1. Packages
  2. Harness
  3. API Docs
  4. platform
  5. VaultConnector
Harness v0.1.2 published on Friday, Jul 19, 2024 by Pulumi

harness.platform.VaultConnector

Explore with Pulumi AI

harness logo
Harness v0.1.2 published on Friday, Jul 19, 2024 by Pulumi

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as harness from "@pulumi/harness";
    
    const awsAuth = new harness.platform.VaultConnector("aws_auth", {
        identifier: "identifier",
        name: "name",
        description: "test",
        tags: ["foo:bar"],
        awsRegion: "aws_region",
        basePath: "base_path",
        accessType: "AWS_IAM",
        "default": false,
        xvaultAwsIamServerId: `account.${test.id}`,
        readOnly: true,
        renewalIntervalMinutes: 60,
        secretEngineManuallyConfigured: true,
        secretEngineName: "secret_engine_name",
        secretEngineVersion: 2,
        vaultAwsIamRole: "vault_aws_iam_role",
        useAwsIam: true,
        useK8sAuth: false,
        useVaultAgent: false,
        delegateSelectors: ["harness-delegate"],
        vaultUrl: "https://vault_url.com",
    });
    const appRole = new harness.platform.VaultConnector("app_role", {
        identifier: "identifier",
        name: "name",
        description: "test",
        tags: ["foo:bar"],
        appRoleId: "app_role_id",
        basePath: "base_path",
        accessType: "APP_ROLE",
        "default": false,
        secretId: `account.${test.id}`,
        readOnly: true,
        renewalIntervalMinutes: 60,
        secretEngineManuallyConfigured: true,
        secretEngineName: "secret_engine_name",
        secretEngineVersion: 2,
        useAwsIam: false,
        useK8sAuth: false,
        useVaultAgent: false,
        renewAppRoleToken: true,
        delegateSelectors: ["harness-delegate"],
        vaultUrl: "https://vault_url.com",
    });
    const k8sAuth = new harness.platform.VaultConnector("k8s_auth", {
        identifier: "identifier",
        name: "name",
        description: "test",
        tags: ["foo:bar"],
        authToken: `account.${test.id}`,
        basePath: "base_path",
        accessType: "K8s_AUTH",
        "default": false,
        k8sAuthEndpoint: "k8s_auth_endpoint",
        namespace: "namespace",
        readOnly: true,
        renewalIntervalMinutes: 10,
        secretEngineManuallyConfigured: true,
        secretEngineName: "secret_engine_name",
        secretEngineVersion: 2,
        serviceAccountTokenPath: "service_account_token_path",
        useAwsIam: false,
        useK8sAuth: true,
        useVaultAgent: false,
        vaultK8sAuthRole: "vault_k8s_auth_role",
        vaultAwsIamRole: "vault_aws_iam_role",
        delegateSelectors: ["harness-delegate"],
        vaultUrl: "https://vault_url.com",
    });
    const vaultAgent = new harness.platform.VaultConnector("vault_agent", {
        identifier: "identifier",
        name: "name",
        description: "test",
        tags: ["foo:bar"],
        authToken: `account.${test.id}`,
        basePath: "base_path",
        accessType: "VAULT_AGENT",
        "default": false,
        namespace: "namespace",
        readOnly: true,
        renewalIntervalMinutes: 10,
        secretEngineManuallyConfigured: true,
        secretEngineName: "secret_engine_name",
        secretEngineVersion: 2,
        useAwsIam: false,
        useK8sAuth: false,
        useVaultAgent: true,
        sinkPath: "sink_path",
        delegateSelectors: ["harness-delegate"],
        vaultUrl: "https://vault_url.com",
    });
    const token = new harness.platform.VaultConnector("token", {
        identifier: "identifier",
        name: "name",
        description: "test",
        tags: ["foo:bar"],
        authToken: `account.${test.id}`,
        basePath: "base_path",
        accessType: "TOKEN",
        "default": false,
        namespace: "namespace",
        readOnly: true,
        renewalIntervalMinutes: 10,
        secretEngineManuallyConfigured: true,
        secretEngineName: "secret_engine_name",
        secretEngineVersion: 2,
        useAwsIam: false,
        useK8sAuth: false,
        vaultUrl: "https://vault_url.com",
    });
    
