Automatically generate key-pair for K8S configuration. If set to false, a public key needs to be provided [true/false]
- gw_
bound_ list(string)ips - A CIDR whitelist with the GW IPs that the access is restricted to
- jwt_
ttl number - Creds expiration time in minutes
- name string
- Auth Method name
- private_
key string - The generated private key
- product_
types list(string) - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- public_
key string - The generated public key
- access
Expires Double - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- access
Id String - Auth Method access ID
- allowed
Client List<String>Types - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audience String
- The audience in the Kubernetes JWT that the access is restricted to
- audit
Logs List<String>Claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- auth
Method StringK8s Id - The ID of this resource.
- bound
Ips List<String> - A CIDR whitelist with the IPs that the access is restricted to
- bound
Namespaces List<String> - A list of namespaces that the access is restricted to
- bound
Pod List<String>Names - A list of pod names that the access is restricted to
- bound
Sa List<String>Names - A list of service account names that the access is restricted to
- delete
Protection String - Protection from accidental deletion of this auth method, [true/false]
- description String
- Auth Method description
- expiration
Event List<String>Ins - How many days before the expiration of the auth method would you like to be notified.
- force
Sub BooleanClaims - enforce role-association must include sub claims
- gen
Key String - Automatically generate key-pair for K8S configuration. If set to false, a public key needs to be provided [true/false]
- gw
Bound List<String>Ips - A CIDR whitelist with the GW IPs that the access is restricted to
- jwt
Ttl Double - Creds expiration time in minutes
- name String
- Auth Method name
- private
Key String - The generated private key
- product
Types List<String> - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- public
Key String - The generated public key
- access
Expires number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- access
Id string - Auth Method access ID
- allowed
Client string[]Types - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audience string
- The audience in the Kubernetes JWT that the access is restricted to
- audit
Logs string[]Claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- auth
Method stringK8s Id - The ID of this resource.
- bound
Ips string[] - A CIDR whitelist with the IPs that the access is restricted to
- bound
Namespaces string[] - A list of namespaces that the access is restricted to
- bound
Pod string[]Names - A list of pod names that the access is restricted to
- bound
Sa string[]Names - A list of service account names that the access is restricted to
- delete
Protection string - Protection from accidental deletion of this auth method, [true/false]
- description string
- Auth Method description
- expiration
Event string[]Ins - How many days before the expiration of the auth method would you like to be notified.
- force
Sub booleanClaims - enforce role-association must include sub claims
- gen
Key string - Automatically generate key-pair for K8S configuration. If set to false, a public key needs to be provided [true/false]
- gw
Bound string[]Ips - A CIDR whitelist with the GW IPs that the access is restricted to
- jwt
Ttl number - Creds expiration time in minutes
- name string
- Auth Method name
- private
Key string - The generated private key
- product
Types string[] - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- public
Key string - The generated public key
- access_
expires float - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- access_
id str - Auth Method access ID
- allowed_
client_ Sequence[str]types - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audience str
- The audience in the Kubernetes JWT that the access is restricted to
- audit_
logs_ Sequence[str]claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- auth_
method_ strk8s_ id - The ID of this resource.
- bound_
ips Sequence[str] - A CIDR whitelist with the IPs that the access is restricted to
- bound_
namespaces Sequence[str] - A list of namespaces that the access is restricted to
- bound_
pod_ Sequence[str]names - A list of pod names that the access is restricted to
- bound_
sa_ Sequence[str]names - A list of service account names that the access is restricted to
- delete_
protection str - Protection from accidental deletion of this auth method, [true/false]
- description str
- Auth Method description
- expiration_
event_ Sequence[str]ins - How many days before the expiration of the auth method would you like to be notified.
- force_
sub_ boolclaims - enforce role-association must include sub claims
- gen_
key str - Automatically generate key-pair for K8S configuration. If set to false, a public key needs to be provided [true/false]
- gw_
bound_ Sequence[str]ips - A CIDR whitelist with the GW IPs that the access is restricted to
- jwt_
ttl float - Creds expiration time in minutes
- name str
- Auth Method name
- private_
key str - The generated private key
- product_
types Sequence[str] - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- public_
key str - The generated public key
- access
Expires Number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- access
Id String - Auth Method access ID
- allowed
Client List<String>Types - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audience String
- The audience in the Kubernetes JWT that the access is restricted to
- audit
Logs List<String>Claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- auth
Method StringK8s Id - The ID of this resource.
- bound
Ips List<String> - A CIDR whitelist with the IPs that the access is restricted to
- bound
Namespaces List<String> - A list of namespaces that the access is restricted to
- bound
Pod List<String>Names - A list of pod names that the access is restricted to
- bound
Sa List<String>Names - A list of service account names that the access is restricted to
- delete
Protection String - Protection from accidental deletion of this auth method, [true/false]
- description String
- Auth Method description
- expiration
Event List<String>Ins - How many days before the expiration of the auth method would you like to be notified.
- force
Sub BooleanClaims - enforce role-association must include sub claims
- gen
Key String - Automatically generate key-pair for K8S configuration. If set to false, a public key needs to be provided [true/false]
- gw
Bound List<String>Ips - A CIDR whitelist with the GW IPs that the access is restricted to
- jwt
Ttl Number - Creds expiration time in minutes
- name String
- Auth Method name
- private
Key String - The generated private key
- product
Types List<String> - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- public
Key String - The generated public key
Package Details
- Repository
- akeyless akeyless-community/terraform-provider-akeyless
- License
- Notes
- This Pulumi package is based on the
akeylessTerraform Provider.
Viewing docs for akeyless 2.0.1
published on Monday, Apr 27, 2026 by akeyless-community
published on Monday, Apr 27, 2026 by akeyless-community