    import pulumi
    import pulumi_harness as harness
    
    aws_auth = harness.platform.VaultConnector("aws_auth",
        identifier="identifier",
        name="name",
        description="test",
        tags=["foo:bar"],
        aws_region="aws_region",
        base_path="base_path",
        access_type="AWS_IAM",
        default=False,
        xvault_aws_iam_server_id=f"account.{test['id']}",
        read_only=True,
        renewal_interval_minutes=60,
        secret_engine_manually_configured=True,
        secret_engine_name="secret_engine_name",
        secret_engine_version=2,
        vault_aws_iam_role="vault_aws_iam_role",
        use_aws_iam=True,
        use_k8s_auth=False,
        use_vault_agent=False,
        delegate_selectors=["harness-delegate"],
        vault_url="https://vault_url.com")
    app_role = harness.platform.VaultConnector("app_role",
        identifier="identifier",
        name="name",
        description="test",
        tags=["foo:bar"],
        app_role_id="app_role_id",
        base_path="base_path",
        access_type="APP_ROLE",
        default=False,
        secret_id=f"account.{test['id']}",
        read_only=True,
        renewal_interval_minutes=60,
        secret_engine_manually_configured=True,
        secret_engine_name="secret_engine_name",
        secret_engine_version=2,
        use_aws_iam=False,
        use_k8s_auth=False,
        use_vault_agent=False,
        renew_app_role_token=True,
        delegate_selectors=["harness-delegate"],
        vault_url="https://vault_url.com")
    k8s_auth = harness.platform.VaultConnector("k8s_auth",
        identifier="identifier",
        name="name",
        description="test",
        tags=["foo:bar"],
        auth_token=f"account.{test['id']}",
        base_path="base_path",
        access_type="K8s_AUTH",
        default=False,
        k8s_auth_endpoint="k8s_auth_endpoint",
        namespace="namespace",
        read_only=True,
        renewal_interval_minutes=10,
        secret_engine_manually_configured=True,
        secret_engine_name="secret_engine_name",
        secret_engine_version=2,
        service_account_token_path="service_account_token_path",
        use_aws_iam=False,
        use_k8s_auth=True,
        use_vault_agent=False,
        vault_k8s_auth_role="vault_k8s_auth_role",
        vault_aws_iam_role="vault_aws_iam_role",
        delegate_selectors=["harness-delegate"],
        vault_url="https://vault_url.com")
    vault_agent = harness.platform.VaultConnector("vault_agent",
        identifier="identifier",
        name="name",
        description="test",
        tags=["foo:bar"],
        auth_token=f"account.{test['id']}",
        base_path="base_path",
        access_type="VAULT_AGENT",
        default=False,
        namespace="namespace",
        read_only=True,
        renewal_interval_minutes=10,
        secret_engine_manually_configured=True,
        secret_engine_name="secret_engine_name",
        secret_engine_version=2,
        use_aws_iam=False,
        use_k8s_auth=False,
        use_vault_agent=True,
        sink_path="sink_path",
        delegate_selectors=["harness-delegate"],
        vault_url="https://vault_url.com")
    token = harness.platform.VaultConnector("token",
        identifier="identifier",
        name="name",
        description="test",
        tags=["foo:bar"],
        auth_token=f"account.{test['id']}",
        base_path="base_path",
        access_type="TOKEN",
        default=False,
        namespace="namespace",
        read_only=True,
        renewal_interval_minutes=10,
        secret_engine_manually_configured=True,
        secret_engine_name="secret_engine_name",
        secret_engine_version=2,
        use_aws_iam=False,
        use_k8s_auth=False,
        vault_url="https://vault_url.com")
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-harness/sdk/go/harness/platform"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := platform.NewVaultConnector(ctx, "aws_auth", &platform.VaultConnectorArgs{
    			Identifier:  pulumi.String("identifier"),
    			Name:        pulumi.String("name"),
    			Description: pulumi.String("test"),
    			Tags: pulumi.StringArray{
    				pulumi.String("foo:bar"),
    			},
    			AwsRegion:                      pulumi.String("aws_region"),
    			BasePath:                       pulumi.String("base_path"),
    			AccessType:                     pulumi.String("AWS_IAM"),
    			Default:                        pulumi.Bool(false),
    			XvaultAwsIamServerId:           pulumi.String(fmt.Sprintf("account.%v", test.Id)),
    			ReadOnly:                       pulumi.Bool(true),
    			RenewalIntervalMinutes:         pulumi.Int(60),
    			SecretEngineManuallyConfigured: pulumi.Bool(true),
    			SecretEngineName:               pulumi.String("secret_engine_name"),
    			SecretEngineVersion:            pulumi.Int(2),
    			VaultAwsIamRole:                pulumi.String("vault_aws_iam_role"),
    			UseAwsIam:                      pulumi.Bool(true),
    			UseK8sAuth:                     pulumi.Bool(false),
    			UseVaultAgent:                  pulumi.Bool(false),
    			DelegateSelectors: pulumi.StringArray{
    				pulumi.String("harness-delegate"),
    			},
    			VaultUrl: pulumi.String("https://vault_url.com"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = platform.NewVaultConnector(ctx, "app_role", &platform.VaultConnectorArgs{
    			Identifier:  pulumi.String("identifier"),
    			Name:        pulumi.String("name"),
    			Description: pulumi.String("test"),
    			Tags: pulumi.StringArray{
    				pulumi.String("foo:bar"),
    			},
    			AppRoleId:                      pulumi.String("app_role_id"),
    			BasePath:                       pulumi.String("base_path"),
    			AccessType:                     pulumi.String("APP_ROLE"),
    			Default:                        pulumi.Bool(false),
    			SecretId:                       pulumi.String(fmt.Sprintf("account.%v", test.Id)),
    			ReadOnly:                       pulumi.Bool(true),
    			RenewalIntervalMinutes:         pulumi.Int(60),
    			SecretEngineManuallyConfigured: pulumi.Bool(true),
    			SecretEngineName:               pulumi.String("secret_engine_name"),
    			SecretEngineVersion:            pulumi.Int(2),
    			UseAwsIam:                      pulumi.Bool(false),
    			UseK8sAuth:                     pulumi.Bool(false),
    			UseVaultAgent:                  pulumi.Bool(false),
    			RenewAppRoleToken:              pulumi.Bool(true),
    			DelegateSelectors: pulumi.StringArray{
    				pulumi.String("harness-delegate"),
    			},
    			VaultUrl: pulumi.String("https://vault_url.com"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = platform.NewVaultConnector(ctx, "k8s_auth", &platform.VaultConnectorArgs{
    			Identifier:  pulumi.String("identifier"),
    			Name:        pulumi.String("name"),
    			Description: pulumi.String("test"),
    			Tags: pulumi.StringArray{
    				pulumi.String("foo:bar"),
    			},
    			AuthToken:                      pulumi.String(fmt.Sprintf("account.%v", test.Id)),
    			BasePath:                       pulumi.String("base_path"),
    			AccessType:                     pulumi.String("K8s_AUTH"),
    			Default:                        pulumi.Bool(false),
    			K8sAuthEndpoint:                pulumi.String("k8s_auth_endpoint"),
    			Namespace:                      pulumi.String("namespace"),
    			ReadOnly:                       pulumi.Bool(true),
    			RenewalIntervalMinutes:         pulumi.Int(10),
    			SecretEngineManuallyConfigured: pulumi.Bool(true),
    			SecretEngineName:               pulumi.String("secret_engine_name"),
    			SecretEngineVersion:            pulumi.Int(2),
    			ServiceAccountTokenPath:        pulumi.String("service_account_token_path"),
    			UseAwsIam:                      pulumi.Bool(false),
    			UseK8sAuth:                     pulumi.Bool(true),
    			UseVaultAgent:                  pulumi.Bool(false),
    			VaultK8sAuthRole:               pulumi.String("vault_k8s_auth_role"),
    			VaultAwsIamRole:                pulumi.String("vault_aws_iam_role"),
    			DelegateSelectors: pulumi.StringArray{
    				pulumi.String("harness-delegate"),
    			},
    			VaultUrl: pulumi.String("https://vault_url.com"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = platform.NewVaultConnector(ctx, "vault_agent", &platform.VaultConnectorArgs{
    			Identifier:  pulumi.String("identifier"),
    			Name:        pulumi.String("name"),
    			Description: pulumi.String("test"),
    			Tags: pulumi.StringArray{
    				pulumi.String("foo:bar"),
    			},
    			AuthToken:                      pulumi.String(fmt.Sprintf("account.%v", test.Id)),
    			BasePath:                       pulumi.String("base_path"),
    			AccessType:                     pulumi.String("VAULT_AGENT"),
    			Default:                        pulumi.Bool(false),
    			Namespace:                      pulumi.String("namespace"),
    			ReadOnly:                       pulumi.Bool(true),
    			RenewalIntervalMinutes:         pulumi.Int(10),
    			SecretEngineManuallyConfigured: pulumi.Bool(true),
    			SecretEngineName:               pulumi.String("secret_engine_name"),
    			SecretEngineVersion:            pulumi.Int(2),
    			UseAwsIam:                      pulumi.Bool(false),
    			UseK8sAuth:                     pulumi.Bool(false),
    			UseVaultAgent:                  pulumi.Bool(true),
    			SinkPath:                       pulumi.String("sink_path"),
    			DelegateSelectors: pulumi.StringArray{
    				pulumi.String("harness-delegate"),
    			},
    			VaultUrl: pulumi.String("https://vault_url.com"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = platform.NewVaultConnector(ctx, "token", &platform.VaultConnectorArgs{
    			Identifier:  pulumi.String("identifier"),
    			Name:        pulumi.String("name"),
    			Description: pulumi.String("test"),
    			Tags: pulumi.StringArray{
    				pulumi.String("foo:bar"),
    			},
    			AuthToken:                      pulumi.String(fmt.Sprintf("account.%v", test.Id)),
    			BasePath:                       pulumi.String("base_path"),
    			AccessType:                     pulumi.String("TOKEN"),
    			Default:                        pulumi.Bool(false),
    			Namespace:                      pulumi.String("namespace"),
    			ReadOnly:                       pulumi.Bool(true),
    			RenewalIntervalMinutes:         pulumi.Int(10),
    			SecretEngineManuallyConfigured: pulumi.Bool(true),
    			SecretEngineName:               pulumi.String("secret_engine_name"),
    			SecretEngineVersion:            pulumi.Int(2),
    			UseAwsIam:                      pulumi.Bool(false),
    			UseK8sAuth:                     pulumi.Bool(false),
    			VaultUrl:                       pulumi.String("https://vault_url.com"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Harness = Pulumi.Harness;
    
    return await Deployment.RunAsync(() => 
    {
        var awsAuth = new Harness.Platform.VaultConnector("aws_auth", new()
        {
            Identifier = "identifier",
            Name = "name",
            Description = "test",
            Tags = new[]
            {
                "foo:bar",
            },
            AwsRegion = "aws_region",
            BasePath = "base_path",
            AccessType = "AWS_IAM",
            Default = false,
            XvaultAwsIamServerId = $"account.{test.Id}",
            ReadOnly = true,
            RenewalIntervalMinutes = 60,
            SecretEngineManuallyConfigured = true,
            SecretEngineName = "secret_engine_name",
            SecretEngineVersion = 2,
            VaultAwsIamRole = "vault_aws_iam_role",
            UseAwsIam = true,
            UseK8sAuth = false,
            UseVaultAgent = false,
            DelegateSelectors = new[]
            {
                "harness-delegate",
            },
            VaultUrl = "https://vault_url.com",
        });
    
        var appRole = new Harness.Platform.VaultConnector("app_role", new()
        {
            Identifier = "identifier",
            Name = "name",
            Description = "test",
            Tags = new[]
            {
                "foo:bar",
            },
            AppRoleId = "app_role_id",
            BasePath = "base_path",
            AccessType = "APP_ROLE",
            Default = false,
            SecretId = $"account.{test.Id}",
            ReadOnly = true,
            RenewalIntervalMinutes = 60,
            SecretEngineManuallyConfigured = true,
            SecretEngineName = "secret_engine_name",
            SecretEngineVersion = 2,
            UseAwsIam = false,
            UseK8sAuth = false,
            UseVaultAgent = false,
            RenewAppRoleToken = true,
            DelegateSelectors = new[]
            {
                "harness-delegate",
            },
            VaultUrl = "https://vault_url.com",
        });
    
        var k8sAuth = new Harness.Platform.VaultConnector("k8s_auth", new()
        {
            Identifier = "identifier",
            Name = "name",
            Description = "test",
            Tags = new[]
            {
                "foo:bar",
            },
            AuthToken = $"account.{test.Id}",
            BasePath = "base_path",
            AccessType = "K8s_AUTH",
            Default = false,
            K8sAuthEndpoint = "k8s_auth_endpoint",
            Namespace = "namespace",
            ReadOnly = true,
            RenewalIntervalMinutes = 10,
            SecretEngineManuallyConfigured = true,
            SecretEngineName = "secret_engine_name",
            SecretEngineVersion = 2,
            ServiceAccountTokenPath = "service_account_token_path",
            UseAwsIam = false,
            UseK8sAuth = true,
            UseVaultAgent = false,
            VaultK8sAuthRole = "vault_k8s_auth_role",
            VaultAwsIamRole = "vault_aws_iam_role",
            DelegateSelectors = new[]
            {
                "harness-delegate",
            },
            VaultUrl = "https://vault_url.com",
        });
    
        var vaultAgent = new Harness.Platform.VaultConnector("vault_agent", new()
        {
            Identifier = "identifier",
            Name = "name",
            Description = "test",
            Tags = new[]
            {
                "foo:bar",
            },
            AuthToken = $"account.{test.Id}",
            BasePath = "base_path",
            AccessType = "VAULT_AGENT",
            Default = false,
            Namespace = "namespace",
            ReadOnly = true,
            RenewalIntervalMinutes = 10,
            SecretEngineManuallyConfigured = true,
            SecretEngineName = "secret_engine_name",
            SecretEngineVersion = 2,
            UseAwsIam = false,
            UseK8sAuth = false,
            UseVaultAgent = true,
            SinkPath = "sink_path",
            DelegateSelectors = new[]
            {
                "harness-delegate",
            },
            VaultUrl = "https://vault_url.com",
        });
    
        var token = new Harness.Platform.VaultConnector("token", new()
        {
            Identifier = "identifier",
            Name = "name",
            Description = "test",
            Tags = new[]
            {
                "foo:bar",
            },
            AuthToken = $"account.{test.Id}",
            BasePath = "base_path",
            AccessType = "TOKEN",
            Default = false,
            Namespace = "namespace",
            ReadOnly = true,
            RenewalIntervalMinutes = 10,
            SecretEngineManuallyConfigured = true,
            SecretEngineName = "secret_engine_name",
            SecretEngineVersion = 2,
            UseAwsIam = false,
            UseK8sAuth = false,
            VaultUrl = "https://vault_url.com",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.harness.platform.VaultConnector;
    import com.pulumi.harness.platform.VaultConnectorArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var awsAuth = new VaultConnector("awsAuth", VaultConnectorArgs.builder()
                .identifier("identifier")
                .name("name")
                .description("test")
                .tags("foo:bar")
                .awsRegion("aws_region")
                .basePath("base_path")
                .accessType("AWS_IAM")
                .default_(false)
                .xvaultAwsIamServerId(String.format("account.%s", test.id()))
                .readOnly(true)
                .renewalIntervalMinutes(60)
                .secretEngineManuallyConfigured(true)
                .secretEngineName("secret_engine_name")
                .secretEngineVersion(2)
                .vaultAwsIamRole("vault_aws_iam_role")
                .useAwsIam(true)
                .useK8sAuth(false)
                .useVaultAgent(false)
                .delegateSelectors("harness-delegate")
                .vaultUrl("https://vault_url.com")
                .build());
    
            var appRole = new VaultConnector("appRole", VaultConnectorArgs.builder()
                .identifier("identifier")
                .name("name")
                .description("test")
                .tags("foo:bar")
                .appRoleId("app_role_id")
                .basePath("base_path")
                .accessType("APP_ROLE")
                .default_(false)
                .secretId(String.format("account.%s", test.id()))
                .readOnly(true)
                .renewalIntervalMinutes(60)
                .secretEngineManuallyConfigured(true)
                .secretEngineName("secret_engine_name")
                .secretEngineVersion(2)
                .useAwsIam(false)
                .useK8sAuth(false)
                .useVaultAgent(false)
                .renewAppRoleToken(true)
                .delegateSelectors("harness-delegate")
                .vaultUrl("https://vault_url.com")
                .build());
    
            var k8sAuth = new VaultConnector("k8sAuth", VaultConnectorArgs.builder()
                .identifier("identifier")
                .name("name")
                .description("test")
                .tags("foo:bar")
                .authToken(String.format("account.%s", test.id()))
                .basePath("base_path")
                .accessType("K8s_AUTH")
                .default_(false)
                .k8sAuthEndpoint("k8s_auth_endpoint")
                .namespace("namespace")
                .readOnly(true)
                .renewalIntervalMinutes(10)
                .secretEngineManuallyConfigured(true)
                .secretEngineName("secret_engine_name")
                .secretEngineVersion(2)
                .serviceAccountTokenPath("service_account_token_path")
                .useAwsIam(false)
                .useK8sAuth(true)
                .useVaultAgent(false)
                .vaultK8sAuthRole("vault_k8s_auth_role")
                .vaultAwsIamRole("vault_aws_iam_role")
                .delegateSelectors("harness-delegate")
                .vaultUrl("https://vault_url.com")
                .build());
    
            var vaultAgent = new VaultConnector("vaultAgent", VaultConnectorArgs.builder()
                .identifier("identifier")
                .name("name")
                .description("test")
                .tags("foo:bar")
                .authToken(String.format("account.%s", test.id()))
                .basePath("base_path")
                .accessType("VAULT_AGENT")
                .default_(false)
                .namespace("namespace")
                .readOnly(true)
                .renewalIntervalMinutes(10)
                .secretEngineManuallyConfigured(true)
                .secretEngineName("secret_engine_name")
                .secretEngineVersion(2)
                .useAwsIam(false)
                .useK8sAuth(false)
                .useVaultAgent(true)
                .sinkPath("sink_path")
                .delegateSelectors("harness-delegate")
                .vaultUrl("https://vault_url.com")
                .build());
    
            var token = new VaultConnector("token", VaultConnectorArgs.builder()
                .identifier("identifier")
                .name("name")
                .description("test")
                .tags("foo:bar")
                .authToken(String.format("account.%s", test.id()))
                .basePath("base_path")
                .accessType("TOKEN")
                .default_(false)
                .namespace("namespace")
                .readOnly(true)
                .renewalIntervalMinutes(10)
                .secretEngineManuallyConfigured(true)
                .secretEngineName("secret_engine_name")
                .secretEngineVersion(2)
                .useAwsIam(false)
                .useK8sAuth(false)
                .vaultUrl("https://vault_url.com")
                .build());
    
        }
    }
    
    resources:
      awsAuth:
        type: harness:platform:VaultConnector
        name: aws_auth
        properties:
          identifier: identifier
          name: name
          description: test
          tags:
            - foo:bar
          awsRegion: aws_region
          basePath: base_path
          accessType: AWS_IAM
          default: false
          xvaultAwsIamServerId: account.${test.id}
          readOnly: true
          renewalIntervalMinutes: 60
          secretEngineManuallyConfigured: true
          secretEngineName: secret_engine_name
          secretEngineVersion: 2
          vaultAwsIamRole: vault_aws_iam_role
          useAwsIam: true
          useK8sAuth: false
          useVaultAgent: false
          delegateSelectors:
            - harness-delegate
          vaultUrl: https://vault_url.com
      appRole:
        type: harness:platform:VaultConnector
        name: app_role
        properties:
          identifier: identifier
          name: name
          description: test
          tags:
            - foo:bar
          appRoleId: app_role_id
          basePath: base_path
          accessType: APP_ROLE
          default: false
          secretId: account.${test.id}
          readOnly: true
          renewalIntervalMinutes: 60
          secretEngineManuallyConfigured: true
          secretEngineName: secret_engine_name
          secretEngineVersion: 2
          useAwsIam: false
          useK8sAuth: false
          useVaultAgent: false
          renewAppRoleToken: true
          delegateSelectors:
            - harness-delegate
          vaultUrl: https://vault_url.com
      k8sAuth:
        type: harness:platform:VaultConnector
        name: k8s_auth
        properties:
          identifier: identifier
          name: name
          description: test
          tags:
            - foo:bar
          authToken: account.${test.id}
          basePath: base_path
          accessType: K8s_AUTH
          default: false
          k8sAuthEndpoint: k8s_auth_endpoint
          namespace: namespace
          readOnly: true
          renewalIntervalMinutes: 10
          secretEngineManuallyConfigured: true
          secretEngineName: secret_engine_name
          secretEngineVersion: 2
          serviceAccountTokenPath: service_account_token_path
          useAwsIam: false
          useK8sAuth: true
          useVaultAgent: false
          vaultK8sAuthRole: vault_k8s_auth_role
          vaultAwsIamRole: vault_aws_iam_role
          delegateSelectors:
            - harness-delegate
          vaultUrl: https://vault_url.com
      vaultAgent:
        type: harness:platform:VaultConnector
        name: vault_agent
        properties:
          identifier: identifier
          name: name
          description: test
          tags:
            - foo:bar
          authToken: account.${test.id}
          basePath: base_path
          accessType: VAULT_AGENT
          default: false
          namespace: namespace
          readOnly: true
          renewalIntervalMinutes: 10
          secretEngineManuallyConfigured: true
          secretEngineName: secret_engine_name
          secretEngineVersion: 2
          useAwsIam: false
          useK8sAuth: false
          useVaultAgent: true
          sinkPath: sink_path
          delegateSelectors:
            - harness-delegate
          vaultUrl: https://vault_url.com
      token:
        type: harness:platform:VaultConnector
        properties:
          identifier: identifier
          name: name
          description: test
          tags:
            - foo:bar
          authToken: account.${test.id}
          basePath: base_path
          accessType: TOKEN
          default: false
          namespace: namespace
          readOnly: true
          renewalIntervalMinutes: 10
          secretEngineManuallyConfigured: true
          secretEngineName: secret_engine_name
          secretEngineVersion: 2
          useAwsIam: false
          useK8sAuth: false
          vaultUrl: https://vault_url.com
    

    Create VaultConnector Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new VaultConnector(name: string, args: VaultConnectorArgs, opts?: CustomResourceOptions);
    @overload
    def VaultConnector(resource_name: str,
                       args: VaultConnectorArgs,
                       opts: Optional[ResourceOptions] = None)
    
    @overload
    def VaultConnector(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       identifier: Optional[str] = None,
                       vault_url: Optional[str] = None,
                       renewal_interval_minutes: Optional[int] = None,
                       read_only: Optional[bool] = None,
                       default: Optional[bool] = None,
                       auth_token: Optional[str] = None,
                       delegate_selectors: Optional[Sequence[str]] = None,
                       description: Optional[str] = None,
                       aws_region: Optional[str] = None,
                       is_default: Optional[bool] = None,
                       is_read_only: Optional[bool] = None,
                       k8s_auth_endpoint: Optional[str] = None,
                       name: Optional[str] = None,
                       namespace: Optional[str] = None,
                       org_id: Optional[str] = None,
                       project_id: Optional[str] = None,
                       access_type: Optional[str] = None,
                       xvault_aws_iam_server_id: Optional[str] = None,
                       base_path: Optional[str] = None,
                       secret_engine_manually_configured: Optional[bool] = None,
                       secret_engine_name: Optional[str] = None,
                       secret_engine_version: Optional[int] = None,
                       secret_id: Optional[str] = None,
                       service_account_token_path: Optional[str] = None,
                       sink_path: Optional[str] = None,
                       tags: Optional[Sequence[str]] = None,
                       use_aws_iam: Optional[bool] = None,
                       use_k8s_auth: Optional[bool] = None,
                       use_vault_agent: Optional[bool] = None,
                       vault_aws_iam_role: Optional[str] = None,
                       vault_k8s_auth_role: Optional[str] = None,
                       app_role_id: Optional[str] = None,
                       renew_app_role_token: Optional[bool] = None)
    func NewVaultConnector(ctx *Context, name string, args VaultConnectorArgs, opts ...ResourceOption) (*VaultConnector, error)
    public VaultConnector(string name, VaultConnectorArgs args, CustomResourceOptions? opts = null)
    public VaultConnector(String name, VaultConnectorArgs args)
    public VaultConnector(String name, VaultConnectorArgs args, CustomResourceOptions options)
    
    type: harness:platform:VaultConnector
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args VaultConnectorArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args VaultConnectorArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args VaultConnectorArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args VaultConnectorArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args VaultConnectorArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var vaultConnectorResource = new Harness.Platform.VaultConnector("vaultConnectorResource", new()
    {
        Identifier = "string",
        VaultUrl = "string",
        RenewalIntervalMinutes = 0,
        ReadOnly = false,
        Default = false,
        AuthToken = "string",
        DelegateSelectors = new[]
        {
            "string",
        },
        Description = "string",
        AwsRegion = "string",
        IsDefault = false,
        IsReadOnly = false,
        K8sAuthEndpoint = "string",
        Name = "string",
        Namespace = "string",
        OrgId = "string",
        ProjectId = "string",
        AccessType = "string",
        XvaultAwsIamServerId = "string",
        BasePath = "string",
        SecretEngineManuallyConfigured = false,
        SecretEngineName = "string",
        SecretEngineVersion = 0,
        SecretId = "string",
        ServiceAccountTokenPath = "string",
        SinkPath = "string",
        Tags = new[]
        {
            "string",
        },
        UseAwsIam = false,
        UseK8sAuth = false,
        UseVaultAgent = false,
        VaultAwsIamRole = "string",
        VaultK8sAuthRole = "string",
        AppRoleId = "string",
        RenewAppRoleToken = false,
    });
    
    example, err := platform.NewVaultConnector(ctx, "vaultConnectorResource", &platform.VaultConnectorArgs{
    	Identifier:             pulumi.String("string"),
    	VaultUrl:               pulumi.String("string"),
    	RenewalIntervalMinutes: pulumi.Int(0),
    	ReadOnly:               pulumi.Bool(false),
    	Default:                pulumi.Bool(false),
    	AuthToken:              pulumi.String("string"),
    	DelegateSelectors: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Description:                    pulumi.String("string"),
    	AwsRegion:                      pulumi.String("string"),
    	IsDefault:                      pulumi.Bool(false),
    	IsReadOnly:                     pulumi.Bool(false),
    	K8sAuthEndpoint:                pulumi.String("string"),
    	Name:                           pulumi.String("string"),
    	Namespace:                      pulumi.String("string"),
    	OrgId:                          pulumi.String("string"),
    	ProjectId:                      pulumi.String("string"),
    	AccessType:                     pulumi.String("string"),
    	XvaultAwsIamServerId:           pulumi.String("string"),
    	BasePath:                       pulumi.String("string"),
    	SecretEngineManuallyConfigured: pulumi.Bool(false),
    	SecretEngineName:               pulumi.String("string"),
    	SecretEngineVersion:            pulumi.Int(0),
    	SecretId:                       pulumi.String("string"),
    	ServiceAccountTokenPath:        pulumi.String("string"),
    	SinkPath:                       pulumi.String("string"),
    	Tags: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	UseAwsIam:         pulumi.Bool(false),
    	UseK8sAuth:        pulumi.Bool(false),
    	UseVaultAgent:     pulumi.Bool(false),
    	VaultAwsIamRole:   pulumi.String("string"),
    	VaultK8sAuthRole:  pulumi.String("string"),
    	AppRoleId:         pulumi.String("string"),
    	RenewAppRoleToken: pulumi.Bool(false),
    })
    
    var vaultConnectorResource = new VaultConnector("vaultConnectorResource", VaultConnectorArgs.builder()
        .identifier("string")
        .vaultUrl("string")
        .renewalIntervalMinutes(0)
        .readOnly(false)
        .default_(false)
        .authToken("string")
        .delegateSelectors("string")
        .description("string")
        .awsRegion("string")
        .isDefault(false)
        .isReadOnly(false)
        .k8sAuthEndpoint("string")
        .name("string")
        .namespace("string")
        .orgId("string")
        .projectId("string")
        .accessType("string")
        .xvaultAwsIamServerId("string")
        .basePath("string")
        .secretEngineManuallyConfigured(false)
        .secretEngineName("string")
        .secretEngineVersion(0)
        .secretId("string")
        .serviceAccountTokenPath("string")
        .sinkPath("string")
        .tags("string")
        .useAwsIam(false)
        .useK8sAuth(false)
        .useVaultAgent(false)
        .vaultAwsIamRole("string")
        .vaultK8sAuthRole("string")
        .appRoleId("string")
        .renewAppRoleToken(false)
        .build());
    
    vault_connector_resource = harness.platform.VaultConnector("vaultConnectorResource",
        identifier="string",
        vault_url="string",
        renewal_interval_minutes=0,
        read_only=False,
        default=False,
        auth_token="string",
        delegate_selectors=["string"],
        description="string",
        aws_region="string",
        is_default=False,
        is_read_only=False,
        k8s_auth_endpoint="string",
        name="string",
        namespace="string",
        org_id="string",
        project_id="string",
        access_type="string",
        xvault_aws_iam_server_id="string",
        base_path="string",
        secret_engine_manually_configured=False,
        secret_engine_name="string",
        secret_engine_version=0,
        secret_id="string",
        service_account_token_path="string",
        sink_path="string",
        tags=["string"],
        use_aws_iam=False,
        use_k8s_auth=False,
        use_vault_agent=False,
        vault_aws_iam_role="string",
        vault_k8s_auth_role="string",
        app_role_id="string",
        renew_app_role_token=False)
    
    const vaultConnectorResource = new harness.platform.VaultConnector("vaultConnectorResource", {
        identifier: "string",
        vaultUrl: "string",
        renewalIntervalMinutes: 0,
        readOnly: false,
        "default": false,
        authToken: "string",
        delegateSelectors: ["string"],
        description: "string",
        awsRegion: "string",
        isDefault: false,
        isReadOnly: false,
        k8sAuthEndpoint: "string",
        name: "string",
        namespace: "string",
        orgId: "string",
        projectId: "string",
        accessType: "string",
        xvaultAwsIamServerId: "string",
        basePath: "string",
        secretEngineManuallyConfigured: false,
        secretEngineName: "string",
        secretEngineVersion: 0,
        secretId: "string",
        serviceAccountTokenPath: "string",
        sinkPath: "string",
        tags: ["string"],
        useAwsIam: false,
        useK8sAuth: false,
        useVaultAgent: false,
        vaultAwsIamRole: "string",
        vaultK8sAuthRole: "string",
        appRoleId: "string",
        renewAppRoleToken: false,
    });
    
    type: harness:platform:VaultConnector
    properties:
        accessType: string
        appRoleId: string
        authToken: string
        awsRegion: string
        basePath: string
        default: false
        delegateSelectors:
            - string
        description: string
        identifier: string
        isDefault: false
        isReadOnly: false
        k8sAuthEndpoint: string
        name: string
        namespace: string
        orgId: string
        projectId: string
        readOnly: false
        renewAppRoleToken: false
        renewalIntervalMinutes: 0
        secretEngineManuallyConfigured: false
        secretEngineName: string
        secretEngineVersion: 0
        secretId: string
        serviceAccountTokenPath: string
        sinkPath: string
        tags:
            - string
        useAwsIam: false
        useK8sAuth: false
        useVaultAgent: false
        vaultAwsIamRole: string
        vaultK8sAuthRole: string
        vaultUrl: string
        xvaultAwsIamServerId: string
    

    VaultConnector Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The VaultConnector resource accepts the following input properties:

    Identifier string
    Unique identifier of the resource.
    RenewalIntervalMinutes int
    The time interval for the token renewal.
    VaultUrl string
    URL of the HashiCorp Vault.
    AccessType string
    Access type.
    AppRoleId string
    ID of App Role.
    AuthToken string
    Authentication token for Vault.
    AwsRegion string
    AWS region where the AWS IAM authentication will happen.
    BasePath string
    Location of the Vault directory where the secret will be stored.
    Default bool
    Is default or not.
    DelegateSelectors List<string>
    List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
    Description string
    Description of the resource.
    IsDefault bool
    Is default or not.
    IsReadOnly bool
    Read only or not.
    K8sAuthEndpoint string
    The path where Kubernetes Auth is enabled in Vault.
    Name string
    Name of the resource.
    Namespace string
    Vault namespace where the Secret will be created.
    OrgId string
    Unique identifier of the organization.
    ProjectId string
    Unique identifier of the project.
    ReadOnly bool
    Read only.
    RenewAppRoleToken bool
    Boolean value to indicate if AppRole token renewal is enabled or not.
    SecretEngineManuallyConfigured bool
    Manually entered Secret Engine.
    SecretEngineName string
    Name of the Secret Engine.
    SecretEngineVersion int
    Version of Secret Engine.
    SecretId string
    ID of the Secret.
    ServiceAccountTokenPath string
    The Service Account token path in the K8s pod where the token is mounted.
    SinkPath string
    The location from which the authentication token should be read.
    Tags List<string>
    Tags to associate with the resource.
    UseAwsIam bool
    Boolean value to indicate if AWS IAM is used for authentication.
    UseK8sAuth bool
    Boolean value to indicate if K8s Auth is used for authentication.
    UseVaultAgent bool
    Boolean value to indicate if Vault Agent is used for authentication.
    VaultAwsIamRole string
    The Vault role defined to bind to aws iam account/role being accessed.
    VaultK8sAuthRole string
    The role where K8s Auth will happen.
    XvaultAwsIamServerId string
    The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
    Identifier string
    Unique identifier of the resource.
    RenewalIntervalMinutes int
    The time interval for the token renewal.
    VaultUrl string
    URL of the HashiCorp Vault.
    AccessType string
    Access type.
    AppRoleId string
    ID of App Role.
    AuthToken string
    Authentication token for Vault.
    AwsRegion string
    AWS region where the AWS IAM authentication will happen.
    BasePath string
    Location of the Vault directory where the secret will be stored.
    Default bool
    Is default or not.
    DelegateSelectors []string
    List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
    Description string
    Description of the resource.
    IsDefault bool
    Is default or not.
    IsReadOnly bool
    Read only or not.
    K8sAuthEndpoint string
    The path where Kubernetes Auth is enabled in Vault.
    Name string
    Name of the resource.
    Namespace string
    Vault namespace where the Secret will be created.
    OrgId string
    Unique identifier of the organization.
    ProjectId string
    Unique identifier of the project.
    ReadOnly bool
    Read only.
    RenewAppRoleToken bool
    Boolean value to indicate if AppRole token renewal is enabled or not.
    SecretEngineManuallyConfigured bool
    Manually entered Secret Engine.
    SecretEngineName string
    Name of the Secret Engine.
    SecretEngineVersion int
    Version of Secret Engine.
    SecretId string
    ID of the Secret.
    ServiceAccountTokenPath string
    The Service Account token path in the K8s pod where the token is mounted.
    SinkPath string
    The location from which the authentication token should be read.
    Tags []string
    Tags to associate with the resource.
    UseAwsIam bool
    Boolean value to indicate if AWS IAM is used for authentication.
    UseK8sAuth bool
    Boolean value to indicate if K8s Auth is used for authentication.
    UseVaultAgent bool
    Boolean value to indicate if Vault Agent is used for authentication.
    VaultAwsIamRole string
    The Vault role defined to bind to aws iam account/role being accessed.
    VaultK8sAuthRole string
    The role where K8s Auth will happen.
    XvaultAwsIamServerId string
    The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
    identifier String
    Unique identifier of the resource.
    renewalIntervalMinutes Integer
    The time interval for the token renewal.
    vaultUrl String
    URL of the HashiCorp Vault.
    accessType String
    Access type.
    appRoleId String
    ID of App Role.
    authToken String
    Authentication token for Vault.
    awsRegion String
    AWS region where the AWS IAM authentication will happen.
    basePath String
    Location of the Vault directory where the secret will be stored.
    default_ Boolean
    Is default or not.
    delegateSelectors List<String>
    List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
    description String
    Description of the resource.
    isDefault Boolean
    Is default or not.
    isReadOnly Boolean
    Read only or not.
    k8sAuthEndpoint String
    The path where Kubernetes Auth is enabled in Vault.
    name String
    Name of the resource.
    namespace String
    Vault namespace where the Secret will be created.
    orgId String
    Unique identifier of the organization.
    projectId String
    Unique identifier of the project.
    readOnly Boolean
    Read only.
    renewAppRoleToken Boolean
    Boolean value to indicate if AppRole token renewal is enabled or not.
    secretEngineManuallyConfigured Boolean
    Manually entered Secret Engine.
    secretEngineName String
    Name of the Secret Engine.
    secretEngineVersion Integer
    Version of Secret Engine.
    secretId String
    ID of the Secret.
    serviceAccountTokenPath String
    The Service Account token path in the K8s pod where the token is mounted.
    sinkPath String
    The location from which the authentication token should be read.
    tags List<String>
    Tags to associate with the resource.
    useAwsIam Boolean
    Boolean value to indicate if AWS IAM is used for authentication.
    useK8sAuth Boolean
    Boolean value to indicate if K8s Auth is used for authentication.
    useVaultAgent Boolean
    Boolean value to indicate if Vault Agent is used for authentication.
    vaultAwsIamRole String
    The Vault role defined to bind to aws iam account/role being accessed.
    vaultK8sAuthRole String
    The role where K8s Auth will happen.
    xvaultAwsIamServerId String
    The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
    identifier string
    Unique identifier of the resource.
    renewalIntervalMinutes number
    The time interval for the token renewal.
    vaultUrl string
    URL of the HashiCorp Vault.
    accessType string
    Access type.
    appRoleId string
    ID of App Role.
    authToken string
    Authentication token for Vault.
    awsRegion string
    AWS region where the AWS IAM authentication will happen.
    basePath string
    Location of the Vault directory where the secret will be stored.
    default boolean
    Is default or not.
    delegateSelectors string[]
    List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
    description string
    Description of the resource.
    isDefault boolean
    Is default or not.
    isReadOnly boolean
    Read only or not.
    k8sAuthEndpoint string
    The path where Kubernetes Auth is enabled in Vault.
    name string
    Name of the resource.
    namespace string
    Vault namespace where the Secret will be created.
    orgId string
    Unique identifier of the organization.
    projectId string
    Unique identifier of the project.
    readOnly boolean
    Read only.
    renewAppRoleToken boolean
    Boolean value to indicate if AppRole token renewal is enabled or not.
    secretEngineManuallyConfigured boolean
    Manually entered Secret Engine.
    secretEngineName string
    Name of the Secret Engine.
    secretEngineVersion number
    Version of Secret Engine.
    secretId string
    ID of the Secret.
    serviceAccountTokenPath string
    The Service Account token path in the K8s pod where the token is mounted.
    sinkPath string
    The location from which the authentication token should be read.
    tags string[]
    Tags to associate with the resource.
    useAwsIam boolean
    Boolean value to indicate if AWS IAM is used for authentication.
    useK8sAuth boolean
    Boolean value to indicate if K8s Auth is used for authentication.
    useVaultAgent boolean
    Boolean value to indicate if Vault Agent is used for authentication.
    vaultAwsIamRole string
    The Vault role defined to bind to aws iam account/role being accessed.
    vaultK8sAuthRole string
    The role where K8s Auth will happen.
    xvaultAwsIamServerId string
    The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
    identifier str
    Unique identifier of the resource.
    renewal_interval_minutes int
    The time interval for the token renewal.
    vault_url str
    URL of the HashiCorp Vault.
    access_type str
    Access type.
    app_role_id str
    ID of App Role.
    auth_token str
    Authentication token for Vault.
    aws_region str
    AWS region where the AWS IAM authentication will happen.
    base_path str
    Location of the Vault directory where the secret will be stored.
    default bool
    Is default or not.
    delegate_selectors Sequence[str]
    List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
    description str
    Description of the resource.
    is_default bool
    Is default or not.
    is_read_only bool
    Read only or not.
    k8s_auth_endpoint str
    The path where Kubernetes Auth is enabled in Vault.
    name str
    Name of the resource.
    namespace str
    Vault namespace where the Secret will be created.
    org_id str
    Unique identifier of the organization.
    project_id str
    Unique identifier of the project.
    read_only bool
    Read only.
    renew_app_role_token bool
    Boolean value to indicate if AppRole token renewal is enabled or not.
    secret_engine_manually_configured bool
    Manually entered Secret Engine.
    secret_engine_name str
    Name of the Secret Engine.
    secret_engine_version int
    Version of Secret Engine.
    secret_id str
    ID of the Secret.
    service_account_token_path str
    The Service Account token path in the K8s pod where the token is mounted.
    sink_path str
    The location from which the authentication token should be read.
    tags Sequence[str]
    Tags to associate with the resource.
    use_aws_iam bool
    Boolean value to indicate if AWS IAM is used for authentication.
    use_k8s_auth bool
    Boolean value to indicate if K8s Auth is used for authentication.
    use_vault_agent bool
    Boolean value to indicate if Vault Agent is used for authentication.
    vault_aws_iam_role str
    The Vault role defined to bind to aws iam account/role being accessed.
    vault_k8s_auth_role str
    The role where K8s Auth will happen.
    xvault_aws_iam_server_id str
    The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
    identifier String
    Unique identifier of the resource.
    renewalIntervalMinutes Number
    The time interval for the token renewal.
    vaultUrl String
    URL of the HashiCorp Vault.
    accessType String
    Access type.
    appRoleId String
    ID of App Role.
    authToken String
    Authentication token for Vault.
    awsRegion String
    AWS region where the AWS IAM authentication will happen.
    basePath String
    Location of the Vault directory where the secret will be stored.
    default Boolean
    Is default or not.
    delegateSelectors List<String>
    List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
    description String
    Description of the resource.
    isDefault Boolean
    Is default or not.
    isReadOnly Boolean
    Read only or not.
    k8sAuthEndpoint String
    The path where Kubernetes Auth is enabled in Vault.
    name String
    Name of the resource.
    namespace String
    Vault namespace where the Secret will be created.
    orgId String
    Unique identifier of the organization.
    projectId String
    Unique identifier of the project.
    readOnly Boolean
    Read only.
    renewAppRoleToken Boolean
    Boolean value to indicate if AppRole token renewal is enabled or not.
    secretEngineManuallyConfigured Boolean
    Manually entered Secret Engine.
    secretEngineName String
    Name of the Secret Engine.
    secretEngineVersion Number
    Version of Secret Engine.
    secretId String
    ID of the Secret.
    serviceAccountTokenPath String
    The Service Account token path in the K8s pod where the token is mounted.
    sinkPath String
    The location from which the authentication token should be read.
    tags List<String>
    Tags to associate with the resource.
    useAwsIam Boolean
    Boolean value to indicate if AWS IAM is used for authentication.
    useK8sAuth Boolean
    Boolean value to indicate if K8s Auth is used for authentication.
    useVaultAgent Boolean
    Boolean value to indicate if Vault Agent is used for authentication.
    vaultAwsIamRole String
    The Vault role defined to bind to aws iam account/role being accessed.
    vaultK8sAuthRole String
    The role where K8s Auth will happen.
    xvaultAwsIamServerId String
    The AWS IAM Header Server ID that has been configured for this AWS IAM instance.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the VaultConnector resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing VaultConnector Resource

    Get an existing VaultConnector resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: VaultConnectorState, opts?: CustomResourceOptions): VaultConnector
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            access_type: Optional[str] = None,
            app_role_id: Optional[str] = None,
            auth_token: Optional[str] = None,
            aws_region: Optional[str] = None,
            base_path: Optional[str] = None,
            default: Optional[bool] = None,
            delegate_selectors: Optional[Sequence[str]] = None,
            description: Optional[str] = None,
            identifier: Optional[str] = None,
            is_default: Optional[bool] = None,
            is_read_only: Optional[bool] = None,
            k8s_auth_endpoint: Optional[str] = None,
            name: Optional[str] = None,
            namespace: Optional[str] = None,
            org_id: Optional[str] = None,
            project_id: Optional[str] = None,
            read_only: Optional[bool] = None,
            renew_app_role_token: Optional[bool] = None,
            renewal_interval_minutes: Optional[int] = None,
            secret_engine_manually_configured: Optional[bool] = None,
            secret_engine_name: Optional[str] = None,
            secret_engine_version: Optional[int] = None,
            secret_id: Optional[str] = None,
            service_account_token_path: Optional[str] = None,
            sink_path: Optional[str] = None,
            tags: Optional[Sequence[str]] = None,
            use_aws_iam: Optional[bool] = None,
            use_k8s_auth: Optional[bool] = None,
            use_vault_agent: Optional[bool] = None,
            vault_aws_iam_role: Optional[str] = None,
            vault_k8s_auth_role: Optional[str] = None,
            vault_url: Optional[str] = None,
            xvault_aws_iam_server_id: Optional[str] = None) -> VaultConnector
    func GetVaultConnector(ctx *Context, name string, id IDInput, state *VaultConnectorState, opts ...ResourceOption) (*VaultConnector, error)
    public static VaultConnector Get(string name, Input<string> id, VaultConnectorState? state, CustomResourceOptions? opts = null)
    public static VaultConnector get(String name, Output<String> id, VaultConnectorState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccessType string
    Access type.
    AppRoleId string
    ID of App Role.
    AuthToken string
    Authentication token for Vault.
    AwsRegion string
    AWS region where the AWS IAM authentication will happen.
    BasePath string
    Location of the Vault directory where the secret will be stored.
    Default bool
    Is default or not.
    DelegateSelectors List<string>
    List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
    Description string
    Description of the resource.
    Identifier string
    Unique identifier of the resource.
    IsDefault bool
    Is default or not.
    IsReadOnly bool
    Read only or not.
    K8sAuthEndpoint string
    The path where Kubernetes Auth is enabled in Vault.
    Name string
    Name of the resource.
    Namespace string
    Vault namespace where the Secret will be created.
    OrgId string
    Unique identifier of the organization.
    ProjectId string
    Unique identifier of the project.
    ReadOnly bool
    Read only.
    RenewAppRoleToken bool
    Boolean value to indicate if AppRole token renewal is enabled or not.
    RenewalIntervalMinutes int
    The time interval for the token renewal.
    SecretEngineManuallyConfigured bool
    Manually entered Secret Engine.
    SecretEngineName string
    Name of the Secret Engine.
    SecretEngineVersion int
    Version of Secret Engine.
    SecretId string
    ID of the Secret.
    ServiceAccountTokenPath string
    The Service Account token path in the K8s pod where the token is mounted.
    SinkPath string
    The location from which the authentication token should be read.
    Tags List<string>
    Tags to associate with the resource.
    UseAwsIam bool
    Boolean value to indicate if AWS IAM is used for authentication.
    UseK8sAuth bool
    Boolean value to indicate if K8s Auth is used for authentication.
    UseVaultAgent bool
    Boolean value to indicate if Vault Agent is used for authentication.
    VaultAwsIamRole string
    The Vault role defined to bind to aws iam account/role being accessed.
    VaultK8sAuthRole string
    The role where K8s Auth will happen.
    VaultUrl string
    URL of the HashiCorp Vault.
    XvaultAwsIamServerId string
    The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
    AccessType string
    Access type.
    AppRoleId string
    ID of App Role.
    AuthToken string
    Authentication token for Vault.
    AwsRegion string
    AWS region where the AWS IAM authentication will happen.
    BasePath string
    Location of the Vault directory where the secret will be stored.
    Default bool
    Is default or not.
    DelegateSelectors []string
    List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
    Description string
    Description of the resource.
    Identifier string
    Unique identifier of the resource.
    IsDefault bool
    Is default or not.
    IsReadOnly bool
    Read only or not.
    K8sAuthEndpoint string
    The path where Kubernetes Auth is enabled in Vault.
    Name string
    Name of the resource.
    Namespace string
    Vault namespace where the Secret will be created.
    OrgId string
    Unique identifier of the organization.
    ProjectId string
    Unique identifier of the project.
    ReadOnly bool
    Read only.
    RenewAppRoleToken bool
    Boolean value to indicate if AppRole token renewal is enabled or not.
    RenewalIntervalMinutes int
    The time interval for the token renewal.
    SecretEngineManuallyConfigured bool
    Manually entered Secret Engine.
    SecretEngineName string
    Name of the Secret Engine.
    SecretEngineVersion int
    Version of Secret Engine.
    SecretId string
    ID of the Secret.
    ServiceAccountTokenPath string
    The Service Account token path in the K8s pod where the token is mounted.
    SinkPath string
    The location from which the authentication token should be read.
    Tags []string
    Tags to associate with the resource.
    UseAwsIam bool
    Boolean value to indicate if AWS IAM is used for authentication.
    UseK8sAuth bool
    Boolean value to indicate if K8s Auth is used for authentication.
    UseVaultAgent bool
    Boolean value to indicate if Vault Agent is used for authentication.
    VaultAwsIamRole string
    The Vault role defined to bind to aws iam account/role being accessed.
    VaultK8sAuthRole string
    The role where K8s Auth will happen.
    VaultUrl string
    URL of the HashiCorp Vault.
    XvaultAwsIamServerId string
    The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
    accessType String
    Access type.
    appRoleId String
    ID of App Role.
    authToken String
    Authentication token for Vault.
    awsRegion String
    AWS region where the AWS IAM authentication will happen.
    basePath String
    Location of the Vault directory where the secret will be stored.
    default_ Boolean
    Is default or not.
    delegateSelectors List<String>
    List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
    description String
    Description of the resource.
    identifier String
    Unique identifier of the resource.
    isDefault Boolean
    Is default or not.
    isReadOnly Boolean
    Read only or not.
    k8sAuthEndpoint String
    The path where Kubernetes Auth is enabled in Vault.
    name String
    Name of the resource.
    namespace String
    Vault namespace where the Secret will be created.
    orgId String
    Unique identifier of the organization.
    projectId String
    Unique identifier of the project.
    readOnly Boolean
    Read only.
    renewAppRoleToken Boolean
    Boolean value to indicate if AppRole token renewal is enabled or not.
    renewalIntervalMinutes Integer
    The time interval for the token renewal.
    secretEngineManuallyConfigured Boolean
    Manually entered Secret Engine.
    secretEngineName String
    Name of the Secret Engine.
    secretEngineVersion Integer
    Version of Secret Engine.
    secretId String
    ID of the Secret.
    serviceAccountTokenPath String
    The Service Account token path in the K8s pod where the token is mounted.
    sinkPath String
    The location from which the authentication token should be read.
    tags List<String>
    Tags to associate with the resource.
    useAwsIam Boolean
    Boolean value to indicate if AWS IAM is used for authentication.
    useK8sAuth Boolean
    Boolean value to indicate if K8s Auth is used for authentication.
    useVaultAgent Boolean
    Boolean value to indicate if Vault Agent is used for authentication.
    vaultAwsIamRole String
    The Vault role defined to bind to aws iam account/role being accessed.
    vaultK8sAuthRole String
    The role where K8s Auth will happen.
    vaultUrl String
    URL of the HashiCorp Vault.
    xvaultAwsIamServerId String
    The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
    accessType string
    Access type.
    appRoleId string
    ID of App Role.
    authToken string
    Authentication token for Vault.
    awsRegion string
    AWS region where the AWS IAM authentication will happen.
    basePath string
    Location of the Vault directory where the secret will be stored.
    default boolean
    Is default or not.
    delegateSelectors string[]
    List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
    description string
    Description of the resource.
    identifier string
    Unique identifier of the resource.
    isDefault boolean
    Is default or not.
    isReadOnly boolean
    Read only or not.
    k8sAuthEndpoint string
    The path where Kubernetes Auth is enabled in Vault.
    name string
    Name of the resource.
    namespace string
    Vault namespace where the Secret will be created.
    orgId string
    Unique identifier of the organization.
    projectId string
    Unique identifier of the project.
    readOnly boolean
    Read only.
    renewAppRoleToken boolean
    Boolean value to indicate if AppRole token renewal is enabled or not.
    renewalIntervalMinutes number
    The time interval for the token renewal.
    secretEngineManuallyConfigured boolean
    Manually entered Secret Engine.
    secretEngineName string
    Name of the Secret Engine.
    secretEngineVersion number
    Version of Secret Engine.
    secretId string
    ID of the Secret.
    serviceAccountTokenPath string
    The Service Account token path in the K8s pod where the token is mounted.
    sinkPath string
    The location from which the authentication token should be read.
    tags string[]
    Tags to associate with the resource.
    useAwsIam boolean
    Boolean value to indicate if AWS IAM is used for authentication.
    useK8sAuth boolean
    Boolean value to indicate if K8s Auth is used for authentication.
    useVaultAgent boolean
    Boolean value to indicate if Vault Agent is used for authentication.
    vaultAwsIamRole string
    The Vault role defined to bind to aws iam account/role being accessed.
    vaultK8sAuthRole string
    The role where K8s Auth will happen.
    vaultUrl string
    URL of the HashiCorp Vault.
    xvaultAwsIamServerId string
    The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
    access_type str
    Access type.
    app_role_id str
    ID of App Role.
    auth_token str
    Authentication token for Vault.
    aws_region str
    AWS region where the AWS IAM authentication will happen.
    base_path str
    Location of the Vault directory where the secret will be stored.
    default bool
    Is default or not.
    delegate_selectors Sequence[str]
    List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
    description str
    Description of the resource.
    identifier str
    Unique identifier of the resource.
    is_default bool
    Is default or not.
    is_read_only bool
    Read only or not.
    k8s_auth_endpoint str
    The path where Kubernetes Auth is enabled in Vault.
    name str
    Name of the resource.
    namespace str
    Vault namespace where the Secret will be created.
    org_id str
    Unique identifier of the organization.
    project_id str
    Unique identifier of the project.
    read_only bool
    Read only.
    renew_app_role_token bool
    Boolean value to indicate if AppRole token renewal is enabled or not.
    renewal_interval_minutes int
    The time interval for the token renewal.
    secret_engine_manually_configured bool
    Manually entered Secret Engine.
    secret_engine_name str
    Name of the Secret Engine.
    secret_engine_version int
    Version of Secret Engine.
    secret_id str
    ID of the Secret.
    service_account_token_path str
    The Service Account token path in the K8s pod where the token is mounted.
    sink_path str
    The location from which the authentication token should be read.
    tags Sequence[str]
    Tags to associate with the resource.
    use_aws_iam bool
    Boolean value to indicate if AWS IAM is used for authentication.
    use_k8s_auth bool
    Boolean value to indicate if K8s Auth is used for authentication.
    use_vault_agent bool
    Boolean value to indicate if Vault Agent is used for authentication.
    vault_aws_iam_role str
    The Vault role defined to bind to aws iam account/role being accessed.
    vault_k8s_auth_role str
    The role where K8s Auth will happen.
    vault_url str
    URL of the HashiCorp Vault.
    xvault_aws_iam_server_id str
    The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
    accessType String
    Access type.
    appRoleId String
    ID of App Role.
    authToken String
    Authentication token for Vault.
    awsRegion String
    AWS region where the AWS IAM authentication will happen.
    basePath String
    Location of the Vault directory where the secret will be stored.
    default Boolean
    Is default or not.
    delegateSelectors List<String>
    List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
    description String
    Description of the resource.
    identifier String
    Unique identifier of the resource.
    isDefault Boolean
    Is default or not.
    isReadOnly Boolean
    Read only or not.
    k8sAuthEndpoint String
    The path where Kubernetes Auth is enabled in Vault.
    name String
    Name of the resource.
    namespace String
    Vault namespace where the Secret will be created.
    orgId String
    Unique identifier of the organization.
    projectId String
    Unique identifier of the project.
    readOnly Boolean
    Read only.
    renewAppRoleToken Boolean
    Boolean value to indicate if AppRole token renewal is enabled or not.
    renewalIntervalMinutes Number
    The time interval for the token renewal.
    secretEngineManuallyConfigured Boolean
    Manually entered Secret Engine.
    secretEngineName String
    Name of the Secret Engine.
    secretEngineVersion Number
    Version of Secret Engine.
    secretId String
    ID of the Secret.
    serviceAccountTokenPath String
    The Service Account token path in the K8s pod where the token is mounted.
    sinkPath String
    The location from which the authentication token should be read.
    tags List<String>
    Tags to associate with the resource.
    useAwsIam Boolean
    Boolean value to indicate if AWS IAM is used for authentication.
    useK8sAuth Boolean
    Boolean value to indicate if K8s Auth is used for authentication.
    useVaultAgent Boolean
    Boolean value to indicate if Vault Agent is used for authentication.
    vaultAwsIamRole String
    The Vault role defined to bind to aws iam account/role being accessed.
    vaultK8sAuthRole String
    The role where K8s Auth will happen.
    vaultUrl String
    URL of the HashiCorp Vault.
    xvaultAwsIamServerId String
    The AWS IAM Header Server ID that has been configured for this AWS IAM instance.

    Import

    Import account level vault connector

    $ pulumi import harness:platform/vaultConnector:VaultConnector example <connector_id>
    

    Import org level vault connector

    $ pulumi import harness:platform/vaultConnector:VaultConnector example <ord_id>/<connector_id>
    

    Import project level vault connector

    $ pulumi import harness:platform/vaultConnector:VaultConnector example <org_id>/<project_id>/<connector_id>
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    harness pulumi/pulumi-harness
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the harness Terraform Provider.
    harness logo
    Harness v0.1.2 published on Friday, Jul 19, 2024 by Pulumi